Re: imap clients say i have 4K messages but spool has 12894 files

[Patrick Boutilier]

On 6/4/20 7:45 AM, Brian J. Murrell wrote:

On Wed, 2020-06-03 at 19:35 -0400, Ken Murchison wrote:

Brian,

Trying running 'unexpunge -l' on the mailbox in question.


This avenue has already been explored earlier in this thread:

https://lists.andrew.cmu.edu/pipermail/info-cyrus/2020-May/041258.html

To save the effort of re-reading the message:

# sudo -u cyrus bash -c "/usr/lib/cyrus-imapd/unexpunge -l user.brian"
[nothing returned]

So this is looking more like a "bad accounting" problem than something
typically operational.

But how to reconcile it?

It seems to me that a process of comparing what's in the index to
what's on disk to account for the orphans is needed.  I just don't know
what that process is.  I probably just don't know the toolset well
enough to know which tools to apply and how.  mbexamine seems a
candidate but I'm not sure how to interpret it's output to this task.
Or maybe there other/better tools?

Any suggestions?



Have you looked in some of the orphaned messages to see if they are 
emails you have deleted before? My thought would be to move these 
orphaned messages out of /var/spool/imap/b/user/brian . Then delete and 
expunge a few messages using your mail client and see if they are also 
removed from /var/spool/imap/b/user/brian







Cheers,
b.



Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

<>
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: Help undeleting a user's INBOX

[Patrick Boutilier]

On 5/24/20 6:05 PM, Mikhail T. wrote:
The thunderbird view of a user's mailbox tree had a mysterious nameless 
subfolder. Because the subfolder was showing empty, I instructed the 
user to just delete it through the mail program, which he did.


Now his INBOX itself is empty and the server logs has the following entries:

May 24 14:44:44 narawntapu imap[19976]: Expunged 16808 messages from
user.foo
May 24 14:45:04 narawntapu imap[21788]: Deleted mailbox user.foo.

All the messages -- including the new spam -- are still right here on 
the filesystem, in /var/spool/imap/user/foo. However, reconstruct does 
not seem to do anything -- it exits without an obvious error, but the 
INBOX remains empty. For example, after running "reconstruct -G 
user/foo", I got the following:


May 24 16:34:57 narawntapu reconstruct[25444]: reconstructing user.foo
May 24 16:36:12 narawntapu reconstruct[25444]: user.foo uid 55067
record mismatch, rewriting
May 24 16:36:12 narawntapu reconstruct[25444]: user.foo uid 55069
record mismatch, rewriting
May 24 16:36:55 narawntapu reconstruct[25444]: mailbox: longlock
user.foo for 117.4 seconds

Unfortunately, thunderbird is still not showing anything. Other folders 
exist, but not the INBOX itself...


I have the backup of the entire /var/spool/imap from last night, but it 
does not seem, like I need to recover the messages -- they are still 
here on the filesystem -- it is something else, is not it?


The server runs FreeBSD-11.3, and cyrus-imapd-2.5.15... Thank you. Yours,



Do you have a expunge_mode setting in your imapd.conf ? If not, 
expunge_mode will be set to the default "delayed" . You should be able 
to use unexpunge to list the emails that can be restored.


https://www.cyrusimap.org/2.5/imap/admin/systemcommands/unexpunge.html#imap-admin-systemcommands-unexpunge





-mi






Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

<>
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: FWD: Confused about Deleted and Expunged

[Patrick Boutilier]

Anything in the logs showing email being expunged? Look for Expunged 
with the capitol E.




On 1/17/20 10:41 AM, Horst Häberlen wrote:

hi Adam Tauno Williams,


What happens if you su to the cyrus user and try to run the command you
see in cyrus.conf ?


This makes no difference. I tried both commands as root and as cyrus. The Log 
entries were
identical:

[...] cyrus/cyr_expire[10175]: Expired 0 and expunged 0 out of 144646 messages 
from 818
mailboxes
[...] cyrus/cyr_expire[10175]: Removed 0 deleted mailboxes
[...] cyrus/cyr_expire[10175]: duplicate_prune: pruning back 4.00 days
[...] cyrus/cyr_expire[10175]: duplicate_prune: purged 0 out of 4171 entries


regards
Horst

<>
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: Confused about Deleted and Expunged

[Patrick Boutilier]

Looks to run cyr_expire as /usr/sbin/cyrus is a script.

https://www.apt-browse.org/browse/ubuntu/trusty/universe/all/cyrus-common/2.4.17+caldav~beta9-3/file/usr/sbin/cyrus



On 1/17/20 8:11 AM, Nikos Gatsis - Qbit wrote:

delprune  cmd="cyr_expire -E 3" at=0400

Οn centos 7:

Version: 2.4.17

Release: 15.el7



On 17/1/2020 12:11 μ.μ., Horst Häberlen wrote:

Hi Sebastian Hagedorn ,

i have no idea how follow-up works in this list, i hope this mail goes to the 
right place.


does it really say "/usr/sbin/cyrus expire" in your cyrus.conf? That
can't work. The command is named cyr_expire on my system, and it
definitely does not have a space in its name.

Yes, the command is correct. On Ubuntu 18.04 there is no cyr_expire and the 
entry
"/usr/sbin/cyrus expire" is in cyrus.conf by default.

In the log files the results are printed ".. localhost cyrus/cyr_expire[14320]: 
Expired 0
and expunged 0 out of 143844 messages from 818 mailboxes"

regards
Horst



--
Untitled Document

*Γατσής Νίκος - Gatsis Nikos*
Web developer
tel.: 210.8256721 - 210.8256712
email: ngat...@qbit.gr
http://www.qbit.gr


Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus



<>
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: Migration issue with seen/subscription/sieve databases

[Patrick Boutilier]

On 12/23/19 7:04 AM, Gionatan Danti wrote:

On 20/12/19 09:51, Gionatan Danti wrote:

Hi all,
I am tasked to migrate an old cyrus 2.3.x CentOS6 installation to a 
new CentOS8 server with cyrus 3.0.7.


I'm following the instructions at 
https://cyrusimap.org/imap/download/upgrade.html (compresive of 
berkeley db format change to skiplist) and all is mostly working, 
except for some important per-user databases: seen, subscription and 
sieve.


The issue basically seems one of a different file names, revolving 
around using "." (dot) instead of "^" (circumflex). For example, the 
old cyrus installation has the following per-user database structure:


[root@ceres imap]# cd /var/lib/imap; find -iname "*^*" | grep danti
./sieve/domain/a/assyoma.it/g/g^danti
./domain/a/assyoma.it/user/g/g^danti.seen
./domain/a/assyoma.it/user/g/g^danti.sub
./domain/a/assyoma.it/quota/g/user.g^danti

However the new installation simply ignores the above files, creating 
*new* empty files with "." (dot) separator, except for the quota 
(which is correctly understand and no new file was created). This 
means I lose all information about subscribed folder, seen mails and 
sive filtering.


A very simple workaround seems to soft-link the dot-enabled files with 
the circumflex ones, ie: "cd ./domain/a/assyoma.it/user/g/; ln -s 
g^danti.seen g.danti.seen"


I wonder if this is the right thing to do, or if I am missing 
something. Please also consider that on the old server I already had 
"unixhierarchysep: 1", matching the new 3.x default. Anyway, flipping 
that option has no effect on how cyrus names the above files.


Any suggestion to solve this problem?
Thanks.


Hi all,
any idea/suggestion/etc?



I can't find any .seen files in my test setup on CentOS 8 and not using 
sieve. But for .sub I see what you are seeing in file name but contents 
of the sub file has the ^ and it does work as expected.


Not using virtualdomains on my end.







Only thing I can think of is that a different config file is actually 
being used?






Thanks.

<>
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: Sieve runtime error claiming mailbox doesn't exist

[Patrick Boutilier]

At first glance it looks like you need to change your sieve rules to use . as 
the mailbox separator. Something like:

user.jim.System Messages

On December 13, 2019 11:08:54 AM AST, Jim Sculley  
wrote:
>Hello.  I'm a new member of this list but a long time user of
>cyrus-imapd with postfix on my little home network.
>
>
>I recently replaced CentOS 7 with CentOS 8 (CentOS Linux release
>8.0.1905) on my  server which had been running 
>cyrus-imapd with sieve for years without problems.  I thought I had
>gotten everything set up properly on the new system 
>(cyrus-imapd  3.0.7-15.el8_0.1 with cyrus-sasl 2.1.27-0.3rc7.el8 and
>postfix 2:3.3.1-8.el8) but sieve is not moving 
>messages into the correct folders.
>
>For example, if I try to send a simple mail on the local network:
>
>
>[root@buttercup quota]# mail j...@home.lan
>Subject: Test Message
>Test
>.
>EOT
>
>
>
>The mail log will show:
>
>=
>Dec  6 12:51:39 buttercup postfix/pickup[27670]: 07FBA216825B: uid=0
>from=
>Dec  6 12:51:39 buttercup postfix/cleanup[27810]: 07FBA216825B:
>message-id=<20191206175139.07fba2168...@mail.home.lan>
>Dec  6 12:51:39 buttercup postfix/qmgr[27671]: 07FBA216825B:
>from=, size=419, nrcpt=1 (queue active)
>Dec  6 12:51:39 buttercup cyrus/lmtp[27814]: sieve runtime error for
>jim id <20191206175139.07fba2168...@mail.home.lan>: 
>Fileinto (user/jim/System Messages): Mailbox does not exist
>Dec  6 12:51:39 buttercup cyrus/lmtp[27814]: LOSTQUOTA: unable to
>record change of 697 bytes and 1 messages in quota 
>user.jim: Quota root does not exist
>Dec  6 12:51:39 buttercup cyrus/lmtp[27814]: Delivered:
><20191206175139.07fba2168...@mail.home.lan> to mailbox: user.jim
>Dec  6 12:51:39 buttercup cyrus/lmtp[27814]: USAGE jim user: 0.012321
>sys: 0.005097
>Dec  6 12:51:39 buttercup postfix/lmtp[27813]: 07FBA216825B:
>to=, relay=localhost[127.0.0.1]:24, 
>delay=0.27, delays=0.03/0.01/0.03/0.2, dsn=2.1.5, status=sent (250
>2.1.5 Ok 
>SESSIONID=)
>Dec  6 12:51:39 buttercup postfix/qmgr[27671]: 07FBA216825B: removed
>=
>
>So, sieve is running, and sees the rule in the script, but fails. This
>behavior is seen with all my rules, none of which 
>are doing anything more than a fileinto based on sender addresses or
>message subjects.
>
>The mailbox does exist, as seen with cyradm:
>
>
>buttercup.home.lan> lm user/jim/System\ Messages
>user/jim/System Messages (\HasNoChildren)
>
>
>
>This was all working fine before the CentOS 8 install. The relevant (I
>think) imapd.conf entries:
>
>
>==
>defaultpartition: default
>partition-default: /data/spool/imap
>sievedir: /var/lib/imap/sieve
>virtdomains: off
>unixhierarchysep: yes
>===
>
>The spool directory looks like this:
>
>===
>[root@buttercup jim]# ls -l /data/spool/imap/j/user/jim
>-rw---. 1 cyrus mail    336 Nov 30 17:57  cyrus.annotations
>-rw---. 1 cyrus mail 373712 Dec  6 13:01  cyrus.cache
>-rw---. 1 cyrus mail    189 Apr 19  2013  cyrus.header
>-rw---. 1 cyrus mail  23424 Dec  6 13:01  cyrus.index
>-rw---. 1 cyrus mail    112 Nov 26 05:31  cyrus.squat
>drwx--. 2 cyrus mail  20480 Nov 30 17:57 'System Messages'
>===
>
>I'm not sure if I have some sort of configuration error or if this is
>an actual bug. I would appreciate any assistance.
>
>
>Thanks,
>
>Jim Sculley
>
>
>
>
>
>Cyrus Home Page: http://www.cyrusimap.org/
>List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
>To Unsubscribe:
>https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: Centos 8

[Patrick Boutilier]

On 11/14/19 7:38 AM, Nikos Gatsis - Qbit wrote:

Hello list.

Does somebody knows witch version on cyrus-imapd centos 8 install?

Thank you in advance.



yum list|grep cyrus-imapd

cyrus-imapd.i686 3.0.7-15.el8_0.1 
AppStream


cyrus-imapd.x86_64   3.0.7-15.el8_0.1 
AppStream


cyrus-imapd-utils.x86_64 3.0.7-15.el8_0.1 
AppStream


cyrus-imapd-vzic.x86_64  3.0.7-15.el8_0.1 
AppStream






Nikos.


Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus


<>
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: IMAP over SSL (only) handshake hangs

[Patrick Boutilier]

Almost sounds like you are running out of entropy. What does this show?

cat /proc/sys/kernel/random/entropy_avail



On 11/9/19 7:16 PM, Helder Guerreiro via Info-cyrus wrote:

Hi all

I'm having this exact same problem. Once the daemon is up it takes a 
while (a random while) to get to this state.


I'm on Debian 9.11 (stretch) which still is on Cyrus imap 2.5.10.

Any help would be very much appreciated.

/Helder

On 13/01/2015 10.22, Niels Dettenbach wrote:

Hi all,

today i've runned into a very suspicious problem never seen before:

While any other IMAP and POP3 ports with and without SSL / TLS are 
working -

connects to imaps (993) just hangs, there is nothing in the logs and a

openssl s_client -connect mail.myhost.abc:993

just brings out:

CONNECTED(0003)

what times out after minutes. Connection to 995 (POP3s) works perfectly.

A imtest -v -s against the IP of the machine hangs on:

starting TLS engine
setting up TLS connection
SSL_connect:before/connect initialization
write to 7F185DDB6480 [7F185DDC48F3] (216 bytes => 216 (0xD8))
 16 03 01 00 d3 01 00 00|cf 03 01 da 39 78 63 50
0010 b3 95 c8 e9 2f 11 4c 6c|de 39 e2 01 d1 e5 da 34
0020 61 e7 8d a5 85 68 6d 7a|14 e0 59 00 00 5c c0 14
0030 c0 0a 00 39 00 38 00 88|00 87 c0 0f c0 05 00 35
0040 00 84 c0 13 c0 09 00 33|00 32 00 9a 00 99 00 45
0050 00 44 c0 0e c0 04 00 2f|00 96 00 41 00 07 c0 11
0060 c0 07 c0 0c c0 02 00 05|00 04 c0 12 c0 08 00 16
0070 00 13 c0 0d c0 03 00 0a|00 15 00 12 00 09 00 14
0080 00 11 00 08 00 06 00 03|00 ff 02 01 00 00 49 00
0090 0b 00 04 03 00 01 02 00|0a 00 34 00 32 00 0e 00
00a0 0d 00 19 00 0b 00 0c 00|18 00 09 00 0a 00 16 00
00b0 17 00 08 00 06 00 07 00|14 00 15 00 04 00 05 00
00c0 12 00 13 00 01 00 02 00|03 00 0f 00 10 00 11 00
00d0 23 00 00 00 0f 00 01 01|
SSL_connect:SSLv3 write client hello A

I tried to delete tls_sessions and even connecting to localhost (where 
it is

bound too). netstat shows ESTABLISHED on such connections too.

The service is configured (and worked until tonight!):

   imaps cmd="imapd -s" listen="imaps" prefork=0 maxchild=150
   pop3s cmd="pop3d -s" listen="pop3s" prefork=0 maxchild=50

A crazy thing is, that connections to "localhost" seems to work as 
soon as it

uses the IPv6 adress of the localhost (::):

imtest -v -s localhost

while the IPv4 variant doesnt seem to work:

imtest -v -s 127.0.0.1

Because we did not use any IPv6 on that Gentoo machine i've disabled 
any IPv6

stuff now which doesnt seem to help.

cyrus-imap is compiled

with:
berkdb nntp pam sieve snmp sqlite ssl tcpd

without:
-afs -kerberos -mysql -postgres -replication

dev-libs/openssl is 1.0.1k compiled

with:
sse2 tls-heartbeat zlib

without:
-bindist -gmp -kerberos -rfc3779 -static-libs -test -vanilla

anything under Intel Xeon (bare metal).



many thanks for any help or ideas where to look further?


Some logs:

startup:
Jan 13 11:06:41 blade4 master[12565]: about to exec
/usr/lib64/cyrus/ctl_cyrusdb
Jan 13 11:06:41 blade4 ctl_cyrusdb[12565]: SQL backend defaulting to 
engine

'sqlite'
Jan 13 11:06:41 blade4 ctl_cyrusdb[12565]: recovering cyrus databases
Jan 13 11:06:41 blade4 ctl_cyrusdb[12565]: skiplist: checkpointed
/email/lib/cyrus/mailboxes.db (477 records, 60868 bytes) in 0 seconds
Jan 13 11:06:41 blade4 ctl_cyrusdb[12565]: skiplist: checkpointed
/email/lib/cyrus/annotations.db (0 records, 144 bytes) in 0 seconds
Jan 13 11:06:42 blade4 ctl_cyrusdb[12565]: done recovering cyrus 
databases
Jan 13 11:06:42 blade4 master[12595]: about to exec 
/usr/lib64/cyrus/idled

Jan 13 11:06:42 blade4 master[12598]: about to exec
/usr/lib64/cyrus/ctl_deliver
Jan 13 11:06:42 blade4 master[12599]: about to exec
/usr/lib64/cyrus/ctl_cyrusdb
Jan 13 11:06:42 blade4 master[12597]: about to exec 
/usr/lib64/cyrus/tls_prune
Jan 13 11:06:42 blade4 ctl_cyrusdb[12599]: SQL backend defaulting to 
engine

'sqlite'
Jan 13 11:06:42 blade4 ctl_cyrusdb[12599]: checkpointing cyrus databases
Jan 13 11:06:42 blade4 ctl_cyrusdb[12599]: archiving database file:
/email/lib/cyrus/mailboxes.db
Jan 13 11:06:42 blade4 ctl_cyrusdb[12599]: archiving database file:
/email/lib/cyrus/annotations.db
Jan 13 11:06:42 blade4 ctl_cyrusdb[12599]: done checkpointing cyrus 
databases

Jan 13 11:06:42 blade4 tls_prune[12597]: skiplist: checkpointed
/email/lib/cyrus/tls_sessions.db (1 record, 324 bytes) in 0 seconds
Jan 13 11:06:42 blade4 cyr_expire[12598]: skiplist: checkpointed
/email/lib/cyrus/deliver.db (804 records, 121348 bytes) in 0 seconds

and:

Jan 13 11:07:54 blade4 master[12559]: exiting on SIGTERM/SIGINT
Jan 13 11:07:54 blade4 master[25695]: setrlimit: Unable to set file
descriptors limit to -1: Operation not permitted
Jan 13 11:07:54 blade4 master[25695]: retrying with 4096 (current max)
Jan 13 11:07:54 blade4 master[25695]: process started
Jan 13 11:07:54 blade4 master[25699]: about to exec
/usr/lib64/cyrus/ctl_cyrusdb
Jan 13 11:07:55 blade4 ctl_cyrusdb[25699]: SQL backend 

Re: Cyrus backup: is traffic from master to backup server encrypted?

[Patrick Boutilier]

Just noticed that I am running an older version of Cyrus though.


On 11/8/19 7:35 AM, Patrick Boutilier wrote:

Odd, works here.


telnet localhost 2005
Trying ::1...
Connected to localhost.
Escape character is '^]'.
* SASL PLAIN
* STARTTLS
* COMPRESS DEFLATE
* OK domain Cyrus sync server v2.4.20
STARTTLS
OK Begin TLS negotiation now




On 11/8/19 2:12 AM, Deborah Pickett wrote:
... or do I need to establish my own SSH tunnel from master to backup 
server?


I've set up my dedicated Cyrus backup server with tls_server_cert and 
tls_server_key, and when I connect to port 2005 I see that STARTTLS is 
offered:


# nc localhost 2005
* SASL PLAIN LOGIN DIGEST-MD5
* STARTTLS
* COMPRESS DEFLATE
* OK rsync Cyrus backup server 3.0.11-Debian-3.0.11-1~bpo10+1
STARTTLS
NO command not implemented

But as shown, the STARTTLS command from the client is rejected.

I believe that DIGEST-MD5 gives me some level of privacy (sync_test 
reports a security strength factor of 128) even without TLS?


--
*Deborah Pickett*
System Administrator
*Polyfoam Australia Pty Ltd*


Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus





Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus



<>
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: Cyrus backup: is traffic from master to backup server encrypted?

[Patrick Boutilier]

Odd, works here.


telnet localhost 2005
Trying ::1...
Connected to localhost.
Escape character is '^]'.
* SASL PLAIN
* STARTTLS
* COMPRESS DEFLATE
* OK domain Cyrus sync server v2.4.20
STARTTLS
OK Begin TLS negotiation now




On 11/8/19 2:12 AM, Deborah Pickett wrote:
... or do I need to establish my own SSH tunnel from master to backup 
server?


I've set up my dedicated Cyrus backup server with tls_server_cert and 
tls_server_key, and when I connect to port 2005 I see that STARTTLS is 
offered:


# nc localhost 2005
* SASL PLAIN LOGIN DIGEST-MD5
* STARTTLS
* COMPRESS DEFLATE
* OK rsync Cyrus backup server 3.0.11-Debian-3.0.11-1~bpo10+1
STARTTLS
NO command not implemented

But as shown, the STARTTLS command from the client is rejected.

I believe that DIGEST-MD5 gives me some level of privacy (sync_test 
reports a security strength factor of 128) even without TLS?


--
*Deborah Pickett*
System Administrator
*Polyfoam Australia Pty Ltd*


Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus



<>
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: Upgrade cyrus 2.4.17 to 2.4.18 on Ubuntu

[Patrick Goetz]

I believe the version number change (incremental change to stable 
release) indicates you shouldn't have any problems, but of course shut 
down the service while it's being updated.


Re: Cyrus 3.x packages for Ubuntu:

I thought Debian was the one distro the cyrus crew provided up-to-date 
packages for?  See for example here:


  https://packages.debian.org/sid/amd64/cyrus-imapd/download

Grab the Debian source package and build it on your system for maximum 
compatibility (although the binary packages should be fine.   On Ubuntu, 
just download the debs and install by hand:


  # dpkg -i cyrus-imapd_3.0.8-4_amd64.deb


On 3/25/19 1:25 PM, Marcus Schopen wrote:

Hi,

I have to upgrade an internal Ubuntu 14.04 LTS with cyrus 2.4.17 to
Ubuntu 16.04 LTS, which comes with cyrus 2.4.18. Is there anything to
consider when upgrading from cyrus 2.4.17 to 2.4.18 (beside good
backup)? Cyrus runs as replica (master/slave). Probably it makes sense
to shut down the slave during the master upgrade and vice versa?
Downtimes are no problem.

Is there actually a way to check whether master and slave are on the
same state?

And are there any cyrus 3.x packages available for Ubuntu 16.04 or
18.04 LTS. Even Ubuntu 18.04 LTS comes with an old 2.5 cyrus version?

Cioa
Marcus



Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus



Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

cyrus_sasl 2.1.26 to 2.1.27 upgrade changed PAM behavior?

[Patrick Goetz]

This is more of a curiosity question than a problem, as I finally 
figured out why authentication stopped working on my cyrus-imapd 2.5.12 
server.


I use sasl in PAM mode: /usr/sbin/saslauthd -a pam

A recent Arch linux system upgrade broke authentication on my email 
server.  The only related change was cyrus_sasl was updated from 2.1.26 
to 2.1.27.  After eliminating virtually every other possibility   I 
finally tracked this down to the PAM configuration file for cyrus-imapd. 
 The previous file (perhaps incorrectly) was simply this:


  auth  sufficient  pam_unix.so
  auth  required  pam_deny.so


I changed this to


  auth  sufficient  pam_unix.so
  auth  required  pam_deny.so
  account  required  pam_unix.so


which fixed the problem.  I can understand the account entry being 
necessary for sasl authentication, but what I can't understand is why it 
was not necessary for 2.1.26, but subsequently necessary for 2.1.27 -- 
what changed that led to this?




Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: cyrus-imapd build dependencies

[Patrick Goetz]

Thanks, Ellie -- that was helpful.  A couple of follow up comments, though.

On 3/18/19 7:55 PM, ellie timoney wrote:

This page is in the developer section, so its context is for people who are 
Cyrus developers (especially for new contributors needing to get rolling 
quickly).


Unfortunately not just developers needs access to this information.  On 
Arch linux, any package not included in the official repo lands in the 
AUR, which requires that packages be built and compiled from source. 
(And since Arch already has dovecot in the official repos, it's unlikely 
that Cyrus would be added.)  I could be mistaken, but it appears the 
mainstream distros are mostly stuck with very old versions of Cyrus. 
I'm an Arch user, but would argue that the Arch AUR package is a great 
canonical reference distribution, since Arch adheres as closely to 
upstream as possible, and the PKGBUILDs are required to be 100% 
deterministic.  With minimal effort, someone who knows something about 
building/compiling linux programs can look at the PKGBUILD and know 
exactly what to do to create a functional cyrus installation.




 Expect a certain amount of detail to be glossed over on the assumption that 
it's already known and/or reasonably documented elsewhere.


"already known" is a less than optimal method, and I've had trouble 
finding alternative documentation on a number of points.





These are literally just "alternate database formats" -- maybe you already have 
extensive expertise in some other database and would rather use that than one of the 
builtin ones.  It has nothing to do with virtual domains.  Documentation about the 
databases used by Cyrus are here: 
https://www.cyrusimap.org/imap/concepts/deployment/databases.html


I read through the databases page and didn't see anything I don't 
already know (although it sure would have been nice to have this page 
available when I first started using cyrus!).  When I run


./configure --help

I see this:

  --with-mysql-libdir=DIR  MySQL lib files are in DIR
  --with-mysql-incdir=DIR  MySQL include files are in DIR
  --with-mysql=DIR use MySQL (in DIR) [no]


The AUR PKGBUILD (instructions for how to automatically build the 
executable + auxiliary files) includes --with-msyql and depends on 
mariadb-libs.  I'm guessing that the configuration utility looks in the 
standard places for mysql header and include files if --with-mysql is 
passed to configure (/usr/include/mysql and and /usr/lib) and you only 
need to specify the other 2 if your mysql libs are installed in a 
standard location.  It would be nice if this were explicitly documented 
somewhere, though.




The canonical source of information on configure options is the output from 
'./configure --help'.  It's kind of assumed that a developer will look there to 
find this information.



Yes, but that information is pretty sparse, as per the example above. 
Most of the options are self-explanatory, but, for example, as an 
experiment I tried adding the option


 --disable-pcre

which resulted in the compile failing (so I guess you can't actually 
disable pcre?).




Simple Network Management Protocol (SNMP) is a widely used
protocol for monitoring the health and welfare of network equipment
  (eg. routers), computer equipment and even devices like UPSs.
Net-SNMP is a suite of applications used to implement SNMP v1,
SNMP v2c and SNMP v3 using both IPv4 and IPv6.



Right.  So I know about the SNMP protocol, but have no idea how or why 
cyrus would be using this.





Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: segfaults with cyrus-imapd 3.0.9 on latest arch linux

[Patrick Goetz]

Hi Andreas -

Jakob has already updated the AUR package, which appears to have 
resolved this issue.  The related upstream bug is #2629.


Regarding the dependencies in the cyrus-imapd PKGBUILD.  I recommend 
starting with Jakob's PKGBUILD and just stripping out the stuff you 
don't need.  I've spent so much time looking at it at this point, if you 
tell me what you don't want, I can probably post a PKGBUILD that works 
for your requirements.


In any case, please try cyrus-imapd 3.0.9-2 and let me know if this 
resolves the issue for you, too.


Here is an explanation (provided by the AUR package maintainer) of the 
purpose of the various dependencies he's included (also the ones listed 
as requirements which he did not include).  We had pre-agreed that there 
is no harm in compiling in all the authentication hooks and 
CalDAV/CalCard dependencies.  Without the authentication hooks, the 
package isn't really general purpose.


- gperf seems to be useful for development only (maintainer mode)
- libbsd is only required for krb5afspts which is disabled (because IIRC 
it looks for static libraries which Arch doesn’t package)
- ICU: This seems to be genuinely missing, though as you noticed it is 
already required indirectly. It is probably still a good idea to make 
that dependency explicit. But since it’s a relatively minor problem I’ll 
wait to see if anything else comes up in our conversation so I can 
“bundle” the changes.
- clamav is in fact already in optdepends, however in order to build 
against it it needs to be in makedepends as well
- xapian-core provides efficient indexed search, which I’d argue is 
quite a useful feature to have in a mail server. It is linked into 
libcyrus_imap.so though, which is in turn linked into imapd (unlike 
clamav), therefore it is a hard dependency.
- libcap allows Cyrus’s services to restrict their own capabilities(7) 
for enhanced security
- libnghttp2 and brotli add support for HTTP/2 and Brotli compression of 
HTTP responses, respectively; which is relevant to CalDAV, CardDAV and 
other HTTP services (including JMAP in future versions)
- shapelib allows Cyrus’s Time Zone Distribution Service[2] to associate 
time zones with geographical locations
- python-sphinx, perl-pod-pom-view-restructured: required for generation 
of some manpages (which are included in the regular package, not the 
-docs one. I’d argue that manpages are actually useful to have around). 
These are only needed at buildtime and need not be present on the actual 
server system.




On 3/19/19 5:37 PM, Andreas Piesk wrote:

Am 19.03.19 um 22:00 schrieb Patrick Goetz:


Have you tried the 3.0.9 AUR package?

   https://aur.archlinux.org/packages/cyrus-imapd

Once you get the dependencies down, this one compiles and runs.



I noticed the package, it's good to see a recent version in AUR but it 
has too many dependecies for my taste, I need a stripped down version.


Unfortunately the AUR package doesn't work for me either, i build it in 
a VM with a fresh installed arch and it has the same problem:


Starting program: /usr/bin/cyrdump user/test
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/usr/lib/libthread_db.so.1".

Program received signal SIGSEGV, Segmentation fault.
0x77c76205 in re_compile_internal () from /usr/lib/libc.so.6
(gdb) bt
#0  0x77c76205 in re_compile_internal () from /usr/lib/libc.so.6
#1  0x77c77511 in regcomp () from /usr/lib/libc.so.6
#2  0x77e3d980 in glob_init () from /usr/lib/libcyrus.so.0
#3  0x77f38276 in ?? () from /usr/lib/libcyrus_imap.so.0
#4  0x77f3e5b7 in mboxlist_findallmulti () from 
/usr/lib/libcyrus_imap.so.0

#5  0x61aa in ?? ()
#6  0x77bbb223 in __libc_start_main () from /usr/lib/libc.so.6
#7  0x61ee in ?? ()


Best Regards,
-ap



Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus



Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: segfaults with cyrus-imapd 3.0.9 on latest arch linux

[Patrick Goetz]

Hi -

I can confirm this segmentation fault on my own Arch VM with cyrus 
installed from the AUR package.


As an experiment, I tried building the package with

   --disable-pcre

but then I can't even get the program to compile:


In file included from lib/glob.c:50:
lib/glob.h:57:5: error: unknown type name ‘regex_t’
 regex_t regex;
 ^~~
lib/glob.c: In function ‘glob_init’:
lib/glob.c:112:5: warning: implicit declaration of function ‘regcomp’; 
did you mean ‘memcmp’? [-Wimplicit-function-declaration]

 regcomp(>regex, buf_cstring(), REG_EXTENDED);
 ^~~
 memcmp
lib/glob.c:112:43: error: ‘REG_EXTENDED’ undeclared (first use in this 
function)

 regcomp(>regex, buf_cstring(), REG_EXTENDED);
^~~~


It would appear that --disable-pcre is a configuration option you can't 
actually use.



On 3/19/19 5:37 PM, Andreas Piesk wrote:

Am 19.03.19 um 22:00 schrieb Patrick Goetz:


Have you tried the 3.0.9 AUR package?

   https://aur.archlinux.org/packages/cyrus-imapd

Once you get the dependencies down, this one compiles and runs.



I noticed the package, it's good to see a recent version in AUR but it 
has too many dependecies for my taste, I need a stripped down version.


Unfortunately the AUR package doesn't work for me either, i build it in 
a VM with a fresh installed arch and it has the same problem:


Starting program: /usr/bin/cyrdump user/test
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/usr/lib/libthread_db.so.1".

Program received signal SIGSEGV, Segmentation fault.
0x77c76205 in re_compile_internal () from /usr/lib/libc.so.6
(gdb) bt
#0  0x77c76205 in re_compile_internal () from /usr/lib/libc.so.6
#1  0x77c77511 in regcomp () from /usr/lib/libc.so.6
#2  0x77e3d980 in glob_init () from /usr/lib/libcyrus.so.0
#3  0x77f38276 in ?? () from /usr/lib/libcyrus_imap.so.0
#4  0x77f3e5b7 in mboxlist_findallmulti () from 
/usr/lib/libcyrus_imap.so.0

#5  0x61aa in ?? ()
#6  0x77bbb223 in __libc_start_main () from /usr/lib/libc.so.6
#7  0x61ee in ?? ()


Best Regards,
-ap



Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus



Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: segfaults with cyrus-imapd 3.0.9 on latest arch linux

[Patrick Goetz]

Hi Andreas -

Have you tried the 3.0.9 AUR package?

  https://aur.archlinux.org/packages/cyrus-imapd

Once you get the dependencies down, this one compiles and runs.

On 3/19/19 3:38 PM, Andreas Piesk wrote:

Am 19.03.19 um 19:47 schrieb Jason L Tibbitts III:

"AP" == Andreas Piesk  writes:


AP> Hello list, i'm trying to get cyrus-imapd 3.0.9 (testet 3.0.8 too)
AP> running on latest arch linux. Here's the configure summary:

AP> External dependencies: ldap: no openssl: yes zlib: yes pcre: yes

AP> #6 0x7fc4aa385050 re_acquire_state_context (libc.so.6)
AP> #7 0x7fc4aa3907d4 re_compile_internal (libc.so.6)
AP> #8 0x7fc4aa391511 regcomp (libc.so.6)

You have pcre enabled but you are calling glibc regex functions.  You
may wish to double check that you are linking properly.  Fedora went
through a similar issue a while back when --Wl,--as-needed was added to
the default set of compiler flags, which caused subtle variations in the
link order.  The end result was that Fedora picked up a set of pcre
patches similar to what some other distros have to avoid duplicating the
glibc symbol names.


These are the default LDFLAGS Arch Linux uses:

LDFLAGS="-Wl,-O1,--sort-common,--as-needed,-z,relro,-z,now"

If I link without '--as-needed' crydump etc. do work without segfaulting.

"configure --disable-pcre" does not work:

lib/glob.h:57:5: error: unknown type name ‘regex_t’

I have no idea how to change the linkage order to put pcre before glibc 
(don't know if and how this is possible, I'm a hardware guy), I'm just 
building with


autoreconf -f
./configure

so I think my only option is to drop '--as-needed' from LDFLAGS and execute

./configure LDFLAGS=${LDFLAGS/,--as-needed/}

Thanks for pointing me in the right direction, highly appreciated.

Best Regards,
-ap



Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus



Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

cyrus-imapd build dependencies

[Patrick Goetz]

This page on compiling cyrus-imapd:

  https://www.cyrusimap.org/imap/developer/compiling.html

shows a number of build dependencies; however I was just able to compile 
cyrus-imapd without these installed:


   gperf
   libbsd


Are these actually necessary?

Later in the page, under "Alternate database formats" it shows the 
configure flags to use in order to use mysql/mariadb as a backend for 
cyrus databases.  I think this is needed if one plans to use virtual 
domains, but I couldn't get a confirmation on this.  In any case, the 
configure options are given as


 --with-mysql, --with-mysql-incdir, --with-mysql-libdir

with no clear indication of what each of these does.  For example, is 
the --with-mysql all inclusive, or does one need to set all 3?


Finally a couple of items in the "Other" category are a real head 
scratcher.  For example, what is the purpose of net-snmp?


libnghttp2 is listed as needed for "HTTP/2 support for httpd" -- what's 
using httpd?  Is this to faciliate CalDAV/CardDAV?



Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: renaming INBOX

[Patrick Boutilier]

On 3/15/19 4:43 AM, Marco wrote:

Il 14/03/2019 16:29, Patrick Boutilier ha scritto:

On 3/14/19 11:48 AM, Marco wrote:

Il 13/03/2019 09:16, Marco ha scritto:

Il 12/03/2019 13:30, Ken Murchison ha scritto:
If I remember correctly, Cyrus only permits the owner of the INBOX 
to rename it.  Proxy authenticate as n...@example.com and try again.


Hello Ken,

  I tried with proxy authentication. It is the same. The operation 
is not allowed:


Ops, sorry, I'm confusing myself. I confirm that with proxy 
authentication it works as described by the RFC.


I can rename the INBOX :)


RFC says:

Renaming INBOX is permitted, and has special behavior.  It moves
all messages in INBOX to a new mailbox with the given name, leaving 
INBOX empty.



So you still have an INBOX right? Just an empty one and new mail still 
gets delivered to INBOX?


Oh yes, of course :)


Ok.

Before reading the RFC I thought you were trying to "rename" INBOX to 
another name and have Cyrus deliver new mail to the new name. I 
misunderstood. :-)






Marco

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus


<>
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: Mailbox hierarchy determination?

[Patrick Boutilier]

On 3/14/19 1:23 PM, Patrick Goetz wrote:

On 3/14/19 9:46 AM, Simon Matter wrote:

I guess you're missing the fact that these options have possibly changed
between releases. Another thing is that distribution packages can also
alter the defaults and if they don't do it correct, they may "forget" to
also change the docs accordingly.



Thank you for your help with this.  I think what you're saying is that 
for my configuration I should have


   fulldirhash:   1
   hashimapspool: 1


I'm not 100% certain how the defaults are set for my installation -- is 
there any way to check this?


Check the directories such as /var/imap/quota/E and see if all the 
userids start with e. If not you are most likely using fulldirhash . Do 
the same for your mail partition to see if hashimapspool is enabled.








Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
<>
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: Mailbox hierarchy determination?

[Patrick Goetz]

On 3/14/19 9:46 AM, Simon Matter wrote:

I guess you're missing the fact that these options have possibly changed
between releases. Another thing is that distribution packages can also
alter the defaults and if they don't do it correct, they may "forget" to
also change the docs accordingly.



Thank you for your help with this.  I think what you're saying is that 
for my configuration I should have


  fulldirhash:   1
  hashimapspool: 1


I'm not 100% certain how the defaults are set for my installation -- is 
there any way to check this?




Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: renaming INBOX

[Patrick Boutilier]

On 3/14/19 11:48 AM, Marco wrote:

Il 13/03/2019 09:16, Marco ha scritto:

Il 12/03/2019 13:30, Ken Murchison ha scritto:
If I remember correctly, Cyrus only permits the owner of the INBOX to 
rename it.  Proxy authenticate as n...@example.com and try again.


Hello Ken,

  I tried with proxy authentication. It is the same. The operation is 
not allowed:


Ops, sorry, I'm confusing myself. I confirm that with proxy 
authentication it works as described by the RFC.


I can rename the INBOX :)


RFC says:

Renaming INBOX is permitted, and has special behavior.  It moves
all messages in INBOX to a new mailbox with the given name, leaving 
INBOX empty.





So you still have an INBOX right? Just an empty one and new mail still 
gets delivered to INBOX?







Thank you very much!!

Bye
Marco

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
<>
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: Mailbox hierarchy determination?

[Patrick Goetz]

On 3/14/19 3:50 AM, Simon Matter wrote:


Dirhashing is controlled by "fulldirhash" and "hashimapspool".




Right.  This is what it says in imapd.conf:


   fulldirhash: 0
  If enabled, uses an improved directory hashing scheme which hashes on
the entire username instead of using just the first letter as the hash. 
This changes hash algorithm used for quota and user directories and if 
hashimapspool is enabled, the entire mail spool.


   Note that this option CANNOT be changed on a live system. The server
must be quiesced and then the directories moved with the rehash utility.

   hashimapspool: 0
 If enabled, the partitions will also be hashed, in addition to the
hashing done on configuration directories. This is recommended if one 
partition has a very bushy mailbox tree.



I don't have these options enabled, and my interpretation of this 
description is that enabling them would facilitate my configuration, not 
the other way around.  This is what confused me in the first place.


What am I missing?



Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: Configuring cyrus-imapd for compilation

[Patrick Goetz]

Thanks, that helps.  A couple of follow up questions:

I found this comment in the documentation for compiling cyrus-imapd:

MariaDB or MySQL development headers, to allow Cyrus IMAP to use
it as the backend for its databases.

Configure option: --with-mysql, --with-mysql-incdir, 
--with-mysql-libdir



Does this mean you can't use virtual email domains unless the 
executables are compiled with these options, or is this just about 
putting the cyrus-imap metadata into a database rather than keeping it 
in the mail folders?


Second question: There are still a lot of current 2.x users out there, 
so there is some utility in keeping a 2.5.x package around, assuming I 
can still get it to work on an up to date Arch system (a recent upgrade 
broke my cyrus 2.5.10 install).


Can I still find instructions for compiling 2.5.x somewhere?  I need to 
go over the build options in the PKGBUILD for this release, as I'm not 
convinced they include everything (for example, there is no mention of 
the mysql options mentioned above.)




On 3/12/19 11:45 AM, Ken Murchison wrote:
I don't see a downside to have one monolithic package.  I think its 
easier for an admin to have everything available to them in one package 
rather than having to go find the correct package for the optional piece 
they are looking for.  But that's just me.




On 3/12/19 12:39 PM, Patrick Goetz wrote:
I'm finally getting around to updating the Arch linux cyrus-imapd 
package, and have a question.


Looking through the configuration options, it looks like there are a 
number of functionality critical decisions to be made:



CalDAV and CardDAV

    ./configure --enable-http --enable-calalarmd

Murder

    `./configure --enable-murder

Replication

    `./configure --enable-replication


The vast majority of cyrus admins are not going to need a Murder or 
Replication, but when you need it, you need it.


The issue is the Arch build system is based on using a single PKGBUILD 
file (which includes the configuration options) and one of the design 
principles is the outcome of building a binary package from a PKGBUILD 
should be deterministic; i.e. "A PKGBUILD should never be interactive. 
This is a rule that should never be broken."


So, my options are to create a single package configured for every 
possible use case, or to create multiple packages with different 
combinations of functionality, which suffers from something of a 
combinatorial explosion problem.


So, question, given that none of the configuration options appear to 
be mutually exclusive:  what are the downsides of compiling cyrus with 
everything, including the kitchen sink?  That appears to have been the 
original packaging philosophy for the 2.5.x version of the package.


Second question.  Quoting again from the documentation for 3.0.8:

    MariaDB or MySQL development headers, to allow Cyrus IMAP to use
    it as the backend for its databases.

    Configure option: --with-mysql, --with-mysql-incdir, 
--with-mysql-libdir



The 2.5.x package did not include any configuration flags for mysql 
support.  Does this mean the older package would not have worked with 
mysql (I've never tried using this, so can't confirm), or does it mean 
that this was previously a default configuration option in 2.5.x?


Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus




Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus



Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: renaming INBOX

[Patrick Boutilier]

On 3/13/19 5:16 AM, Marco wrote:

Il 12/03/2019 13:30, Ken Murchison ha scritto:
If I remember correctly, Cyrus only permits the owner of the INBOX to 
rename it.  Proxy authenticate as n...@example.com and try again.


Hello Ken,

  I tried with proxy authentication. It is the same. The operation is 
not allowed:


$ telnet 0 143
Trying 0.0.0.0...
Connected to 0.
Escape character is '^]'.
* OK [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE AUTH=PLAIN AUTH=LOGIN 
SASL-IR] imap.example.com Cyrus IMAP 3.0.8-2.el7 RHEL server ready

a01 AUTHENTICATE PLAIN dXRlkljfsllERWDFSDKL4Y3lydSSRXMAb3hjeXJ1cw==
a01 OK [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE ACL RIGHTS=kxten QUOTA 
MAILBOX-REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT CHILDREN 
MULTIAPPEND BINARY CATENATE CONDSTORE ESEARCH SEARCH=FUZZY SORT 
SORT=MODSEQ SORT=DISPLAY SORT=UID THREAD=ORDEREDSUBJECT 
THREAD=REFERENCES THREAD=REFS ANNOTATEMORE ANNOTATE-EXPERIMENT-1 
METADATA LIST-EXTENDED LIST-STATUS LIST-MYRIGHTS LIST-METADATA WITHIN 
QRESYNC SCAN XLIST XMOVE MOVE SPECIAL-USE CREATE-SPECIAL-USE DIGEST=SHA1 
X-REPLICATION URLAUTH URLAUTH=BINARY LOGINDISABLED XCONVERSATIONS 
COMPRESS=DEFLATE X-QUOTA=STORAGE X-QUOTA=MESSAGE 
X-QUOTA=X-ANNOTATION-STORAGE X-QUOTA=X-NUM-FOLDERS IDLE] Success (no 
protection) SESSIONID=

a01 LIST "" *
* LIST (\HasChildren) "/" INBOX
* LIST (\HasNoChildren) "/" "INBOX/Posta archiviata"
* LIST (\HasNoChildren) "/" INBOX/Sent
* LIST (\HasNoChildren) "/" INBOX/Spam
* LIST (\HasNoChildren \Trash) "/" INBOX/Trash
* LIST (\HasNoChildren) "/" INBOX/ciao',
* LIST (\HasNoChildren) "/" INBOX/ciao,bello
* LIST (\HasNoChildren) "/" "INBOX/my cent"
a01 OK Completed (0.010 secs 8 calls)
a02 RENAME INBOX malloppone
a02 NO Operation is not supported on mailbox



- Cyrus version: 3.0.8
- imapd.conf
 allowusermoves: 1



a02 RENAME INBOX malloppone

Pretty sure you can't rename INBOX for the same user. When I suggested 
"allowusermoves: 1" I thought the goal was to rename a user. Something like:


RENAME user/guy/INBOX user/otherguy/INBOX






Thank you
Marco

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus


<>
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Configuring cyrus-imapd for compilation

[Patrick Goetz]

I'm finally getting around to updating the Arch linux cyrus-imapd 
package, and have a question.


Looking through the configuration options, it looks like there are a 
number of functionality critical decisions to be made:



CalDAV and CardDAV

./configure --enable-http --enable-calalarmd

Murder

`./configure --enable-murder

Replication

`./configure --enable-replication


The vast majority of cyrus admins are not going to need a Murder or 
Replication, but when you need it, you need it.


The issue is the Arch build system is based on using a single PKGBUILD 
file (which includes the configuration options) and one of the design 
principles is the outcome of building a binary package from a PKGBUILD 
should be deterministic; i.e. "A PKGBUILD should never be interactive. 
This is a rule that should never be broken."


So, my options are to create a single package configured for every 
possible use case, or to create multiple packages with different 
combinations of functionality, which suffers from something of a 
combinatorial explosion problem.


So, question, given that none of the configuration options appear to be 
mutually exclusive:  what are the downsides of compiling cyrus with 
everything, including the kitchen sink?  That appears to have been the 
original packaging philosophy for the 2.5.x version of the package.


Second question.  Quoting again from the documentation for 3.0.8:

MariaDB or MySQL development headers, to allow Cyrus IMAP to use
it as the backend for its databases.

Configure option: --with-mysql, --with-mysql-incdir, 
--with-mysql-libdir



The 2.5.x package did not include any configuration flags for mysql 
support.  Does this mean the older package would not have worked with 
mysql (I've never tried using this, so can't confirm), or does it mean 
that this was previously a default configuration option in 2.5.x?


Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: renaming INBOX

[Patrick Boutilier]

On 3/12/19 9:27 AM, Marco wrote:

Hello,

  could you help me to understand how Cyrus IMAP works with rename at 
INBOX level?


RFC3501 says that "Renaming INBOX is permitted, and has special 
behavior.  It moves all messages in INBOX to a new mailbox with the 
given name, leaving INBOX empty."


If I try with Cyrus IMAP I see:

* OK [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE AUTH=PLAIN AUTH=LOGIN 
SASL-IR] cyrus.example.com Cyrus IMAP 3.0.8-2.el7 RHEL server ready

a login admin adminpassword
a OK [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE ACL RIGHTS=kxten QUOTA 
MAILBOX-REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT CHILDREN 
MULTIAPPEND BINARY CATENATE CONDSTORE ESEARCH SEARCH=FUZZY SORT 
SORT=MODSEQ SORT=DISPLAY SORT=UID THREAD=ORDEREDSUBJECT 
THREAD=REFERENCES THREAD=REFS ANNOTATEMORE ANNOTATE-EXPERIMENT-1 
METADATA LIST-EXTENDED LIST-STATUS LIST-MYRIGHTS LIST-METADATA WITHIN 
QRESYNC SCAN XLIST XMOVE MOVE SPECIAL-USE CREATE-SPECIAL-USE DIGEST=SHA1 
X-REPLICATION URLAUTH URLAUTH=BINARY LOGINDISABLED XCONVERSATIONS 
COMPRESS=DEFLATE X-QUOTA=STORAGE X-QUOTA=MESSAGE 
X-QUOTA=X-ANNOTATION-STORAGE X-QUOTA=X-NUM-FOLDERS IDLE] User logged in 
SESSIONID=

a rename user/n...@example.com user/name/allcont...@example.com
a NO Operation is not supported on mailbox

So, it seems that Cyrus IMAP does not support rename at INBOX level. Is 
this right?




What version of Cyrus? In our 2.4.x installs we needed to set

allowusermoves: 1

in /etc/imapd.conf to rename users .











Many many thanks again for the support
Warm Regards
Marco

Ps imapd.conf is
allowusermoves: 1

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
<>
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: disk space used by a mailbox without expunged

[Patrick Boutilier]

On 2/13/19 7:01 AM, Eric Luyten wrote:


On 13/02/2019 09:17, Michael Menge wrote:

Hi Marcus,

Quoting Marcus Schopen :


Hi,

is there a way to count the disk space used by a mailbox without
expunged messages?



mbexamine user/LoginID | grep Size

on older cyrus versions (2.3 and 2.4) mbexamine did examine all 
subfolders as well

in 3.0 only the info for the given folder is shown




O dear.

We (2.3 server, upgrading this year) use the subfolder size information 
extensively in our management procedures.





Use /* to get the subfolders. Such as:


/usr/local/cyrus/sbin/mbexamine user/testuser|grep 'Mailbox Size'

  Number of Messages: 21  Mailbox Size: 332856 bytes  Annotations Size: 
0 bytes





/usr/local/cyrus/sbin/mbexamine user/testuser/*|grep 'Mailbox Size'

  Number of Messages: 61  Mailbox Size: 1578340 bytes  Annotations 
Size: 0 bytes
  Number of Messages: 1  Mailbox Size: 22909 bytes  Annotations Size: 0 
bytes

  Number of Messages: 0  Mailbox Size: 0 bytes  Annotations Size: 0 bytes
  Number of Messages: 1573  Mailbox Size: 50237802 bytes  Annotations 
Size: 0 bytes
  Number of Messages: 41  Mailbox Size: 639825 bytes  Annotations Size: 
0 bytes

  Number of Messages: 0  Mailbox Size: 0 bytes  Annotations Size: 0 bytes



Eric Luyten.





Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus


<>
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: folder left after dm user.mailboxname, remove by rm ?

[Patrick Boutilier]

On 2/5/19 3:35 PM, Marcus Schopen wrote:

Hi Eric,

thanks for your time!

Am Dienstag, den 05.02.2019, 18:19 +0100 schrieb Eric Luyten:


I do not know what Cyrus version you are running but very
occasionally,
on a 2.3 system, I witness the same phenomenon.


It's a 2.4 version.


To give you an idea : this happens on average once every thousand
(or
so) account removals.

If Cyrus doesn't know about the directory through mailboxes.db it is
never going to remove it by itself.


I understand. Is it safe then to remove that "forgotten" folder by hand
(rm -rf ...).


I don't see why not. I have done it before. You can always just move it 
somewhere out of the way and move it back if it causes any issues.



Also, just wanted to point out another way of deleting users from 
"DELETED" without having to use expire.



localhost> lm DELETED.user.soandso.*
DELETED.user.soandso.5C3F3CFC (\HasNoChildren)
DELETED.user.soandso.sent-mail.5C3F3CFC (\HasNoChildren)


localhost> dm DELETED.user.soandso.*
Deleting mailbox DELETED.user.soandso.5C3F3CFC...OK.
Deleting mailbox DELETED.user.soandso.sent-mail.5C3F3CFC...OK.



Ciao!



Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus



<>
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: Is there any to reconstruct a mailbox, if used just have the email files, but none of the original cyrus.* files?

[Patrick Boutilier]

On 1/18/19 5:26 PM, Mark London wrote:
Hi - Is there any to reconstruct a mailbox, if you just have the email 
files, but none of the original cyrus.* files?   Don't ask me why, it's 
a very long story.


I believe you can just recreate the mailbox (using cyradm or similar) 
and then run the reconstruct.





As an aside, has anyone ever had a situation where emails were los,t 
when someone used Apple Mail to transfer a lot of files from one folder 
to another?   We had this happen.   Someone tried to move a years worth 
of emails,  22K or so, to a new folder.   Only a few files emails ended 
up in the new folders, and the rest were totally deleted.  I confirmed 
via my backup logs, that this was the case. The same user tried the same 
operation the year before, and the same thing happened.   i tried using 
Thunderbird, and had no problems. Just curious.  Thanks.


Mark London
m...@psfc.mit.edu


Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus


<>
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: Cyrus 2.4 and unexpunge messages.

[Patrick Boutilier]

On 1/2/19 9:31 AM, Adam Tauno Williams wrote:

On Wed, 2019-01-02 at 09:20 +0100, chose wrote:

I've unexpunged messages in the mail box, all is recovered but the
flag "deleted" persist, so Roundcube see the email as deleted and
the emails are grey.


Yes, this is correct.  Unexpunge unexpunges, it does not undelete
[delete in IMAP being a flag].  This a feature, not a bug [IMAP handles
deletes in a consistent, reliable, sane, standard way vs. the hackish
behavior implemented by most MUAs].


    Did I missed some step to full  recover emails ?


Run unexpunge with -d


 -d Unset the \Deleted flag on any restored messages.






They are fully recovered; you can mark them as undeleted via the
client.



<>
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: IMAPD-3.0.8 on FreeBSD-11.2 unindexed messages in inbox

[Patrick Boutilier]

On 11/30/18 11:24 AM, James B. Byrne via Info-cyrus wrote:

While investigating a problem I encountered a(nother) situation that I
do not understand.

I entered a user's root mailbox using cd and did 'ls -l *\.'.  There
are 245 files with names like '999\.' in this directory.  My
understanding is that this would up as 245 messages in the user's
INBOX display.  However, the user's INBOX only shows 36.

There is is also a subfolder named 'INBOX^Trash' that is shown to
contain 246 messages but which actually contains 14820.

I am not familiar with IMAP3 and have only recently converted to it
from imap2 running on a different host.  It was during the conversion
process that the existing .Trash/.Sent/.Drafts were replaced by
INBOX^Trash/INBOX^Sent/INBOX^Drafts.  So there may be something
obvious that I do not know about.

I speculate that this has something to do with the difference between
delete and expunge but I would like to know for certain what is
happening if someone would explain it to me.



Most likely delayed expunge. Does this show 209?

unexpunge -l user.realuserid |grep UID|wc -l






Thanks



<>
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: suddenly 'User unknown'?

[Patrick Boutilier]

On 11/30/18 10:00 AM, Charles Bradshaw via Info-cyrus wrote:

Javier

On 30/11/2018 11:49, Javier Angulo wrote:

On 11/29/18 8:00 PM, Charles Bradshaw via Info-cyrus wrote:

Now you tell me is cyrus syslog being sent to /var/log/maillog? Or
should it be going to /var/imapd.log as the configuration files, man
pages and cyrus installation guides ( found here:
https://www.cyrusimap.org/imap/installing.html ) say it should?

I believe there is no "syslog_facility:" option in cyrus 2.4 (at least I
was unable to find it). You can configure it in cyrus3 and maybe in
cyrus 2.5.

I removed syslog_facility from imapd.conf

So in /etc/imapd.conf I would remove the syslog_facility line and set:
syslog_prefix: cyrus

Has no effect: present or not, or changed to test.

And in /etc/rsyslog.conf:
mail.*   -/var/log/maillog

Has always been in my rsyslog.conf


Restart rsyslog and check logs for cyrus/something ...


# /etc/init.d/rsyslog restart

# service sendmail restart

Now when I connect (from another host) using Thunderbird Mail I see in
/etc/maillog:

Nov 30 13:01:02 dell2600-1 sendmail[9865]: NOQUEUE: stopping daemon,
reason=signal
Nov 30 13:01:02 dell2600-1 sendmail[9950]: starting daemon (8.14.4):
SMTP+queueing@01:00:00
Nov 30 13:01:02 dell2600-1 sendmail[9950]: STARTTLS: CRLFile missing
Nov 30 13:01:03 dell2600-1 sendmail[9950]: STARTTLS=server,
Diffie-Hellman init, key=1024 bit (1)
Nov 30 13:01:03 dell2600-1 sendmail[9950]: STARTTLS=server, init=1
Nov 30 13:01:03 dell2600-1 sendmail[9950]: started as:
/usr/sbin/sendmail -bd -q1h
Nov 30 13:01:03 dell2600-1 sm-msp-queue[9960]: starting daemon (8.14.4):
queueing@01:00:00
Nov 30 13:01:26 dell2600-1 cyrus/imaps[8645]: USAGE
b...@bradcan.homelinux.com user: 0.141978 sys: 0.087986
Nov 30 13:05:59 dell2600-1 cyrus/imaps[8743]: starttls: TLSv1.2 with
cipher AES128-SHA (128/128 bits new) no authentication
Nov 30 13:05:59 dell2600-1 cyrus/imaps[8743]: login: [192.168.0.6]
b...@bradcan.homelinux.com CRAM-MD5+TLS User logged in
SESSIONID=
Nov 30 13:05:59 dell2600-1 cyrus/imaps[8743]: client id: "name"
"Thunderbird" "version" "60.2.1"

Hum.. cyrus/imaps sends logging to /etc/maillog

I think it is absolutely clear:

1 - where cyrus syslog goes to is a red herring. It goes to, and has
always gone to /var/maillog. It is simply that the prefix 'cyrus' only
appears for cyrus imap transactions and other sendmail is labeled 'sendmail'

2 - imapd is working fine: allows brad.bradcan.homelinux.com to connect
an email client. Also to move email from one mailbox to another. The
proof is that since enabling telemetry logging
/var/lib/imap/log/b...@bradcan.homelinux.com/ reflects imap transactions.

3 - A problem remains with LMTP. as is clearly evident from 'User
unknown' appearing in maillog.

My original question remains: How do I diagnose this when a test email
is sent to b...@bradcan.homelinux.com :

Nov 30 12:59:48 dell2600-1 sendmail[9882]: wAUCxmBS009882:
to=b...@bradcan.homelinux.com, delay=00:00:00, xdelay=00:00:00,
mailer=cyrusv2, pri=32701, relay=localhost [[UNIX:
/var/lib/imap/socket/lmtp]], dsn=5.1.1, stat=User unknown



I think why people are concentrating on the logging is that there should 
be lmtp entries in your logs to indicate what the issue is. Are there 
any lmtp entries in either /etc/maillog or /var/log/maillog ?



Another option is to limit lmtpd to one process and strace it.









Thanks for your patience.



Cheers

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus


Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus



<>
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: tls-1.0 and cyrus-imaps-3.0.8

[Patrick Boutilier]

On 11/26/18 12:08 PM, James B. Byrne via Info-cyrus wrote:



On Mon, November 26, 2018 10:28, Ken Murchison wrote:

I can't reproduce your issue and I don't see where the sslscan output
states that TLS1.0 is being advertised.  Can you actually connect
using TLS1.0 protocol?




No, we cannot.  I will pass the results of our test to the powers
thast be and see what their reply is.

Thank you, that was most helpful advice.


https://testssl.sh is also useful.

testssl.sh --ssl-native -p :993




 Service detected:   IMAP, thus skipping HTTP specific checks


 Testing protocols via native openssl

 SSLv2  Local problem: /usr/bin/openssl doesn't support "s_client 
-ssl2"

 SSLv3  not offered (OK)
 TLS 1  not offered
 TLS 1.1not offered
 TLS 1.2offered (OK)
 TLS 1.3not offered
 NPN/SPDY   not offered
 ALPN/HTTP2 not offered






<>
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: IMAP-3.0.8 and Diffie-Hellman

[Patrick Boutilier]

On 11/23/18 12:08 PM, James B. Byrne via Info-cyrus wrote:

I would like someone to explain to me how the diffie-hellman
parameters are adjusted for cyrus-imap.  Unlike Postfix, there does
not seem to be a separate setting in imapd.conf for a DH parameter
file.  At least, I cannot find documentation respecting such a thing.

The only information I have gleaned is that it may be necessary to
append the DHParm file to the private key of the imap server.  That
seems to be a rather inelegant way of doings but, if that is the only
way to do so then I need that confirmed. If not, then I would very
much appreciate being told how else to accomplish it.


Not sure about 3.x but that is how it is done in 2.4.x








<>
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: System I/O error (in reply to end of DATA command) for LMTP delivery

[Patrick Boutilier]

Anything in /var/log/audit/audit.log ?

On June 1, 2018 2:29:06 PM ADT, Stephen Ingram  wrote:
>Patrick-
>
>I'm also trying to get more debugging about he system I/O error, but
>never
>see it in the cyrus logs, only in the postfix logs.
>
>Steve
>
>On Fri, Jun 1, 2018 at 9:37 AM, Patrick Boutilier
>
>wrote:
>
>> On 06/01/2018 01:31 PM, Stephen Ingram wrote:
>>
>>> Patrick-
>>>
>>> Actually, nothing. I've got everything piped into /var/log/maillog
>and
>>> not too much there either beyond the actual error message.
>>>
>>>
>> Hmmm... Usually when I have seen the System I/O error the log entry
>also
>> records what the actual directory/file that it wants to write to.
>Going by
>> memory here since it has been a long time since I have seen the
>error.
>>
>>
>>
>>
>> Steve
>>>
>>>
>>> On Fri, Jun 1, 2018 at 9:23 AM, Patrick Boutilier
>>> <mailto:bouti...@ednet.ns.ca>> wrote:
>>>
>>> On 06/01/2018 01:21 PM, Stephen Ingram wrote:
>>>
>>> I'm receiving a 451 4.3.0 System I/O error (in reply to end
>of
>>> DATA command) error from Postfix when trying to deliver to
>>> cyrus-imap and not really sure why. I'm on CentOS 7
>(2.4.17-8)
>>> after downgrading from current version. I'm using Kerberos
>>> GSSAPI to connect to the front end, but authentication
>appears
>>> to be working fine as I can see authenticated when enabling
>LMTP
>>> debugging in Postifx. All messages are refused for delivery
>>> though. I'm not sure what to do. Any suggestions?
>>>
>>>
>>> Should be something of value in /var/log/messages .
>>>
>>>
>>>
>>>
>>> Steve
>>>
>>>
>>> 
>>> Cyrus Home Page: http://www.cyrusimap.org/
>>> List Archives/Info:
>>> http://lists.andrew.cmu.edu/pipermail/info-cyrus/
>>> <http://lists.andrew.cmu.edu/pipermail/info-cyrus/>
>>> To Unsubscribe:
>>> https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
>>> <https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus>
>>>
>>>
>>>
>>> 
>>> Cyrus Home Page: http://www.cyrusimap.org/
>>> List Archives/Info:
>>> http://lists.andrew.cmu.edu/pipermail/info-cyrus/
>>> <http://lists.andrew.cmu.edu/pipermail/info-cyrus/>
>>> To Unsubscribe:
>>> https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
>>> <https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus>
>>>
>>>
>>>
>>

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: System I/O error (in reply to end of DATA command) for LMTP delivery

[Patrick Boutilier]

On 06/01/2018 01:31 PM, Stephen Ingram wrote:

Patrick-

Actually, nothing. I've got everything piped into /var/log/maillog and 
not too much there either beyond the actual error message.




Hmmm... Usually when I have seen the System I/O error the log entry also 
records what the actual directory/file that it wants to write to. Going 
by memory here since it has been a long time since I have seen the error.






Steve

On Fri, Jun 1, 2018 at 9:23 AM, Patrick Boutilier <mailto:bouti...@ednet.ns.ca>> wrote:


On 06/01/2018 01:21 PM, Stephen Ingram wrote:

I'm receiving a 451 4.3.0 System I/O error (in reply to end of
DATA command) error from Postfix when trying to deliver to
cyrus-imap and not really sure why. I'm on CentOS 7 (2.4.17-8)
after downgrading from current version. I'm using Kerberos
GSSAPI to connect to the front end, but authentication appears
to be working fine as I can see authenticated when enabling LMTP
debugging in Postifx. All messages are refused for delivery
though. I'm not sure what to do. Any suggestions?


Should be something of value in /var/log/messages .




Steve



Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info:
http://lists.andrew.cmu.edu/pipermail/info-cyrus/
<http://lists.andrew.cmu.edu/pipermail/info-cyrus/>
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
<https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus>




Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info:
http://lists.andrew.cmu.edu/pipermail/info-cyrus/
<http://lists.andrew.cmu.edu/pipermail/info-cyrus/>
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
<https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus>




<>
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: System I/O error (in reply to end of DATA command) for LMTP delivery

[Patrick Boutilier]

On 06/01/2018 01:21 PM, Stephen Ingram wrote:
I'm receiving a 451 4.3.0 System I/O error (in reply to end of DATA 
command) error from Postfix when trying to deliver to cyrus-imap and not 
really sure why. I'm on CentOS 7 (2.4.17-8) after downgrading from 
current version. I'm using Kerberos GSSAPI to connect to the front end, 
but authentication appears to be working fine as I can see authenticated 
when enabling LMTP debugging in Postifx. All messages are refused for 
delivery though. I'm not sure what to do. Any suggestions?


Should be something of value in /var/log/messages .





Steve



Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus



<>
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: Moving from cIMAP-2.3.16 to 3.0.5

[Patrick Boutilier]

On 05/12/2018 06:03 PM, James B. Byrne via Info-cyrus wrote:

I have used rsync to move our entire maill store from the old server
to the new.  I now I wish to move the contents of mailboxes.db from
the old to the new.  I have tried:

sudo -u cyrus /usr/lib/cyrus-imapd/ctl_mboxlist -d -f
/var/spool/imap/mailboxes.db.txt

on the old followed by a transfer of /var/spool/imap/mailboxes.db.txt
to the new followed by:

sudo -u cyrus /usr/local/cyrus/sbin/ctl_mboxlist -u  -f
/var/spool/imap/mailboxes.db.txt on the new

  and all I get is a blank line and no indication in ps that the task
is consuming any cpu.

If I press  I see this:

line 1: no partition found

line 2: no partition found

line 3: no partition found

. . .


There is only one partition on both systems and it is
'/var/spool/imap' on both.

I have also tried the method suggested on the 3.0.6 documentation
respecting upgrading and use rsync to move over mailboxes.db.  In each
case I cannot get reconstruct to run and upgrade or rebuild the mail
store on the new service.

# sudo -u cyrus /usr/local/cyrus/sbin/reconstruct -r -f -V *
#

I get an immediate empty return.

I know that there exist physical mailboxes on the server that cyradm
does not report.  I know that these mailboxes exist on the old server
and therefore I infer are present in mailboxess.db.

How do I get the contents of the old mailboxes.db file into the new so
that reconstruct will run?





Pretty sure you are using -f incorrectly. Try this:

sudo -u cyrus /usr/lib/cyrus-imapd/ctl_mboxlist -d > 
/var/spool/imap/mailboxes.db.txt


 on the old followed by a transfer of /var/spool/imap/mailboxes.db.txt

 to the new followed by:

sudo -u cyrus /usr/local/cyrus/sbin/ctl_mboxlist -u < 
/var/spool/imap/mailboxes.db.txt


on the new
<>
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: Cannot LOGIN using openssl s_client

[Patrick Boutilier]

On 04/27/2018 10:56 AM, James B. Byrne via Info-cyrus wrote:

OS  : CentOS-6.9
Name: cyrus-imapd
Arch: x86_64
Version : 2.3.16
Release : 15.el6

We have a working Apache-2.2 /Squirrelmail-1.42 (SM) / Cyrus-IMAP-2.3
(CI) setup.  SM and CI reside on different hosts.  We use TLS over
port 993 to communicate.  The login mechanism is plaintext
authenticating against /etc/passwd.

We are in the process of transitioning from this setup to one hosted
on FreeBSD and I am having problems getting SM on the new host to
connect to the existing CI service.  To debug this I am using openssl
s_client as follows:

openssl s_client \
   -connect imap.hamilton.harte-lyne.ca:993 \
   -CApath /usr/local/etc/pki/tls/certs

Resulting in:
. . .
 Start Time: 1524836386
 Timeout   : 300 (sec)
 Verify return code: 19 (self signed certificate in certificate chain)
---
* OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID AUTH=PLAIN SASL-IR
COMPRESS=DEFLATE] inet07.hamilton.harte-lyne.ca Cyrus IMAP
v2.3.16-Fedora-RPM-2.3.16-15.el6 server ready

LOGIN testusermb testuserpw
LOGIN BAD Please login first

According to the documentation the message LOGIN BAD means that the
arguments to the LOGIN command are not understood.  But, as far as I
can discover, the LOGIN command only takes two arguments: user name
and password.

I get the same results on both the new SM host and the old so the
issue is with my employment of s_client.  How does one connect to a
mailbox using s_client?




You need something at the start like a period

. LOGIN testusermb testuserpw

<>
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: please HELP

[Patrick Boutilier]

On 01/22/2018 07:55 PM, Heiler Bemerguy via Info-cyrus wrote:



The way I interpret it is that the / means unixhierarchysep is on.

Just tested this on 2.4.18 and the same thing happens. When you 
rename back no messages are listed and reconstruct does nothing.


Ah. As suspected the rights are wrong. You just need to set the rights 
back to the real user. You probably need to use / instead of .


localhost> lam user.test
testtodelete lrswipkxtecda

localhost> sam user.test test lrswipkxtecda

localhost> lam user.test
testtodelete lrswipkxtecda
test lrswipkxtecda

localhost> sam user.test testtodelete ''

localhost> lam user.test
test lrswipkxtecda


localhost> lam user/asaude
asaudetodelete lrswipkxtecda
localhost> lam user/ana^claudia
ana.claudiatodelete lrswipkxtecda
localhost>

OMG it's completely borked. Why did it happen? How it changed to 
"TODELETE" but didn't change back hours later?!?


Just looks like a bug.

 Maybe was the capital

letters?!


Yup. I tested and using capital letters causes this behaviour.




Then I'll have to change one by one? with "sam"? Could you please 
explain what you did? I understood the LAMs but didn't the SAMs lol it 
seems in your case you had two acls?! a right and a wrong?




You will have to change the rights somehow. Should be able to do it with 
a PHP or perl script.


Correct, need to remove the wrong ACL and put the correct one on. For 
example:


sam user/asaude asaudetodelete ''
sam user/asaude asaude lrswipkxtecda

First sam deletes the wrong ACL, second sam adds the correct one.

Of course those only get the InBox. For folders you will have to also do 
something like:


sam user/asaude/* asaudetodelete ''
sam user/asaude/* asaude lrswipkxtecda
<>
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: please HELP

[Patrick Boutilier]

On 01/22/2018 07:01 PM, Patrick Boutilier wrote:

On 01/22/2018 06:02 PM, Heiler Bemerguy via Info-cyrus wrote:

Em 22/01/2018 18:46, Dan White escreveu:

On 01/22/18 17:44 -0300, Heiler Bemerguy via Info-cyrus wrote:

imap_renamemailbox($mbox, "$mailbox", "$mailbox"."TODELETE")


Was this performed as an admin?


Yes. In a huge list of imap accounts I THOUGHT were unused



Some mailboxes were erroneusly renamed to "loginTODELETE" and I need 
to put them back to the original name.


I reverted this command, like: imap_renamemailbox($mbox, 
"$mailbox"."TODELETE", "$mailbox")


And the mailbox seems to be there with the correct name. It lists 
all folders, but they all show up as EMPTY.


We use roundcube as client and it always says "no messages was found"

I've already tried like "cyrus reconstruct -r -f user/personlogin" 
with no luck !!!


What is your Cyrus version, and what does a sanitized copy of your
imapd.conf look like?

2.5.10
configdirectory: /var/lib/cyrus
proc_path: /dev/shm/cyrus/proc
mboxname_lockpath: /dev/shm/cyrus/lock
defaultpartition: default
partition-default: /var/spool/cyrus/mail
partition-news: /var/spool/cyrus/news
newsspool: /var/spool/news
altnamespace: no
unixhierarchysep: yes
reject8bit: yes
lmtp_downcase_rcpt: yes
admins: admin
allowanonymouslogin: no
popminpoll: 0
autocreate_quota: 0
umask: 077
hashimapspool: true
allowplaintext: yes
sasl_mech_list: PLAIN
lmtp_strict_quota: 1
allowusermoves: true




If you have unixhierarchysep turned off, then you'd want:

cyrreconstruct -r -f user.personlogin

Please make sure you have a backup of the current state of your 
mailstore

before proceeding, in addition to whatever backups you had prior to
modification.


I've done that. But in the cyrus.header, the "todelete" is still 
there, although in lower case..

I think that is the big problem!!


The '^' implies you have unixhierarchysep turned off, based on this:

https://www.cyrusimap.org/imap/concepts/features/namespaces.html?highlight=internal 



See the /doc/internal documentation within the source as well.


iury.pintotodelete  lrswipkxtecda




But it is enabled.. should I disable it or what?
I just renamed another imap account from "loginTODELETE" to "login" 
and even after Reconstruct, it shows on cyrus.header:


    root@mailer:/var/spool/cyrus/mail/a/user/ana^claudia# cat 
cyrus.header

    Cyrus mailbox header
    "The best thing about this system was that it had lots of goals."
     --Jim Morris on Andrew
    user.ana^claudia    2696fec95963d41f
    $MDNSent $Forwarded
    ana.claudiatodelete lrswipkxtecda


Is this incorrect header file that is causing all this users folders 
to appears as empty ?? why reconstruct isnt' fixing it ??!


The way I interpret it is that the / means unixhierarchysep is on.

Just tested this on 2.4.18 and the same thing happens. When you rename 
back no messages are listed and reconstruct does nothing.


Ah. As suspected the rights are wrong. You just need to set the rights 
back to the real user. You probably need to use / instead of .


localhost> lam user.test
testtodelete lrswipkxtecda

localhost> sam user.test test lrswipkxtecda

localhost> lam user.test
testtodelete lrswipkxtecda
test lrswipkxtecda

localhost> sam user.test testtodelete ''

localhost> lam user.test
test lrswipkxtecda










--
Atenciosamente / Best Regards,

Heiler Bemerguy
Network Manager - CINBESA
55 91 98151-4894/3184-1751




Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus






Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus



<>
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: please HELP

[Patrick Boutilier]

On 01/22/2018 06:02 PM, Heiler Bemerguy via Info-cyrus wrote:

Em 22/01/2018 18:46, Dan White escreveu:

On 01/22/18 17:44 -0300, Heiler Bemerguy via Info-cyrus wrote:

imap_renamemailbox($mbox, "$mailbox", "$mailbox"."TODELETE")


Was this performed as an admin?


Yes. In a huge list of imap accounts I THOUGHT were unused



Some mailboxes were erroneusly renamed to "loginTODELETE" and I need 
to put them back to the original name.


I reverted this command, like: imap_renamemailbox($mbox, 
"$mailbox"."TODELETE", "$mailbox")


And the mailbox seems to be there with the correct name. It lists all 
folders, but they all show up as EMPTY.


We use roundcube as client and it always says "no messages was found"

I've already tried like "cyrus reconstruct -r -f user/personlogin" 
with no luck !!!


What is your Cyrus version, and what does a sanitized copy of your
imapd.conf look like?

2.5.10
configdirectory: /var/lib/cyrus
proc_path: /dev/shm/cyrus/proc
mboxname_lockpath: /dev/shm/cyrus/lock
defaultpartition: default
partition-default: /var/spool/cyrus/mail
partition-news: /var/spool/cyrus/news
newsspool: /var/spool/news
altnamespace: no
unixhierarchysep: yes
reject8bit: yes
lmtp_downcase_rcpt: yes
admins: admin
allowanonymouslogin: no
popminpoll: 0
autocreate_quota: 0
umask: 077
hashimapspool: true
allowplaintext: yes
sasl_mech_list: PLAIN
lmtp_strict_quota: 1
allowusermoves: true




If you have unixhierarchysep turned off, then you'd want:

cyrreconstruct -r -f user.personlogin

Please make sure you have a backup of the current state of your mailstore
before proceeding, in addition to whatever backups you had prior to
modification.


I've done that. But in the cyrus.header, the "todelete" is still there, 
although in lower case..

I think that is the big problem!!


The '^' implies you have unixhierarchysep turned off, based on this:

https://www.cyrusimap.org/imap/concepts/features/namespaces.html?highlight=internal 



See the /doc/internal documentation within the source as well.


iury.pintotodelete  lrswipkxtecda




But it is enabled.. should I disable it or what?
I just renamed another imap account from "loginTODELETE" to "login" and 
even after Reconstruct, it shows on cyrus.header:


root@mailer:/var/spool/cyrus/mail/a/user/ana^claudia# cat cyrus.header
Cyrus mailbox header
"The best thing about this system was that it had lots of goals."
     --Jim Morris on Andrew
user.ana^claudia    2696fec95963d41f
$MDNSent $Forwarded
ana.claudiatodelete lrswipkxtecda


Is this incorrect header file that is causing all this users folders to 
appears as empty ?? why reconstruct isnt' fixing it ??!


The way I interpret it is that the / means unixhierarchysep is on.

Just tested this on 2.4.18 and the same thing happens. When you rename 
back no messages are listed and reconstruct does nothing.





--
Atenciosamente / Best Regards,

Heiler Bemerguy
Network Manager - CINBESA
55 91 98151-4894/3184-1751




Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus



<>
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: Why Cyrus?

[Patrick Goetz]

On 01/19/2018 07:50 AM, Nic Bernstein wrote:
> I'm sorry, and don't wish to start a flame war here, but can't just let
> this comment pass.  Fastmail are dedicated to improving the
> documentation of Cyrus, and have on staff a person, Nicola Nye
> , for that specific reason.  They've spent a
> bundle of money to improve the documentation, as have other
> organizations like Kolab  and Onlight
>  (my firm).


Absolutely no flame war will ensue.  I appreciate the update and was not 
aware that FastMail was putting resources towards Cyrus documentation: 
that's over and above, so very commendable. Same for the other 
commercial organizations spending time and money on this effort.


Also, thanks for the links. I knew the documentation has gotten a lot 
better, but so has my knowledge.  It seems like every question I have 
still requires a trip to the listserv, and even then it's generally a 
matter of sifting through google searches and experimentation.  Just 
once I want to have a question about Cyrus, go to the documentation, and 
Boom!: the answer is right there.  The Virtual Domains thing can be my 
next test case.





Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: Why Cyrus?

[Patrick Goetz]

Op 17-01-18 om 12:33 schreef Sebastian Hagedorn: >> Hi,



A new customer asks me to build a new mailserver environment with
Dovecot. I normally use Cyrus.

My question: What's better in Cyrus?




This is terribly OCD, but I can't stand the maildir message formatting 
Dovecot uses.  Ugh, how inelegant.


6-8 years ago (when all the distros switched to Dovecot) cyrus wasn't 
being maintained very well. Since then the FastMail team has taken the 
reigns of development and is kicking ass.


That makes the choice kind of clear, in my mind.  AFAIK Dovecot is 
developed by just one person (or at the very least a small team) of 
volunteer developers.  If he/they get bored and move on to something 
else ...   Meanwhile, Cyrus now has commercial backing, which makes it a 
much more securely stable platform choice if you're just starting out 
and trying to decide which one to go with.


The biggest ongoing problem with Cyrus is the documentation, not that 
it's harder to install.  Cyrus is, if anything, easier to install than 
Dovecot (modulo distro packaging, which is the main difference here). 
The Dovecot guy writes very good documentation, and until recently 
trying to get information about how to set up Cyrus was like pulling 
teeth. I'm always having to appeal to this list whenever an issue comes 
up.  Recently I set up a vacation notification system.  Super easy AFTER 
A MONTH SPENT researching how to do it. I'm still not completely clear 
on how to set up multiple virtual mailhosts, either; my next onerous 
email research project.


FastMail of course has no incentive or reason to write documentation 
making it easier to set up your own Cyrus system(s); that's going to be 
up to the community.





Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: cyrus + roundcube + managesieve for vacation notification

[Patrick Boutilier]

On 12/16/2017 04:55 AM, Patrick Goetz wrote:
Just a quick follow up:  Vladislav was correct; there is no need to have 
both sieve and managesieve lines in /etc/cyrus/cyrus.conf.  I removed 
the managesieve line and the vacation sieve filter is working fine. 
Sieve does appear in /etc/services (I guess check for your OS?), but 
it's not clear to me at the moment how this is relevant.


/etc/services is like a hosts file for ports. If you try to use 
something like servername:sieve instead of servername:4190 then sieve 
has to be defined as port 4190 in /etc/services .



Simple example using telnet to ssh port:



[boutilpj@ls6000 ~]$ telnet localhost ssh
Trying ::1...
Connected to localhost.
Escape character is '^]'.
SSH-2.0-OpenSSH_5.3
quit
Protocol mismatch.
Connection closed by foreign host.




The documentation page Nic mentioned does talk about global filters, but 
doesn't provide any clues about where such things should be placed. 
Following the dovecot example, I created this folder:


    /var/imap/sieve/global

which likely won't ever get used, but the managesieve plugin wants to 
know about it anyway.


Since the roundcube managesieve plugin doesn't necessarily do everything 
for you (if you want to retain the option of setting up other filters), 
I found a nice one page web tutorial you can provide users:


   https://www.theedesign.com/blog/2016/set-office-message-roundcube

The alternative to this to set

    $config['managesieve_vacation'] = 1;

in config.inc.php in the managesieve plugins directory, which adds a 
vacation menu item the setting menu.  If your users (like mine) are only 
ever going to use a vacation filter and are easily confused, you can set


    $config['managesieve_vacation'] = 2;

This hides the filter menu and leaves only the vastly more user friendly 
vacation menu item.


This is all pretty easy to set up, once you know what to use and how to 
do it, I don't understand why it's not documented better.  I've been 
scratching my head over how to provide this feature for years.



On 12/15/2017 07:51 AM, Nic Bernstein wrote:

On 12/15/2017 07:38 AM, Vladislav Kurz wrote:

On 12/15/17 12:57, Patrick Goetz wrote:

Many thanks to Vladislav and Merlin for setting me in the right
direction for setting up user-activated vacation notifications.  A
couple of follow up questions:

On 12/14/2017 03:31 AM, Vladislav Kurz wrote:
Also, is there anything special I need to do with my cyrus 
configuration

to allow for roundcube to notify imapd about sieve rules being
activated/deactivated?

Just uncomment the sieve line in cyrus.conf

Following the documentation here:
  https://www.cyrusimap.org/imap/reference/admin/sieve.html

it looks like I also need to add a managesieve line to
/etc/cyrus/cyrus.conf?

    sieve cmd="timsieved" listen="servername:sieve" prefork=0
    managesieve   cmd="timsieved" listen="servername:4190" prefork=0

Is this correct, or am I doing some superfluous?  I enabled managesieve
and roundcube is talking to the sieve server, but didn't test without.

Hello Patrick,

these lines look like the same. Sieve port is 4190, and the first item
is IMHO just a name. Just keep the first one.


Actually, these may not be the same, depending on the contents of 
/etc/services for the "sieve" service.  This used to be 2000, prior to 
standardization in RFC5804.  So, if your /etc/services lists 4190, 
then get rid of the duplicate line.  The fact that Cyrus starts with 
both lines defined makes me think that either sieve isn't listed in 
/etc/services (which should have resulted in an error) or that it 
isn't 4190, since one cannot have two services defined for the same 
listen port.





Since this is our first time using sieve, I haven't worried about this
too much until now, but roundcube+managesieve  seems to be concerned
about the location of global sieve scripts:

    // default contents of filters script (eg. default spam filter)
    // $config['managesieve_default'] = '/etc/dovecot/sieve/global';
    $config['managesieve_default'] = '/var/imap/sieve';


There is nothing like global sieve script in cyrus (at least I did not
find a way how to do it.)


There is.  Please see the documentation here:
https://www.cyrusimap.org/imap/reference/admin/sieve.html#sieve-scripts-in-shared-folders 



Quoting:


Cyrus has two types of repositories where Sieve scripts can live:

1.

    *Personal* is per user and

2.

    *Global* is for every user. Global scripts aren’t applied on
    incoming messages by default: users must include them in their
    scripts.
  * Note that there are two types of Global scripts: *global*
    and *global per domain*.


Cheers,
 -nic



The option above is path to a default script (file, not folder) that
will be applied to the user upon first login to roundcube. I use it as a
template for users with some recommended settings or disabled examples.
I usually put it int

Re: cyrus + roundcube + managesieve for vacation notification

[Patrick Goetz]

Just a quick follow up:  Vladislav was correct; there is no need to have 
both sieve and managesieve lines in /etc/cyrus/cyrus.conf.  I removed 
the managesieve line and the vacation sieve filter is working fine. 
Sieve does appear in /etc/services (I guess check for your OS?), but 
it's not clear to me at the moment how this is relevant.


The documentation page Nic mentioned does talk about global filters, but 
doesn't provide any clues about where such things should be placed. 
Following the dovecot example, I created this folder:


   /var/imap/sieve/global

which likely won't ever get used, but the managesieve plugin wants to 
know about it anyway.


Since the roundcube managesieve plugin doesn't necessarily do everything 
for you (if you want to retain the option of setting up other filters), 
I found a nice one page web tutorial you can provide users:


  https://www.theedesign.com/blog/2016/set-office-message-roundcube

The alternative to this to set

   $config['managesieve_vacation'] = 1;

in config.inc.php in the managesieve plugins directory, which adds a 
vacation menu item the setting menu.  If your users (like mine) are only 
ever going to use a vacation filter and are easily confused, you can set


   $config['managesieve_vacation'] = 2;

This hides the filter menu and leaves only the vastly more user friendly 
vacation menu item.


This is all pretty easy to set up, once you know what to use and how to 
do it, I don't understand why it's not documented better.  I've been 
scratching my head over how to provide this feature for years.



On 12/15/2017 07:51 AM, Nic Bernstein wrote:

On 12/15/2017 07:38 AM, Vladislav Kurz wrote:

On 12/15/17 12:57, Patrick Goetz wrote:

Many thanks to Vladislav and Merlin for setting me in the right
direction for setting up user-activated vacation notifications.  A
couple of follow up questions:

On 12/14/2017 03:31 AM, Vladislav Kurz wrote:

Also, is there anything special I need to do with my cyrus configuration
to allow for roundcube to notify imapd about sieve rules being
activated/deactivated?

Just uncomment the sieve line in cyrus.conf

Following the documentation here:
  https://www.cyrusimap.org/imap/reference/admin/sieve.html

it looks like I also need to add a managesieve line to
/etc/cyrus/cyrus.conf?

    sieve cmd="timsieved" listen="servername:sieve" prefork=0
    managesieve   cmd="timsieved" listen="servername:4190" prefork=0

Is this correct, or am I doing some superfluous?  I enabled managesieve
and roundcube is talking to the sieve server, but didn't test without.

Hello Patrick,

these lines look like the same. Sieve port is 4190, and the first item
is IMHO just a name. Just keep the first one.


Actually, these may not be the same, depending on the contents of 
/etc/services for the "sieve" service.  This used to be 2000, prior to 
standardization in RFC5804.  So, if your /etc/services lists 4190, then 
get rid of the duplicate line.  The fact that Cyrus starts with both 
lines defined makes me think that either sieve isn't listed in 
/etc/services (which should have resulted in an error) or that it isn't 
4190, since one cannot have two services defined for the same listen port.





Since this is our first time using sieve, I haven't worried about this
too much until now, but roundcube+managesieve  seems to be concerned
about the location of global sieve scripts:

    // default contents of filters script (eg. default spam filter)
    // $config['managesieve_default'] = '/etc/dovecot/sieve/global';
    $config['managesieve_default'] = '/var/imap/sieve';


There is nothing like global sieve script in cyrus (at least I did not
find a way how to do it.)


There is.  Please see the documentation here:
https://www.cyrusimap.org/imap/reference/admin/sieve.html#sieve-scripts-in-shared-folders

Quoting:


Cyrus has two types of repositories where Sieve scripts can live:

1.

*Personal* is per user and

2.

*Global* is for every user. Global scripts aren’t applied on
incoming messages by default: users must include them in their
scripts.
  * Note that there are two types of Global scripts: *global*
and *global per domain*.


Cheers,
     -nic



The option above is path to a default script (file, not folder) that
will be applied to the user upon first login to roundcube. I use it as a
template for users with some recommended settings or disabled examples.
I usually put it into /etc/roundcube/roundcube.script, but you can put
it almost anywhere. (perhaps somewhere in document_root for roundcube is
also fine).

Do not rely on it as default. It is applied only if the user does not
have a sieve script yet. After that users are free to modify it. If
someone does not use roundcube at all, he will not get that script applied.



--
Nic bernstein...@onlight.com
Onlight Inc.www.onlight.com
6525 W Bluemound Rd., Ste 24  v. 414.272.4477
Milwauk

cyrus + roundcube + managesieve for vacation notification

[Patrick Goetz]

Many thanks to Vladislav and Merlin for setting me in the right 
direction for setting up user-activated vacation notifications.  A 
couple of follow up questions:


On 12/14/2017 03:31 AM, Vladislav Kurz wrote:
>> Also, is there anything special I need to do with my cyrus configuration
>> to allow for roundcube to notify imapd about sieve rules being
>> activated/deactivated?
>
> Just uncomment the sieve line in cyrus.conf

Following the documentation here:
 https://www.cyrusimap.org/imap/reference/admin/sieve.html

it looks like I also need to add a managesieve line to 
/etc/cyrus/cyrus.conf?


   sieve cmd="timsieved" listen="servername:sieve" prefork=0
   managesieve   cmd="timsieved" listen="servername:4190" prefork=0


Is this correct, or am I doing some superfluous?  I enabled managesieve 
and roundcube is talking to the sieve server, but didn't test without.



Since this is our first time using sieve, I haven't worried about this 
too much until now, but roundcube+managesieve  seems to be concerned 
about the location of global sieve scripts:


   // default contents of filters script (eg. default spam filter)
   // $config['managesieve_default'] = '/etc/dovecot/sieve/global';
   $config['managesieve_default'] = '/var/imap/sieve';


I set this to be /var/imap/sieve, but that doesn't feel right, since 
this folder appears to be the base for user sieve scripts?


[root@www ~]# cd /var/imap/sieve
[root@www sieve]# ls
0  3  6  9  b  C  e  F  h  I  k  L  n  O  q  R  t  U  w  X  z
1  4  7  a  B  d  E  g  H  j  K  m  N  p  Q  s  T  v  W  y  Z
2  5  8  A  c  D  f  G  i  J  l  M  o  P  r  S  u  V  x  Y


I need to identify an appropriate location for global sieve scripts in 
order to add it to PHP's open_basedir folder list.  Also, when a user 
activates a sieve script to facilitate vacation notification, does that 
script go into a global folder (unlikely) or into the user's personal 
sieve space?  I'm pretty sure it's the latter, just would like someone 
to confirm.




Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

open port on firewall for sieve to enable vacation auto-response?

[Patrick Goetz]

I'm trying to set up a vacation auto-response utility for my users, and 
it appears that the path of least resistance is to use the sieverules 
plugin for roundcube (since roundcube is already installed as their 
webmail client alternative to Thunderbird).


In reading through some online hints it appears that I need to open up 
port 4190 on the firewall in order for sieve to work, is this correct?


Source: 
http://www.smartdomotik.com/2015/09/04/how-to-set-filters-in-roundcube-with-sieve/


Also, is there anything special I need to do with my cyrus configuration 
to allow for roundcube to notify imapd about sieve rules being 
activated/deactivated?


BTW, if anyone has a better solution for this, let me know.  The 
criteria are the users need to be able to activate and deactivate the 
vacation auto-response themselves, so writing a sieve script is not an 
option.



Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: squat core dump

[Patrick Boutilier]

On 12/08/2017 08:52 AM, Gabriele Bulfon wrote:
Hi, I'm getting a core dump while squattering folders, always on the 
same folder:


08045e68 libcyrus.so.0.0.0`charset_extractitem+0x218(8052d40, 804604c, 
a6, fe9607c9, 439b, 0)
08045ea8 libcyrus.so.0.0.0`charset_extractfile+0x33(8052d40, 804604c, 
a6, fe9607c9, 439b, 0)
08046008 
libcyrus_imap.so.0.0.0`index_getsearchtext_single+0x60a(80779e8, a6, 
8052d40, 804604c, 6c756166, 74)

08046158 squat_single+0x26b(0, 806a320, 1, 0, 0, 0)
080469a8 index_me+0x3b3(8076460, 1f, 0, 80469dc)
08047a08 main+0x39a(80479fc, fef726a8, 8047a34, 8052973, 5, 8047a40)
08047a34 _start+0x83(5, 8047b40, 8047b49, 8047b4c, 8047b4f, 8047b52)

any chance to discover the msg uid or id that's causing it?


What OS are you using? If Linux, strace should indicate what 
file/message is being read when the segfault occurs.







Thanks
Gabriele


*Sonicle S.r.l. *: http://www.sonicle.com 
*Music: *http://www.gabrielebulfon.com 
*Quantum Mechanics : *http://www.cdbaby.com/cd/gabrielebulfon



Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

<>
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: Restart after new TLS certificate?

[Patrick Boutilier]

On 10/27/2017 07:51 AM, Paul van der Vlis wrote:

Hello,

I use now a certificate from LetsEncrypt and it is automatically
renewed. Needs Cyrus to be restarted before it sees the new certificate?

There is nothing changed in the configfile. The configfile points to an
symlink what changes to a new certificate.

And maybe you know a way how to test which certifate Cyrus uses?


Pretty sure Cyrus will just start using the new certificate. Using 
openssl to test is one way.


openssl s_client -connect :

Look in the output for the issuer, etc...


Another option is to use this script:

https://matteocorti.github.io/check_ssl_cert/





With regards,
Paul van der Vlis




<>
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: cyrus 2.4.18 / ubuntu and autocreateinboxfolders?

[Patrick Boutilier]

On 10/24/2017 03:07 AM, Kristian Rink wrote:

Hi Nicola;

thanks for your response.

Am Dienstag, den 24.10.2017, 10:40 +1100 schrieb Nicola Nye:


We would certainly encourage moving to 3.0 if you can : there's a lot
of old bugs that have been fixed as well as some great new features
you might want to use.



No doubt and I actually would love to do so, but so far I fail to find
a way to upgrade to 3.0 we can handle. :(

So far I have been searching the repositories for virtually all
distributions we could eventually dare to support in production, and
the most "current" cyrus version I found is something like 2.15.xx, and
I haven't found any newer Docker images either, not even sure whether
Docker would be a way that might work for our setup.

Do you guys really all run cyrus built from source in production?



We do, on CentOS though.







Likewise, does anyone have any idea what's the minimum version I would
need for the autocreateinboxfolders feature to work? Right now this
seems the only feature I am missing in the current 2.4 setup...

Thanks in advance and all the best,
Kristian

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus



<>
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: autocreate_quota: 0

[Patrick Boutilier]

On 10/22/2017 11:44 AM, Patrick Boutilier wrote:

On 10/16/2017 10:51 AM, Janos Dohanics wrote:

On Fri, 13 Oct 2017 11:10:58 +1100
Nicola Nye <nic...@fastmailteam.com> wrote:


Hi Janos,

Your understanding is the same as mine: on successful IMAP or POP
authentication, the user's inbox should be created if autocreate_quota
is 0 or higher.
Is there any error messages showing up in the log?

If you set autocreate_post: 1 and send the user some mail, does that
create the mailbox successfully?
Otherwise my suspicions lie with virtdomains and unixhierarchysep
causing the mailbox to be created somewhere you're not expecting. Do a
cyradm listmailbox \* to list all the mailboxes in the system and
check. Let us know how you go!

Cheers,
    Nicola


Hi Nicola,

Thank you for your reply.

There are no error messages in the log (local6.debug
-> /var/log/local6.log) when the user logs in:

Oct 15 09:19:49 nixlizard imap[79721]: inittls: Loading hard-coded DH 
parameters
Oct 15 09:19:49 nixlizard imap[79721]: starttls: TLSv1.2 with cipher 
ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits new) no authentication
Oct 15 09:19:49 nixlizard imap[79721]: login: localhost [127.0.0.1] 
jdsamba plaintext+TLS User logged in 
SESSIONID=
Oct 15 09:19:49 nixlizard imap[79721]: USAGE jdsamba user: 0.020922 
sys: 0.012228


Thunderbird says "Mailbox does not exist".

I get more detail when I try imapsync(1):

[...]
/usr/local/bin/imapsync --host1 newt --host2 localhost --tls1 --tls2 
--delete2 --user1 jdsamba --password1 MASKED --user2 jdsamba 
--password2 MASKED


[...]
Host1: state Authenticated
Host2: state Authenticated

[...]
Host2: found quota, presented in raw IMAP
Sending: 5 GETQUOTAROOT INBOX
Sent 22 bytes
Read: 5 NO Mailbox does not exist
ERROR: 5 NO Mailbox does not exist at 
/usr/local/lib/perl5/site_perl/Mail/IMAPClient.pm line 1374.


[...more error messages from imapsync]
Host2: Quota current storage is 0 bytes. Limit is 0 bytes. So 0 % full
Host1: found 1 folders.
Host2: found 0 folders.

[...]
 Listing 1 errors encountered during the sync ( avoid this listing 
with --noerrorsdump ).
Err 1/1: Could not create folder [INBOX] from [INBOX]: 12 NO Invalid 
mailbox name

Exiting with return value 111

***

After your reply, I turned on autocreate_post:

autocreate_post: 1

However, messages sent to the user bounce. When I create the mailbox
manually, the message is delivered.

I have no virtdomains turned on, and:

unixhierarchysep: no

cyradm listmailbox \* lists only mailboxes I have created manually.

What else should I look into?




Same behaviour here with a brand new install. I have just been testing 
with imap login but nothing gets created.


localhost> lm \*
localhost> lm
localhost>


# telnet  143
Trying ...
Connected to .
Escape character is '^]'.
* OK [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE] 
Cyrus IMAP 3.0.4 server ready
. login boutilpj ***
. OK [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE ACL RIGHTS=kxten QUOTA 
MAILBOX-REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT CHILDREN 
MULTIAPPEND BINARY CATENATE CONDSTORE ESEARCH SEARCH=FUZZY SORT 
SORT=MODSEQ SORT=DISPLAY SORT=UID THREAD=ORDEREDSUBJECT 
THREAD=REFERENCES THREAD=REFS ANNOTATEMORE ANNOTATE-EXPERIMENT-1 
METADATA LIST-EXTENDED LIST-STATUS LIST-MYRIGHTS LIST-METADATA WITHIN 
QRESYNC SCAN XLIST XMOVE MOVE SPECIAL-USE CREATE-SPECIAL-USE DIGEST=SHA1 
X-REPLICATION URLAUTH URLAUTH=BINARY LOGINDISABLED COMPRESS=DEFLATE 
X-QUOTA=STORAGE X-QUOTA=MESSAGE X-QUOTA=X-ANNOTATION-STORAGE 
X-QUOTA=X-NUM-FOLDERS IDLE] User logged in 
SESSIONID=

. LIST "" *
. OK Completed (0.000 secs)
. logout
* BYE LOGOUT received
. OK Completed
Connection closed by foreign host.





Well, helps to compile with "--enable-autocreate" :-)

Works fine now:

Oct 22 16:33:05 bplace-3 cyrus/imap[12613]: autocreateinbox: User 
boutilpj, INBOX was successfully created




Seems like it is off in your FreeBSD package if it is this one:

https://www.freshports.org/mail/cyrus-imapd30/









Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus



<>
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: autocreate_quota: 0

[Patrick Boutilier]

On 10/16/2017 10:51 AM, Janos Dohanics wrote:

On Fri, 13 Oct 2017 11:10:58 +1100
Nicola Nye  wrote:


Hi Janos,

Your understanding is the same as mine: on successful IMAP or POP
authentication, the user's inbox should be created if autocreate_quota
is 0 or higher.
Is there any error messages showing up in the log?

If you set autocreate_post: 1 and send the user some mail, does that
create the mailbox successfully?
Otherwise my suspicions lie with virtdomains and unixhierarchysep
causing the mailbox to be created somewhere you're not expecting. Do a
cyradm listmailbox \* to list all the mailboxes in the system and
check. Let us know how you go!

Cheers,
Nicola


Hi Nicola,

Thank you for your reply.

There are no error messages in the log (local6.debug
-> /var/log/local6.log) when the user logs in:

Oct 15 09:19:49 nixlizard imap[79721]: inittls: Loading hard-coded DH parameters
Oct 15 09:19:49 nixlizard imap[79721]: starttls: TLSv1.2 with cipher 
ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits new) no authentication
Oct 15 09:19:49 nixlizard imap[79721]: login: localhost [127.0.0.1] jdsamba 
plaintext+TLS User logged in 
SESSIONID=
Oct 15 09:19:49 nixlizard imap[79721]: USAGE jdsamba user: 0.020922 sys: 
0.012228

Thunderbird says "Mailbox does not exist".

I get more detail when I try imapsync(1):

[...]
/usr/local/bin/imapsync --host1 newt --host2 localhost --tls1 --tls2 --delete2 
--user1 jdsamba --password1 MASKED --user2 jdsamba --password2 MASKED

[...]
Host1: state Authenticated
Host2: state Authenticated

[...]
Host2: found quota, presented in raw IMAP
Sending: 5 GETQUOTAROOT INBOX
Sent 22 bytes
Read:   5 NO Mailbox does not exist
ERROR: 5 NO Mailbox does not exist at 
/usr/local/lib/perl5/site_perl/Mail/IMAPClient.pm line 1374.

[...more error messages from imapsync]
Host2: Quota current storage is 0 bytes. Limit is 0 bytes. So 0 % full
Host1: found 1 folders.
Host2: found 0 folders.

[...]
 Listing 1 errors encountered during the sync ( avoid this listing with 
--noerrorsdump ).
Err 1/1: Could not create folder [INBOX] from [INBOX]: 12 NO Invalid mailbox 
name
Exiting with return value 111

***

After your reply, I turned on autocreate_post:

autocreate_post: 1

However, messages sent to the user bounce. When I create the mailbox
manually, the message is delivered.

I have no virtdomains turned on, and:

unixhierarchysep: no

cyradm listmailbox \* lists only mailboxes I have created manually.

What else should I look into?




Same behaviour here with a brand new install. I have just been testing 
with imap login but nothing gets created.


localhost> lm \*
localhost> lm
localhost>


# telnet  143
Trying ...
Connected to .
Escape character is '^]'.
* OK [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE] 
Cyrus IMAP 3.0.4 server ready
. login boutilpj ***
. OK [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE ACL RIGHTS=kxten QUOTA 
MAILBOX-REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT CHILDREN 
MULTIAPPEND BINARY CATENATE CONDSTORE ESEARCH SEARCH=FUZZY SORT 
SORT=MODSEQ SORT=DISPLAY SORT=UID THREAD=ORDEREDSUBJECT 
THREAD=REFERENCES THREAD=REFS ANNOTATEMORE ANNOTATE-EXPERIMENT-1 
METADATA LIST-EXTENDED LIST-STATUS LIST-MYRIGHTS LIST-METADATA WITHIN 
QRESYNC SCAN XLIST XMOVE MOVE SPECIAL-USE CREATE-SPECIAL-USE DIGEST=SHA1 
X-REPLICATION URLAUTH URLAUTH=BINARY LOGINDISABLED COMPRESS=DEFLATE 
X-QUOTA=STORAGE X-QUOTA=MESSAGE X-QUOTA=X-ANNOTATION-STORAGE 
X-QUOTA=X-NUM-FOLDERS IDLE] User logged in 
SESSIONID=

. LIST "" *
. OK Completed (0.000 secs)
. logout
* BYE LOGOUT received
. OK Completed
Connection closed by foreign host.


<>
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: corrupted mailboxes.db

[Patrick Boutilier]

On 10/20/2017 11:52 AM, Deniss wrote:

Hello,

I run cyrus imap 2.5.11.
Somehow mailboxes.db become corrupted.
running `ctl_mboxlist -d` leads to segfault, backtrace below.

How can I recover mailboxes.db ?

Backtrace
#0  0x007d43e12952 in printf (__fmt=0x7d43e143c2 "%s\t%d %s %s\n") 
at /usr/include/bits/stdio2.h:104
#1  dump_cb (rockp=rockp@entry=0x384c65d6e90, key=, 
keylen=,
     data=data@entry=0x23d2177d3d5 address 0x23d2177d3d5>, datalen=datalen@entry=61) at 
imap/ctl_mboxlist.c:182
#2  0x023d432db22a in myforeach (db=0x7d444012d0, 
prefix=0x7d43e144ec "", prefixlen=0, goodp=0x0, cb=0x7d43e12890 
, rock=0x384c65d6e90,

     tidptr=) at lib/cyrusdb_twoskip.c:1567
#3  0x023d4363bea7 in mboxlist_allmbox (prefix=, 
proc=0x7d43e12890 , rock=0x384c65d6e90, incdel=1) at 
imap/mboxlist.c:2326
#4  0x007d43e12e87 in do_dump (op=DUMP, part=0x0, purge=0) at 
imap/ctl_mboxlist.c:458
#5  0x007d43e12548 in main (argc=4, argv=0x384c65d9058) at 
imap/ctl_mboxlist.c:1029



Couple of things to try on this page:

https://www.cyrusimap.org/2.5/imap/faqs/o-reconstruct.html






Best, Deniss

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus


<>
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: Default value changes in Cyrus 3

[Patrick Boutilier]

On 10/19/2017 10:15 PM, Stephen Ingram wrote:
I'm not sure I really know what that means. Would that change the 
hierarchy? Force a download of all messages again on the client side?


Steve


That would be my guess. Have never tried it so can't say for sure.





On Thu, Oct 19, 2017 at 6:04 PM, Patrick Boutilier <bouti...@ednet.ns.ca 
<mailto:bouti...@ednet.ns.ca>> wrote:


On 10/19/2017 08:56 PM, Janos Dohanics wrote:

On Thu, 19 Oct 2017 16:43:48 -0700
Stephen Ingram <sbing...@gmail.com <mailto:sbing...@gmail.com>>
wrote:

While we are talking about it, can this just be switched on
the fly if
someone is using the "." namespace?


Never tried it, but I read this page that the answer is yes.

https://www.cyrusimap.org/imap/reference/admin/sop/altnamespace.html
<https://www.cyrusimap.org/imap/reference/admin/sop/altnamespace.html>


Yes, seems possible but there is this warning on

https://www.cyrusimap.org/imap/concepts/features/namespaces.html#imap-admin-namespaces-mode

<https://www.cyrusimap.org/imap/concepts/features/namespaces.html#imap-admin-namespaces-mode>



Warning

Changing altnamespace in an active operating environment will cause
all IMAP clients to need to resync the entire hierarchy.


Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info:
http://lists.andrew.cmu.edu/pipermail/info-cyrus/
<http://lists.andrew.cmu.edu/pipermail/info-cyrus/>
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
<https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus>


<>
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: Default value changes in Cyrus 3

[Patrick Boutilier]

On 10/19/2017 08:56 PM, Janos Dohanics wrote:

On Thu, 19 Oct 2017 16:43:48 -0700
Stephen Ingram  wrote:


While we are talking about it, can this just be switched on the fly if
someone is using the "." namespace?


Never tried it, but I read this page that the answer is yes.

https://www.cyrusimap.org/imap/reference/admin/sop/altnamespace.html



Yes, seems possible but there is this warning on 
https://www.cyrusimap.org/imap/concepts/features/namespaces.html#imap-admin-namespaces-mode




Warning

Changing altnamespace in an active operating environment will cause all 
IMAP clients to need to resync the entire hierarchy.
<>
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: update to 3.0.3 even more problematic than 3.0.2

[Patrick Boutilier]

On 08/31/2017 10:48 AM, Jason L Tibbitts III wrote:

"BG" == Bron Gondwana  writes:


BG> https://github.com/cyrusimap/cyrus-imapd/issues/2132
BG> We're pretty sure we've found the cause.

Do you plan to cut a 3.0.4 release or should I plan on pushing this
patch into my distro packages?



In the other email with subject of "Re: Cyrus Imapd 3.0.3 - Crash when 
opening the mailbox list (subscribe to folder)" Bron says:





I suspect this is the "Other Users" issue again:

https://github.com/cyrusimap/cyrus-imapd/issues/2132

It's fixed in git now, new release soon!






  - J<

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus



<>
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: Message remains in spool after expunge

[Patrick Boutilier]

On 08/22/2017 09:48 AM, Arnaldo Viegas de Lima wrote:

Hi,

We have just migrated from 2.4.17 to 3.0.3 and we are having a problem with one 
of our scripts that perform actions on a SPAM folder for retraining purposes.
All files placed by the user there are used for retaining. At the end Cyrus is 
called to remove the files: we mark all files for deletion and then expunge the 
mailbox. We have been using this script since 2007, flawlessly.

I’ve set Cyrus chatty mode on and I can see the commands being sent to the 
server and there is a confirmation log message for the expunge, with the  
correct number of files.
Checking the SPAM mailbox with Cyrus (or any IMAP client), show it as empty. 
But looking at the mailbox directory in the filesystem, the actual files are 
still there.

Am I missing something on 3.0.3 that may be the cause for this problem?

Thanks in advance.



expunge_mode: delayed is the default since 2.5

https://www.cyrusimap.org/imap/concepts/features/delayed-expunge.html

You would want expunge_mode: immediate to use the default behaviour in 
2.4.17







Arnaldo.

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus



<>
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: Solved! 3.0.2 on XStreamOS!

[Patrick Goetz]

So, this will be fixed in 3.0.3?

On 08/03/2017 01:27 PM, Ken Murchison wrote:
We shouldn't be requiring PCRE in order for LIST to work.  This bug is 
fixed in Git:


https://github.com/cyrusimap/cyrus-imapd/commit/fa6ff9a9a22ebdd2acdb0a402ba4334725be8194


On 08/03/2017 11:25 AM, Gabriele Bulfon wrote:

Hi,

I found the reason! :)

If build does not find "libpcre", configure just says "libpcre : no" , 
but then fails any list!


I could let it see my libpcre and have "libpcre : yes" : now it works! :)

I will let you know my upgrade now.

Gabriele

*Sonicle S.r.l. *: http://www.sonicle.com 
*Music: *http://www.gabrielebulfon.com 
*Quantum Mechanics : *http://www.cdbaby.com/cd/gabrielebulfon



--

Da: Stephan Lauffer 
A: info-cyrus@lists.andrew.cmu.edu
Data: 3 agosto 2017 15.38.24 CEST
Oggetto: Re: any working cyrus-imapd-3.0.2?

.oO(if you read my lines:)

In my setup there is no virtual domains support, see the output of
"cyr_info conf" from my last post to the devel list (and yes,
virtdomains is off by default).

The problem does not occur on any distribution or cyrus-imapd build.
But on some it occurs(!)

Ok is cyrus-imapd 2.4.x, 2.5.10, 2.5.11 on sles and openSUSE since
"ever" till openSUSE-42.3 (few days old).

Not Ok is cyrus-imapd 3.0.1 and 3.0.2 on openSUSE-42.2 and
openSUSE-42.3 (no further suse tests)
Not OK is it on the XStramOS build of Gabriele, too of course.

OK is cyrus-imapd 3.0.2 on fedora 24, 25 and 26 (no more tests from
me). My specs based on the latest one of fedora 26. I just excluded
xapian, jmap and the cassadena test suite.

My specs for the suse and fedora builds are not 100% the same... I
try
to get them closer.

My guess: Maybe an older/missing lib or a "secret" combination/setup
in the specs or configure parameter.


Zitat von Ken Murchison :

> This might be a virtual domains issue. I will have to ask one of
> the other devs if something changed in that regard.
>
>
> On 08/03/2017 08:37 AM, Gabriele Bulfon wrote:
>> All of my mailboxes, here's a piece of the output:
>>
>> 
>> sonicle.com!user.gabriele^bulfon 0 default
>> gabriele.bul...@sonicle.com lrswipkxtecda
>> gabriele.pr...@sonicle.com lrswipkxtecda
>> sonicle.com!user.gabriele^bulfon.Archive 0 default
>> gabriele.bul...@sonicle.com lrswipkxtecda
>> gabriele.pr...@sonicle.com lrswipkxtecda
>> sonicle.com!user.gabriele^bulfon.Archive.2017 0 default
>> gabriele.bul...@sonicle.com lrswipkxtecda
>> gabriele.pr...@sonicle.com lrswipkxtecda
>> sonicle.com!user.gabriele^bulfon.Archive.2017.2017-07 0 default
>> gabriele.bul...@sonicle.com lrswipkxtecda
>> gabriele.pr...@sonicle.com lrswipkxtecda
>> sonicle.com!user.gabriele^bulfon.Archive.2017.2017-07.Test3 0
>> default gabriele.bul...@sonicle.com lrswipkxtecda
>> gabriele.pr...@sonicle.com lrswipkxtecda
>>
sonicle.com!user.gabriele^bulfon.Archive.2017.2017-07.Test3.Pippo 0
>> default gabriele.bul...@sonicle.com lrswipkxtecda
>> gabriele.pr...@sonicle.com lrswipkxtecda
>>
sonicle.com!user.gabriele^bulfon.Archive.2017.2017-07.Test3.Pippo.Pluto
0
>> default gabriele.bul...@sonicle.com lrswipkxtecda
>> gabriele.pr...@sonicle.com lrswipkxtecda
>> sonicle.com!user.gabriele^bulfon.Archive.Test3 0 default
>> gabriele.bul...@sonicle.com lrswipkxtecda
>> gabriele.pr...@sonicle.com lrswipkxtecda
>> sonicle.com!user.gabriele^bulfon.Archive.Test3.Pippo 0 default
>> gabriele.bul...@sonicle.com lrswipkxtecda
>> gabriele.pr...@sonicle.com lrswipkxtecda
>> sonicle.com!user.gabriele^bulfon.Archive.Test3.Pippo.Pluto 0
>> default gabriele.bul...@sonicle.com lrswipkxtecda
>> gabriele.pr...@sonicle.com lrswipkxtecda
>> sonicle.com!user.gabriele^bulfon.Archivio 0 default
>> gabriele.bul...@sonicle.com lrswipkxtecda
>> gabriele.pr...@sonicle.com lrswipkxtecda
>> 
>>
>>
>> *Sonicle S.r.l. *: http://www.sonicle.com 
>> *Music: *http://www.gabrielebulfon.com

>> *Quantum Mechanics : *http://www.cdbaby.com/cd/gabrielebulfon
>>
>>

>>
>>
>> *Da:* Ken Murchison 
>> *A:* Gabriele Bulfon
info-cyrus@lists.andrew.cmu.edu
>> *Data:* 3 agosto 2017 14.06.21 CEST
>> *Oggetto:* Re: any working cyrus-imapd-3.0.2?
>>
>>
>> What does 'ctl_mboxlist -d' show you?
>>
>>
>> On 08/03/2017 08:02 AM, Gabriele Bulfon wrote:
>>
>> Obviously yes.
>> The new defaults are my standard since years, and are
>> 

Re: permission denied message

[Patrick Goetz]

Did you create the cyrus mailbox before attempting to use squirrel mail? 
 You have to create the mailbox (and then assign the appropriate user 
to have write permissions to it) before you can interface squirrel mail 
to cyrus imapd.


On 06/26/2017 04:53 PM, haider al-shook via Info-cyrus wrote:

when i login through squirrelmail i get the error message in the left pane:
*ERROR:*
*ERROR: Could not complete request.*
Query: CREATE "INBOX.Sent"
Reason Given: Permission denied



on the home page i get the error message :
*ERROR:*
*ERROR: Could not complete request.*
Query: SELECT "INBOX"
Reason Given: Mailbox does not exist

according to squirrelmail expert the problem is in the cyrus softwaare 
how can i set permissions so that mailbox are automatically created


thanks



Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus



Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: Mailbox administration in cyrus

[Patrick Boutilier]

On 06/21/2017 10:42 AM, Dr. Peer-Joachim Koch wrote:

Hi Michael,

On 21.06.2017 15:28, Michael Menge wrote:

Hi,



Quoting "Dr. Peer-Joachim Koch" :


Hi,

is there an esay way to remove ALL mailboxes of an user ?

I did not find any info about something like

dm -r user.OLDUSER



in cyradm

dm user.OLDUSER

should delete the user (all mailboxes and sievscripts), at least since 
cyrus 2.3


which version of cyrus are you using?


we are using cyrus 2.4.18 (SLES 12 SP2)

removing every folder within OLDUSER and OLDUSER as well.




No, not at our system. I did

dm user.TESTUSER  # all users have SPAM,Sent,Drafts as default 
mailboxes


After this command, the mailbox  TESTUSER was removed, but 
user.TESTUSER.{SPAM,Sent,Drafts}

exist (in cyrus and on the filesystem).

No idea, what happens if I use a wildcard ...



Does the user you logged in to cyradm with have rights to delete the 
mailboxes that are not getting deleted?



Might have to do this first:

sam user.TESTUSER  lrswipdca














Thanks and bye, Peer


also you can use wildcards in cyradm


Grüße aus Tübingen

   Michael

 


M.MengeTel.: (49) 7071/29-70316
Universität Tübingen   Fax.: (49) 7071/29-5912
Zentrum für Datenverarbeitung  mail: 
michael.me...@zdv.uni-tuebingen.de

Wächterstraße 76
72074 Tübingen


Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus






Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus



<>
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Cyrus 2.5.10 openssl 1.1 compatibility problems

[Patrick Goetz]

A couple of weeks ago I reported that cyrus 2.5.10 would no longer run 
after OpenSSL was upgraded from 1.0.x  to 1.1.x, even after recompiling. 
 One of the Arch Linux cyrus users pointed out that this modification 
to the source files:


   for f in $pkgname-$pkgver/imap/*.[hc];
 do sed -i 's/\/&_/g' "$f";
   done

Results in compiled cyrus 2.5.10 executables which work fine with 
OpenSSL 1.1.



I'm loathe to add this the Cyrus Arch AUR package, if for no other 
reason than this violates the Arch rule of not modifying upstream, and 
especially since installing the openssl-1.0 compatibility package 
resolves the issue until such time as the AUR package can be updated to 
cyrus 3.0.x, but I figured I would mention this in case there is any 
interest in backporting a fix to the 2.5 branch.




Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: Problems with paragraph characters in SASL passwords?

[Patrick Boutilier]

On 05/27/2017 09:43 AM, Binarus wrote:

Dear all,

I am very happy with Cyrus imapd since many years. I am using it to host
all IMAP mail boxes of my company. I am using SASL and its tools (mainly
saslpasswd2) for password management. The primary IMAP client in the
company is Thunderbird.

Recently, I have decided to replace all IMAP passwords by longer ones.
While this worked in the vast majority of cases, there were several
mailboxes where Cyrus / SASL refused the connection with the new
password. I have lost several hours of debugging this until the
following turned out:

As soon as the password contained a paragraph character ("§"), Cyrus /
SASL refused the connection due to a wrong password even if the password
was entered correctly into Thunderbird's password dialog. This happened
with Thunderbird 52.1.1 and Cyrus imapd 2.4.16 (as shipped with Debian
wheezy).

My question is: Is there a known problem with paragraph characters in
SASL / Cyrus passwords, or does Thunderbird cause that problem (for
certain reasons, I haven't been able to test other clients yet, and
googling for some hours also did not lead to anything)?




Works for me from a telnet to port 143 then issuing:

. login  

replacing user and password with correct values.

But it does fail in Thunderbird.





Thank you very much in advance,

Binarus

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus



<>
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: How to control the header cyrus lmtp adds to an e-mail upon delivery

[Patrick Boutilier]

Do you have MAILSERVER defined in /etc/hosts ?


On 05/26/2017 07:30 AM, Michael Hieb wrote:
Hmmm.. servername is clearly set in /etc/imapd.conf and lmtp is clearly 
using the result of gethostname(). Do you know if there is there 
somewhere else that I need to define servername?



On 05/26/2017 06:27 PM, Leena Heino wrote:

Hi,

The lmtp received line is defined in imap/lmtpengine.c:
p += sprintf(p, " by %s", config_servername);

The lmtp should use the servername setting or gethostname() if 
servername is unset.


On Fri, 26 May 2017, Michael Hieb wrote:

Does anyone know how to control the header cyrus lmtp adds to an 
e-mail upon delivery?


I see following added to headers of e-mail received via cyrus lmtp 
from postfix


Received: from mail.domain1.net (mail.domain1.net [192.168.1.75]) by 
MAILSERVER (Cyrus v2.4.18) with LMTPA; Fri, 26 May 2017 00:26:03 +


I would like to  change "MAILSERVER (Cyrus v2.4.18) with LMTPA" to 
show FQDN "imap.domain1.com (Cyrus v2.4.18) with LMTPA".




Configuration as follows:

Here is my configuration in /etc/cyrus.com

# at least one LMTP is required for delivery
lmtpdomain1   cmd="lmtpd -a" 
listen="mail.domain1.com:lmtp" maxchild=-1 maxforkrate=100


I have servename set in /etc/imapd.conf (and this does appear 
correctly in the banner when a client connects to imap - I realize 
this is independent from lmtp)


   servername: imap.domain1.com

Here is the delivery in /etc/postfix/main.cf

   relay_transport = lmtp:mail.celoso.net:2003




Let me know what other information you require.

Appreciate any clue or advice.


Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus







Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus


<>
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: Multi-thread cyrus delayed forking of imapd processes after connecting to master listener

[Patrick Boutilier]

I have done something like this before, define the command in 
/etc/cyrus.conf as the strace command. Define it on a test IP so you are 
the only one hitting it. Something like:


imap cmd="/usr/bin/strace -q -v -s200 -f -F -o /home/cyrus/pop3 
/full/path/to/imapd -C /etc/imapd.domain4.com.conf " 
listen="192.168.110.175:imap" maxchild=-1 maxforkrate=100


Also just noticed that in your cyrus.conf file the SERVICES names are 
not unique. They all are named imap, imaps, sieve, or lmtp. Not sure 
about 2.4.18 but in the 3.0.1 man page it says "In the SERVICES section, 
names must be unique." Wouldn't hurt naming them different to see if 
that makes a difference.





On 05/23/2017 11:38 AM, Michael Ulitskiy wrote:

you can use 'strace -p ', specifying the pid of process you want to
trace. you will have to "catch" the process that blocks. it may not be easy,
but I have no other suggestions.

On Tuesday, May 23, 2017 06:19:17 PM Michael Hieb wrote:

The SASL is cyrus-sasl 2.1.26-9.5. I believe it does use /dev/urandom.

I am not sure how to run strace on the process that the Master listener
forks. Here is the strace run on the imapd process at a command prompt
(which is not quite the same as the master listener forking it to a port
where another process is waiting to connect to it).

MAILSERVER:~ # strace /usr/lib/cyrus/bin/imapd -C
/etc/imapd.domain1.com.conf
execve("/usr/lib/cyrus/bin/imapd", ["/usr/lib/cyrus/bin/imapd", "-C",
"/etc/imapd.domain1.com.conf"], [/* 56 vars */]) = 0
brk(0)  = 0x5573deaf5000
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0)
= 0x7fdeb770c000
access("/etc/ld.so.preload", R_OK)  = -1 ENOENT (No such file or
directory)
open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=80522, ...}) = 0
mmap(NULL, 80522, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7fdeb76f8000
close(3)= 0
open("/usr/lib64/libsasl2.so.3", O_RDONLY|O_CLOEXEC) = 3
read(3,
"\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\300N\0\0\0\0\0\0"...,
832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=118552, ...}) = 0
mmap(NULL, 2213800, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3,
0) = 0x7fdeb72d
mprotect(0x7fdeb72ec000, 2093056, PROT_NONE) = 0
mmap(0x7fdeb74eb000, 8192, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1b000) = 0x7fdeb74eb000
close(3)= 0
open("/usr/lib64/libkrb5.so.3", O_RDONLY|O_CLOEXEC) = 3
read(3,
"\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\200Y\2\0\0\0\0\0"...,
832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=855280, ...}) = 0
mmap(NULL, 2951008, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3,
0) = 0x7fdeb6fff000
mprotect(0x7fdeb70c1000, 2093056, PROT_NONE) = 0
mmap(0x7fdeb72c, 65536, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xc1000) = 0x7fdeb72c
close(3)= 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0)
= 0x7fdeb76f7000
open("/lib64/libcom_err.so.2", O_RDONLY|O_CLOEXEC) = 3
read(3,
"\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\340\26\0\0\0\0\0\0"...,
832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=14760, ...}) = 0
mmap(NULL, 2109928, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3,
0) = 0x7fdeb6dfb000
mprotect(0x7fdeb6dfe000, 2093056, PROT_NONE) = 0
mmap(0x7fdeb6ffd000, 8192, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2000) = 0x7fdeb6ffd000
close(3)= 0
open("/lib64/libssl.so.1.0.0", O_RDONLY|O_CLOEXEC) = 3
read(3,
"\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0pr\1\0\0\0\0\0"..., 832)
= 832
fstat(3, {st_mode=S_IFREG|0555, st_size=440632, ...}) = 0
mmap(NULL, 2535888, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3,
0) = 0x7fdeb6b8f000
mprotect(0x7fdeb6bf, 2097152, PROT_NONE) = 0
mmap(0x7fdeb6df, 45056, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x61000) = 0x7fdeb6df
close(3)= 0
open("/lib64/libcrypto.so.1.0.0", O_RDONLY|O_CLOEXEC) = 3
read(3,
"\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\0\313\6\0\0\0\0\0"...,
832) = 832
fstat(3, {st_mode=S_IFREG|0555, st_size=2447744, ...}) = 0
mmap(NULL, 4559184, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3,
0) = 0x7fdeb6735000
mprotect(0x7fdeb6962000, 2097152, PROT_NONE) = 0
mmap(0x7fdeb6b62000, 167936, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x22d000) = 0x7fdeb6b62000
mmap(0x7fdeb6b8b000, 12624, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7fdeb6b8b000
close(3)= 0
open("/usr/lib64/libdb-4.8.so", O_RDONLY|O_CLOEXEC) = 3
read(3,
"\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0@X\2\0\0\0\0\0"..., 832)
= 832
fstat(3, {st_mode=S_IFREG|0755, st_size=1560248, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0)
= 0x7fdeb76f6000
mmap(NULL, 3655304, PROT_READ|PROT_EXEC, 

Re: Multi-thread cyrus delayed forking of imapd processes after connecting to master listener

[Patrick Boutilier]

Have you tried stracing one of the imap processes that is slow to see where the 
delay is?


On May 19, 2017 6:48:36 AM ADT, Michael Hieb  wrote:
>Apologies for long post, most of it is configuration details.
>
>I have recently changed from a single threaded cyrus server in which 
>multiple domains were overloaded on one listener as multiple virtual 
>domains to a multiple threaded cyrus server in which multiple domains 
>are listened for on separate ip addresses with separate configurations.
>
>The primary motivation was to have separate tls certificates for each 
>domain. The problem is that I can connect to cyrus listener on all 
>ip/ports for all domains, but while one of them will fork immediately 
>and respond with a banner, the others will delay for a period of time 
>from a few seconds to a minute or so before forking and responding with
>
>a banner. With the same setup, I change to a single threaded cyrus 
>server to listen on all ip/ports then I get an immediate response on 
>all, but of course I do not get the separate tls certificate or 
>configuration. It is replicable that switching between the single 
>threaded and multiple threaded configuration triggers the problem. I 
>have searched the logs and the mail-lists and found nothing that seems 
>related.
>
>Question: why does switching to multiple threaded cyrus server trigger 
>delayed forking of imapd processes after connecting to master listener?
>
>On listener which responds immediately (as expected) I get this:
>
>user@somehost:~> telnet imap.domain1.com 143
>Trying 192.168.110.171...
>Connected to imap.domain1.com.
>Escape character is '^]'.
>* OK [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE STARTTLS AUTH=GSS-SPNEGO 
>AUTH=GSSAPI AUTH=DIGEST-MD5 AUTH=CRAM-MD5 AUTH=LOGIN AUTH=PLAIN
>SASL-IR] 
>imap.domain1.com Cyrus IMAP v2.4.18 server ready
>
>On listener with delay, I get this (and process hangs for many seconds 
>or even a minute or two):
>
>user@somehost:~> telnet imap.domain2.com 143
>Trying 192.168.110.171...
>Connected to imap.domain2.com.
>Escape character is '^]'.
>
>The domain for which the listener responds and the one for which it 
>delays seems to change and be random as far as I can tell.
>
>There is nothing in the log journal that looks different from when we 
>connect and get a for and when we connect and get a delay.
>
>May 19 09:44:31 MAILSERVER master[13762]: about to exec 
>/usr/lib/cyrus/bin/imapd
>May 19 09:44:31 MAILSERVER imap[13762]: executed
>May 19 09:44:31 MAILSERVER imap[13762]: IOERROR: opening 
>/var/lib/imap/user_deny.db: No such file or directory
>
>and once imapd forks and banner is generated
>
>May 19 09:46:45 MAILSERVER imap[13814]: accepted connection
>
>Here are the configuration details:
>
>I run cyrus 2.4.18-3.6 on openSuSE Leap 42.2 Linux MAILSERVER 
>4.4.62-18.6-default #1 SMP Fri Apr 21 16:14:48 UTC 2017 (84f9824)
>x86_64 
>x86_64 x86_64 GNU/Linux.
>
>Here is my (sanitized) cyrus.conf and one imapd.conf (they all look 
>alike except for certificate and domain specifics).
>
>MAILSERVER:~ # cat /etc/cyrus.conf
>START {
># do not delete this entry!
>recover cmd="ctl_cyrusdb -r"
>
># this is only necessary if using idled for IMAP IDLE
>idled cmd="idled"
>}
>
># UNIX sockets start with a slash and are put into /var/lib/imap/socket
>SERVICES {
># add or remove based on preferences
>#imap cmd="imapd" listen="imap" maxchild=-1 maxforkrate=100
>imap cmd="imapd -C /etc/imapd.domain1.com.conf " 
>listen="192.168.171.4:imap" maxchild=-1 maxforkrate=100
>imap cmd="imapd -C /etc/imapd.domain1.com.conf " 
>listen="192.168.110.171:imap" maxchild=-1 maxforkrate=100
>imap cmd="imapd -C /etc/imapd.domain2.com.conf " 
>listen="192.168.172.4:imap" maxchild=-1 maxforkrate=100
>imap cmd="imapd -C /etc/imapd.domain2.com.conf " 
>listen="192.168.110.172:imap" maxchild=-1 maxforkrate=100
>imap cmd="imapd -C /etc/imapd.domain3.com.conf " 
>listen="192.168.174.4:imap" maxchild=-1 maxforkrate=100
>imap cmd="imapd -C /etc/imapd.domain3.com.conf " 
>listen="192.168.110.174:imap" maxchild=-1 maxforkrate=100
>imap cmd="imapd -C /etc/imapd.domain4.com.conf " 
>listen="192.168.175.4:imap" maxchild=-1 maxforkrate=100
>imap cmd="imapd -C /etc/imapd.domain4.com.conf " 
>listen="192.168.110.175:imap" maxchild=-1 maxforkrate=100
>imap cmd="imapd -C /etc/imapd.domain5.com.conf " 
>listen="192.168.176.4:imap" maxchild=-1 maxforkrate=100
>imap cmd="imapd -C /etc/imapd.domain5.com.conf " 
>listen="192.168.110.176:imap" maxchild=-1 maxforkrate=100
>imap cmd="imapd -C /etc/imapd.domain6.com.conf " 
>listen="192.168.177.4:imap" maxchild=-1 maxforkrate=100
>imap cmd="imapd -C /etc/imapd.domain6.com.conf " 
>listen="192.168.110.177:imap" maxchild=-1 maxforkrate=100
>
>#imaps cmd="imapd -s" listen="imaps" maxchild=-1 maxforkrate=100
>imaps cmd="imapd -C /etc/imapd.domain1.com.conf -s " 
>listen="192.168.171.4:imaps" maxchild=-1 maxforkrate=100
>imaps cmd="imapd -C /etc/imapd.domain1.com.conf -s " 

Re: Problems with cyrus 2.5.10 after system update

[Patrick Goetz]

Follow up question:

The package maintainer for the Arch cyrus-imapd package has fallen 
behind and my users need to be able to access their mail, so as a 
temporary work around I'm just going to build/compile cyrus 3.0.1 from 
source.


I asked about some of this before, but will my 2.5.10 configuration 
files work as is, or have the key values changed again?  Also, the new 
default is skiplist2, and I'm on skiplist.  Is this going to be like a 
previous upgrade where the Berkeley DB files were automatically 
converted to skiplists?


On 05/17/2017 10:48 AM, Patrick Goetz wrote:

Thanks everyone; this is as I expected.

On 05/17/2017 10:04 AM, Jason Englander wrote:

On Wed, 17 May 2017, Patrick Goetz wrote:

I had to update my mail server for unrelated reasons, after which I 
couldn't get cyrus-master to start.  It turned out to be related to 
ctl_cyrusdb not running because the program was compiled against 
libssl.so.1.0 while this library had been upgraded to libssl.so.1.1


I have no exposure to Arch, but if your libssl.so.1.1 is OpenSSL 
1.1.*, then you either need to downgrade OpenSSL to 1.0.* and 
recompile, or upgrade Cyrus IMAP to 3.x


http://secure-web.cisco.com/19hQ6sWyMWn0PfZ98703I4i0KDlOTjyfq8N06nJQlvN0zNqbv-O2v2Qchs3o9Zl0jaygzDVMFxMGepFRBp5nhlQJuzJbzHqXkba7_FKWR3ZYcUmUDaVKVYcCLtkdHX8re43RdZ4T7-t3b5R365c3zvsCVRsw68bQSGF8aode72Z2xfVoHAvidySjMy29itDettNqfcPvdkDmgmY-kdfCKxl8LlEGMRxEJTSjBRnidMYycN-Sh9jNY20kBxhdzghoKc7rBpfcAi9jipg5Jhx74ZnYiCLTz3CNAulUOtYLCNldqVVDinVE_8AE3DY4_v1Cy/http%3A%2F%2Fwww.cyrusimap.org%2Fimap%2Fdownload%2Frelease-notes%2F3.0%2Fx%2F3.0.0.html 


->
Added support for OpenSSL 1.1.0





Cyrus Home Page: 
http://secure-web.cisco.com/1PHdDUW37wUY_EmYGLz1y5Qb4NKOGohcBC0VeoCozwVDDLvNVnzaX3ebM4Pq3dqvhoXvHjR3RsXX2clviPCiR7P5zH-1R-jTDBU4alHiRY7B0y5Q9Rd9g61emOuwG2mFjBm5oejn-fwAc-zVe1kuBtC8gsrZMZigKFUxu2d38LYSqDOo9hJxTTYIVo2VramO0V2CdZJ_MUZAl4GEOoqKcNv_Ynjm5RhXdp5sqNO7q28mCoO8MxdbqHEmMnqsLsGJNnKyw43c7YJ-DMhZ6Af-tcsK_qC6otk3n5es67tPNae-88vW3EbJEh8AS0Gdgr7SC/http%3A%2F%2Fwww.cyrusimap.org%2F 


List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus



Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: Problems with cyrus 2.5.10 after system update

[Patrick Goetz]

Thanks everyone; this is as I expected.

On 05/17/2017 10:04 AM, Jason Englander wrote:

On Wed, 17 May 2017, Patrick Goetz wrote:

I had to update my mail server for unrelated reasons, after which I 
couldn't get cyrus-master to start.  It turned out to be related to 
ctl_cyrusdb not running because the program was compiled against 
libssl.so.1.0 while this library had been upgraded to libssl.so.1.1


I have no exposure to Arch, but if your libssl.so.1.1 is OpenSSL 1.1.*, 
then you either need to downgrade OpenSSL to 1.0.* and recompile, or 
upgrade Cyrus IMAP to 3.x


http://secure-web.cisco.com/19hQ6sWyMWn0PfZ98703I4i0KDlOTjyfq8N06nJQlvN0zNqbv-O2v2Qchs3o9Zl0jaygzDVMFxMGepFRBp5nhlQJuzJbzHqXkba7_FKWR3ZYcUmUDaVKVYcCLtkdHX8re43RdZ4T7-t3b5R365c3zvsCVRsw68bQSGF8aode72Z2xfVoHAvidySjMy29itDettNqfcPvdkDmgmY-kdfCKxl8LlEGMRxEJTSjBRnidMYycN-Sh9jNY20kBxhdzghoKc7rBpfcAi9jipg5Jhx74ZnYiCLTz3CNAulUOtYLCNldqVVDinVE_8AE3DY4_v1Cy/http%3A%2F%2Fwww.cyrusimap.org%2Fimap%2Fdownload%2Frelease-notes%2F3.0%2Fx%2F3.0.0.html 


->
Added support for OpenSSL 1.1.0





Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: Problems with cyrus 2.5.10 after system update

[Patrick Boutilier]

On 05/17/2017 12:04 PM, Jason Englander wrote:

On Wed, 17 May 2017, Patrick Goetz wrote:

I had to update my mail server for unrelated reasons, after which I 
couldn't get cyrus-master to start.  It turned out to be related to 
ctl_cyrusdb not running because the program was compiled against 
libssl.so.1.0 while this library had been upgraded to libssl.so.1.1


I have no exposure to Arch, but if your libssl.so.1.1 is OpenSSL 1.1.*, 
then you either need to downgrade OpenSSL to 1.0.* and recompile, or 
upgrade Cyrus IMAP to 3.x


http://www.cyrusimap.org/imap/download/release-notes/3.0/x/3.0.0.html
->
Added support for OpenSSL 1.1.0


Appears to be some support for OpenSSL 1.1.0 in later 2.5.x releases:

http://www.cyrusimap.org/imap/download/release-notes/2.5/x/2.5.9.html

preliminary support for OpenSSL 1.1.0 (not yet released)





Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus


<>
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: Problems with cyrus 2.5.10 after system update

[Patrick Boutilier]

On 05/17/2017 11:40 AM, Patrick Goetz wrote:

So, running

  openssl s_client -connect mail.myserver.org:143 -starttls imap



Same error with -tls1_2 ?

openssl s_client -connect mail.myserver.org:143 -tls1_2 -starttls imap





it appears that it's still trying to use SSLv3 and the newest version of 
openssl won't allow this?


===
[pgoetz@frog ~]$ openssl s_client -connect mail.myserver.org:143 
-starttls imap

CONNECTED(0003)
140245839085440:error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert 
handshake failure:ssl/record/rec_layer_s3.c:1385:SSL alert number 40

---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 726 bytes and written 202 bytes
Verification: OK
===

before I start googling, can someone tell me how to disable SSLv3 in 
imapd.conf?


On 05/17/2017 08:53 AM, Patrick Goetz wrote:
I had to update my mail server for unrelated reasons, after which I 
couldn't get cyrus-master to start.  It turned out to be related to 
ctl_cyrusdb not running because the program was compiled against 
libssl.so.1.0 while this library had been upgraded to libssl.so.1.1


So, I recompiled cyrus  (I'm running Arch linux and am using the 
cyrus-imapd AUR package) but now it doesn't seem to be able to use SSL 
at all.  When I start my MUA I get a message


"The IMAP server ... does not support the selected authentication 
method:  which is STARTTLS over port 143.


Any ideas on what I can do short of downgrading libssl.so to 
libssl.so.1.0?



Cyrus Home Page: 
http://secure-web.cisco.com/14J2MQPcWP1V1X8PI7D2pUqnGEr83roQya4gSH694w_JGDrGdpxHbSGLYx2PnLX7w187T5IaGviognr46OHjOG5F3-d_jhv8cpuxwj7z4pjDLeqGTRyK_CudP3ZiE1suhA-NBZD0wBVvCzte5M1PRziU_2qtB_fLcoTufxwcX6HEUPuIHwCv0OK3mH6S9POAy65hrJwzNzDXth7sSGzPEpUNAu6j5uDEZ3IIAu7wamKWZO9ju6JYqHp1I8N1-DN88eozxuwOztR_QM8_6zIGTWnPY1qbRHulv8Qv-EEmsJApUgp6siVoBpukK-54k7T9o/http%3A%2F%2Fwww.cyrusimap.org%2F 


List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus



Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus


<>
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: Problems with cyrus 2.5.10 after system update

[Patrick Goetz]

Hi -

No, the private key and certificate should match; I'm using the same 
key/cert pair for webmail, and that one works fine.  I'm still thinking 
cyrus 2.5.10 isn't compatible with the newest version of openssl.  Here 
is the "enumerate ciphers" nmap output for the mail, and webmail 
servers, respectively:


[root@toad ~]# nmap --script +ssl-enum-ciphers -p 143 
mail.episcopalarchives.org


Starting Nmap 7.40 ( https://nmap.org ) at 2017-05-17 09:59 CDT
Nmap scan report for mail.episcopalarchives.org (216.82.212.230)
Host is up (0.019s latency).
PORTSTATE SERVICE
143/tcp open  imap

Nmap done: 1 IP address (1 host up) scanned in 2.80 seconds


[root@toad ~]# nmap --script +ssl-enum-ciphers -p 443 
mail.episcopalarchives.org


Starting Nmap 7.40 ( https://nmap.org ) at 2017-05-17 10:00 CDT
Nmap scan report for mail.episcopalarchives.org (216.82.212.230)
Host is up (0.018s latency).
PORTSTATE SERVICE
443/tcp open  https
| ssl-enum-ciphers:
|   TLSv1.0:
| ciphers:
|   TLS_DHE_RSA_WITH_AES_128_CBC_SHA (dh 2048) - A
|   TLS_DHE_RSA_WITH_AES_256_CBC_SHA (dh 2048) - A
|   TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
|   TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
|   TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
|   TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
| compressors:
|   NULL
| cipher preference: client
|   TLSv1.1:
| ciphers:
|   TLS_DHE_RSA_WITH_AES_128_CBC_SHA (dh 2048) - A
|   TLS_DHE_RSA_WITH_AES_256_CBC_SHA (dh 2048) - A
|   TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
|   TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
|   TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
|   TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
| compressors:
|   NULL
| cipher preference: client
|   TLSv1.2:
| ciphers:
|   TLS_DHE_RSA_WITH_AES_128_CBC_SHA (dh 2048) - A
|   TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (dh 2048) - A
|   TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (dh 2048) - A
|   TLS_DHE_RSA_WITH_AES_256_CBC_SHA (dh 2048) - A
|   TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (dh 2048) - A
|   TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (dh 2048) - A
|   TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (dh 2048) - A
|   TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
|   TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (rsa 2048) - A
|   TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (rsa 2048) - A
|   TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
|   TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (rsa 2048) - A
|   TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (rsa 2048) - A
|   TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (rsa 2048) - A
|   TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
|   TLS_RSA_WITH_AES_128_CBC_SHA256 (rsa 2048) - A
|   TLS_RSA_WITH_AES_128_GCM_SHA256 (rsa 2048) - A
|   TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
|   TLS_RSA_WITH_AES_256_CBC_SHA256 (rsa 2048) - A
|   TLS_RSA_WITH_AES_256_GCM_SHA384 (rsa 2048) - A
| compressors:
|   NULL
| cipher preference: client
|_  least strength: A

Nmap done: 1 IP address (1 host up) scanned in 2.87 seconds





On 05/17/2017 09:52 AM, Wolfgang Breyha wrote:

Patrick Goetz wrote on 17/05/17 16:40:

SSL alert number 40


This error has nothing to do with SSLv3 or protocol version at all. Maybe your
private key and certificate do not match on server side.

Greetings, Wolfgang



Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: Problems with cyrus 2.5.10 after system update

[Patrick Goetz]

So, running

 openssl s_client -connect mail.myserver.org:143 -starttls imap

it appears that it's still trying to use SSLv3 and the newest version of 
openssl won't allow this?


===
[pgoetz@frog ~]$ openssl s_client -connect mail.myserver.org:143 
-starttls imap

CONNECTED(0003)
140245839085440:error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert 
handshake failure:ssl/record/rec_layer_s3.c:1385:SSL alert number 40

---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 726 bytes and written 202 bytes
Verification: OK
===

before I start googling, can someone tell me how to disable SSLv3 in 
imapd.conf?


On 05/17/2017 08:53 AM, Patrick Goetz wrote:
I had to update my mail server for unrelated reasons, after which I 
couldn't get cyrus-master to start.  It turned out to be related to 
ctl_cyrusdb not running because the program was compiled against 
libssl.so.1.0 while this library had been upgraded to libssl.so.1.1


So, I recompiled cyrus  (I'm running Arch linux and am using the 
cyrus-imapd AUR package) but now it doesn't seem to be able to use SSL 
at all.  When I start my MUA I get a message


"The IMAP server ... does not support the selected authentication 
method:  which is STARTTLS over port 143.


Any ideas on what I can do short of downgrading libssl.so to libssl.so.1.0?


Cyrus Home Page: 
http://secure-web.cisco.com/14J2MQPcWP1V1X8PI7D2pUqnGEr83roQya4gSH694w_JGDrGdpxHbSGLYx2PnLX7w187T5IaGviognr46OHjOG5F3-d_jhv8cpuxwj7z4pjDLeqGTRyK_CudP3ZiE1suhA-NBZD0wBVvCzte5M1PRziU_2qtB_fLcoTufxwcX6HEUPuIHwCv0OK3mH6S9POAy65hrJwzNzDXth7sSGzPEpUNAu6j5uDEZ3IIAu7wamKWZO9ju6JYqHp1I8N1-DN88eozxuwOztR_QM8_6zIGTWnPY1qbRHulv8Qv-EEmsJApUgp6siVoBpukK-54k7T9o/http%3A%2F%2Fwww.cyrusimap.org%2F 


List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus



Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Problems with cyrus 2.5.10 after system update

[Patrick Goetz]

I had to update my mail server for unrelated reasons, after which I 
couldn't get cyrus-master to start.  It turned out to be related to 
ctl_cyrusdb not running because the program was compiled against 
libssl.so.1.0 while this library had been upgraded to libssl.so.1.1


So, I recompiled cyrus  (I'm running Arch linux and am using the 
cyrus-imapd AUR package) but now it doesn't seem to be able to use SSL 
at all.  When I start my MUA I get a message


"The IMAP server ... does not support the selected authentication 
method:  which is STARTTLS over port 143.


Any ideas on what I can do short of downgrading libssl.so to libssl.so.1.0?


Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: removing folders which are not in mailboxes.db

[Patrick Boutilier]

On 05/15/2017 07:55 AM, Marcus Schopen wrote:

Hi,

Am Montag, den 15.05.2017, 07:34 -0300 schrieb Patrick Boutilier:

That will probably work. You can see what will happen by using -n also .
Another option is just to remove the subfolders from the filesystem
using rm .


I just tried:

su - cyrus -c " /usr/lib/cyrus/bin/reconstruct -r -O
user.li...@domain.tld"

But this didn't remove the odd folders nor the files in these folders.
Just remove them by "rm -rf" or move them to another location outside
the spool?


rm -fr if you are 100% sure you don't need the files. Move if not 100% 
sure .:-)


Since cyrus doesn't know about the folders in mailboxes.db it shouldn't 
care either way.








Ciao!
Marcus



Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus



<>
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: removing folders which are not in mailboxes.db

[Patrick Boutilier]

On 05/15/2017 06:35 AM, Marcus Schopen wrote:

Hi,

some time ago I removed several big sized subfolders in a mailbox using
my mail client. Yesterday I recognized that for some reasons those
folders are still on the file system on master, but not on replica side.
Non of those deleted folders are listed in mailboxes.db, which is
correct.

What's the best way to remove those old folders permanently from the
filesystem on the master? Can I use reconstruct with -O option (Delete
odd files)?


That will probably work. You can see what will happen by using -n also . 
Another option is just to remove the subfolders from the filesystem 
using rm .







Ciao
Marcus



Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus



<>
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: sync_client problems

[Patrick Boutilier]

Try a -G with reconstruct?

-G Force  re-parsing  of the underlying message (checks GUID 
correctness).  Reconstruct with -G should fix all possible individual 
message issues, including corrupted data files.



On 05/11/2017 02:37 PM, Eric Cunningham wrote:
I have to walk this back.  In looking slightly further back in my 
logfiles, before every instance of a failure to sync some folder, I see 
a common error reported prior to every "bailing out! Bad protocol" error 
- "IOERROR: GUID mismatch /var/spool/cyrus/mail/c/user/cdm-lit/Sent/148."


May 11 12:44:09 imap1 sync_client[48590]: IOERROR: GUID mismatch 
/var/spool/cyrus/mail/c/user/cdm-lit/Sent/148.
May 11 12:44:22 imap1 sync_client[48590]: IOERROR: zero length response 
to MAILBOX (end of file reached)
May 11 12:44:22 imap1 sync_client[48590]: do_folders(): update failed: 
user.cdm-lit.Sent 'Bad protocol'

May 11 12:44:22 imap1 sync_client[48590]: sync_mailboxes: doing 1000
May 11 12:44:22 imap1 sync_client[48590]: IOERROR: zero length response 
to MAILBOXES (end of file reached)

May 11 12:44:22 imap1 sync_client[48590]: sync_mailboxes: doing 1000
May 11 12:44:22 imap1 sync_client[48590]: IOERROR: zero length response 
to MAILBOXES (end of file reached)

May 11 12:44:22 imap1 sync_client[48590]: sync_mailboxes: doing 1000
May 11 12:44:22 imap1 sync_client[48590]: IOERROR: zero length response 
to MAILBOXES (end of file reached)

May 11 12:44:22 imap1 sync_client[48590]: sync_mailboxes: doing 1000
May 11 12:44:22 imap1 sync_client[48590]: IOERROR: zero length response 
to MAILBOXES (end of file reached)

May 11 12:44:22 imap1 sync_client[48590]: sync_mailboxes: doing 1000
May 11 12:44:22 imap1 sync_client[48590]: IOERROR: zero length response 
to MAILBOXES (end of file reached)

May 11 12:44:22 imap1 sync_client[48590]: sync_mailboxes: doing 1000
May 11 12:44:22 imap1 sync_client[48590]: IOERROR: zero length response 
to MAILBOXES (end of file reached)
May 11 12:44:22 imap1 sync_client[48590]: IOERROR: zero length response 
to MAILBOXES (end of file reached)
May 11 12:44:22 imap1 sync_client[48590]: IOERROR: zero length response 
to UNMAILBOX (end of file reached)
May 11 12:44:22 imap1 sync_client[48590]: folder_delete(): failed: 
user.guest-student-coordinator.Trash.Aarflot 'Bad protocol'
May 11 12:44:22 imap1 sync_client[48590]: Error in do_sync(): bailing 
out! Bad protocol
May 11 12:44:22 imap1 sync_client[48590]: Processing sync log file 
/var/spool/CyrusDB-Sieve/cyrusdb/sync/log-run failed: Bad protocol


When I recontructed this cdm-lit account, it ran successfully on my 
master host, but fails on my copy host:


[cyrus@imap2 ~]$ reconstruct -f -r user.cdm-lit
user.cdm-lit
user.cdm-lit.Sea Trail 2013
user.cdm-lit.Sent uid 1 found - adding
user.cdm-lit.Sent uid 2 found - adding
user.cdm-lit.Sent uid 3 found - adding
user.cdm-lit.Sent uid 4 found - adding

user.cdm-lit.Sent uid 146 found - adding
user.cdm-lit.Sent uid 147 found - adding
user.cdm-lit.Sent uid 148 found - adding
fatal error: Internal error: assertion failed: imap/mailbox.c: 2847: 
record->size


Since I couldn't get a successful reconstruct on this account, I deleted 
it and recreated it from my master host.  However, I'm still unable to 
get a successful reconstruct with "failed to read index header" for 
every subfolder and "fatal error: Internal error: assertion failed: 
imap/mailbox.c: 2847: record->size"


Any ideas on how to correct this so I can see if I can then get past the 
replication error?


Thanks!

-Eric


On 05/11/2017 11:46 AM, Eric Cunningham wrote:
Thanks Bron, but that doesn't seem to work for me, unless I'm missing 
something.


I ran reconstructs for this account on both my master and copy hosts:

[cyrus@imap1 ~]$ reconstruct -f -r user.scramer
user.scramer
user.scramer.Archive
user.scramer.Archives
user.scramer.Archives.2004
...
user.scramer.Trash.IS Networking and Operations
user.scramer.Trash.IS Security
user.scramer.Trash.IS Servers
user.scramer.Trash.IS Staff
user.scramer.Trash.IS Surveys
...


[cyrus@imap2 ~]$ reconstruct -f -r user.scramer
user.scramer
user.scramer.Archive
user.scramer.Archives
user.scramer.Archives.2004
...
user.scramer.Trash.IS Networking and Operations
user.scramer.Trash.IS Security
user.scramer.Trash.IS Servers
user.scramer.Trash.IS Staff
user.scramer.Trash.IS Surveys
...


I then restart the replication against the log-run file and it again 
fails on a folder that no longer exists in that account:


...
May 11 11:40:51 imap1 sync_client[60696]: sync_mailboxes: doing 1000
May 11 11:40:51 imap1 sync_client[60696]: IOERROR: zero length 
response to MAILBOXES (end of file reached)
May 11 11:40:51 imap1 sync_client[60696]: IOERROR: zero length 
response to MAILBOXES (end of file reached)
May 11 11:40:51 imap1 sync_client[60696]: IOERROR: zero length 
response to UNMAILBOX (end of file reached)
May 11 11:40:51 imap1 sync_client[60696]: folder_delete(): failed: 
user.scramer.Trash.IS Software Management 'Bad protocol'
May 11 

Re: Migrate users

[Patrick Goetz]

I'm not 100% sure about how cyrus gets installed on CentOS, but can 
attempt to answer some of these:


On 04/30/2017 10:36 PM, Simon Wilson wrote:


1. Is 2.4.17 compatible with the mailboxes transferred from the old 
Cyrus 2.3.7 server?




I upgraded from 2.2 to 2.4 in place and don't recall having any problems.


2. Assuming it is? Once the new Cyrus can see the mailboxes, will a 
reconstruct be needed to have new Cyrus able to see the full mailbox 
structure? If so with what flags to rebuild out all sub-mailboxes? Will 
it retain 'seen' / replied flags and ACLs?




Not sure about ACL's, but the "seen" information is stored in 
/var/lib/imap (/var/imap on Arch) in the user directory.



3. Do I need to do anything with the contents of /var/lib/imap/ on the 
old server for retention on the new server?


I'm assuming here that /var/lib/imap is where the mailboxes.db file is 
stored.  You absolutely must migrate this folder to the new server, or 
cyrus won't know about any mailboxes.





4. Will I need to rebuild quotas once new Cyrus can see the mailboxes?



Quota information is similarly stored in /var/lib/imap

Last server migration, I had success following this recipe.

 1. Install cyrus, cyrus SASL on new server and copy over
/etc/cyrus/imapd.conf and /etc/cyrus/cyrus.conf as well
as any SASL configuration and SSL certs.  If you're
upgrading, be mindful of cyrus configuration changes which
need to be made to the /etc/cyrus configuration files.

 2. Stop cyrus on the old server

 3. Copy user mailboxes from old server to new one

 4. Copy the following contents of the configdirectory, usually
/var/imap or /var/lib/imap or /var/lib/cyrus from the old
server to the new one:

mailboxes.db
annotations.db
deliver.db
user
quota
sieve

(The rest of the content is generated automatically.)

 5. Depending on how you have cyrus set up, you might also need to copy
/var/spool/cyrus (/var/spool/imap on Arch)

 6. Start the cyrus master on the new server.  Everything should
just work.

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

recovery from complete loss of mailboxes.db?

[Patrick Goetz]

Hi -

I'm assembling some system documentation for a client and have been 
pouring over my cyrus notes and looking at the man pages.  A couple of 
questions, starting with the simple one.


annotations.db: "This database contains mailbox and server annotations."

I still have no idea what this is used for.  Can someone give me an 
example of a mailbox or server annotation.


Next:  Suppose I've completely lost /var/imap/mailboxes.db as well as 
/var/imap/db.backup1 and /var/imap/db.backup2.  Is there any way to 
recover from this?  Given that


/usr/lib/cyrus/bin/reconstruct -r -f user/userN

will add missing mailfolders to mailboxes.db, can I reconstruct 
mailboxes.db by simply iterating over all mailbox directories?


  # cd /srv/imap/user
  # for i in $(ls)
  # /usr/lib/cyrus/bin/reconstruct -r -f user/$i
  # done

?


Finally a note on the documentation:

On this page:

  https://cyrusimap.org/imap/reference/faqs/o-reconstruct.html

one finds the following comment: "If you do find yourself with a 
corrupted mailboxes.db, there are a few things you can try. The first is 
to see if db_recover can recover your database."


However, there is no db_recover listed under Tools & Utilities here:

  https://cyrusimap.org/

/usr/bin/db_recover is installed on my system, so it exists, but there 
isn't a man page for it, either, leading to wonder how one is supposed 
to know what the syntax is for this command.


I guess that wasn't actually the final question.  I'm currently running 
version 2.5.10 and am thinking about upgrading to 3.0.1.  The default db 
format appears to be Twoskip, and I'm pretty sure that all my db files 
are Skiplists.  Is this going to be like the Berkeley DB to Skiplist 
thing when upgrading from 2.2 to 2.4, where all the Berkeley DB 
databases were automatically converted to Skiplists, or does a 
conversion to Twoskip require some manual intervention?


Thanks in advance.

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: Problems upgrading cyrus (2.1 -> 2.4) - what about sieve

[Patrick Boutilier]

On 04/26/2017 05:11 AM, Dr. Peer-Joachim Koch wrote:

Hi,

I am preparing an update of an old mail server. The mailboxes and mails 
are no the problem.

This seems to be easy. But how can I transfer the sieve scripts ?
However I can write a script using sieve shell and import all ~100 
scripts for the users,

but maybe there is a more simpler solution ?

A second sieve question :
A script is running at night syncing the mailboxes, seen and subscribe 
files (between old an new server).
Yesterday I imported my own sieve script on the new server. Today (after 
the update at night) the sieve script was gone.

Where are the information about the sieve scripts stored ?


Not sure about 2.1 but in 2.4 it is in sieve directory under 
configdirectory . For example, /var/imap/sieve










Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus



<>
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: IMAP.c: loadable library and perl binaries are mismatched

[Patrick Boutilier]

On 04/19/2017 01:14 PM, Patrick Goetz wrote:
Correction:  just realized I'm running 2.5.7, not 2.4.17.  Probably just 
need to upgrade, but am still interested in knowing if there is any way 
to get around using cyradm for adding users.



We use this perl module with a very simple perl script to add users.

http://search.cpan.org/~eestabroo/IMAP-Admin-1.6.4/Admin.pm






On 04/19/2017 11:12 AM, Patrick Goetz wrote:

I'm running cyrus 2.4.17 on a couple of Arch linux servers, and Arch is
an aggressively updated rolling release distro.

I don't have to add new users very often, but ran cyradm today and got
the following error message:

[root@www sbin]# cyradm --user administrator localhost
IMAP.c: loadable library and perl binaries are mismatched (got handshake
key 0xdb00080, needed 0xdb80080)


I'm hoping to not have to upgrade cyrus at this precise moment.  Is
there any way to get around this for adding a new cyrus user?  I've only
ever used cyradm for this task.

If I do have to upgrade, the cyrus version in the Arch AUR is still at
2.5.10 -- presumably this upgrade won't break anything?  Do I need to
upgrade to 2.5.x before upgrading to 3.0?

Thanks.


Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus



Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus


<>
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: IMAP.c: loadable library and perl binaries are mismatched

[Patrick Goetz]

Correction:  just realized I'm running 2.5.7, not 2.4.17.  Probably just 
need to upgrade, but am still interested in knowing if there is any way 
to get around using cyradm for adding users.


On 04/19/2017 11:12 AM, Patrick Goetz wrote:

I'm running cyrus 2.4.17 on a couple of Arch linux servers, and Arch is
an aggressively updated rolling release distro.

I don't have to add new users very often, but ran cyradm today and got
the following error message:

[root@www sbin]# cyradm --user administrator localhost
IMAP.c: loadable library and perl binaries are mismatched (got handshake
key 0xdb00080, needed 0xdb80080)


I'm hoping to not have to upgrade cyrus at this precise moment.  Is
there any way to get around this for adding a new cyrus user?  I've only
ever used cyradm for this task.

If I do have to upgrade, the cyrus version in the Arch AUR is still at
2.5.10 -- presumably this upgrade won't break anything?  Do I need to
upgrade to 2.5.x before upgrading to 3.0?

Thanks.


Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus



Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

IMAP.c: loadable library and perl binaries are mismatched

[Patrick Goetz]

I'm running cyrus 2.4.17 on a couple of Arch linux servers, and Arch is 
an aggressively updated rolling release distro.


I don't have to add new users very often, but ran cyradm today and got 
the following error message:


[root@www sbin]# cyradm --user administrator localhost
IMAP.c: loadable library and perl binaries are mismatched (got handshake 
key 0xdb00080, needed 0xdb80080)



I'm hoping to not have to upgrade cyrus at this precise moment.  Is 
there any way to get around this for adding a new cyrus user?  I've only 
ever used cyradm for this task.


If I do have to upgrade, the cyrus version in the Arch AUR is still at 
2.5.10 -- presumably this upgrade won't break anything?  Do I need to 
upgrade to 2.5.x before upgrading to 3.0?


Thanks.


Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: strange sieve problem

[Patrick Boutilier]

Is it the second email sample that does not work? If so the To: on that 
one is walter@waldinet.local and I don't see any rules for 
walter@waldinet.local. Also, where does the mail that doesn't work end up?



On 04/04/2017 03:00 AM, Walter H. via Info-cyrus wrote:

Hello,

I've found a Sieve Tester, where everything works as I expect

https://www.fastmail.com/cgi-bin/sievetest.pl

but Cyrus Sieve doesn't

here the Sieve-Script


# Sieve filter

require ["fileinto", "relational"];

if not exists ["from"]
{
discard;
}
elsif allof (address :all :is "from" "sq...@proxy.my.local",
address :all :is "to" "walter@my.local")
{
if header :matches "subject" "[proxy] Video-URL (*) detected"
{
fileinto "INBOX._Info.hbbtvVideoURLs";
}
elsif header :matches "subject" "[proxy] File-URL (*) detected"
{
fileinto "INBOX._Info.ftpFileURLs";
}
else
{
fileinto "INBOX._Info";
}
}
elsif allof (address :all :is "from" "cla...@mail.my.local",
address :all :is "to" "walter@my.local")
{
if header :matches "subject" "[mail] Virus detected in E-mail"
{
fileinto "INBOX._Alert";
}
}
elsif header :matches "list-id" "*"
{
fileinto "INBOX._MailLists._CENTOS";
}
elsif header :is "precedence" "bulk"
{
fileinto "INBOX.Trash";
}
else
{
keep;
}


and this is the Mail


Return-Path: 
Received: from storage.mail ([unix socket])
 by storage.mail (Cyrus v2.3.16-Fedora-RPM-2.3.16-13.el6_6) with LMTPA;
 Mon, 03 Apr 2017 21:27:35 +0200
X-Sieve: CMU Sieve 2.3
Received: from proxy.host by storage.mail (Postfix) with ESMTP id 19B2C79235
Received: by proxy.host (Postfix, userid 23) id EB81D2B0BE
Date: Mon, 03 Apr 2017 21:27:34 +0200
To: walter@my.local
Subject: [proxy] File-URL (PC) detected
User-Agent: Heirloom mailx 12.4 7/29/08
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-Id: <20170403192734.eb81d2b...@proxy.my.local>
From: sq...@proxy.my.local (Squid)

The following information came from the Squid proxy virtual machine.

--[ Data submitted ]---

File-URL: ftp://ftp.adobe.com/lbtest.txt



this Mail is sorted correct by the sieve script


Return-Path: 
Received: from storage.mail ([unix socket])
by storage.mail (Cyrus v2.3.16-Fedora-RPM-2.3.16-13.el6_6) with LMTPA;
Sun, 05 Feb 2017 19:14:15 +0100
X-Sieve: CMU Sieve 2.3
Received: from filter.mail by storage.mail (Postfix) with ESMTP id 5634078BA8
Received: by filter.mail (Postfix) id 48F198E9
Delivered-To: r...@filter.mail
Received: from filter.mail [local] by filter.mail (Postfix) with ESMTP id
35E838E8
Received: by filter.mail (Postfix, userid 496) id 2A20D8E9
From: ClamAV 
To: walter@waldinet.local
Subject: [mail] Virus detected in E-mail
Message-Id: <20170205181415.2a20d...@mail.my.local>
Date: Sun, 5 Feb 2017 19:14:15 +0100 (CET)
X-AV-Scanned: ClamAV using ClamSMTP (filter.mail)

The following information came from the Mail filter virtual machine.

--[ Data submitted ]---

Virus name: Heuristics.Phishing.Email.SpoofedDomain
Sender: rte+ne-null-b1cb1a01203481e6zubgcse...@sellernotifications.amazon.com

Quarantined to: /var/lib/clamd.clamsmtp/virus.XeKpYL

--[ E-Mail header ]

...



can someone give me a hint, what is wrong,

Thanks,
Walter


Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus



<>
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: upgrading with murder/aggregator

[Patrick Hennessy]

Followup question to below..  If it is necessary to run an older
frontend, is it possible to use the latest 2.3 version (looks like 2.3.19)?

We're currently getting 2.3.7 though os packages that get security
updates backported, so hopefully the latest 2.3 will be okay if I need
to built from source.

Thanks,

Pat

On 3/15/2017 2:02 PM, Patrick Hennessy wrote:
> We are looking to migrate from a 2.3.7 server to a 2.4.18 server.  I was
> hoping to set up the cyrus murder/aggregator and move the existing
> server behind that.  While doing some reading and research, I came
> across the following mailing list thread.  I was wondering if it's still
> the case that the frontend needs to be the same version as the older
> backend?
> 
> https://lists.andrew.cmu.edu/pipermail/info-cyrus/2010-May/033061.html

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

upgrading with murder/aggregator

[Patrick Hennessy]

We are looking to migrate from a 2.3.7 server to a 2.4.18 server.  I was
hoping to set up the cyrus murder/aggregator and move the existing
server behind that.  While doing some reading and research, I came
across the following mailing list thread.  I was wondering if it's still
the case that the frontend needs to be the same version as the older
backend?

https://lists.andrew.cmu.edu/pipermail/info-cyrus/2010-May/033061.html

Aside from the compatibility between frontend and backend, there was
also a comment about having to recompile the sieve filters per the other
post below.  Is that still the case moving from 2.3.7 to 2.4.18?  Are
there any other gotchas to look out for?

https://lists.andrew.cmu.edu/pipermail/info-cyrus/2010-May/033056.html

Thanks in advance,

Pat

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: cyr_expire suddenly segfaulting

[Patrick Boutilier]

On 03/12/2017 02:24 PM, Nick Howitt wrote:

Hi,
I've been running cyrus-imap for a few years not. I am using 2.4.17-8 on
ClearOS (a Centos derivative). I've been running with "delprune
cmd="cyr_expire -E 1 -X 7 -D 7" at=0001" in cyrus.conf, but in the last
week or so it has started segfaulting. I've tried moving the command to
cron.daily "/usr/lib/cyrus-imapd/cyr_expire -E 1 -X 7 -D 7" but it still
segfaulting.

In /var/log/maillog I get:
Mar 12 03:15:53 server cyr_expire[15065]: Repacking mailbox user.mail-ebay
Mar 12 03:15:53 server master[15064]: setrlimit: Unable to set file
descriptors limit to -1: Operation not permitted
Mar 12 03:15:53 server master[15064]: retrying with 4096 (current max)
Mar 12 03:15:53 server cyr_expire[15065]: Repacking mailbox
user.mail-ebay.Drafts
Mar 12 03:15:54 server cyr_expire[15065]: Repacking mailbox user.nick
Mar 12 03:15:54 server cyr_expire[15065]: Repacking mailbox user.ourfamily
Mar 12 03:15:54 server cyr_expire[15065]: Repacking mailbox
user.ourfamily.Drafts
Mar 12 03:15:54 server cyr_expire[15065]: Expunged 0 out of 9150
messages from 57 mailboxes
Mar 12 03:15:54 server cyr_expire[15065]: duplicate_prune: pruning back
0.00 days
Mar 12 03:15:54 server ctl_cyrusdb[15068]: recovering cyrus databases
Mar 12 03:15:55 server ctl_cyrusdb[15068]: skiplist: checkpointed
/var/lib/imap/mailboxes.db (57 records, 4816 bytes) in 0 seconds
Mar 12 03:15:55 server ctl_cyrusdb[15068]: skiplist: checkpointed
/var/lib/imap/annotations.db (0 records, 144 bytes) in 0 seconds
Mar 12 03:15:55 server ctl_cyrusdb[15068]: done recovering cyrus databases
Mar 12 03:15:55 server master[15064]: unable to setsocketopt(IP_TOS):
Operation not supported
Mar 12 03:15:55 server ctl_cyrusdb[15073]: checkpointing cyrus databases
Mar 12 03:15:55 server ctl_cyrusdb[15073]: done checkpointing cyrus
databases
Mar 12 03:15:55 server imaps[15075]: error sending to idled: 3
Mar 12 03:15:55 server imap[15074]: error sending to idled: 3
Mar 12 03:15:55 server imap[15078]: error sending to idled: 3
Mar 12 03:15:55 server imap[15076]: error sending to idled: 3
Mar 12 03:15:55 server imaps[15081]: error sending to idled: 3
Mar 12 03:15:55 server imap[15080]: error sending to idled: 3
Mar 12 03:15:55 server imaps[15077]: error sending to idled: 3
Mar 12 03:15:55 server imaps[15079]: error sending to idled: 3
Mar 12 03:15:56 server tls_prune[15071]: skiplist: checkpointed
/var/lib/imap/tls_sessions.db (575 records, 122352 bytes) in 0 seconds
Mar 12 03:15:56 server cyr_expire[15072]: skiplist: checkpointed
/var/lib/imap/deliver.db (37 records, 5464 bytes) in 0 seconds
Mar 12 03:15:56 server cyr_expire[15072]: Expunged 0 out of 9112
messages from 57 mailboxes
Mar 12 03:15:56 server cyr_expire[15072]: duplicate_prune: pruning back
3.00 days
Mar 12 03:15:56 server cyr_expire[15072]: duplicate_prune: purged 0 out
of 37 entries

The "error sending to idled: 3" is probably a red herring as cyrus-imap
has just restarted following a db backup, so earlier idled connections
have broken.

Correspondingly in /var/log/messages I get:
Mar 12 03:15:56 server kernel: cyr_expire[15065]: segfault at
7f9c8a79be78 ip 7f9c8a91c5ed sp 7ffd44b51d38 error 4 in
cyr_expire[7f9c8a8c9000+15c000]

It may also be worth mentioning that on some nights, like the night
before the segfault, in /var/log/maillog I see:
Mar 11 03:42:09 server cyr_expire[3237]: Expunged 0 out of 9145 messages
from 61 mailboxes
Mar 11 03:42:09 server cyr_expire[3237]: duplicate_prune: pruning back
1.00 days
Mar 11 03:42:11 server cyr_expire[3237]: duplicate_prune: purged 58 out
of 147 entries
Mar 11 03:45:39 server ctl_cyrusdb[25201]: checkpointing cyrus databases
Mar 11 03:45:39 server ctl_cyrusdb[25201]: done checkpointing cyrus
databases
Mar 11 03:49:57 server master[31633]: exiting on SIGTERM/SIGINT
Mar 11 03:50:58 server master[27624]: setrlimit: Unable to set file
descriptors limit to -1: Operation not permitted
Mar 11 03:50:58 server master[27624]: retrying with 4096 (current max)
Mar 11 03:50:58 server cyr_expire[27625]: Repacking mailbox user.mail-ebay
Mar 11 03:50:58 server cyr_expire[27625]: Repacking mailbox user.ourfamily
Mar 11 03:50:59 server cyr_expire[27625]: Repacking mailbox
user.ourfamily.Drafts
Mar 11 03:50:59 server ctl_cyrusdb[27628]: recovering cyrus databases
Mar 11 03:50:59 server ctl_cyrusdb[27628]: skiplist: checkpointed
/var/lib/imap/mailboxes.db (61 records, 5148 bytes) in 0 seconds
Mar 11 03:50:59 server ctl_cyrusdb[27628]: skiplist: checkpointed
/var/lib/imap/annotations.db (0 records, 144 bytes) in 0 seconds
Mar 11 03:50:59 server ctl_cyrusdb[27628]: done recovering cyrus databases
Mar 11 03:50:59 server cyr_expire[27625]: Expunged 0 out of 9145
messages from 61 mailboxes
Mar 11 03:50:59 server cyr_expire[27625]: duplicate_prune: pruning back
0.00 days
Mar 11 03:50:59 server master[27624]: unable to setsocketopt(IP_TOS):
Operation not supported
Mar 11 03:50:59 server ctl_cyrusdb[27633]: checkpointing cyrus databases
Mar 11 

Re: imap impersonate

[Patrick Goetz via Info-cyrus]

Why would you need to do this as opposed to, say, just setting up 
multiple personalities on your MUA?


On 01/19/2017 02:17 AM, Gabriele Bulfon via Info-cyrus wrote:

Hi,

is there any mechanism with Cyrus imap to impersonate another user?
I've seen other imap servers scenarios where one may use plain
authentication and sending user as mailboxuser plus a separator plus
adminuser and use only adminpassword, to get access to the mailboxuser
as is (dovecot, exchange).

Anything like this in Cyrus?

Gabriele


*Sonicle S.r.l. *: http://www.sonicle.com 
*Music: *http://www.gabrielebulfon.com 
*Quantum Mechanics : *http://www.cdbaby.com/cd/gabrielebulfon



Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus



Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: Preventing users from deleting a spam folder.

[Patrick Boutilier via Info-cyrus]

On 12/13/2016 05:23 PM, Matthew Schumacher via Info-cyrus wrote:

Forgot to sent to the list:

On 12/13/2016 12:02 PM, Patrick Boutilier via Info-cyrus wrote:

On 12/13/2016 04:56 PM, Matthew Schumacher via Info-cyrus wrote:

Expiring the email looks simple enough, but I can't quite seem to figure
out how to create a spam mailbox they can't delete.  If I create a
user.fred.spam mailbox and set fred to only have read permissions, it
gives the user admin permissions which allows the user to delete the
mailbox.


Remove the x right.



http://www.cyrusimap.org/~vanmeeuwen/imap/admin/access-control/rights-reference.html




Thanks for the help, but I can't seem to do that:

localhost> sam user/schu/Spam schu lrs
localhost> lam user/schu/Spam
schu lrskxca

The user always ends up with the kxca rights if the mailbox lives under
their INBOX.

Is there a way to change this?


What version of Cyrus? In 2.4.18 I can set to just lrs . Do you have 
implicit_owner_rights defined in imapd.conf?



 implicit_owner_rights: lkxa
The implicit Access Control List (ACL) for the owner of a 
mailbox.




Thanks again,
schu

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus



<>
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: Preventing users from deleting a spam folder.

[Patrick Boutilier via Info-cyrus]

On 12/13/2016 04:56 PM, Matthew Schumacher via Info-cyrus wrote:

Hello,

I would like to start moving spam into a spam folder for each of my
users instead of dropping it, then deleting it after a few weeks.

Expiring the email looks simple enough, but I can't quite seem to figure
out how to create a spam mailbox they can't delete.  If I create a
user.fred.spam mailbox and set fred to only have read permissions, it
gives the user admin permissions which allows the user to delete the
mailbox.

What is a good way to go about this?  Re-create the mailbox if the user
deletes it?

Any suggestions really appreciated!



Remove the x right.

http://www.cyrusimap.org/~vanmeeuwen/imap/admin/access-control/rights-reference.html





schu

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus



<>
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: expire and remove deleted mailboxes from DELETED.user

[Patrick Boutilier via Info-cyrus]

On 11/09/2016 12:50 PM, Marcus Schopen via Info-cyrus wrote:

Hi,

is there a way to immediately remove deleted mailboxes from DELETED.user
without calling expire?

su - cyrus -c "/usr/sbin/cyrus expire -E 1 -X 0 -D 0 -v -p
DELETED.user.testuser"

needs about 10 minutes because of "-E 1".

Cyrus: 2.4.12


You can delete DELETED.user.testuser using cyradm or imap calls. Same 
way you used to delete user.testuser








Ciao
Marcus




Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus



<>
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: 2.4.17 --> 2.5.3 Delayed expunge?

[Patrick Boutilier via Info-cyrus]

On 10/11/2016 10:07 AM, Sergey via Info-cyrus wrote:

On Tuesday 11 October 2016, Patrick Boutilier via Info-cyrus wrote:


http://www.cyrusimap.org/imap/download/release-notes/2.5/x/2.5.0.html#imap-relnotes-2-5-0-upgrading


Thanks. I see what link unchanged but redirection is not happening now.
It can be read now.

| The default for the imapd.conf(5) configuration option expunge_mode
| has changed from default to delayed.

I attempt to use "default" and "immediate" values for expunge_mode but
messages remains to be on file system. This creates problems for users
with overquoted mailboxes because these messages are included in quota.


Are you sure that the messages are actually being expunged and not just 
deleted from the client end?






Btw, it may be worth it to make the option for ignore expunged messages
in quota ?



<>
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: 2.4.17 --> 2.5.3 Delayed expunge?

[Patrick Boutilier via Info-cyrus]

On 10/11/2016 07:46 AM, Sergey via Info-cyrus wrote:

On Saturday 19 September 2015, Patrick Boutilier wrote:


https://docs.cyrus.foundation/imap/release-notes/2.5/x/2.5.0.html



Looks for Default Change: delete_mode  and Default Change:
expunge_mode


Hm. Link is moved now and possible changed. How can I found
changes for 2.4 --> 2.5 update ? I look to redirected page
but still not found desired section.

I ran into this same problem: messages are not deleted from
mail folders immediately. I added "expunge_mode: immediate"
to imapd.conf but it does not help. :-( I use Cyrus-IMAP 2.5.9
now.



http://www.cyrusimap.org/imap/download/release-notes/2.5/x/2.5.0.html#imap-relnotes-2-5-0-upgrading
<>
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: watching and processing a Spam folder for each user

[Patrick Boutilier via Info-cyrus]

On 09/29/2016 12:12 PM, Jason L Tibbitts III via Info-cyrus wrote:

"BJM" == Brian J Murrell via Info-cyrus  
writes:


BJM> So leaving out the latter part (the per-user database and handling,
BJM> etc.) I wonder what, if anything exists to monitor the Spam (and
BJM> NotSpam) folders for all users.

I have a system which sucks things out of everyone's "confirmed-spam"
folders and feeds it to spamassassin on each filtering host.  It's in
Perl (back from when I remembered how to do perl) and is probably
unpleasant.

https://www.math.uh.edu/~tibbs/spamsuck/

Run spamsuck to pull down all of the spam folders into mbox files and
empty them.  Note that the "spamkill" user (or whatever you choose to
call it) needs ACLs ("lrte", I think) on the confirmed-spam folder, so
your user creation process or sommething run as your admin user needs to
set that up.  There's no reason you couldn't pull out ham folders as
well.

Run spamlearn on each filtering host to feed the sucked spam to
sa_learn.  This updates the global bayes databases, not anything
personal to each user.

I don't bother to do this all automatically, but you could.



Only problem with that is users always seem to report some stuff as spam 
when it clearly isn't. :-)






 - J<

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus



<>
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: command line deletion of files

[Patrick Boutilier via Info-cyrus]

On 09/29/2016 11:27 AM, Shawn Bakhtiar via Info-cyrus wrote:

Good morning,

trying to get rid of some emails that have large attachments (i.e. videos sent 
over email, or cd images, etc...)

Would it be proper to

rm -rf /var/spool/imap/u/username/mailbox/4321.

then

reconstruct -rf user.username

Or is there a more "proper" way using cyrus?


Not sure about deleting a single message but you can use ipurge to 
delete messages based on size. Good to use in a script to parses the 
mail spool.






IPURGE(8) 
IPURGE(8)


 *

NAME
   ipurge - delete mail from IMAP mailbox or partition based on age 
or size


SYNOPSIS
   ipurge [ -f ] [ -C config-file ] [ -x ] [ -X ] [ -i ] [ -s ] [ -o ]
  [ -d days | -b bytes | -k Kbytes | -m Mbytes ]
  [ mailbox-pattern...  ]

DESCRIPTION
   Ipurge  deletes messages from the mailbox(es) specified by 
mailbox-pattern that are older or larger than specified by the -d, -b, 
-k or -m options.  If no mailbox-pattern
   is given, ipurge works on all mailboxes.  If the -x option is 
given, the message age and size MUST match exactly those specified by 
-d, -b, -k or -m.  The are no  default

   values, and at least one of -d, -b, -k or -m MUST be specified.

   Ipurge  by default only deletes mail below shared folders, which 
means that mails in mailbox(es) below INBOX.* and user.* stay untouched. 
Use the option -f to also delete

   mail in mailbox(es) below these folders.

   Ipurge reads its configuration options out of the imapd.conf(5) 
file unless specified otherwise by -C.


OPTIONS
   -f Force deletion of mail in all mailboxes.

   -C config-file
  Read configuration options from config-file.

   -d days
  Age of message in days.

   -b bytes
  Size of message in bytes.

   -k Kbytes
  Size of message in Kbytes (2^10 bytes).

   -m Mbytes
  Size of message in Mbytes (2^20 bytes).

   -x Perform an exact match on age or size (instead of older 
or larger).


   -X Use delivery time instead of Date: header for date matches

   -i Invert match logic: -x means not equal, date is for 
newer, size is for smaller


   -s Skip over messages that have the \Flagged flag set.

   -o Only purge messages that have the \Deleted flag set.








Thanks,
Shawn


Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus



<>
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: Upgrade from 2.4 to 2.5

[Patrick Boutilier via Info-cyrus]

On 09/24/2016 08:42 PM, Shawn Bakhtiar via Info-cyrus wrote:

Today I moved our mail accounts from a Cyrus 2.4 running on some older hardware 
with dwindling space to a new server with much more space (and faster 
processors) running Cyrus 2.5.

I've muddled through most of the migration. Simply shutting down the services, 
using rsync to duplicate the stores (var/spool/imap) to the new server, copying 
the content of /var/imap (minus server cert and tls_sessions.db), and 
everything is working. However I see log outputs like the following:

Sep 24 16:37:18 correo imaps[1627]: twoskip: invalid magic header: 
/var/imap/user/t/techcentermn.seen
Sep 24 16:37:18 correo imaps[1627]: skiplist: recovered 
/var/imap/user/t/techcentermn.seen (10 records, 904 bytes) in 0 seconds
Sep 24 16:37:18 correo imaps[1627]: cyrusdb: converted 
/var/imap/user/t/techcentermn.seen from skiplist to twoskip

I have not run reconstruct.

Do I need to worry about this or is this eventually going to work itself out. 
As I understand it the server will handle the conversion for the header/db 
files on its own. Is this correct?



Looks like the conversion has occurred:

Sep 24 16:37:18 correo imaps[1627]: cyrusdb: converted 
/var/imap/user/t/techcentermn.seen from skiplist to twoskip


Or are you seeing the same message continually for the same user?




Shawn



Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus



<>
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: how to deal with mail retention/archival.

[Patrick Goetz via Info-cyrus]

On 08/26/2016 08:09 AM, Alvin Starr via Info-cyrus wrote:

What are others doing for mail archival?



If you need to retain all email for regulatory reasons, I would run the 
mail through something like a procmail filter, sending one copy to the 
user and another to an Archival spool, which could even be an entirely 
separate smtp server.




Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: sieve runtime error Fileinto: Permission denied

[Patrick Boutilier via Info-cyrus]

On 05/24/2016 01:56 AM, OBATA Akio via Info-cyrus wrote:

On Tue, 24 May 2016 12:32:07 +0900, Bron Gondwana via Info-cyrus
 wrote:


On Tue, May 24, 2016, at 10:44, OBATA Akio via Info-cyrus wrote:

On Tue, 24 May 2016 07:25:42 +0900, Bron Gondwana via Info-cyrus
 wrote:

> On Mon, May 23, 2016, at 22:47, Sundeep Singh Nanuwa via Info-cyrus
wrote:
>> On 23/05/16 13:35, Bron Gondwana via Info-cyrus wrote:
>> > You need to have "anyone p" acl to fileinto anything other than
inbox.
>> That didn't work unfortunately.
>
> Deliver into INBOX works, fileinto doesn't.  It's ACLs for sure.
You need the 'p'
> ACL set for the user that lmtpd runs as (or anyone).
>
> Unless there's a bug in your particular version of Cyrus, that
should work.  If you
> could give us that and a copy of your lam output again with the
anyone ACLs set,
> maybe that will help.

In which version of Cyrus release, 'p' permission is required even
with "sieve fileinto"?
I know that only direct lmtp deliver with subaddress require it.


Within lmtpd, subaddress delivery and fileinto are identical.  I've
just checked back to the 2.3 branch and the logic is the same there
too - if there's an error delivering to the named mailbox, we fall
back to the INBOX with an authstate based on the username, which is
why you don't need 'p' on the INBOX.


I'm using "fileinto" without 'anyone p' permission on 2.4.18.
I believe that sieve scripts will run as the user, whereas subaddress is
lmtpd user.



Same here. I don't have "anyone p" set and fileinto works on 2.4.18 .
<>
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: Fatal error: tls_start_servertls() failed

[Patrick Boutilier via Info-cyrus]

On 02/14/2016 02:46 AM, Mufit Eribol via Info-cyrus wrote:

Hi All,

I am running cyrus-imapd-2.4.17 on CentOS 7.2.1511 for appx. 20
mailboxes. I get the following messages every 10-12 days.

imaps TLS negotiation failed: [ip address of a client]
Fatal error: tls_start_servertls() failed

Although cyrus-imapd, saslauthd are still running after this error,
login credentials are not accepted. As I don't know where the problem
is, restart the server fixes the problem, well for another 10-12 days.

I would appreciate any hint you may give.

Thanks,
Mufit

Below are the configuration files:

/etc/cyrus.conf:
START {
   recover   cmd="ctl_cyrusdb -r"
   idled cmd="idled"
}
SERVICES {
#  imap cmd="imapd" listen="imap" prefork=5
imaplocal cmd="imapd -C /etc/imapd-local.conf"
listen="127.0.0.1:imap" prefork=0

   imaps cmd="imapd -s" listen="imaps" prefork=1
imapslocalcmd="imapd -C /etc/imapd-local.conf"
listen="127.0.0.1:imaps" prefork=0

#  pop3 cmd="pop3d" listen="pop3" prefork=3
#  pop3scmd="pop3d -s" listen="pop3s" prefork=1
   sieve cmd="timsieved" listen="sieve" prefork=0
sievelocal  cmd="timsieved -C /etc/imapd-local.conf"
listen="127.0.0.1:sieve" prefork=0
   # these are only necessary if receiving/exporting usenet via NNTP
#  nntp cmd="nntpd" listen="nntp" prefork=3
#  nntpscmd="nntpd -s" listen="nntps" prefork=1

#  lmtp cmd="lmtpd" listen="lmtp" prefork=0
   lmtpunix  cmd="lmtpd" listen="/var/lib/imap/socket/lmtp" prefork=1

#  notify   cmd="notifyd" listen="/var/lib/imap/socket/notify"
proto="udp" prefork=1
}
EVENTS {
   checkpointcmd="ctl_cyrusdb -c" period=30
   delprune  cmd="cyr_expire -E 3" at=0400
   tlsprune  cmd="tls_prune" at=0400
}

/etc/imapd.conf:
postmaster: postmaster
configdirectory: /var/lib/imap
partition-default: /var/spool/imap
#admins: cyrus
allowanonymouslogin: no
allowplaintext: no
#tls_require_cert: 1
sasl_minimum_layer: 128
servername: mail.wintess.com
autocreatequota: 20
maxmessagesize: 0
reject8bit: 0
munge8bit: 0
quotawarn: 90
timeout: 30
poptimeout: 10
dracinterval: 0
drachost: localhost
sasl_pwcheck_method: saslauthd
sasl_mech_list: PLAIN
sievedir: /var/lib/imap/sieve
sieve_maxscriptsize: 32
sieve_maxscripts: 5
sieve_allowplaintext: 1
sendmail: /usr/sbin/sendmail
#hashimapspool: true
#defaultdomain: mail
tls_cert_file: /etc/pki/tls/certs/wintess-imap.pem
tls_key_file: /etc/pki/tls/certs/wintess-imap.pem
tls_ca_file: /etc/pki/tls/certs/wintess-imap.pem

/etc/sasl2/smtpd.conf:

pwcheck_method: saslauthd
mech_list: plain login







Almost sounds like you are running out of entropy.




<>
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: db directory filling up - normal or config error?

[Patrick Boutilier via Info-cyrus]

It fits because your Cyrus is configured to use BerkleyDB for some 9or 
all) of the databases.


You should not have to stop Cyrus. Running this command (with proper -h 
location) should show you what log files are no longer used:


db_archive -h /var/imap/db


And this command should get rid of them:

db_archive -d -h /var/imap/db



On 02/09/2016 10:53 PM, Carl Brewer via Info-cyrus wrote:

On 10/02/2016 9:08 AM, Patrick Boutilier via Info-cyrus wrote:

Not sure if Cyrus is supposed to clean up (been using skiplist
exclusively for years now) but according to this link you can remove the
old log files.

http://www-rohan.sdsu.edu/doc/BerkeleyDB/ref/transapp/logfile.html



How does that fit in with Cyrus?  Do I need to stop imapd before I use
db_archive?

thank you!

Carl






On 02/09/2016 04:05 PM, Carl Brewer via Info-cyrus wrote:


I asked this a few months ago, but now it's getting urgent.  I have a
NetBSD 5.x server, running Cyrus imapd 2.4.17 from pkgsrc, /var/imap/db
is getting very full :

bash-4.3# du -sh db
7.0Gdb

(this is on a reasonably small server)

and it grows every day, it's full of these :

-rw---   1 cyrus  mail  10485760 Feb  1 03:47 log.000953
-rw---   1 cyrus  mail  10485760 Feb  2 03:48 log.000954
-rw---   1 cyrus  mail  10485760 Feb  3 03:47 log.000955
-rw---   1 cyrus  mail  10485760 Feb  4 03:46 log.000956
-rw---   1 cyrus  mail  10485760 Feb  5 03:47 log.000957
-rw---   1 cyrus  mail  10485760 Feb  6 03:46 log.000958
-rw---   1 cyrus  mail  10485760 Feb  7 03:46 log.000959
-rw---   1 cyrus  mail  10485760 Feb  8 03:46 log.000960
-rw---   1 cyrus  mail  10485760 Feb  9 03:47 log.000961
-rw---   1 cyrus  mail  10485760 Feb 10 03:48 log.000962


a new one every day.  This is not sustainable on this little server.

I'm not sure if cyrus itself is supposed to clean these up?

My cyrus.conf is :
# standard standalone server implementation

START {
   # do not delete this entry!
   recover   cmd="ctl_cyrusdb -r"

   # this is only necessary if using idled for IMAP IDLE
#  idledcmd="idled"
}

# UNIX sockets start with a slash and are put into /var/imap/socket
SERVICES {
   # add or remove based on preferences
   imap  cmd="imapd" listen="localhost:imap" prefork=0
   imaps cmd="imapd -s" listen="imaps" prefork=0
   pop3  cmd="pop3d" listen="pop3" prefork=0
   pop3s cmd="pop3d -s" listen="pop3s" prefork=0
   #sievecmd="timsieved" listen="sieve" prefork=0

   # these are only necessary if receiving/exporting usenet via NNTP
#  nntp cmd="nntpd" listen="nntp" prefork=0
#  nntpscmd="nntpd -s" listen="nntps" prefork=0

   # at least one LMTP is required for delivery
#  lmtp cmd="lmtpd" listen="lmtp" prefork=0
   lmtpunix  cmd="lmtpd" listen="/var/imap/socket/lmtp" prefork=0

   # this is only necessary if using notifications
#  notify   cmd="notifyd" listen="/var/imap/socket/notify"
proto="udp" prefo
rk=1
 # Carl, 20140806
smmapd   cmd="smmapd" listen="/var/imap/socket/smmapd" prefork=1
}

EVENTS {
   # this is required
   checkpointcmd="ctl_cyrusdb -c" period=30

   # this is only necessary if using duplicate delivery suppression,
   # Sieve or NNTP
   delprune  cmd="cyr_expire -E 3" at=0400

   # this is only necessary if caching TLS sessions
   tlsprune  cmd="tls_prune" at=0400
}



Have I done something wrong, config-wise?  Or is there a way to safely
purge these db log files?

Thank you!

Carl



Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus





Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus




Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus


<>
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: db directory filling up - normal or config error?

[Patrick Boutilier via Info-cyrus]

Not sure if Cyrus is supposed to clean up (been using skiplist 
exclusively for years now) but according to this link you can remove the 
old log files.


http://www-rohan.sdsu.edu/doc/BerkeleyDB/ref/transapp/logfile.html



On 02/09/2016 04:05 PM, Carl Brewer via Info-cyrus wrote:


I asked this a few months ago, but now it's getting urgent.  I have a
NetBSD 5.x server, running Cyrus imapd 2.4.17 from pkgsrc, /var/imap/db
is getting very full :

bash-4.3# du -sh db
7.0Gdb

(this is on a reasonably small server)

and it grows every day, it's full of these :

-rw---   1 cyrus  mail  10485760 Feb  1 03:47 log.000953
-rw---   1 cyrus  mail  10485760 Feb  2 03:48 log.000954
-rw---   1 cyrus  mail  10485760 Feb  3 03:47 log.000955
-rw---   1 cyrus  mail  10485760 Feb  4 03:46 log.000956
-rw---   1 cyrus  mail  10485760 Feb  5 03:47 log.000957
-rw---   1 cyrus  mail  10485760 Feb  6 03:46 log.000958
-rw---   1 cyrus  mail  10485760 Feb  7 03:46 log.000959
-rw---   1 cyrus  mail  10485760 Feb  8 03:46 log.000960
-rw---   1 cyrus  mail  10485760 Feb  9 03:47 log.000961
-rw---   1 cyrus  mail  10485760 Feb 10 03:48 log.000962


a new one every day.  This is not sustainable on this little server.

I'm not sure if cyrus itself is supposed to clean these up?

My cyrus.conf is :
# standard standalone server implementation

START {
   # do not delete this entry!
   recover   cmd="ctl_cyrusdb -r"

   # this is only necessary if using idled for IMAP IDLE
#  idledcmd="idled"
}

# UNIX sockets start with a slash and are put into /var/imap/socket
SERVICES {
   # add or remove based on preferences
   imap  cmd="imapd" listen="localhost:imap" prefork=0
   imaps cmd="imapd -s" listen="imaps" prefork=0
   pop3  cmd="pop3d" listen="pop3" prefork=0
   pop3s cmd="pop3d -s" listen="pop3s" prefork=0
   #sievecmd="timsieved" listen="sieve" prefork=0

   # these are only necessary if receiving/exporting usenet via NNTP
#  nntp cmd="nntpd" listen="nntp" prefork=0
#  nntpscmd="nntpd -s" listen="nntps" prefork=0

   # at least one LMTP is required for delivery
#  lmtp cmd="lmtpd" listen="lmtp" prefork=0
   lmtpunix  cmd="lmtpd" listen="/var/imap/socket/lmtp" prefork=0

   # this is only necessary if using notifications
#  notify   cmd="notifyd" listen="/var/imap/socket/notify"
proto="udp" prefo
rk=1
 # Carl, 20140806
smmapd   cmd="smmapd" listen="/var/imap/socket/smmapd" prefork=1
}

EVENTS {
   # this is required
   checkpointcmd="ctl_cyrusdb -c" period=30

   # this is only necessary if using duplicate delivery suppression,
   # Sieve or NNTP
   delprune  cmd="cyr_expire -E 3" at=0400

   # this is only necessary if caching TLS sessions
   tlsprune  cmd="tls_prune" at=0400
}



Have I done something wrong, config-wise?  Or is there a way to safely
purge these db log files?

Thank you!

Carl



Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus


<>
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus