Re: No AUTH when trying imtest...
maxime wrote:
Hi,
I have been stuck for a few days on this. I can't figure out what I'm
doing wrong. It would be really nice if someone could give me a few
clues...
I'm trying to install Cyrus imapd-2.1.3/sasl-2.1.1 on a default redhat
7.2 server install.
Here is what it says when I do:
imtest -t localhost
C: C01 CAPABILITY
S: * OK chicken.canram.com Cyrus IMAP4 v2.1.3 server ready
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ NAMESPACE UIDPLUS ID
NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND SORT
THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE STARTTLS
S: C01 OK Completed
S01 OK Begin TLS negotiation now
verify error:num=18:self signed certificate
TLS connection established: TLSv1 with cipher DES-CBC3-SHA (168/168
bits)
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ NAMESPACE UIDPLUS ID
NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND SORT
THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE STARTTLS
S: C01 OK Completed
Password:
C: L01 LOGIN root {5}
+ go ahead
C: omitted
L01 NO Login failed: generic failure
Authentication failed. generic failure
Security strength factor: 168
It should display the available AUTH but it doesn't...any idea why?
Here is more information:
This is what it says in the imapd.log
Mar 26 12:18:20 chicken imapd[769]: starttls: TLSv1 with cipher
DES-CBC3-SHA (168/168 bits new) no authentication
Mar 26 12:18:22 chicken imapd[769]: badlogin:
localhost.localdomain[127.0.0.1] plaintext root SASL(-1): generic
failure: checkpass failed
And in the auth.log it says nothing
I tried different pwcheck methods and none work.
Here is my imapd.conf file:
configdirectory: /var/imap
partition-default: /var/spool/imap
admins: cyrus root
allowanonymouslogin: no
sasl_pwcheck_method: sasldb
^^
This should be 'auxprop', not 'sasldb'.
Did you find 'sasldb' listed in the current documentation somewhere? If
so, it should be fixed.
Ken
--
Kenneth Murchison Oceana Matrix Ltd.
Software Engineer 21 Princeton Place
716-662-8973 x26 Orchard Park, NY 14127
--PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: sieve with sendmail 8.12 ... permissions problems ...
Marc G. Fournier wrote: Anyone using 8.12 yet? Yup. So is CMU. Just delivered an email to an account that has sieve filtering turned on, and get the following in the maillog: Mar 26 13:39:32 nsnet sendmail[38611]: NOQUEUE: SYSERR(cyrus): can not chdir(/var/spool/clientmqueue/): Permission denied My guess is that this error is not for the incoming message, but some type of Sieve reply (vacation, redirect, reject). This error seems to ring a bell, but its been so long since I setup 8.12 that nothing comes to mind right now. Sorry. What should permissions/ownership be for this to work? nsnet# ls -ld /var/spool/clientmqueue drwxrwx--- 2 smmsp smmsp 512 Mar 26 13:34 /var/spool/clientmqueue Same here. Ken -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: Using deliver from perl
Scott Russell wrote: On Tue, Mar 26, 2002 at 08:14:00PM +, simon wrote: You could use Net::LMTP instead ?? ( or support both) Can Net::LMTP force a message to be delivered even if the mailbox is over quota? Erm I think so definitely patch it in easily having had a brief look at the LMTP RFC. That sounds cool. If a patched version of Net::LMTP that supports forced quota delivery exists I would prefer to use it. Let me know where I can download it. I have Net-LMTP-0.02 now and also don't see anything about using Unix Sockets to handle delivery. Yeah, saw the man page. Was getting lmtp socket errors calling it from the command line by hand. I figured I was missing something an example would be enough to set me straight. Dont have one... to hand ( probably permissions on lmtp socket if it is a unix socket) Yeah, that's what I thought too. Then I tried my command as root and got the same lmtp socket error. :) Maybe I'm being stupid about this. What's the easiest way to get a message into the users INBOX by passing any quota restrictions? I thought it would be deliver but it may not be. deliver ken /tmp/test-message works for me when run as the 'cyrus' user. Add the '-q' option to bypass the quota check (adds IGNOREQUOTA keyword to the LMTP RCPT command). Ken -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: bug in imapd-2.1.3 / Berkeley DB
Olaf Zaplinski wrote: Clifford Thurber wrote: What do you mean when you say they don't disappear? Can you be more specific? Yes, right now I have 5 processes named 'imapd -s' and 2 named 'lmtp' in my process list. They will stay there forever until I restart cyrus-imapd. And when the first user logons after that, they are recreated. Look at /etc/cyrus.conf. Are you preforking these processes? Ken -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: sieve websieve weirdness
[EMAIL PROTECTED] wrote: Good Afternoon! I'm having weird issues with my websieve stuff on my new server. I'm using websieve and testing the functions. Checking it with straight up sieveshell. Server solaris 8, cyrus 2.1.1. Everything looks good for straight mail and receipt except this piece. (I finally got SSL working for the webserver interface bits) I have this odd error in my imapd.log: Mar 29 16:03:44 thoth imapd[3819]: [ID 418793 local6.debug] SQUAT failed You're seeing this because there is no cyrus.squat index (not required) on some mailbox which is being SEARCHed, and you're logging at the debug level. This _shouldn't_ have anything to do with a sieve redirect or vacation response (if it does, I'd be *shocked*). The behavior is if I set a forward or vacation up in websieve, send a message, it never arrives to the forward address. I tried an external that I could send mail to directly, another local account, nothing. No errors in my sendmail logs or imap except the SQUAT one. First, try a simpler script that does just a fileinto and make sure that it works. Its possible that your script isn't even being executed. In fact, if you created your initial script via websieve, it probably named it incorrectly (a known bug -- at least to me anyway), and lmtpd won't even know that you have a script. Look in the directory where the script should reside, and it should look somthing like this: lrwxrwxrwx1 cyrusmail 10 Nov 10 12:04 default - ken.script -rw---1 cyrusmail 7703 Mar 5 15:06 ken.script If not, fix it. lmtpd ALWAYS looks for 'default' as the active script. No 'default' - no active script - no script gets executed. Once this is working, try a redirect (its *much* simpler than vacation). If it doesn't work, check your sendmail logs around the time that a message should be processed by your script. You should see the incoming message followed by the outgoing message (redirect). Look for any errors w.r.t the redirect. Report back on your findings and then we'll tackle vacation. Ken -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: removing banners from cyrus
Clifford Thurber wrote: I am confused as to what or why there are things specific to Netscape. Perhaps I have left out the context of my question. I am trying to prevent people doing recognizance banner grabbing for security reasons If you think that having the vendor/version information in the banner is a security problem, then you should tell us what you think the security issues are, so they can be fixed. If its a config problem, then fix your config ;-) In any case, there are multiple places in the services where the vendor/version string is used: - In the banners for imapd, pop3d, lmtpd -- disable by editing the source -- look for prot_printf(, ... ready\r\n, ,CYRUS_VERSION) - imapd: ID command response -- disable with imapidresponse: no in imapd.conf - imapd: NETSCAPE command response -- not compiled by default (--enable-netscapehack configure option) - pop3d: IMPLEMENTATION capability -- disable by editing the source in cmd_capa() Ken At 04:15 PM 4/2/2002 +0100, Steve Wright wrote: Changing pop3d.c will only change the +OK %s Cyrus POP3 v2.0.15 server ready banner. If you want to change the imap banner, to the best of my knowledge you have to change (in imapd.c) the OK %s Cyrus IMAP4 %s server ready\r\n line (same as pop3d.c), the section containing the imap id (as per RFC2971) prot_printf(imapd_out, * ID ( \name\ \Cyrus\ \version\ \%s\ \vendor\ \Project Cyrus\ \support-url\ \http://asg.web.cmu.edu/cyrus\;, CYRUS_VERSION); there are a few entries specific to netscape. Steve. On Tuesday 02 April 2002 15:39, you wrote: This will take care of both the IMAP and POP3 banners? Nothing needs to be done to say .. imapd.c Thanks again At 11:01 AM 4/2/2002 +0100, Steve Wright wrote: The +OK %s Cyrus POP3 v2.0.15 server ready banner can be changed by editing line 323 in /src/cyrus-imapd-2.0.15/imap/pop3d.c -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: removing banners from cyrus
Clifford Thurber wrote: Ken I am just interested in suppresing platform/version information when someone telnet to port 143. Just one more layer of security. But by doing this, you're implying that there is a security hole in the Cyrus server which can be exploited if the hacker discovers the vendor/version info. Is there some known security hole in Cyrus that isn't in other servers. Even if there is, I don't think that the lack of info in the banner is going to stop a hacker from trying the exploit anyway. Furthermore, a good hacker intent on finding Cyrus servers could also detect them by look for known response strings from commands, etc. If I understand you correctly I just need to add: imapidresponse: no to /etc/imapd.conf? This correct. No. This will only suppress the response for an ID command. If you don't want the vendor/version info in the banner, you'll have to edit the source. If you think that having the vendor/version information in the banner is a security problem, then you should tell us what you think the security issues are, so they can be fixed. If its a config problem, then fix your config ;-) In any case, there are multiple places in the services where the vendor/version string is used: - In the banners for imapd, pop3d, lmtpd -- disable by editing the source -- look for prot_printf(, ... ready\r\n, ,CYRUS_VERSION) - imapd: ID command response -- disable with imapidresponse: no in imapd.conf - imapd: NETSCAPE command response -- not compiled by default (--enable-netscapehack configure option) - pop3d: IMPLEMENTATION capability -- disable by editing the source in cmd_capa() Ken -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: sieve problem
Richard Gilbert wrote:
I have a sieve script set up which puts all mail from the info-cyrus list
into a folder using the rule
if address :is :localpart [to, cc, bcc] info-cyrus {
fileinto INBOX.info-cyrus; }
This works fine except for every message from Simon Matter which ends up
in my INBOX. I used the test program in the sieve/ directory to work out
why this was happenning. The second Received header reading upwards is
preceded by a ''. If the '' is removed then it gets filtered as
expected. An example follows. Is this a sieve problem? But why is the
'' there? I am running version 2.0.16 of the cyrus-imapd package (on
Solaris 8).
This has been fixed in v2.1.3. Trying applying this patch:
http://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/cyrus/imap/lmtpengine.c.diff?tr1=1.60r1=texttr2=1.58r2=textf=u
Ken
--
Kenneth Murchison Oceana Matrix Ltd.
Software Engineer 21 Princeton Place
716-662-8973 x26 Orchard Park, NY 14127
--PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: sieve problem
Harris Landgarten wrote:
Will this patch work on 2.0.16?
Yes. This is why I posted it (see Richards original post below).
On Wed, 2002-04-03 at 13:41, Ken Murchison wrote:
Richard Gilbert wrote:
I have a sieve script set up which puts all mail from the info-cyrus list
into a folder using the rule
if address :is :localpart [to, cc, bcc] info-cyrus {
fileinto INBOX.info-cyrus; }
This works fine except for every message from Simon Matter which ends up
in my INBOX. I used the test program in the sieve/ directory to work out
why this was happenning. The second Received header reading upwards is
preceded by a ''. If the '' is removed then it gets filtered as
expected. An example follows. Is this a sieve problem? But why is the
'' there? I am running version 2.0.16 of the cyrus-imapd package (on
Solaris 8).
This has been fixed in v2.1.3. Trying applying this patch:
http://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/cyrus/imap/lmtpengine.c.diff?tr1=1.60r1=texttr2=1.58r2=textf=u
Ken
--
Kenneth Murchison Oceana Matrix Ltd.
Software Engineer 21 Princeton Place
716-662-8973 x26 Orchard Park, NY 14127
--PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
--
Kenneth Murchison Oceana Matrix Ltd.
Software Engineer 21 Princeton Place
716-662-8973 x26 Orchard Park, NY 14127
--PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: empty message body problem (Cyrus 2.1.3, postfix, LMTP)
Hein Roehrig wrote: Dear all, when I send myself a message without a body, lmptd gets stuck --- it eventually times out with a 451 4.3.0 System I/O error and subsequent messages through the same LMTP connection fail as well. My setup is Cyrus 2.1.3, Debian postfix 1.1.6-1, configured to deliver mail via unix sockets through LMTP, as outlined in several example configurations. Things work very well, except for messages which I can (re)create by talking SMTP to postfix and sending a message like this: $ telnet mymailserver smtp Trying x.x.x.x... Connected to mymailserver Escape character is '^]'. 220 mymailserver ESMTP Postfix (Debian/GNU) helo myclient 250 mymailserver mail from: [EMAIL PROTECTED] 250 Ok rcpt to: roehrig@mymailserver 250 Ok data 354 End data with CRLF.CRLF From: [EMAIL PROTECTED] To: roehrig@mymailserver . 250 Ok: queued as B0708C33D3 quit 221 Bye Connection closed by foreign host. My next attempt will be to look up the basics of LMTP and try to talk LMTP directly with Cyrus lmtpd, but perhaps somebody can already tell me whether a null body makes a legal message? If not, then a more meaningful lmtpd error message would be very helpful. Technically, this isn't a valid RFC[2]822 message. There is supposed to be a blank line between the headers and body of a message even though most MTAs accept it. I _think_ this is what is causing lmtpd to hang out. Your timing is good, because I committed a fix for this yesterday. Try this patch and see if it solves the problem. http://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/cyrus/imap/lmtpengine.c.diff?r1=1.69r2=1.70f=u Ken -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: web info-cyrus archives
Nick Ustinov wrote: If anyone is interested, there is a full searchable archive of info-cyrus at http://giga.bit.lv/info-cyrus How is this different from: http://asg.web.cmu.edu/archive/mailbox.php?mailbox=archive.info-cyrus -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: sieve problem
Harris Landgarten wrote:
Your patch turns lmtpengine.c,v 1.58 2002/02/21 17:43:08 rjs3 into
lmtpengine.c,v 1.60 2002/02/22 18:36:58.
Cyrus-imap 2.016 contains lmtpengine.c v 1.26
You are only changing two lines of code and the same code segment
appears in v1.26 starting at line 626. I assume the change can be made
manually with the same effect.
Yes. The other stuff is just RCS/CVS version info which means nothing.
Ken
-Original Message-
From: Ken Murchison [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, April 03, 2002 5:07 PM
To: Harris Landgarten
Cc: Richard Gilbert; cyrus
Subject: Re: sieve problem
Harris Landgarten wrote:
Will this patch work on 2.0.16?
Yes. This is why I posted it (see Richards original post below).
On Wed, 2002-04-03 at 13:41, Ken Murchison wrote:
Richard Gilbert wrote:
I have a sieve script set up which puts all mail from the
info-cyrus list
into a folder using the rule
if address :is :localpart [to, cc, bcc] info-cyrus {
fileinto INBOX.info-cyrus; }
This works fine except for every message from Simon Matter which
ends up
in my INBOX. I used the test program in the sieve/ directory to
work out
why this was happenning. The second Received header reading
upwards is
preceded by a ''. If the '' is removed then it gets filtered as
expected. An example follows. Is this a sieve problem? But why
is the
'' there? I am running version 2.0.16 of the cyrus-imapd package
(on
Solaris 8).
This has been fixed in v2.1.3. Trying applying this patch:
http://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/cyrus/imap/lmtpeng
ine.c.diff?tr1=1.60r1=texttr2=1.58r2=textf=u
Ken
--
Kenneth Murchison Oceana Matrix Ltd.
Software Engineer 21 Princeton Place
716-662-8973 x26 Orchard Park, NY 14127
--PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
--
Kenneth Murchison Oceana Matrix Ltd.
Software Engineer 21 Princeton Place
716-662-8973 x26 Orchard Park, NY 14127
--PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
--
Kenneth Murchison Oceana Matrix Ltd.
Software Engineer 21 Princeton Place
716-662-8973 x26 Orchard Park, NY 14127
--PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: keeping proccess active after client closed connection (more info)
Ilya wrote: sorry to reply to my own message. but here is a little bit more info output of truss on imapd process which stayed active after client closed connection,it starts just before i quit mutt select(0x1,0xbfbff2e4,0x0,0x0,0xbfbff2c8)= 1 (0x1) gettimeofday(0xbfbff26c,0x0) = 0 (0x0) read(0x0,0x812a000,0x5) = 5 (0x5) read(0x0,0x812a005,0x28) = 40 (0x28) stat(cyrus.index,0xbfbff314) = 0 (0x0) fstat(13,0xbfbff314) = 0 (0x0) flock(0xe,0x2) = 0 (0x0) lseek(14,0x430,0)= 1072 (0x430) write(14,0xbfbfefcc,4) = 4 (0x4) lseek(14,0x434,0)= 1076 (0x434) write(14,0xbfbfefcc,4) = 4 (0x4) lseek(14,0x438,0)= 1080 (0x438) write(14,0xbfbfefcc,4) = 4 (0x4) lseek(14,0x43c,0)= 1084 (0x43c) write(14,0xbfbfefcc,4) = 4 (0x4) lseek(14,0x19f4,0) = 6644 (0x19f4) writev(0xe,0xbfbff094,0xa) = 236 (0xec) fsync(0xe) = 0 (0x0) lseek(14,0x1ae0,0) = 6880 (0x1ae0) write(14,0xbfbff270,4) = 4 (0x4) fsync(0xe) = 0 (0x0) flock(0xe,0x8) = 0 (0x0) munmap(0x2838f000,0x8000)= 0 (0x0) munmap(0x283f1000,0x56000) = 0 (0x0) close(11)= 0 (0x0) munmap(0x28386000,0x96) = 0 (0x0) close(12)= 0 (0x0) munmap(0x28387000,0x8000)= 0 (0x0) close(13)= 0 (0x0) munmap(0x2839b000,0x56000) = 0 (0x0) sendto(0x6,0xbfbff284,0x1e,0x0,0x8103ac0,0x10) ERR#2 'No such file or directory' open(/var/imap/msg/shutdown,0,00) ERR#2 'No such file or directory' select(0x1,0xbfbff2e4,0x0,0x0,0xbfbff2c8)= 0 (0x0) write(1,0x8134000,53)= 53 (0x35) gettimeofday(0xbfbff26c,0x0) = 0 (0x0) select(0x1,0xbfbff2e4,0x0,0x0,0xbfbff2c8)= 1 (0x1) gettimeofday(0xbfbff26c,0x0) = 0 (0x0) read(0x0,0x812a000,0x5) = 5 (0x5) read(0x0,0x812a005,0x28) = 40 (0x28) sendto(0x6,0xbfbff294,0x1f,0x0,0x8103ac0,0x10) ERR#2 'No such file or directory' write(1,0x8134000,69)= 69 (0x45) sendto(0x6,0xbfbff6b4,0x1f,0x0,0x8103ac0,0x10) ERR#2 'No such file or directory' close(8) = 0 (0x0) unlink(0x8107d40)= 0 (0x0) close(0) = 0 (0x0) close(1) = 0 (0x0) close(2) = 0 (0x0) break(0x8135000) = 0 (0x0) write(3,0xbfbff8b0,4)= 4 (0x4) sigaction(SIGALRM,0xbfbff89c,0x0)= 0 (0x0) setitimer(0x0,0xbfbff894,0xbfbff884) = 0 (0x0) SIGNAL 14 SIGNAL 14 SIGNAL 14 fcntl(0x7,0x9,0xbfbff900)ERR#92 'Unknown error: 92' sigreturn(0xbfbff724)ERR#92 'Unknown error: 92' PS i dont have /var/imap/msg/shutdown , but should I? my msg directory is empty No! This will prevent users from logging in (after displaying the shutdown message as an ALERT). Ken -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: Cyrus and the +S bit on Linux
Lawrence Greenfield wrote: I haven't investigated the ext2 issue with Linux all that closely, since we don't run any Linux IMAP servers in production. We do run a number of Linux SMTP (Sendmail) machines and have been pretty happy. We use ext3 on them. I think the documentation will probably mutate more and more to just don't use ext2 and Cyrus together and encouraging people to use one of the modern Linux filesystems. We use ext3 mostly because it was easy and its compatible. I'm personally a little wary of Reiser though some people swear by it. I suspect xfs and jfs would give good results, too. We've been using XFS for months without any problems. I highly recommend it, especially once v1.1 comes out with the unified ACL stuff. Of course I'm biased, since we've been an SGI dealer forever. Ken -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: IMAP/SASL Flowchart - Logic Diagram?
OCNS Consulting wrote: Has anyone on the Cyrus IMAP/SASL Team produced a Flowchart depicting the interaction between Cyrus IMAP and SASL? If so, is it possible to obtain a copy? If not, what would be the the suggested method to create? Here's a block diagram (as I envision it) which shows the interactions between the various pieces. Hopefully Rob will correct any mistakes. +++ -- | login (plaintext) | authenticate |cyrus |+---++-+-+ -- || plain | digest | otp | ... | ++---|| | | |checkpass || | |sasl ++---++-+-+ | saslauthd | auxprop | +-++-+--+++ -- | pam | shadow | ... | sasldb | ldap | ... | +-++-+--+++ -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: IMAP/SASL Flowchart - Logic Diagram?
OCNS Consulting wrote: Has anyone on the Cyrus IMAP/SASL Team produced a Flowchart depicting the interaction between Cyrus IMAP and SASL? If so, is it possible to obtain a copy? If not, what would be the the suggested method to create? Here's an updated block diagram. The only thing I didn't include is APOP because there is nowhere to shoehorn it in (it interfaces to auxprop). +++ -- | IMAP login |IMAP/POP3/LMTP/SIEVE authenticate |cyrus | POP3 user/pass +---+---++--+-+-+-+--+ -- || plain | login | digest | cram | otp | srp | krb/gss | anon | ++---+---+| | | | +--+ |checkpass || | | | | sasl ++---++--+ | | | | saslauthd | auxprop | | | | +-++-+--+---++-+-+-+ - | pam | shadow | ... | ldap | ... | sasldb| srvtab | +-++-+--+---++-+ -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: Segfault / Bus error on Squatter...
Scott M Likens wrote: I'm running Squatter trying to prune my indexes and see if it helps with performance. Let's face it, that's hard. Cyrus runs SWELL on this Ultra Sparc 5. But Squatter seems to have problems with HTML encoded mail. I don't think its related specifically to HTML as much as these particular messages expose the underlying heap corruption. Either grab the latest code from CVS or try this patch: http://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/cyrus/imap/squat_build.c.diff?r1=1.2r2=1.3f=u Let me know if this fixes the problem. Ken -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: cyrus imap 2.0.16: deliver doesn't deliver to folders
Frank Drolshagen wrote: Hi, sorry for the empty mail. I don't know what Mozilla is messing up here. Ken Murchison wrote: In order to deliver mail directly to a folder, the folder must have the 'p' (post) ACL set for user 'anonymous' or 'anyone'. Isn't this some kind of a security hole? I mean, anyone who wants to filter his or her mails with procmail has to be able to run deliver. But then, anyone could post mails to the (sub)folders of other users. Then use the '-a' option with deliver. Ken -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: preventing connect from different ip's if cyrus.conf contains specific binds
Works for me. Are you waiting a few seconds for the service to be
spawned by master (since prefork=0)? If master wasn't listening on the
given interface, you'd get something like this:
telnet: connect to address 192.168.0.3: Connection refused
Ken
Ilya wrote:
same thing:
[EMAIL PROTECTED]$ telnet localhost 110
Trying 127.0.0.1...
Connected to localhost.alchemistry.net.
Escape character is '^]'.
+OK krel.org Cyrus POP3 v2.1.3 server ready [EMAIL PROTECTED]
quit
+OK
Connection closed by foreign host.
[EMAIL PROTECTED]$ telnet 192.168.0.3 110
Trying 192.168.0.3...
Connected to alchemistry.net.
Escape character is '^]'.
^]
telnet quit
Connection closed.
[EMAIL PROTECTED]$ ps -ax|grep pop
2618 p5 I+ 0:00.17 tail -f pop3d
92404 p8 I 0:00.07 pop3d: pop3d: localhost.alchemistry.net[127.0.0.1]
(pop3d)
92411 p8 S 0:00.03 pop3d
and as soon as I kill 92404 I get response from 192.168.0.3
here is my current config (of course I recycled master before trying)
# standard standalone server implementation
START {
# do not delete this entry!
recover cmd=ctl_cyrusdb -r
# this is only necessary if using idled for IMAP IDLE
# idledcmd=idled
}
# UNIX sockets start with a slash and are put into /var/imap/socket
SERVICES {
# add or remove based on preferences
imap cmd=imapd listen=imap prefork=0
# imap cmd=imapd listen=[127.0.0.1]:imap prefork=0
# imap cmd=imapd listen=[192.168.0.3]:imap prefork=0
# imap cmd=imapd listen=[66.114.66.158]:imap prefork=0
imaps cmd=imapd -s listen=imaps prefork=0
# pop3 cmd=pop3d listen=pop3 prefork=0
pop3-local cmd=pop3d listen=[127.0.0.1]:pop3 prefork=0
pop3-lan cmd=pop3d listen=[192.168.0.3]:pop3 prefork=0
# pop3 cmd=pop3d listen=[66.114.66.158]:pop3 prefork=0
pop3s cmd=pop3d -s listen=pop3s prefork=0
sieve cmd=timsieved listen=sieve prefork=0
# sieve cmd=timsieved listen=[192.168.0.3]:sieve prefork=0
# sieve cmd=timsieved listen=[127.0.0.1]:sieve prefork=0
# at least one LMTP is required for delivery
# lmtp cmd=lmtpd listen=lmtp prefork=0
lmtpunix cmd=lmtpd listen=/var/imap/socket/lmtp prefork=0
}
EVENTS {
# this is required
checkpointcmd=ctl_cyrusdb -c period=30
# this is only necessary if using duplicate delivery suppression
delprune cmd=ctl_deliver -E 3 period=1440
# this is only necessary if caching TLS sessions
tlsprune cmd=tls_prune period=1440
# this entry creates an index file for full text search
# squatter cmd=squatter -v -r user period=1440
}
On Thu, Apr 11, 2002 at 11:09:54PM -0400, Lawrence Greenfield wrote:
Don't use the same name for each of them.
ie:
pop3-local cmd=pop3d listen=[127.0.0.1]:pop3 prefork=0
pop3-remote cmd=pop3d listen=[192.168.0.3]:pop3 prefork=0
Larry
Date: Thu, 11 Apr 2002 21:43:46 -0400
From: Ilya [EMAIL PROTECTED]
Is it by design that if I setup in cyrus.conf something like this:
pop3 cmd=pop3d listen=[127.0.0.1]:pop3 prefork=0
pop3 cmd=pop3d listen=[192.168.0.3]:pop3 prefork=0
than after first connection to lets say 127.0.0.1, the spawned pop3d
never
closes, and handles all subsequent connections?
and than no connections can be made to 192.168.0.3, until I manually
kill
127.0.0.1 pop3d
and the other way around.
trying to connect second time says that connection is established, but
no server
prompt appears, until as I mentioned the other interface pop3d is
killed.
same thing with imapd.
using this works:
pop3 cmd=pop3d listen=pop3 prefork=0
but isn't listen there to create flexibility on which interface to
listen?
or am I alone in seeing this problem? or is setting listen on several
ips for
one protocol not allowed?
freebsd 4.5 imapd 2.1.3 sasl 2.1.2
--
Kenneth Murchison Oceana Matrix Ltd.
Software Engineer 21 Princeton Place
716-662-8973 x26 Orchard Park, NY 14127
--PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: /etc/cyrus.conf : listen=multiple ip's
[EMAIL PROTECTED] wrote: I want my imap and imaps-services listening on multiple (but no all) ip's on my server. Can I specify more than one host in the listen-directive or can I specify multiple lines with the same service and different hosts ? You can't specify multiple interfaces in one line, but you can have multiple lines, as long as you use a unique service name for each. ie: imap-lo cmd=imapd listen=localhost:imap imap-eth0 cmd=imapd listen=[192.168.1.1]:imap imap-eth1 cmd=imapd listen=[192.168.2.1]:imap -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: idle pop3d never times out
Gary Mills wrote: I see this problem occasionally, and noticed one today: UID PID PPID CSTIME TTY TIME CMD cyrus 6247 725 0 Apr 02 ?0:01 pop3d `lsof' shows that file descriptors 0, 1, and 2 have an established TCP connection to a client workstation. `truss' shows: write(1, A A V o 1 F 8 F D o M t.., 4096) (sleeping...) imapd.conf does not specify `poptimeout', so it should be the default of ten minutes. Why didn't it time out? Can you give us the output of cyradm 'ver'? -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: Users cannot delete mail once they have reached their quota
Rob Baugh wrote:
Sorry, but I am new to Linux and having to setup a mail server for
work. I am not sure if this is a problem with me, the imap server
(Cyrus 2.0.16) or my webmail interface (JWMA JavaWebmail). If I set a
quota on a users mailbox once they reach the quota they are not
allowed to delete or move the mail until I increase their quota to
beyond what their mailbox currently holds. What could be causing this
and how can I stop it?
The problem is that there is no 'move' command in IMAP. This is
accomplished with a 'copy'/'delete' methodology. Because the user is
already at (or above) their quota, the 'copy' part of this will fail.
Assuming the client doesn't use a 'Trash' folder concept (which will
have the same problem as described above), messages should be able to be
'deleted' (flagged as deleted) and 'expunged' (actually deleted).
Also how can I set the mailserver to monitor the mailbox size and warn
the users that their boxes are approaching the limit?
The Cyrus server will ALERT the client when the mailbox is above a
certain threshold ('quotawarn' in imapd.conf) and over quota. If the
client doesn't present these ALERTs to the user, then the client is
broken.
Ken
--
Kenneth Murchison Oceana Matrix Ltd.
Software Engineer 21 Princeton Place
716-662-8973 x26 Orchard Park, NY 14127
--PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: Users cannot delete mail once they have reached their quota
Rob Baugh wrote:
I do have a Trash folder set up for my users. Do I have to delete this
folder to allow this to work?
It doesn't matter if the folder is there. It all depends what the
client's delete model is. A lot of clients allow the user to choose
between the Trash folder model or the delete/expunge model.
I added quotawarn: 5000 to my imapd.conf but it didn't do anything. When
I looked up the man page for imad.conf it didn't list that option. What
else can I do?
It should read:
quotawarn: 90
The percent of quota utilization over which the
server generates warnings.
-Original Message-
From: Ken Murchison [mailto:[EMAIL PROTECTED]]
Sent: Monday, April 15, 2002 12:11 PM
To: Rob Baugh
Cc: '[EMAIL PROTECTED]'
Subject: Re: Users cannot delete mail once they have reached their quota
Rob Baugh wrote:
Sorry, but I am new to Linux and having to setup a mail server for
work. I am not sure if this is a problem with me, the imap server
(Cyrus 2.0.16) or my webmail interface (JWMA JavaWebmail). If I set a
quota on a users mailbox once they reach the quota they are not
allowed to delete or move the mail until I increase their quota to
beyond what their mailbox currently holds. What could be causing this
and how can I stop it?
The problem is that there is no 'move' command in IMAP. This is
accomplished with a 'copy'/'delete' methodology. Because the user is
already at (or above) their quota, the 'copy' part of this will fail.
Assuming the client doesn't use a 'Trash' folder concept (which will
have the same problem as described above), messages should be able to be
'deleted' (flagged as deleted) and 'expunged' (actually deleted).
Also how can I set the mailserver to monitor the mailbox size and warn
the users that their boxes are approaching the limit?
The Cyrus server will ALERT the client when the mailbox is above a
certain threshold ('quotawarn' in imapd.conf) and over quota. If the
client doesn't present these ALERTs to the user, then the client is
broken.
Ken
--
Kenneth Murchison Oceana Matrix Ltd.
Software Engineer 21 Princeton Place
716-662-8973 x26 Orchard Park, NY 14127
--PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
--
Kenneth Murchison Oceana Matrix Ltd.
Software Engineer 21 Princeton Place
716-662-8973 x26 Orchard Park, NY 14127
--PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: Usernames with dots in them
Nicolas Gauvrit wrote: hi i have had the same problem (hope what i say is english :)) i resolve with this http://www.inbox.lv/nick/cyrus-dothack-2.0.12.patch This patch will most likely leave you incompatible with v2.1. If you *really* need to run v2.0.16 or earlier, you should get my 'hiersep' patch that has been mentioned on this list. I no longer support any patch against 2.0.x since the functionality has been rolled into 2.1. Ken ++ PS : i 'm using the jawmail webmail ; i have also modified some php scripts for commpatibility... --- Russell Packer [EMAIL PROTECTED] wrote: Version 2.1.3, though I have heard tale of a patch for 2.0.16! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Adam Fox Sent: 18 April 2002 03:45 To: David Fuchs Cc: info-cyrus Subject: Re: Usernames with dots in them What version of the IMAP server is that under? I'm running 2.0.16 and I couldn't find any reference to that option under the imapd.conf man page. Thanks for the reply, Adam. David Fuchs wrote: Look into the unixhierarchysep option in your imapd.conf - this will allow you to use dots in usernames. Mailboxes will still look like user.adam.fox in your listing, however Cyrus internally records these dots as carots (^). -David Fuchs Adam Fox wrote: Hi all, I've installed the cyrus IMAP server for the first time this morning, and it's running fine. It looks like it will do everything we want it to do, like not having to add unix users to have a mail user, and to be able to access mail via POP and IMAP. But there is always a snag when you find a software package that is too good to be true! We're in the process of changing over to a newer mail server to replace the old clunker that does the job now. While we do this changeover, we are going to change our email addresses from [EMAIL PROTECTED] to [EMAIL PROTECTED] It's that dot inbetween the first and last name that is going to cause a problem when creating the mailboxes, right? From what I can see, you cannot have a mailbox called user.adam.fox as the fox will be a subfolder of adam. Does anyone know of a way to have user names of this format with this server? Is there an escape character or something that I can put in front of the dot in the mailbox setup, like user.adam\.fox ? Thanks for any help, Adam Fox. Attention: The information contained in this message and or attachments is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any system and destroy any copies. Any views expressed in this message are those of the individual sender and may not necessarily reflect the views of The Gribbles Group. Thank You. Whilst every effort has been made to ensure that this e-mail message and any attachments are free from viruses, you should scan this message and any attachments. Under no circumstances do we accept liability for any loss or damage which may result from your receipt of this message or any attachment. Attention: The information contained in this message and or attachments is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any system and destroy any copies. Any views expressed in this message are those of the individual sender and may not necessarily reflect the views of The Gribbles Group. Thank You. Whilst every effort has been made to ensure that this e-mail message and any attachments are free from viruses, you should scan this message and any attachments. Under no circumstances do we accept liability for any loss or damage which may result from your receipt of this message or any attachment. = Nico http://slysculpteur.multimania.com ,, // \\ (_,\/ \_/ \ \ \_/_\_/ /_/ /_/ http://www.ascii-art.de/ __ Do You Yahoo!? Yahoo! Tax Center - online filing with TurboTax
[PATCH] SASLv2 support for Sendmail 8.12.3
For those of you longing for SASLv2 support for Sendmail, I have created a patch which can be downloaded from the following locations: http://www.oceana.com/ftp/sendmail-8.12.3-SASLv2.Beta1.patch.gz ftp://ftp.oceana.com/pub/sendmail-8.12.3-SASLv2.Beta1.patch.gz - Although I have tested this fairly extensively (it is also currently running on my production box) and the code has been reviewed by Mr. SASL himself (Rob Siemborski), I would still consider this of beta quality. - Consult the SASLv2.NOTES file for outstanding issues, notes, etc. - Before you build this code, make sure to change your site.conf.m4 to link against libsasl2, eg: APPENDDEF(`conf_sendmail_LIBS', `-lsasl2') - Please send any comments, bugs, fixes, etc. to me, as I will try to maintain this patch until it becomes part of the standard distribution (8.13?) Enjoy! Ken -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: [PATCH] SASLv2 support for Sendmail 8.12.3
Hajimu UMEMOTO wrote: I'm sorry but I don't test it actually, yet. There are `struct sockaddr_in' in your patch. Yes, it came from sendmail's code, and not yours. Now, it should be `struct sockaddr_storage'. Otherwise, it seems fail with an IPv6 connection. Since I'm not an IPv6 expert, and it looks like you did most of the SASLv2 IPv6 work, feel free to submit patches to my patch :) Ken -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: Resieving Folder
Quoting Ashley Yakeley [EMAIL PROTECTED]: At 2002-04-19 02:59, I wrote: What if I make a wrapper around cyrdeliver that does cat /dev/null /var/lib/cyrus/deliver.db first, and have fetchmail use that? Or is there a better way to purge the database? Looks like I should use ctl_deliver -E 0 Yup. -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: Hello! Installing Cyrus first time...
danielm wrote: Hi, I've got the Cyrus server to the point where it's responding to telnet localhost 143 but I think I've left out the authentication stuff, I just assumed that ports would take care of that. When I try to run cyradm I get : plaintext [user] cannot connect to pwcheck server. Sounds fairly obvious as to what the problem is. My question... Is there a good page describing how to setup Cyrus so I can go back and do the bit that I left out? Or can someone take me through it? Did you read the installation instructions (html) that come with the distribution? If you grabbed a precompiled version for FreeBSD and the docs weren't included, then you should yell at the packager. Ken -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: 2.1.3 -- 2.1.0 sieve ?
Quoting Nick Ustinov [EMAIL PROTECTED]: Since I was experiencing serious performance problems with 2.1.3, particullary with lmtpd I had to downgrade to 2.1. Now everything seems to work fine, however I get: Apr 20 11:58:23 tom lmtpd[11976]: sieve runtime error for tatjanask id [EMAIL PROTECTED]: Redirect: Sendmail process terminated normally, exit status 71 and so on. Sieve doens't work anymore. Any comments? AFAICT, nothing sieve-related changed in lmtpd.c from 2.1 to 2.1.3. This error is telling you that the 'sendmail' process has been spawned and exixted with an error code. My guess is that the MTA that you are using doesn't like the 'sendmail' command line that is being passed to it. Are you using Sendmail or some other MTA? If its not Sendmail, then read the manpage for its 'sendmail' command and then look at send_forward() in lmtpd.c Ken -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: prevention of forwarding loops in sieve
Mike Grommet wrote: Is this specific to a certain version? I'm using Cyrus 2.0.16 I did a man 5 imapd.conf and did not see a mention of duplicatesupression It wasn't optional until recently. Its always been on in past versions. - Original Message - From: Hein Roehrig [EMAIL PROTECTED] To: Mike Grommet [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Tuesday, April 23, 2002 9:06 AM Subject: Re: prevention of forwarding loops in sieve -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Cyrus (by default) prevents repeated delivery of the same message by storing the message id of incoming messages and discarding any message with a previously seen id (to the same user.) See duplicatesuppression in imapd.conf(5) - -Hein Mike Grommet [EMAIL PROTECTED] writes: I'm sure someone has handled this one in the past, so I ask for a canned example if possible. Sieve and Cyrus are happily working together, but reading the sieve rfc, it mentions that I need to handle the prevention of fowarding loops... [...] -BEGIN PGP SIGNATURE- Comment: Processed by Mailcrypt 3.5.6 http://mailcrypt.sourceforge.net/ iEYEARECAAYFAjzFalYACgkQX1+b5sUfCrR3VQCghdk36u0h/wQj7c/xjexLk9Qo 2AUAn18eFSBG6NSmCW1IUWX5U5cEEa/E =PUJg -END PGP SIGNATURE- -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
sendmail-8.12.3-SASLv2.Beta2
I have just uploaded a second beta version of my SASLv2 patch for Sendmail 8.12.3. http://www.oceana.com/ftp/sendmail-8.12.3-SASLv2.Beta2.patch.gz ftp://ftp.oceana.com/pub/sendmail-8.12.3-SASLv2.Beta2.patch.gz The two differences from the first patch are: - IPv6 support (courtesy of Hajimu UMEMOTO [EMAIL PROTECTED]) - supports proxying in the same fashion as Sendmail/SASLv1.5 (ie, ignores userid) Please report any problems back to me so I can continue to refine the patch. Ken -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: SCAN command?
Quoting Ashley Yakeley [EMAIL PROTECTED]: At 2002-04-23 08:21, Ken Murchison wrote: Also, I heard that SCAN was under discussion in the appropriate IETF group. Anyone know more about its current status? Its not being discussed at all. Well that's the IETF for you... This is a non-standard, and possibly dead extension which isn't part of imapext's agenda. So what is the best way for an IMAP client to detect recently arrived mail in a hierarchy of around a thousand mailbox folders? Should it do a SELECT on each one periodically? Or should it open up 1000 connections, SELECT a folder and do IDLE on each one? You might want to check with the imap mailing list ([EMAIL PROTECTED]), but here is a snippit from Mark Crispin's (the father of IMAP) tongue-in-cheek 10 commandments for an IMAP client. 8. Thou shalt not fear to open multiple IMAP sessions to the server; but thou shalt use this technique with wisdom. For verily it is true; if thou doth desire to monitor continuously five mailboxes for new mail, it is better to have five IMAP sessions open on the mailboxes. It is generally not good to do a succession of five SELECT or STATUS commands on a periodic basis; and it is truly wretched to open and close five sessions to do a STATUS or SELECT on a periodic basis. The cost of opening and closing a session is great, especially if that session is SSL/TLS protected; and the cost of a STATUS or SELECT can also be great. By comparison, the cost of an open session doing an IDLE or getting a NOOP every few minutes is small. Great praise shall be given to thy wisdom in doing what is less costly instead of common sense. -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: Sieve RBL extension?
Scott Lamb wrote: I'm trying to create a Realtime Blackhole List extension to Sieve, so I can do Doesn't functionality like this belong in the MTA? -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: spam sieve extension
Jeremy Howard wrote: Marc G. Fournier wrote: Oh, very very cool ... I've been doign it in postfix's content_filter, but then its doing *everyone*'s email ... this is soo much better ... Any chance we'll see this in CVS sometime soon? Maybe in time for 2.1.4?? I hope not. Doing it in a content_filter lets you add headers that you can then handle in Sieve scripts on a per-user basis, which is faster and cleaner. The only thing necessary in Sieve to make this easier is an ability to specify that some headers are expected to contain numeric data. That way you could have X-Spam-score :greater 5.0 as a Sieve test. http://www.ietf.org/internet-drafts/draft-segmuller-sieve-relation-01.txt -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: SQUAT failed to open index file
Sweethome.co.il Webmaster wrote: Hi, I'm getting this error in the imapd.log when trying to access a mailbox from IMP 3.1 Apr 28 11:05:13 mail01 imapd[10841]: SQUAT failed to open index file Apr 28 11:05:13 mail01 imapd[10841]: SQUAT failed any ideas about a solution? Don't worry about it (its not an error) or don't log at the DEBUG level. -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: Cyrus IMAP 2.1.4 released
OCNS Consulting wrote: Thanks, It the more information regarding the notification daemon? notifyd(8) and the source code (notifyd/notifyd.c, imap/notify.c) Ken -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: Cyrus IMAP 2.1.4 released
Marc G. Fournier wrote: Is there any chance that the 'spam' extension to sieve is going to get added to the CVS? *cross fingers* I don't know about Larry, but I don't plan on adding it, for several reasons: 1. Nobody has made a good enough case for this belonging in Cyrus instead of the MTA (yes, I know that Sieve can be used anywhere, but this discussion has been in the context of Cyrus). 2. It goes against the design of Sieve, which does not call external programs (Sieve is not procmail or an anti-SPAM measure). 3. Its not documented. Currently most (if not all) features of Cyrus are standards-based, either via an RFC or ID. 4. Sendmail/milter works fine for me. If it would help, I would consider implementing http://search.ietf.org/internet-drafts/draft-segmuller-sieve-relation-01.txt so that better decisions can be made on the contents of SPAM-flagging headers. Ken -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: Cyrus - Squirrelmail - serverside threading
Quoting Bernd Schmelter [EMAIL PROTECTED]: Hi, i'am using cyrus-imapd 2.0.16 Is there a serverside threading available? Yes. THREAD=ORDEREDSUBJECT and THREAD=REFERENCES Telnet to your server and issue the CAPABILITY command to see a complete list of features. Ken -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: Migrate From 2.0 to 2.1.4
Patrick Lin wrote: I actually Run : - Cyrus imap 2.0.16 (auth against sasldb) - Cyrus SASL 1.5.24 - Sendmail Switch 2.1.0 And want to use : - Cyrus Imap 2.1.4 (auth against LDAP) - Cyrus Sasl 2.1.2 - Sendmail 8.12.3 + SASLv2 Patch (from Ken) - LDAP (probably open ldap) - OpensSSL 0.9.6c I want to know * If I have something to aware of ? * Any tips . * Comments doc/install-upgrade.html -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: Migrate From 2.0 to 2.1.4
David Wright wrote: doc/install-upgrade.html This information assumes you are upgrading on one box. My situation (and I suspect it is the situation of most production systems) is having 2.1 set up clean (i.e. no mail or metadata) on a second machine, and now I want to get all the mail from my 2.0 machine to it, without upgrading the 2.0 machine. This insures that falling back to the old server is trivial, in case the upgrade fails. The documentation doesn't discuss at all how to transfer mailstores between machines. I think this is what Patrick and I both want to know. The document above should still be referenced because it will give you an idea of what other (if any) changes might have to be made. For migration here are some instruction off of my top of my head (I make no warranties, etc): The most important thing to remember is that the server(s) should not be running as you read/write the data. 0. Make sure you have run 'tools/mkimap' on the new server. This will create all of the directory trees. 1. Move '/var/spool/imap' from the old server to the new (tar, cpio, rsync, etc). This is all of your mailboxes and messages. 2. Move '/var/imap/user' from the old server to the new. This is all of the user subscriptions and message seen state (seen state _may_ not work correctly, but it should as long as both server use the 'flat' backend). 3. Move '/var/imap/quota' from the old server to the new. This is all of the user quota info. 4. Check the permissions on these directory trees to make sure all of the files/dirs are owned by 'cyrus' (and probably group 'mail'). 5. Run 'ctl_mboxlist -d /tmp/mailboxes.txt on the old server. This will dump your mailboxes database to a portable format. 6. Move '/tmp/mailboxes.txt' from the old server to the new (put it in /tmp, which is probably mounted on swap for speed). 7. Run 'ctl_mboxlist -u -f /tmp/mailboxes.db /tmp/mailboxes.tmp'. This will load your new mailboxes database using your current format. 8. Move '/tmp/mailboxes.db' to '/var/imap/mailboxes.db' 9. [OPTIONAL] Move the contexts of your sieve directory from the old server to the new. 10. Start up the new server and see what happens. -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: sieve does not work properly
Quoting Luc de Louw [EMAIL PROTECTED]: Hi! I've go a problem with sieve. After installing a vacancy script, it is working ONCE and never again This is the correct behavior. Only one response per sender per vacation text will be sent for as long as the vacation action is active. Ken -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: POP3S killed my cyrus-imap server
Jim Worke wrote: I'm able to login to my imap server using IMAP. But when I choose POP3 SSL connection in Kmail, the imap server is killed. However POP3,IMAP,IMAPS is ok. Here's the log: May 13 20:01:22 thunderbolt ctl_mboxlist[4905]: running mboxlist recovery May 13 20:01:22 thunderbolt ctl_mboxlist[4905]: done running mboxlist recovery May 13 20:01:22 thunderbolt master[4903]: ready for work May 13 20:01:22 thunderbolt ctl_mboxlist[4907]: checkpointing mboxlist May 13 20:01:23 thunderbolt pidof: 4903 May 13 20:01:23 thunderbolt cyrus: succeeded May 13 20:01:56 thunderbolt pop3d[4913]: pop3s: required OpenSSL options not present May 13 20:01:56 thunderbolt master[4903]: process 4913 exited, signaled to death by 11 How do I add the OpenSSL options? Look at the 'tls_' option in the imapd.conf(5) manpage. How do I check whether the compilation of cyrus-imap has OpenSSL included (I used RPM. I believe OpenSSL is included, since the SRPM shows that openSSL is really included)? Use the 'version' command in cyradm and it will show you how it was compiled. Ken -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: addheader action ... or something like it?
Marc G. Fournier wrote: I'm playing with the spam extension, and for POP3 users, I want to add, at its simplist, a 'X-Spam-Check: True' header to the email if its spam ... I've done some quick reads of the various drafts, and there appears to be no way of doing this within Sieve ... has anyone worked on something like this? I've thought to modify the code, to extend the spam extension, so that it adds a simple: X-Spam-Score: True/False score / threshold so that if spam is enabled, then it auto-adds this header, but I can't find where in the code to actually add this ... The X-Sieve header is added in lmtpd.c, but before the scoring happens, so that doesn't help ... fillin_header() in sieve/script.c looks good, and is after the spam checks are run/scored, but am not 100% certain of how I should call add_header() for the above ... Can anyone provide some insight on this? It will be pretty difficult. The current design of lmtpd/sieve was never meant to do this. The message is already spooled (in the staging area of the first recipient) by the time the sieve filter is run. You'd have to have a callback which adds the headers to a NEW spool file and then have lmtpd copy over the test of the existing message to this NEW file when done (unless you can find some slick way of inserting data into the head of a file). You'd be adding a second message copy, which I recently spent time correcting (messages used to be spooled to /tmp and then copied to the stage). I know the code pretty well, and personally I wouldn't even attempt it. Of course, I'm not a fan of the spam extension. Ken -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: addheader action ... or something like it?
Marc G. Fournier wrote: On Mon, 13 May 2002, Cyrus Daboo wrote: Hi, --On Monday, May 13, 2002 1:57 PM -0400 Ken Murchison [EMAIL PROTECTED] wrote: | I know the code pretty well, and personally I wouldn't even attempt it. | Of course, I'm not a fan of the spam extension. Quick question: where does the X-Sieve header get added, and would it be possible to use that to add extra info? in savemsg() in lmtp.c ... and tried that ... unfortunately, that is before the sieve filtering happens, so there is nothing to write yet ... from Ken's email, and what I've been able to follow, lmtp writes the email to a file before parsing through sieve ... Ken, is there a reason why it doesn't just hold it in memory? I don't know for certain, you'd have to ask Larry. You probably _could_ hold it in memory, but then you are essentially blowing up singleinstancestore (or making it far more difficult), because each user could end up having their own unique copy of the message. If you're just trying to store info from an external spam filter, which would be unique to each user/message, this sounds like something for Cyrus' IMAP ANNOTATE extension. http://search.ietf.org/internet-drafts/draft-ietf-imapext-annotate-04.txt However, this currently isn't implemented and AFAIK isn't scheduled to be done anytime soon. FYI, I _have_ started a little bit of work on ANNOTATEMORE (read-only). Ken -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: Cyrus continues to stop working.. no fix available?
What does your cyrus.conf look like? Do you have 'maxchild' set on any of your services (there was a bug a while back with maxchild)? Dustin Puryear wrote: We continue to have problems with Cyrus. Another poster mentioned they have the same problem, but also didn't get any responses. Would one of the developers please investigate if this is a bug? What's going on? This is a real show stopper for us, and apparently for others as well. Okay, we have Cyrus installed on FreeBSD 4.4-RELEASE: cyrus-imapd-2.0.16_1 The cyrus mail server, supporting POP3 and IMAP4 protocols cyrus-imapd-2.0.16_2 The cyrus mail server, supporting POP3 and IMAP4 protocols cyrus-sasl-1.5.24_7 RFC SASL (Simple Authentication and Security Layer) cyrus-sasl-1.5.24_8 RFC SASL (Simple Authentication and Security Layer) cyrus-sasl-1.5.27_2 RFC SASL (Simple Authentication and Security Layer) Every once in a while Cyrus stops responding to connections. Now, it does ACCEPT the connection, but it doesn't seem to send. Okay, so lets say that I stop Cyrus and it happens to work: working.. mercury# telnet mars 110 Trying 10.0.0.5... Connected to mars.actioncore.com. Escape character is '^]'. +OK [EMAIL PROTECTED] Cyrus POP3 v2.0.16 server ready I get a new pop3d process: cyrus1537 0.0 0.8 18836 2128 p0 S 9:52PM 0:00.03 pop3d: pop3d: mercury.actioncore.com[10.0.0.1] (pop3d) And a TCP connection: mars# netstat -f inet -ln | grep 10.0.0.1 tcp4 0 0 10.0.0.5.110 10.0.0.1.2060 ESTABLISHED If I wait a few seconds to several minutes, Cyrus stops working: mercury# telnet mars 110 Trying 10.0.0.5... Connected to mars.actioncore.com. Escape character is '^]' ^C And the connection does exist (the connection was made from 10.0.0.1): mars# netstat -f inet -ln | grep 10.0.0.1 tcp4 0 0 10.0.0.5.110 10.0.0.1.2057 ESTABLISHED Something I did notice is that when I run lsof that lsof seems to stall after it hits some for the pop3d processes. Not sure if that is important or just a fluke. What can we do to debug this further? What are some possible issues here to consider? DNS? Corrupted database files? What? Regards, Dustin --- Dustin Puryear [EMAIL PROTECTED] UNIX and Network Consultant http://members.telocity.com/~dpuryear PGP Key available at http://www.us.pgp.net In the beginning the Universe was created. This has been widely regarded as a bad move. - Douglas Adams -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: How to disable vacancy-msgs only once (WAS:Re: sieve does not workproperly)
Luc de Louw wrote: I was seeking the part of the source-code that takes care, that a vancancy-message is only sent once to a recipient, but I did not found it. I need to disable that temporary for test reason. Any hints are appreciated Hard-code autorespond() in lmtpd.c to always return SIEVE_OK. For regular operation that behaviour is okay ( I dont like it, better write a email each time, or have it as an option) My problem with that is: I'm writing a web-app which allows users to maintain such stuff like vacancies and spam-protection. During the development of such software I must write lots of testmails to see what happens. Does anybody have an idea howto handle that behaviour? Is there I patch or a config parameter? TIA for your hints, rgds Luc Scott Lamb wrote: Luc de Louw wrote: Hi! I've go a problem with sieve. After installing a vacancy script, it is working ONCE and never again I suspect it's working correctly. How are you testing it? If you are sending a couple messages to it from the same email address and only getting one reply, that's correct. It should only respond once to a given address until :days (in your case, 9) days go by without an email from that user. See http://www.process.com/techsupport/pmdf/sieve/draft-showalter-sieve-vacation-01.html. -- Scott Lamb -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: addheader action ... or something like it?
Marc G. Fournier wrote: On Mon, 13 May 2002, Ken Murchison wrote: Marc G. Fournier wrote: On Mon, 13 May 2002, Cyrus Daboo wrote: Hi, --On Monday, May 13, 2002 1:57 PM -0400 Ken Murchison [EMAIL PROTECTED] wrote: | I know the code pretty well, and personally I wouldn't even attempt it. | Of course, I'm not a fan of the spam extension. Quick question: where does the X-Sieve header get added, and would it be possible to use that to add extra info? in savemsg() in lmtp.c ... and tried that ... unfortunately, that is before the sieve filtering happens, so there is nothing to write yet ... from Ken's email, and what I've been able to follow, lmtp writes the email to a file before parsing through sieve ... Ken, is there a reason why it doesn't just hold it in memory? I don't know for certain, you'd have to ask Larry. You probably _could_ hold it in memory, but then you are essentially blowing up singleinstancestore (or making it far more difficult), because each user could end up having their own unique copy of the message. Okay, you've lost me here ... regardless of where along the chain the spam filter is run, each user is going to potentially end up with their own unique copy of the message ... [...] I wasn't trying to say that it couldn't be done, but that you'd have to add more logic. If you have a concept in mind, feel free to implement it. Apparently there are others who also feel that this has value. -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: my question is too simple, or I am too stupid to asking?
Mac Table wrote: Sorry for all, I am just a newbie, could someone advise my some hints for me to start? Instead of having the client copy the message to a sent folder, set it up to Cc/Bcc the message to the senders address and then use a Sieve script to file it according to whatever criteria you like. --- Mac Table [EMAIL PROTECTED] wrote: Hello All, I am using Postfix 1.1.7 + Procmail + Cyrus imapd 2.1.4. I would like to put various outgoing mail to various imap folder for filing purpose. For example, outgoing message_a will be put in user.XXX.Sent_a folder, and outgoing message_b will be put into user.XXX.Sent_b folder. Although I can set the message rule in mail client (my users are using outlook express) to put the message into different folder, but I would like to see if there is another way I can do it on server side. Please advise me some idea ho to work. Many Thanks!!! Regards, Gary __ Do You Yahoo!? LAUNCH - Your Yahoo! Music Experience http://launch.yahoo.com __ Do You Yahoo!? LAUNCH - Your Yahoo! Music Experience http://launch.yahoo.com -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
[ANN] draft-segmuller-sieve-relation implementation
For those of you not subscribed to the cyrus-cvs list, I just committed an implementation of http://www.oceana.com/ftp/drafts/draft-segmuller-sieve-relation-01.txt Potential uses of this extension have been discussed previously on the (numerous) recent spam threads, so I won't reiterate them here. I have tested this locally and it seems to work fine and AFAICT nothing else is broken. I had to touch a lot of the internals, so its possible that I might have broken some existing functionality. Ken -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: IN-USE, unable to lock maildrop
Jev wrote: I have users trying to check mail, they seem to authenticate fine, judging by the logs, but they get the error (at least in mozilla) [IN-USE] Unable to lock maildrop and then they get prompted for username/password again. Nothing obvious appears in my logs, and I haven't made any changes that would cause this! This mail server has been running without a hitch for several months now. Any help is greatly appreciated, These users are using POP3 to access their mail, and already have an existing connection, which is prohibited by the spec (RFC 1939). If they want to have multiple clients/connections open at the same time, then they will have to use IMAP. Ken -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: PAM Authentication
What version of Cyrus? Assuming that you are using v2.1.x, set
sasl_pwcheck_method: saslauthd
and start saslauthd with the '-a pam' option.
David Chait wrote:
Greetings,
I am currently attempting to make Cyrus authenticate via a PAM library
(like our Courier-IMAP system did), but have yet been able to accomplish
this. The following is my imapd.conf file and cyrus.conf file. The MTA I am
using is Postfix, but that seems to be functional.
Cheers,
David
Imapd
configdirectory: /var/imap
partition-default: /home/mail
admins: root cyrus
#srvtab: /var/imap/srvtab
allowanonymouslogin: no
sasl_pwcheck_method: pwcheck
Cyrus
# standard standalone server implementation
START {
# do not delete this entry!
recover cmd=ctl_cyrusdb -r
# this is only necessary if using idled for IMAP IDLE
# idledcmd=idled
}
# UNIX sockets start with a slash and are put into /var/imap/socket
SERVICES {
# add or remove based on preferences
imap cmd=imapd listen=imap prefork=0
imaps cmd=imapd -s listen=imaps prefork=0
# pop3 cmd=pop3d listen=pop3 prefork=0
# pop3scmd=pop3d -s listen=pop3s prefork=0
sieve cmd=timsieved listen=sieve prefork=0
# at least one LMTP is required for delivery
# lmtp cmd=lmtpd listen=lmtp prefork=0
lmtpunix cmd=lmtpd listen=/var/imap/socket/lmtp prefork=0
# this is only necessary if using notifications
# notify cmd=notifyd listen=/var/imap/socket/notify proto=udp
prefork=1
}
EVENTS {
# this is required
checkpointcmd=ctl_cyrusdb -c period=30
# this is only necessary if using duplicate delivery suppression
delprune cmd=ctl_deliver -E 3 period=1440
# this is only necessary if caching TLS sessions
tlsprune cmd=tls_prune period=1440
}
--
Kenneth Murchison Oceana Matrix Ltd.
Software Engineer 21 Princeton Place
716-662-8973 x26 Orchard Park, NY 14127
--PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: [PATCH] Updated master.c process counting patch
Jeremy Howard wrote: Henrique de Moraes Holschuh wrote: I don't know what Ken and Lawrence think of these patches, but I just finished porting the child pid tracking of master-avail.diff to 2.1.4CVS, and will post that to this list soon. I will also include it in Debian, which will give some field-testing to the patch. I *strongly* recommend also including shutdown.diff. This is important in Linux to avoid sockets handing around in CLOSE_WAIT state. Remove the ' !imapd_in-tls_conn' bit everywhere for general distribution--this is a workaround for a memory corruption problem that is unrelated to this patch. I'm running a config almost the same as you and have never seen this problem. AFAIK, the CMU guys have never seen this either. Do you have a core that you can run a backtrace on, or can you force a core by setting MALLOC_CHECK_=2 before starting master (see malloc(3) for details)? What's your DB config look like? Are you using skiplist for everything by any chance? name : Cyrus IMAPD version: v2.1.4 2002/05/14 16:51:51 vendor : Project Cyrus support-url: http://asg.web.cmu.edu/cyrus os : Linux os-version : 2.4.18-SGI_XFS_1.1smp command: imapd arguments : environment: Cyrus SASL 2.1.3 Sleepycat Software: Berkeley DB 3.3.11: (July 12, 2001) OpenSSL 0.9.6b [engine] 9 Jul 2001 CMU Sieve 2.2 TCP Wrappers UCD-SNMP 4.2.3 lock = flock auth = unix idle = idled mboxlist.db = skiplist subs.db = flat seen.db = skiplist duplicate.db = db3-nosync tls.db = db3-nosync -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: [PATCH] Updated master.c process counting patch
Jeremy Howard wrote: Lawrence Greenfield wrote: Date: Wed, 15 May 2002 16:02:42 -0300 From: Henrique de Moraes Holschuh [EMAIL PROTECTED] [...] The point is, if that indeed happens, log or no log, master loses track of the number of children that can service requests. That would be a bug, and the patch supposedly fixes this bug. It really doesn't matter (for accepting or not the patch) why the child died. Yes, I understand that. However, if the master (in real life situations) is actually losing track of the number of available service processes without one of those service processes crashing (either by the sysadmin or otherwise) then there's some other problem in the child accounting. The child accounting is fine. The problem in our case was always caused by child segfaults, or failure to properly close TCP connections. We still see segfaults (about one per fifty thousand connections I'd guess), Can you send us a backtrace from a core? If you're not getting a core, please setup your system to dump one. Here are bits that I use in my Cyrus startup script on Linux: cd /var/imap/cores ulimit -c unlimited export MALLOC_CHECK_=2 $master If you have multiple services/processes the cores will overwrite each other, so you need to catch it fairly quickly (unless they all have the same failure). Ken -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: [PATCH] Updated master.c process counting patch
Henrique de Moraes Holschuh wrote: On Thu, 16 May 2002, Ken Murchison wrote: If you have multiple services/processes the cores will overwrite each other, so you need to catch it fairly quickly (unless they all have the Unless you tell the kernel to use the pid in the corefile name... Add this to the script on Linux 2.4.x: [ -f /proc/sys/kernel/core_uses_pid ] \ echo 1 /proc/sys/kernel/core_uses_pid Right. The reason I didn't suggest this is because some large sites might be worried about cores taking up a lot of disk space, and I didn't want them screaming at me ;) Ken -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: [PATCH] Updated master.c process counting patch
Jeremy Howard wrote: Ken Murchison wrote: I'm running a config almost the same as you and have never seen this problem. AFAIK, the CMU guys have never seen this either. Do you have a core that you can run a backtrace on, or can you force a core by setting MALLOC_CHECK_=2 before starting master (see malloc(3) for details)? Most of the segfaults were due to the problem that imapd_out or imapd_in were corrupted. The workaround discussed in our patch has solved most of these. I'll try and get a core file for the rare segfaults that we still get to see what the unresolved issues are. The imapd_out corruption problem can't be solved by studying the core file AFAICT because we can't see where the corruption is occuring. If you set MALLOC_CHECK_=2, then imapd will abort() whenever it thinks that there might be a corruption. By examining this core, it is easier to track down these problems. I've done this a few times to track down the subtle errors that have baffled others. Ken -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: [PATCH] DRAC support for 2.1.4, cleaned up
Henrique de Moraes Holschuh wrote: I had a request to add DRAC support to Cyrus IMAPd in Debian, so I applied the already excelent patches in contrib/drac_auth.patch and cleaned them up a little bit (and made the default to be DRAC disabled). Thanks for the configure and Makefile changes and for getting it to apply cleanly. Even though I wrote the patch, I don't use it, so I don't always remember to keep it up to date. I've committed an updated patch to CVS based on your changes, but I left it enabled by default, since if someone takes the time to patch the source, they probably want it enabled (except for distribution maintainers like yourself). Here it is, patch against stock 2.1.4. They look clean and well-done enough to be made part of standard Cyrus IMHO, to be enabled by anyone who wants to compile DRAC support in. Don't count on it being included. Larry and I made a conscious effort not to included it because there is already a standard way of doing this with SMTP AUTH. Any good MTA and/or MUA should support SMTP AUTH, so we shouldn't have to create a hack in an unrelated service. Ken -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: Cannot run Cyrus Master process : SIGSEGV
Ema Nymton wrote: Hi, Having just compiled cyrus-sasl and cyrus-imapd from CVS (with Berkeley DB 4.0.14), I have a segfault when trying to run the master process. I followed instructions in help files (creation of right user/group, and directory structure with correct rights attributes). Using GDB I have the following results : pegase:~# gdb /usr/cyrus/bin/master GNU gdb 19990928 Copyright 1998 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type show copying to see the conditions. There is absolutely no warranty for GDB. Type show warranty for details. This GDB was configured as i686-pc-linux-gnu...(no debugging symbols found)... (gdb) r Starting program: /usr/cyrus/bin/master (no debugging symbols found)...(no debugging symbols found)...(no debugging symbols found)...(no debugging symbols found)... (no debugging symbols found)...(no debugging symbols found)...(no debugging symbols found)...(no debugging symbols found)... Program received signal SIGSEGV, Segmentation fault. 0x0 in ?? () (gdb) where #0 0x0 in ?? () #1 0x401abb32 in __db_err () from /lib/libdb.so.3 #2 0x401a527d in db_open () from /lib/libdb.so.3 Off the top of my head, this _migbt_ be your problem. I'm guessing you are having a BDB version conflict. What version of Linux is this that is using BDB for the naming service(s)? BTW, please stop sending messages like these to cyrus-cvs. That list is for CVS commit announcements only. Ken -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: Mail status
Thanks. I'll make sure that I update the correct docs. Ken Gary Mills wrote: On Tue, May 21, 2002 at 02:35:45PM -0400, Ken Murchison wrote: Its been so long since I committed your patches, I don't remember how this stuff works (or is documented). Is the improved hash stuff only available as an 'upgrade' via rehash, or can it be used right out of the box on a fresh installation? The rehash script replaces and supercedes the dohash, mkimap, and undohash scripts. It can be used on a fresh installation to create either type of hashing, or can be used to convert an existing installation to another type. Essentially, it reviews the existing directory structure, adding what is missing, and converting what needs to be converted. If it is only an upgrade, we should work on making it available on a fresh installation. In either case, we should make sure that we have all of this documented correctly. Yes, it would be good to document it. Here's a piece of what I submitted originally: The `rehash' perl script converts the Cyrus directory structure between three hash schemes: none, basic, and full. `none' means no directory hashing at all. `basic' is the current scheme, based on the first letter. `full' is the new hashing scheme. This perl script replaces several of the other perl scripts in the tools directory: dohash, mkimap, and undohash, but not upgradesieve. The name of the new hash scheme must be specified as one of its command-line arguments. -- -Gary Mills--Unix Support--U of M Academic Computing and Networking- -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: Secure Imap Problems
Phil Dibowitz wrote: Ken Murchison wrote: You need to tell Cyrus where your cert, key, and CA file are located. See the tls_* options in imapd.conf(5). So I figured maybe they did something stupid when building the RPMS I downloaded the Cyrus Imapd source: $ cd cyrus-imapd-2.0.16 $ cd man $ grep tls * $ grep tls imapd.conf.5 $ grep tls * grep: CVS: Is a directory $ Perhaps this is something only in the 2.1.x branch? Yeah, these entries might be missing from the 2.0.x manpages. tls_cert_file: none File containing the global certificate used for ALL services (imap, pop3, lmtp). tls_key_file: none File containing the private key belonging to the global server certificate. tls_ca_file: none File containing one or more Certificate Authority (CA) certificates. tls_ca_path: none Path to directory with certificates of CAs. -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: Secure Imap Problems
Phil Dibowitz wrote: Ken Murchison wrote: Yeah, these entries might be missing from the 2.0.x manpages. tls_cert_file: none File containing the global certificate used for ALL services (imap, pop3, lmtp). tls_key_file: none File containing the private key belonging to the global server certificate. tls_ca_file: none File containing one or more Certificate Authority (CA) certificates. tls_ca_path: none Path to directory with certificates of CAs. But again, I don't think it's just that they're missing from the man pages because 'imapd -s' gives invalid option -s You can't run imapd from the command line, so any option errors are bogus. Check the imapd(8) manpage, it CAN do imaps. It seems that the imapd from 2.0.x doesn't support secure imap. If I can't run 'imapd -s' then 'master' can't run 'imapd -s' and if 'master' can't run 'imapd -s' then there will be nothing to answer once a secure connection is made to port 993. Try connecting to your imaps port using: openssl s_client -connect localhost:imaps and I bet you'll see errors in imapd.log complaining about missing tls_* options. FYI, I added imaps/pop3s support to imtest/pop3test in CVS. Ken -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: unixhierarchy/altnamespace IMAP folders, bug?
Jeff Bert wrote: When I use the unixhierarchy/altnamespace options in imapd.conf I can't create sub-folders in the main inbox but I can create folders outside the main inbox and then create subfolders in those. When I turn unixhierarchy/altnamespace off then I can create subfolders in the main inbox but not outside of it. I'm pretty new to imap... is this correct behaviour? Yup. This was mainly done for forward/backward compatibility. Cyrus uses one internal representation of the folder hierarchy internally, and allowing both subfolders of INBOX and toplevel personal folders would have made the code a big mess (speaking as the person who wrote the altnamespace/unixhiersep code). Keep in mind that these options are mutually exclusive (ie, you can use one without the other). Ken -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: imapd timeout
Luca Olivetti wrote: Lawrence Greenfield wrote: Cyrus does recycle processes. Even if you set prefork 0 in cyrus.conf? Yes. -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: unixhierarchy/altnamespace IMAP folders, bug?
julesa wrote: On Tue, 2002-05-21 at 13:46, David Wright wrote: SNIP I prefert to train my users in the Cyrus way of thinking and leave the altnamespace off. Yeah, I would too if there weren't so many screwy mail clients out there that depend on this behavior. Any IMAP client which depends on a particular behavior is a poor implementation. It should determine from the output of a LIST and/or NAMESPACE (if available) command what the folder hierarchy looks like. I'd complain to the vendor, unless its Microsoft, in which case don't bother wasting your time. Ken -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: SSL/TLS
Scott M Likens wrote:
*sigh*
Telnet to your imap port and please verify that the STARTTLS command
exists...
He already verified that it does NOT exist, by looking at the output of
the capability response. If its not listed, it ain't gonna work not
matter what you do.
Easiest way to do that instead of doing . logout
do . starttls
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
* OK shell Cyrus IMAP4 v2.1.4 server ready
. starttls
. OK Begin TLS negotiation now
like that
*bleh*
Stop using imtest like a golden rule folks. Use an ACTUAL mail client to
test things!!!
Bullshit! He's doing the right thing by using imtest because its
simple, has both STARTTLS and AUTH support, and shows both the client
and server input/output. Unless you have a client which shows you the
complete telemetry, all you are going to get it either success or
failure, without much idea of why it failed.
--On Wednesday, May 22, 2002 12:58 AM -0400 Lee Hoffman
[EMAIL PROTECTED] wrote:
Here is my imapd.conf:
configdirectory: /var/imap
partition-default: /var/spool/imap
admins: adminuser
sasl_pwcheck_method: PAM
tls_cert_file: /var/imap/server.pem
tls_key_file: /var/imap/server.pem
(/var/imap/server.pem exists and is readable by the cyrus user)
ok running: 'imtest -t -u lee -a lee -r servername.com
servername.com' gets auth working, but still no STARTTLS:
C: C01 CAPABILITY
S: * OK servername.com Cyrus IMAP4 v2.0.16 server ready
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ NAMESPACE UIDPLUS ID
NO_ATOMIC_RENAME UNSELECT MULTIAPPEND SORT THREAD=ORDEREDSUBJECT
THREAD=REFERENCES IDLE
S: C01 OK Completed
Password:
C: L01 LOGIN lee {8}
+ go ahead
C: omitted
L01 OK User logged in
Authenticated.
Security strength factor: 0
Any other ideas?
Lee
-Original Message-
From: Jeff Bert [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, May 22, 2002 12:28 AM
To: Lee Hoffman; [EMAIL PROTECTED]
Subject: RE: SSL/TLS
did you add these to your imapd.conf:
tls_ca_path: /path-to-ca-folder/
tls_ca_file: /path-to-ca-file/
tls_cert_file: /path-to-cert-file/
tls_key_file: /path-to-key-file/
?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Lee Hoffman
Sent: Tuesday, May 21, 2002 8:21 PM
To: [EMAIL PROTECTED]
Subject: SSL/TLS
Hey all,
I'm trying to get SSL/TLS working on cyrus 2.0.16. I followed the
instructions to a T to create the certificate. I also compiled cyrus
-with-ssl=/usr/local/ssl (the latest version of openssl is installed,
and working with the sshd daemon). Anyway, cyrus (which is
authenticating off PAM/ldap) works fine. However, as soon as I try to
enable ssl from my email client, the client is unable to connect to
the
server. I tried telneting into the box on port 993 and cyrus does
answer.
Here is the output from imtest:
Server-name:~# imtest -t -u lee server-name.com
C: C01 CAPABILITY
S: * OK server-name.com Cyrus IMAP4 v2.0.16 server ready
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ NAMESPACE UIDPLUS
ID
NO_ATOMIC_RENAME UNSELECT MULTIAPPEND SORT THREAD=ORDEREDSUBJECT
THREAD=REFERENCES IDLE
S: C01 OK Completed
Password:
C: L01 LOGIN root {8}
+ go ahead
C: omitted
L01 NO Login failed: authentication failure
Authentication failed. generic failure
Security strength factor: 0
What really worries me is that STARTTLS is even listed in CAPABILITIES
(it should be shouldn't it?).
My cyrus.conf file:
# standard standalone server implementation
START {
# do not delete these entries!
mboxlist cmd=ctl_mboxlist -r
deliver cmd=ctl_deliver -r
# this is only necessary if using idled for IMAP IDLE
# idledcmd=idled
}
# UNIX sockets start with a slash and are put into /var/imap/sockets
SERVICES {
# add or remove based on preferences
imap cmd=imapd listen=imap prefork=5
imaps cmd=imapd -s listen=imaps prefork=1
# pop3 cmd=pop3d listen=pop3 prefork=3
# pop3scmd=pop3d -s listen=pop3s prefork=1
# sievecmd=timsieved listen=sieve prefork=0
# at least one LMTP is required for delivery
# lmtp cmd=lmtpd listen=lmtp prefork=0
lmtpunix cmd=lmtpd listen=/var/imap/socket/lmtp prefork=1
}
EVENTS {
# this is required
checkpointcmd=ctl_mboxlist -c period=30
# this is only necessary if using duplicate delivery suppression
delprune cmd=ctl_deliver -E 3 period=1440
}
Any ideas?
Thanks,
Lee
---
If Thyne Eyes Deceivee Thee, Pluck Them Out.
--
Kenneth Murchison Oceana Matrix Ltd.
Software Engineer 21 Princeton Place
716-662-8973 x26 Orchard Park, NY 14127
--PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: Duplicate Mail
Captain Zod wrote: Can someone please tell me how to eliminate receiving duplicate mail from Cyrus. I receive dups when a mail is sent to me and to a dist list at the same time. How can I tell cyrus that I am the same person on the dist list and do not send me the duplicate mail? I am using Cyrus 2.1.2. Unless duplicate suppression has been explicitly turned off, messages with the same message-id should not be delivered to the same user more than once. Check the message-ids of the duplicates, if they are different, then there isn't anything you can do. If they are the same, check to see if 'duplicatesuppression: 0|off|no' is in imapd.conf. Ken -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: SSL/TLS
Lee Hoffman wrote:
This is VERY weird!!! When I telnet into the mailserver on 993:
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
. logout
^X
No commands works, yet it says that its connected! '. logout' does
nothing, '. starttls' does nothing etc... I checked inetd, and other
services running, and none bind to 993. Could the master process be
listening on 993 and then *not* spawning a new imapd -s when a
connection comes in??
Port 993 is IMAP over SSL (imaps) which expects an SSL negotiation to be
made as soon as the connection is opened. Try doing this instead:
openssl s_client -connect localhost:993
-Original Message-
From: Scott M Likens [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, May 22, 2002 2:41 AM
To: Lee Hoffman; 'Jeff Bert'; [EMAIL PROTECTED]
Subject: RE: SSL/TLS
*sigh*
Telnet to your imap port and please verify that the STARTTLS command
exists...
Easiest way to do that instead of doing . logout
do . starttls
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
* OK shell Cyrus IMAP4 v2.1.4 server ready
. starttls
. OK Begin TLS negotiation now
like that
*bleh*
Stop using imtest like a golden rule folks. Use an ACTUAL mail client
to
test things!!!
--On Wednesday, May 22, 2002 12:58 AM -0400 Lee Hoffman
[EMAIL PROTECTED] wrote:
Here is my imapd.conf:
configdirectory: /var/imap
partition-default: /var/spool/imap
admins: adminuser
sasl_pwcheck_method: PAM
tls_cert_file: /var/imap/server.pem
tls_key_file: /var/imap/server.pem
(/var/imap/server.pem exists and is readable by the cyrus user)
ok running: 'imtest -t -u lee -a lee -r servername.com
servername.com' gets auth working, but still no STARTTLS:
C: C01 CAPABILITY
S: * OK servername.com Cyrus IMAP4 v2.0.16 server ready
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ NAMESPACE UIDPLUS
ID
NO_ATOMIC_RENAME UNSELECT MULTIAPPEND SORT THREAD=ORDEREDSUBJECT
THREAD=REFERENCES IDLE
S: C01 OK Completed
Password:
C: L01 LOGIN lee {8}
+ go ahead
C: omitted
L01 OK User logged in
Authenticated.
Security strength factor: 0
Any other ideas?
Lee
-Original Message-
From: Jeff Bert [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, May 22, 2002 12:28 AM
To: Lee Hoffman; [EMAIL PROTECTED]
Subject: RE: SSL/TLS
did you add these to your imapd.conf:
tls_ca_path: /path-to-ca-folder/
tls_ca_file: /path-to-ca-file/
tls_cert_file: /path-to-cert-file/
tls_key_file: /path-to-key-file/
?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Lee
Hoffman
Sent: Tuesday, May 21, 2002 8:21 PM
To: [EMAIL PROTECTED]
Subject: SSL/TLS
Hey all,
I'm trying to get SSL/TLS working on cyrus 2.0.16. I followed the
instructions to a T to create the certificate. I also compiled
cyrus
-with-ssl=/usr/local/ssl (the latest version of openssl is installed,
and working with the sshd daemon). Anyway, cyrus (which is
authenticating off PAM/ldap) works fine. However, as soon as I try to
enable ssl from my email client, the client is unable to connect to
the
server. I tried telneting into the box on port 993 and cyrus does
answer.
Here is the output from imtest:
Server-name:~# imtest -t -u lee server-name.com
C: C01 CAPABILITY
S: * OK server-name.com Cyrus IMAP4 v2.0.16 server ready
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ NAMESPACE UIDPLUS
ID
NO_ATOMIC_RENAME UNSELECT MULTIAPPEND SORT THREAD=ORDEREDSUBJECT
THREAD=REFERENCES IDLE
S: C01 OK Completed
Password:
C: L01 LOGIN root {8}
+ go ahead
C: omitted
L01 NO Login failed: authentication failure
Authentication failed. generic failure
Security strength factor: 0
What really worries me is that STARTTLS is even listed in
CAPABILITIES
(it should be shouldn't it?).
My cyrus.conf file:
# standard standalone server implementation
START {
# do not delete these entries!
mboxlist cmd=ctl_mboxlist -r
deliver cmd=ctl_deliver -r
# this is only necessary if using idled for IMAP IDLE
# idledcmd=idled
}
# UNIX sockets start with a slash and are put into /var/imap/sockets
SERVICES {
# add or remove based on preferences
imap cmd=imapd listen=imap prefork=5
imaps cmd=imapd -s listen=imaps prefork=1
# pop3 cmd=pop3d listen=pop3 prefork=3
# pop3scmd=pop3d -s listen=pop3s prefork=1
# sievecmd=timsieved listen=sieve prefork=0
# at least one LMTP is required for delivery
# lmtp cmd=lmtpd listen=lmtp prefork=0
lmtpunix cmd=lmtpd listen=/var/imap/socket/lmtp prefork=1
}
EVENTS {
# this is required
checkpointcmd=ctl_mboxlist -c period=30
# this is only necessary if using duplicate delivery suppression
delprune cmd=ctl_deliver
Re: SSL/TLS
Lee Hoffman wrote: When I run /usr/local/ssl/bin/openssl s_client -connect localhost:993 The following is printed: CONNECTED(0003) Then it just hangs. Check imapd.log for errors. Is imaps listed in /etc/services? Ken -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: SSL/TLS
Lee Hoffman wrote: Im not sure if its being caused by login attempts via ssl (although it seems to happen when I try to login via ssl from a mail client or when I run the command below), but imapd prints the following: May 22 14:55:51 servername master[18641]: process 28462 exited, status 0 Yes, imaps is listed in /etc/services Alright. Crank the imap logging level up to local6.debug and restart syslogd. Try to make another connection, and see if an 'imapd -s' gets spawned. Look in imapd.log and do a 'ps -f -u cyrus'. If you have a running 'imapd -s', then do an strace on it to see what it is doing. Ken -Original Message- From: Ken Murchison [mailto:[EMAIL PROTECTED]] Sent: Wednesday, May 22, 2002 2:52 PM To: Lee Hoffman Cc: 'Cyrus Mailing List' Subject: Re: SSL/TLS Lee Hoffman wrote: When I run /usr/local/ssl/bin/openssl s_client -connect localhost:993 The following is printed: CONNECTED(0003) Then it just hangs. Check imapd.log for errors. Is imaps listed in /etc/services? Ken -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: Cyrus IMAP Presentation
[EMAIL PROTECTED] wrote: I've created a presentation about Cyrus IMAPd that I will be showing to the local LUG in a couple of weeks. I'd appreciate it if some Cyrus masters would take a look at it and see if I've gotten anything wrong. Some of these may be a bit picky, but they're things I noticed. (Slide 5) I beleive there are Debian Packages, put together by Henrique de Moraes Holschuh [EMAIL PROTECTED]. Now mentioned. (Slide 6) prefork keeps *atleast* that number of processes standing by. Processes will be reused as they become available (and they expire after they've been waiting around for a while doing nothing) Ok, I clarified that. (Slide 8) The mailbox hierarchy does not have to work the way you describe (see also altnamespace and unixhierarchysep) Noted, but I don't know if I want to go into that. Do typical installations use altnamespace or the hierarchical name space? If I change it after the server is in use does it wig out user subscriptions, etc...? Nope. I made sure that when I designed/implemented these options, that it wouldn't be a problem. Internally, the mailbox names are the same, all that changes is what is presented to the client. A good client should be fetching the subscribed folders via the LSUB command, so it will always get a correct list. -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: Cyrus IMAP Presentation
[EMAIL PROTECTED] wrote: I've created a presentation about Cyrus IMAPd that I will be showing to the local LUG in a couple of weeks. I'd appreciate it if some Cyrus masters would take a look at it and see if I've gotten anything wrong. ftp://kalamazoolinux.org/pub/pdf/Cyrus.pdf A few points: - Slide 4: Just for completeness, you might want to add LMTP to the list of protocols. - Slide 17: You're missing the 2 after SASL version. - Slide 22: You probably want to use the 'cyrusv2' mailer for Sendmail (8.12.4+). This mailer talks directly to lmtpd instead of spawning deliver. Nice job! Ken -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: Cyrus IMAP Presentation
[EMAIL PROTECTED] wrote: I've created a presentation about Cyrus IMAPd that I will be showing to the local LUG in a couple of weeks. I'd appreciate it if some Cyrus masters would take a look at it and see if I've gotten anything wrong. ftp://kalamazoolinux.org/pub/pdf/Cyrus.pdf A few points: - Slide 4: Just for completeness, you might want to add LMTP to the list of protocols. Done. - Slide 17: You're missing the 2 after SASL version. Fixed. - Slide 22: You probably want to use the 'cyrusv2' mailer for Sendmail (8.12.4+). This mailer talks directly to lmtpd instead of spawning deliver. Yes, less forking is always good. But I'm using sendmail 8.11.6-something. Time to upgrade Just grab the cyrusv2.m4 file and plop it into your cf/mailer directory and you're good to go. -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: Cannot get loginrealms to work with 2.0.16
Quoting Christian Schulte [EMAIL PROTECTED]: The unix hierarchy separator is key here because you want to have a . in the username. I think this would do it. But how to enable that in 2.0.16 ? It's probably only available as a patch in the 2.0.x series (I'm not to keen on exactly which versions had what features). Your other choice is to skip 2.1 and jump into 2.2 available from CVS. Since you're already compiling your cyrus (as opposed to prepackaged binary) and you want virtual domains support (and willing to go to great lengths to get it), I'd suggest getting the 2.2 branch which has native virtual domain support built into it. There are a few ppl on the list who have been running the 2.2 branch for a couple weeks now and don't seem to be having any problems with it at all. Thanks a lot for your help! I did a cvs checkout a few minutes ago but was not able to get it compiled at once. I am using Solaris 8 on ix86 and there I had to deal with LD_LIBRARY_PATH and adding switches to the Makefile.PL files like -L/usr/loca/lib/etc... to get perl modules running, patching deliver.c to get it working with sendmail and and and.. I think I will get it working till the weekend. Should not take as long as the first time because I think I really have had every problem which can occure with the 2.0.16 sources on Solaris 8 with gcc ! One more question: Is there anything I must take care off when updating my current mailboxes, if I get it working the next days ? I do a make install over the old installation hopefully replacing it completely and then I only do a reconstruct with the new reconstruct binary and will be able to start the new compiled version and do *not* loose any mail in any folder or mailbox ? So I can simply install the new binaries and these will work with my mail partitions ? Again: Thanks a lot for your help! You _should_ not have to reconstruct any mailboxes, since the mailbox format hasn't changed (well, a small one was made for POP UIDL, but it'll be upgraded on the fly). You'll want to read doc/install-upgrade.html and do everything that applies from 2.0.16 forward. You'll also want to read doc/install-virtdomains.html to configure your virtdomains. Let me know if you find something that is incorrect or isn't clear so I can fix it. Don't forget that you'll have to install SASLv2 in order to use Cyrus 2.1+. See doc/upgrading.html in the SASLv2 distro for info on upgrading. Ken -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: Cyrus IMAP Presentation
[EMAIL PROTECTED] wrote: I've created a presentation about Cyrus IMAPd that I will be showing to the local LUG in a couple of weeks. I'd appreciate it if some Cyrus masters would take a look at it and see if I've gotten anything wrong. ftp://kalamazoolinux.org/pub/pdf/Cyrus.pdf A few points: - Slide 4: Just for completeness, you might want to add LMTP to the list of protocols. Done. - Slide 17: You're missing the 2 after SASL version. Fixed. - Slide 22: You probably want to use the 'cyrusv2' mailer for Sendmail (8.12.4+). This mailer talks directly to lmtpd instead of spawning deliver. Yes, less forking is always good. But I'm using sendmail 8.11.6-something. Time to upgrade Just grab the cyrusv2.m4 file and plop it into your cf/mailer directory and you're good to go. OK, I did that and now sendmail is happily delivering via LMTP! Thanks. Added a slide about setting up to use LMTP. My m4 - FEATURE(`preserve_local_plus_detail') ... MAILER(cyrusv2)dnl ... define(`confLOCAL_MAILER', `cyrusv2') And it works. But I still can't get bulletin boarding to work. The docs make it look like [EMAIL PROTECTED] should post the message into my INBOX.Presentations folder, but it goes into my INBOX. And so does By default sendmail treats addresses as case-insensitive. As a result, the address sent to lmtpd is adam+presentations, which doesn't exist. If you want to be able to post directly to certain mailboxes, I'd suggest using all lowercase names for them. [EMAIL PROTECTED] Permisions on that folder look like This will never work. Essentially 'adam' is your INBOX. sardine lam user.adam.Presentations anonymous p adam lrswipcda These are correct. Posting to shared folders fails. Something like bb+PriceUpdates drops off with a user known, previously using deliver it merely failed with a data format error. Do I need to add the cyrusbb mailer back in? No. I have postuser: shared in imapd.conf and the folder looks like - postuser is a dummy userid which owns the shared folders. It doesn't _need_ to be set, in fact by default it is unset. sardine lam shared.PriceUpdates anonymous p group:cis lrswida anyone lrs group:partsqc lrswipcda To post to this mailbox with postuser unset, you'd send to +shared.PriceUpdates@... (note that the upper/lowercase thingy is still a problem) If you set postuser to 'bb', then you'd send to bb+shared.PriceUpdates@... I think I'm missing something basic about bulletin boards, but I can't find any examples. I don't know if this makes it clearer or cloudier ;) -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: cyrus imap without sasl
sandra wrote: Hi people, We have a question about athentication with cyrus+sasl. Here we had configured our cyrus installation to use SASL + PAM to authenticate users in a mysql database. We have read that there is a way to use IMAP LOGIN instead to authenticate users via SASL PLAIN . If it is possible, how could I do it? Because we think that there is no need to use SASL library in the middle of the way to authenticate via PAM+mysql. Isnt it a better performance issue? Or we are completely wrong? You can't compile/configure Cyrus 2.x without SASL. Cyrus uses SASL for all plaintext lookups (IMAP LOGIN, POP3 USER/PASS, AUTH=LOGIN, AUTH=PLAIN) -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: stupid IMAP question...
Robert Sweet wrote: I have set up Cyrus-Imap/Postfix/Procmail, and I am processing my mail correctly thus far. But mail doesn't stay in my INBOX. It all ends up in user.rsweet.Backup. I know I This is most likely your Procmail script doing this. must be missing the default mailbox??? user.rsweet.rsweet? Any help would be appreciated, thanks. Your INBOX is user.rsweet -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: Cyrus IMAP Presentation
Quoting Eric Estabrooks [EMAIL PROTECTED]: Mathieu Arnold wrote: --On dimanche 22 septembre 2002 15:45 +0200 Mr. Simix [EMAIL PROTECTED] wrote: Rob Siemborski wrote: On Sun, 22 Sep 2002, Tarjei Huse wrote: If you do not use saslpasswd2, then Cyrus only uses plaintext methods for authentication, right? No. You can use a MySQL backend as well to supply the secrets for non-plaintext methods. The OpenLDAP people also have an auxprop plugin that will get the secerts directly from their datastore, but it only works internal to OpenLDAP. Okay, but we can say whenever PAM is involved, then only plain can be used, right? yes, because you cannot be sure to have access to plain text passwords using pam, and you need plain text passwords to do digests authentications. It should be possible to write a pam module (or extend an existing one) to include other mechanisms beside plain, if like you said you had plain My understanding of PAM is that you can't retrieve the password. You simply pass it a user, password and service and PAM tells you whether it is correct/allowed or not. I haven't checked the PAM API, so maybe there is a way. text passwords available on the server side. Of course there might be an additional restriction imposed by the sasl interface in that it might only present plain to the pam interface or the likes of saslauthd and try to resolve others internally or drop them if configured for using pam. Assuming that youy can get PAM to return the plaintext password, you'd have to write a PAM auxprop plugin. SASL only uses auxprop to fetch the plaintext passwords (as opposed to checking the validity, which it does via saslauthd). Ken -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: Time has come to stop with /usr/local path pollution!
soap box First off, why did you feel the need to send this directly to me? Cyrus is not _my_ software, I'm just a contributor. Secondly, I can understand your frustration, but your shitty attitude ain't gonna help. Joe Rhett wrote: We really must stop with the path pollution that you guys include into the configuration process. I just lost 2 hours trying to figure out why it couldn't find a db3_nosync function... and finally figured out that you were looking at a path I never specified ( /usr/local/include ) and reading the include files from there, instead of the path I did specify: --with-dbdir=/opt/berkeleydb If I want you to read /usr/local, I'll tell you that. Please stop assuming that everything is dumped there. At the very least, try the specified path and only try /usr/local if nothing was specified. You've had more than a dozen complaints about stuff picking up the wrong libraries, when the properly library paths were explicitly listed. A lot of bitching, and no proposed fixes. It works for me, and I'm sure it works for CMU, otherwise it would've been fixed already. Since I don't have a problem, I'm not going to go through the trouble of trying to reproduce it just so I can fix it. Unless you hear differently from somebody at CMU, I'm going to assume that one of the dozen or so people with this problem are going to have to fix it and hopefully submit a patch. Have people forgotten how much they _paid_ for this software? What is the ROI and/or price performance of this software for ISPs, freakin' infinity? Why is it assumed that each user is _entitled_ to some level of technical support? Stuff like this makes me really happy that I added virtdomains support for FREE!!!, so that the ISPs can make even more money with less admin overhead. /soap box On Thu, Sep 26, 2002 at 03:30:54PM -0700, Joe Rhett wrote: This problem continues to exist in CVS. The problem is that you aren't including the include path specified by --with-sasl when you compile and run the test program. SASL is installed in /opt/sasl. I'm using the configuration options listed below. I get the output listed below. If I go into /usr/lib/include and type ln -s /opt/sasl/include/sasl then the configure runs perfectly fine. The relevant line is at 5348 in the configure generated on my system. ac_try=$ac_cpp conftest.$ac_ext /dev/null 2conftest.out There's no use of $CPPFLAGS to pick up the --with-sasl includes or libs. Again, you don't notice this because you pollute the includes and libs with /usr/local automatically, even when it isn't relevant and can be harmful. Please fix the autoconf to use the --with-sasl options when building conftest. On Tue, Aug 20, 2002 at 09:12:16PM -0700, Joe Rhett wrote: Configure problem with cyrus-imapd CVS version -- it's not seeing --with-sasl at all. ./configure --prefix=/opt/imapd --with-cyrus-prefix=/opt/imapd --with-sasl=/opt/sasl --with-openssl=/opt/openssl --with-dbdir=/opt/berkeleydb ...etc... checking for sasl/sasl.h... yes checking for sasl/saslutil.h... yes checking for prop_get in -lsasl2... yes configure: error: Incorrect SASL headers found. This package requires SASL 2.1.7 or newer. However, the only sasl.h on the system is in /opt/sasl/include/sasl/ ... Commenting out the rm conftest* in 'configure' and then checking the output of the test program shows... cyclops 151% cat conftest.out configure:5278: sasl/sasl.h: No such file or directory configure:5281: #error SASL_VERSION_MAJOR not defined configure:5284: #error SASL_VERSION_MINOR not defined configure:5287: #error SASL_VERSION_STEP not defined configure:5291: #error SASL version is less than 2.1.7 I can't quite figure out why this isn't working, but the sasl.h and libsasl2 tests are -- maybe you have a clue? On Wed, Aug 14, 2002 at 10:38:35AM -0700, Joe Rhett wrote: Nope. We had to downgrade so that I could work with your CVS stuff. Most annoying. On Mon, Aug 12, 2002 at 06:52:40PM -0400, Ken Murchison wrote: Did you upgrade to a new version of autoconf? Only v2.13 will work (currently). Joe Rhett wrote: On Fri, Aug 09, 2002 at 09:46:42PM -0400, Ken Murchison wrote: Joe Rhett wrote: Well, that's part 2 --- sasl won't compile for me any more. Whoa! Did you try: make distclean rm configure aclocal.m4 sh SMakefile aclocal.m4 doesn't exist for me, and configure never got far enough to make a real Makefile so make distclean doesn't work -- but yeah, that's exactly what I've done. cyclops% sh SMakefile aclocal -I cmulocal -I config aclocal: configure.in: 80: macro `AM_DISABLE_STATIC' not found in library aclocal: configure.in: 82: macro `AM_PROG_LIBTOOL' not found in library
Re: Newbie Q's: Mailbox not found
Jon Drukman wrote: ok i'm just getting started, and i finally got authentication working (i think). however now i can't get mailboxes to accept mail. all mail bounces with 550 Mailbox unknown -- Sep 27 10:33:21 rs2 postfix/lmtp[74804]: 43E39269ED: to=[EMAIL PROTECTED], relay=/var/imap/socket/lmtp[/var/imap/socket/lmtp], delay=0, status=bounced (host /var/imap/socket/lmtp[/var/imap/socket/lmtp] said: 550-Mailbox unknown. Either there is no mailbox associated with this 550-name or you do not have authorization to see it. 550 5.1.1 User unknown) # ./deliver jsd jsd: Mailbox does not exist # cyradm --user cyrus localhost IMAP Password: localhost.spot.com lm jsd (\HasNoChildren) what am i missing? Run 'deliver -l' as the cyrus user (that's a lowercase L, not a one), then: LHLO foo MAIL FROM:[EMAIL PROTECTED] RCPT TO:[EMAIL PROTECTED] DATA FROM: [EMAIL PROTECTED] TO: [EMAIL PROTECTED] SUBJECT: LMTP test bla, blah . QUIT And see what happens. You might also want to try RCPT TO:jsd and see if it makes a difference. Ken -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: Newbie Q's: Mailbox not found
Felix Cuello wrote: Hi! Remember that all cyrus email accounts must start with: user. Then... when you create a cyrus user mail account, just do this (or something like this =): $ cyradm --user cyrus localhost password: xx cyradm cm user.jsd cyradm sam user.jsd user.jsd rd First, this isn't necessary as a personal mailbox always gets _all_ privileges set for the owner by default. Second, the command is 'sam mbox uid acl' user.jsd isn't the userid, jsd is. cyradm sam user.cyrus user.jsd all Same userid problem, and you don't want cyrus to have an INBOX (user.cyrus). cyradm sq user.jsd 5000 cyradm quit 1.line) Create Mailbox user.jsd 2.line) Set READ-DELETE permissions to the owner 3.line) Set ALL permissions to cyrus admin 4.line) Creates around 5Mb of Quota for this account 5.line0 Voila! :) Try this... and remember user.jsd :-) --- Felix Cuello [EMAIL PROTECTED] Qodiga/its http://www.qodiga.com Santa Fe 882 - Piso 13 - Of.E Buenos Aires, ARGENTINA -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: Newbie Q's: Mailbox not found
Jeremy Rumpf wrote: # cyradm --user cyrus localhost IMAP Password: localhost.spot.com lm jsd (\HasNoChildren) what am i missing? Shouldn't that be user/jsd(unixhierarchysep: yes) or user.jsd(unixhierarchysep: no) Created in cyradm as cm user/jsd or cm user.jsd Oops! I hadn't noticed that he created just 'jsd' which is a shared folder. Yes, do as Jeremy suggests. -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
RE: Time has come to stop with /usr/local path pollution!
Quoting Andrew Diederich [EMAIL PROTECTED]: I'd just ask that if a known bug isn't going to be fixed, it needs to be documented and put upfront, big and large, where folks will see it. Shutting off compiler warnings with gcc 3.2 is an example. It broke compile, but folks were talking about it on the list. Many of the developers, and people on this list, know about the problem, but people who just download the software, read the docs, and try to install it will get burned otherwise. Then they'll curse the crappy software, and they'll be right. There are three things to do when a bug is found. 1) fix it, 2) document the bug and the workaround, or 3) hope people don't find it again. #3 is terribly expensive in support costs, like this string of emails. Its seems that people are missing a very important point here. Cyrus was developed for internal use at CMU. CMU has been kind enough to allow the source code to be distributed for use by anybody, commercial or otherwise. Some may argue that CMU has a responsibility to fix all bugs, write good documentation, hand-hold ignorant/illiterate admins, make coffee, and clean windows. In most cases, they do all of the above, and more. I wish people would keep this in mind, when they claim that the build process is broken. It is broken for _you_, because I can assure you that it built for the intended user (CMU). The developers first responsibilty is to their employers, not to a small, whiny part of the user community with an edge-case problem. If people spend the same amount of time trying to fix the problem instead of bitching about it, this would've been a dead issue a long time ago. It don't think that the squeaky wheel gets the grease principal is necessarily going to work. The next time somebody is frustrated by the software and wants to rant about how much of their time the developers wasted, take a step back and remember how much time and money they actually _saved_ you. Another $.02 -Original Message- From: Rob Siemborski [mailto:[EMAIL PROTECTED]] On Fri, 27 Sep 2002, Michael Newlyn Blake wrote: However it does seem that when explicit paths are called for certain componants they should be placed in line before the assumed system paths. That is to say, if you want to build and link against a libfoo in /snert/myjunk/foo-8.3.4 then this should be placed in the relevant paths before the include and lib dirs in /usr or /usr/local that are added automatically. I agree 100% that the paths should be honored. However, since it works for most people, and testing is pretty annoying (as ken stated), I'm not terribly eager to spend my time doing it, when I could be working on performance or feature improvements elsewhere in the code. If there was a patch provided that I could look at, approve, and apply, I'd be willing to do so. This is much less the case if I'm going to have to read a bug report hidden inside of a rant that seems to assume that the developers of Cyrus are part of a consipracy against all system administrators everywhere. -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: User mailbox renames
Quoting Roland Pope [EMAIL PROTECTED]: Hi, I am running cyrus-imapd 2.1.9 and I would like to be able to rename a user's mailbox. When I try a rename using cyradm, it tells me Operation is not supported on mailbox. From having a look at the source, it appears you can only rename a top level mailbox when using murder. Is this the case? Actually, in a Murder, the user's mailboxes are XFERd between servers. User RENAMEs are enabled in 2.2, if you want to try it. I tried creating the new destination mailbox and copying the original users files across to this and running reconstruct. The problem I have then is that I loose the original subscriptions and seen states? I can fiddle the user subscription file, but the seen states are stored in a skiplist DB and I'm not sure how to go about converting this file for the renamed mailbox. You shouldn't have to convert it. Each mailbox has a unique id which stays constant once the mailbox is created. Just copy /var/imap/user/f/foo.seen to /var/imap/user/b/bar.seen. Anybody out there got a solution to this, maybe a malbox rename script?? You'll also want to move the user's quota file(s) and any Sieve scripts. The biggest problem you're going to have is that the ACLs on the user's mailboxes are going to have to be changed so that the new user has access to them. Ken -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: Rename bug more serious than thought...
Rob Mueller wrote: Using cyrus 2.1.9, it seems that each time you rename a folder, it adds to any quota that folder is under... Connected to xyz.com. Escape character is '^]'. * OK xyz.com Cyrus IMAP4 v2.1.9 server ready . login blah blah . OK User logged in . getquotaroot inbox * QUOTAROOT inbox user.blah * QUOTA user.blah (STORAGE 36915 409600) . OK Completed . rename inbox.Saved inbox.Saved2 . OK Completed . getquotaroot inbox * QUOTAROOT inbox user.blah * QUOTA user.blah (STORAGE 42518 409600) . OK Completed . rename inbox.Saved2 inbox.Saved . OK Completed . getquotaroot inbox * QUOTAROOT inbox user.blah * QUOTA user.blah (STORAGE 48122 409600) . OK Completed I'm not sure if this is fixed in CVS, but this seems a pretty serious bug... My guess is that it has been introduced fairly recently. Does the old mailbox actually get deleted? What happens if you rename a folder outside of the same hierarchy? -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: SETACL on user mailbox
Rob Siemborski wrote: On Mon, 30 Sep 2002, Rob Mueller wrote: Now I argued that the current behaviour was actually against the RFC's description of what the 'a' right meant, mostly because this is the behaviour we want to see :). Others argued that because at CMU there's lots of shared folders that users want to alter, they would leave it as it is. Actually it's the user's own folders that cause the problem. Shared folders people wind up screwing themselves on ;) Since the actual meaning then of what people want seems to be site dependent, why not create a configuration option for it? Something like below perhaps? Your patch isn't complete, because it doesn't affect some implicit administrative rights that are granted in user mailbox spaces, (see, for example, mboxlist_mycreatemailbox where is_admin gets set if the user owns the mailbox, and therefore the acl is ignored). Yes, it is more complex than just one check. I have a patch floating around from the first time your guys brought this up. I can dust it off and see if its complete. IIRC, I was blocking on input/review from Larry on my patch. Ken -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: POP3 authentication problem. Please Help.
Sergey Merkuriev wrote: Hello All, Have trouble with POP3 it not work properly. I have two users: user1 and user2. The user1 have imap account and can login into IMAP server but can't login into POP3 server and user2 cant login into POP3 server. The files user1 and user2 exists in the directory /var/spool/email. There is log strange records from pop3d. Have IMAP and POP3 Server. /usr/local/sbin/saslauthd -a shadow imap.conf configdirectory: /var/imap partition-default: /var/spool/imap admins: cyrus root srvtab: /var/imap/srvtab sievedir: /var/sieve allowanonymouslogin: no sasl_pwcheck_method: saslauthd allowplaintext: yes cyrus.conf ... imap cmd=imapd listen=imap prefork=0 pop3 cmd=pop3d listen=pop3 prefork=0 auth.log: Oct 1 22:38:16 abtweb pop3d[29440]: could not find auxprop plugin, was searching for '[all]' Oct 1 22:38:16 abtweb pop3d[29440]: could not find password ./pop3test -u user2 localhost S: +OK abtweb Cyrus POP3 v2.1.9 server ready 2878525666.1033498506@abtweb C: CAPA S: +OK List of capabilities follows S: EXPIRE NEVER S: LOGIN-DELAY 0 S: TOP S: UIDL S: PIPELINING S: RESP-CODES S: AUTH-RESP-CODE S: USER S: IMPLEMENTATION Cyrus POP3 server v2.1.9 S: . Please enter your password: C: APOP root 8cec70679eae661ac964b834e1d8 S: -ERR [AUTH] authenticating: another step is needed in authentication Authentication failed. generic failure Security strength factor: 0 Try: ./pop3test -u user2 -m user localhost The fact that pop3d is advertising APOP (with a challenge in the banner) without auxprop being available is a bug. I'll look into it. -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: Murder question
serg wrote: Hi all! I want build scalable mail system, using cyrus imap server. I think what in future i need more than just one IMAP server (i don't talk now about smtp servers) and i guess what Murder is a great software for this case! But nowadays i have only 1 computer for mail project, and i want advice about my behaviour... Can i setup Cyrus (lastest version from CVS with virtual domain support + lastest SASL) on 1 server... and later, for example, after year add 2 servers: 1-frontend, 2-another backend, and leave old server as other backend? Do i have any trouble with this case? None at all. This is exactly what CMU did. -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: Cyrus 2.2 temp file problem when delivering to default domain?
syslog data would be nice. I'm also curious what happens if you send to two
recipients in the default domain?
I'll look into this as soon as you can send me this info.
Ken
Quoting Jonathan Marsden [EMAIL PROTECTED]:
I have made myself a Red Hat 7.3 RPM of the CVS Cyrus 2.2 (as of 26
Sep 2002) and installed it on some test Red Hat 7.3 systems here.
The virtual domain handling seems to almost work for me!
What I reliably and reproducibly get is an error about a temporary
file and non-delivery of email, to mailboxes in the default domain.
Mail to mailboxes in truly virtual domains works fine.
How can I best debug this further?
This is defintely *not* MTA related (for reference, sendmail 8.12.5
with a slightly hacked proto.m4 to do the retention of the @domain.tld
part of local addresses), because I get the same results from running
deliver -l as I do from sendmail delivery attempts. Here is an
example:
jm@a1:~$ /usr/libexec/cyrus/deliver -l
220 mail.a1.net LMTP Cyrus v2.2.prealpha-GRC-RPM-2.2-cvs.20020926 ready
lhlo junk
250-mail.a1.net
250-8BITMIME
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-SIZE
250-AUTH EXTERNAL
250 IGNOREQUOTA
mail from:[EMAIL PROTECTED]
250 2.1.0 ok
rcpt to:[EMAIL PROTECTED]
250 2.1.5 ok
data
451 4.3.2 cannot create temporary file: No such file or directory
rset
250 2.0.0 ok
mail from:[EMAIL PROTECTED]
250 2.1.0 ok
rcpt to:[EMAIL PROTECTED]
250 2.1.5 ok
data
354 go ahead
Subject: test b2
b2
.
250 2.1.5 Ok
quit
221 2.0.0 bye
13:49:51 jm@a1:~$
a1.net is the default domain, b2.net is a virtual domain (no, I do not
really own/use those domain names, they are sanitized).
My /etc/imapd.conf is
configdirectory: /var/lib/imap
partition-default: /var/spool/imap
admins: cyrus
allowanonymouslogin: no
sieveuserhomedir: no
sievedir: /var/lib/imap/sieve
sendmail: /usr/sbin/sendmail
hashimapspool: true
sasl_pwcheck_method: saslauthd
sasl_mech_list: PLAIN
tls_cert_file: /usr/share/ssl/certs/cyrus-imapd.pem
tls_key_file: /usr/share/ssl/certs/cyrus-imapd.pem
altnamespace: yes
unixhierarchysep: yes
autocreatequota: 10
virtdomains: yes
defaultdomain: a1.net
which is just the one from Simon Matter's 2.1.9-3 RPMs with the last
five lines added for my own purposes.
Permissions and ownership on the relevant
/var/{lib,spool}/imap/domain/* files and directories are all fine
(owned by cyrus, group mail, directories 0755 and 0700 as expected,
files 0600).
One point of note: if I run mkimap -d a1.net the error message
changes. It then complains about not finding the stage directory, but
the error message shows no actual path to a file or directory at all.
Also, if I comment out the last two lines of my imapd.conf to disable
the virtual domain handling, mail to a normal mailbox then works fine:
jm@a1:~$ /usr/libexec/cyrus/deliver -l
220 mail.a1.net LMTP Cyrus v2.2.prealpha-GRC-RPM-2.2-cvs.20020926 ready
lhlo junk
250-mail.a1.net
250-8BITMIME
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-SIZE
250-AUTH EXTERNAL
250 IGNOREQUOTA
mail from:[EMAIL PROTECTED]
250 2.1.0 ok
rcpt to:jonathan
250 2.1.5 ok
data
354 go ahead
Subject: test with no virtdomains
this works fine.
.
250 2.1.5 Ok
quit
221 2.0.0 bye
jm@a1:~$
I'm happy to help debug this and move 2.2 along a little, but pointers
on where to start looking, things to try, etc. would be much
appreciated! Should I post syslog data from a failed delivery attempt
too? If I need to read the source, what files would be a good place
to start reading to find this issue?
Thanks in advance,
Jonathan
--
Jonathan Marsden [EMAIL PROTECTED]
--
Kenneth Murchison Oceana Matrix Ltd.
Software Engineer 21 Princeton Place
716-662-8973 x26 Orchard Park, NY 14127
--PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: timsieved not offering any auth mechanisms
Quoting Matt Bernstein [EMAIL PROTECTED]: At 09:24 -0400 Ken Murchison wrote: Telnet-ing to port 2000 gives me: IMPLEMENTATION Cyrus timsieved v1.1.0 SIEVE fileinto reject envelope vacation imapflags notify subaddress relational regex OK ..and STARTTLS if I configure it. But there's no SASL line. I'm guessing that one of two things is happening: 1. you have allowplaintext:no in imapd.conf nope :) In fact I'd even tried explicitly allowplaintext: yes. 2. you installed SASL in a non-default location and Cyrus can't find the plugins. If you do: imtest -t '' -a user -u user server [mangled by pine justifying my middle button paste :)] S: * OK vicar Cyrus IMAP4 v2.1.9 server ready C: C01 CAPABILITY S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE STARTTLS LISTEXT LIST-SUBSCRIBED ANNOTATEMORE S: C01 OK Completed C: S01 STARTTLS S: S01 OK Begin TLS negotiation now verify error:num=19:self signed certificate in certificate chain TLS connection established: TLSv1 with cipher DES-CBC3-SHA (168/168 bits) C: C01 CAPABILITY S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE STARTTLS AUTH=LOGIN AUTH=PLAIN LISTEXT LIST-SUBSCRIBED ANNOTATEMORE S: C01 OK Completed C: A01 AUTHENTICATE LOGIN S: + VXNlcm5hbWU6 what mechs are listed? I'm guessing none. If this is the case, either link your SASL plugins directory to /usr/lib/sasl2 or rebuild Cyrus using the --with-sasl option. FYI, the reason that IMAP and POP3 both work is that they each have their own plaintext login commands (LOGIN and USER/PASS respectively), which don't depend on SASL plugins. I've got AUTHENTICATE PLAIN working on imapd as it's used to presubscribe our new accounts to a couple of folders we create. I have /usr/lib/sasl2 - ../local/lib/sasl2, in which live seemingly the right things. Hmm. You shot me down on both common problems. You only see this problem with timsieved? What about lmtpd? -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: timsieved not offering any auth mechanisms
Quoting Matt Bernstein [EMAIL PROTECTED]: At 12:53 -0400 Ken Murchison wrote: 1. you have allowplaintext:no in imapd.conf 2. you installed SASL in a non-default location and Cyrus can't find the plugins. If you do: Hmm. You shot me down on both common problems. You only see this problem with timsieved? What about lmtpd? I fear I'll have to shut down my MTA to investigate this.. (it's a shame Cyrus can't run an lmtpd and an lmtpd -a on different ports) ..ah! You can. I have all of my daemona listening on their normal ports and *.test daemons listening on port+9000. This way, as I work on the code, I can test it via a different port(s) without screwing my users. And with the -U and -T options that I just added, I can have my test daemons not be reused, so my debug/compile/install/test cycles are a lot faster. Ken -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: timsieved not offering any auth mechanisms
Quoting Scott Russell [EMAIL PROTECTED]: On Sat, Oct 05, 2002 at 12:53:46PM -0400, Ken Murchison wrote: Quoting Matt Bernstein [EMAIL PROTECTED]: At 09:24 -0400 Ken Murchison wrote: Telnet-ing to port 2000 gives me: IMPLEMENTATION Cyrus timsieved v1.1.0 SIEVE fileinto reject envelope vacation imapflags notify subaddress relational regex OK ..and STARTTLS if I configure it. But there's no SASL line. I'm guessing that one of two things is happening: 1. you have allowplaintext:no in imapd.conf nope :) In fact I'd even tried explicitly allowplaintext: yes. 2. you installed SASL in a non-default location and Cyrus can't find the plugins. If you do: imtest -t '' -a user -u user server [mangled by pine justifying my middle button paste :)] S: * OK vicar Cyrus IMAP4 v2.1.9 server ready C: C01 CAPABILITY S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE STARTTLS LISTEXT LIST-SUBSCRIBED ANNOTATEMORE S: C01 OK Completed C: S01 STARTTLS S: S01 OK Begin TLS negotiation now verify error:num=19:self signed certificate in certificate chain TLS connection established: TLSv1 with cipher DES-CBC3-SHA (168/168 bits) C: C01 CAPABILITY S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE STARTTLS AUTH=LOGIN AUTH=PLAIN LISTEXT LIST-SUBSCRIBED ANNOTATEMORE S: C01 OK Completed C: A01 AUTHENTICATE LOGIN S: + VXNlcm5hbWU6 what mechs are listed? I'm guessing none. If this is the case, either link your SASL plugins directory to /usr/lib/sasl2 or rebuild Cyrus using the --with-sasl option. FYI, the reason that IMAP and POP3 both work is that they each have their own plaintext login commands (LOGIN and USER/PASS respectively), which don't depend on SASL plugins. I've got AUTHENTICATE PLAIN working on imapd as it's used to presubscribe our new accounts to a couple of folders we create. I have /usr/lib/sasl2 - ../local/lib/sasl2, in which live seemingly the right things. Hmm. You shot me down on both common problems. You only see this problem with timsieved? What about lmtpd? I've been following this thread and have timsieved from cyrus 2.1.9 working fine myself. A few things nag me about the imtest capture from above. Previously it was said that only PLAIN and LOGIN mechs are allowed based on the imapd.conf line: sasl_mech_list: plain login. But if you look at the imtest dump the AUTH=LOGIN AUTH=PLAIN mechs aren't shown until _after_ the TLS negotiation takes place. To me this indicates that PLAIN and LOGIN are not allowed unless they're under the TLS/SSL layer. This is true for imapd and pop3d since they both have their own plaintext login commands. Since timsieved doesn't have a separate command, plaintext SASL mechs are always allowed unless they are explcitly turned off. I also noticed that sasl_minimum_layer: 1 was set in the imapd.conf. I don't recall but doesn't that exclude PLAIN and LOGIN unless they are under SSL/TLS? Good catch! I completely missed this the first time around. Most people don't use those sasl options, so it never occured to me to look. -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: Virtdomains: inter-domain admins do not work ---- was Re: Cannot get loginrealms to work with 2.0.16
Quoting Christian Schulte [EMAIL PROTECTED]: Ken Murchison wrote: Quoting Christian Schulte [EMAIL PROTECTED]: Your other choice is to skip 2.1 and jump into 2.2 available from CVS. Since you're already compiling your cyrus (as opposed to prepackaged binary) and you want virtual domains support (and willing to go to great lengths to get it), I'd suggest getting the 2.2 branch which has native virtual domainsupport built into it. There are a few ppl on the list who have been running the 2.2 branch for a couple weeks now and don't seem to be having any problems with it at all. Hello again, actually I got the cvs branch up and running. I am now running the 2_2 cvs branch successfully on the same machine the 2.0.16 with SASL1 still runs on! FYI, this _might_ break POP3 access on the 2.2 side. It's possible that accessing a mailbox via POP3 on 2.2 then 2.0.16 then 2.2 will not work. I won't get into the technical details, but the mailbox format was tweaked in 2.1.something to fix a potential POP3 UIDL problem, and downgrading wasn't considered (by me) and isn't handled gracefully. Cyrus 2_2 got its own alias interface and the machine has two IPs now. I just had to tweak one option in the masterconf.c source to make the cyrus-2_2 master reading another cyrus.conf file than /etc/cyrus.conf. The 2.0.16 master reads /etc/cyrus.conf as usual and the 2.2 master now reads /etc/cyrus.conf.v2 . Every other configuration necessary for such setup could be specified in the cyrus.conf files. The old cyrus.conf file read by 2.0.16 for binding to the primary IP and starting the old binaries and the second cyrus.conf.v2 file for the 2.2 master to bind to the secondary IP and to start the new binaries with theire own configuration files specified by the -C option. That all worked great and was much easier than I expected it to be! If I now would not have forgotten to specify another path to the sieve scripts for 2.2 than for 2.0.16, I would not have lost all my scripts. mkimap created a new /usr/sieve structure and delted the already existent one. But that was something I simply forgot about. For the new 2.2 I have the following imapd.conf file: configdirectory: /var/imap partition-default: /var/spool/imap admins: [EMAIL PROTECTED] servername: mailserver.somedomain.com localdomain: somedomain.com sasl_pwcheck_method: auxprop sasl_auxprop_plugin: sasldb sasl_allowanonymouslogin: no sasl_allowplaintext: yes tls_cert_file: /usr/local/var/imap/server.pem tls_key_file: /usr/local/var/imap/server.pem tls_ca_file: /usr/local/var/imap/CAcert.pem idlesocket: /usr/local/var/imap/socket/idle loginrealms: realm1.com realm2.net unixhierarchysep: yes virtdomains: yes altnamespace: no If creating a user with simply saslpasswd2 -c admin in the local realm I get the following situation: [EMAIL PROTECTED]: userPassword If logging in with admin I get the administration options but cannot create mailboxes in another domain than somedomain.com (Invalid mailbox name) and I cannot see any other mailboxes than in somedomain.com thus domain administration seems to work. If logging in with [EMAIL PROTECTED] I do not get any administration options and only see the admin inbox which I created for testing. I cannot get the difference here! The DNS reverselookup to the IP resolves correctly to mailserver.somedomain.com and /etc/nodename also says somedomain.com. domain-administration seems to work if logging in without an @localrealm, but inter-domain administration completely does not work for me. Changing the admins: line to admins: admin If now logging in with admin I get administration options but cannot see any user mailbox and again can only see the admin inbox. If I try to create a mailbox like user/test I get permission denied. If I create a mailbox like [EMAIL PROTECTED] I get Invalid mailbox name. If logging in with [EMAIL PROTECTED] I do not get any administration options and again only see the admin inbox. So inter-domain administrators do not work! What am I doing wrong ? Any hints would be helpful! Read the administrators section of doc/install-virtdomains.html closely. Set defaultdomain: [EMAIL PROTECTED] Thanks! But I still cannot get the inter-domain admins to work. Thats my new imapd.conf file: configdirectory: /var/imap partition-default: /var/spool/imap defaultdomain: somedomain.com servername: imap.somedomain.com admins: admin sasl_pwcheck_method: auxprop sasl_auxprop_plugin: sasldb sasl_allowanonymouslogin: no sasl_allowplaintext: yes tls_cert_file: /usr/local/var/imap/server.pem tls_key_file: /usr/local/var/imap/server.pem tls_ca_file: /usr/local/var/imap/CAcert.pem idlesocket: /usr/local/var/imap/socket/idle unixhierarchysep: yes virtdomains: yes altnamespace: no If I specify defaultdomain
[STATUS] NNTP support (10/9/02)
Just quick update for those who care. The server side of nntpd (CVS 2.2 branch) appears to be fully functional and stable. You can feed articles directly to it using the normal IHAVE or INN's STREAM mode (CHECK/TAKETHIS). For those people who's rather suck news rather than having it fed to them, I wrote a fetchnews tool which you can use as an EVENT in cyrus.conf to connect to your upstream peer, and retrieve new articles and feed them to nntpd. I have only these with INN, so I'd be interested in any incompatibilties with other news servers. There is no specific documentation yet, but read the manpages and check out the news* options in imapd.conf. Ken -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: Need Help! cyrus-imapd-2.1.9 and sieve?
achim altmann wrote: Hello, sorry that i post in that group but all postings to sieve-groups are not answered! I hope anyone can help me! i would like use sieve with was cut off mails. I have some questions about this I have to forward special mail's they was bevor filterd on a other gateway but not the complete mail, only the first 160 characters. My sieve-script filtered at the moment special mail's in special folder's It is possible i could write a command in my sieve-scripts was called a other programm/tool was cut off this mails? No. You can't call an external command from Sieve. You might want to 'redirect' the message to an email-sms gateway which trims the message for you. -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: CVS questions
Quoting Kervin L. Pierre [EMAIL PROTECTED]: Hi, I'm about to build/configure CVS imapd 2.2 branch for virtual domain support with a single IP. I have a few questions before I start. What are the CVS branches, tags available for download? Which do I use http://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/cyrus/ will show you the tags/branches that are available. if I want 2.2 branch? http://asg.web.cmu.edu/cyrus/download/anoncvs.html gives a CVS checkout command without a branch tag, is that the 2.2 source? You want cyrus-imapd-2_2 What sasl do I use for 2.2 imapd? If CVS, again which branch should I checkout? 2.1.7+ -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: database types
Aidan Evans wrote: On Sun, 13 Oct 2002 at 11:05 Rob Siemborski wrote to David Wright and... On Sat, 12 Oct 2002, David Wright wrote: Can someone explain what advantages and disadvantages one has from the different database types? And what is a skiplist anyway? I'm familiar with flat files and the sleepycat databases, but I've never heard of a skiplist. This has been addressed on the list several times, here's the summary: http://asg.web.cmu.edu/archive/message.php?mailbox=archive.cyrus-saslmsg=2311 This says --with-duplicate-db=DB use DB (db3, skiplist) as a backend for the duplicate delivery db (Default: db3_nosync ) db3_nosync, since the worst part about losing this is that someone might get a vacation message twice. It also needs fast lookups. which does not sound right, if losing this refers to the database. What seems to happen in our environment is that all sieving stops working. I have not tested everything, but right now deliver.db (db3-nosync) is broken and my sieve script which has a couple of if tests, a redirect, and a fileinto now does nothing. If the duplicate deliver database can't be initialized, then Sieve is turned off (to prevent mail loops, etc). The same _used_ to be true if duplicate suppression was turned off, but now Sieve and duplicate suppression are independent of one another (but they both depend on deliver.db being available). -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: lmtpd: Internal error: assertion failed: config.c: 226: imapopts[opt].t== OPT_SWITCH
Christian Schulte wrote: Hello, I'm trying to configure sendmail to deliver to a virtual-domain account in cyrus 2.2 from cvs. This is all I get to work! I had to change the cyrusv2.mc file so that it will send a fqdn recipient like this and I get such error in the logfile. Oct 16 02:34:36 mail sendmail[10197]: [ID 801593 mail.info] g9G0YZuE010195: to=[EMAIL PROTECTED], delay=00:00:00, xdelay=00:00:00, mailer=cyrusv2, pri=120 439, relay=localhost, dsn=4.3.0, stat=Deferred: 421 4.3.0 lmtpd: Internal error: assertion failed: config.c: 226: imapopts[opt].t == OPT_SWITCH Mcyrusv2, P=[IPC], F=_MODMF_(CONCAT(_DEF_CYRUSV2_MAILER_FLAGS, CYRUSV2_MAILER_FLAGS), `CYRUSV2'), S=EnvFromSMTP/HdrFromL, R=EnvToSMTP/HdrToSMTP, E=\r\n, _OPTINS(`CYRUSV2_MAILER_MAXMSGS', `m=', `, ')_OPTINS(`CYRUSV2_MAILER_MAXRCPTS', `r=', `, ')_OPTINS(`CYRUSV2_MAILER_CHARSET', `C=', `, ') T=DNS/RFC822/SMTP,_CYRUSV2_QGRP A=CYRUSV2_MAILER_ARGS == Changed EnvToL/HdrToL to EnvToSMTP/HdrToSMTP What does that mean ? What is broken ? It means you did a cvs update without doing a complete rebuild. Do a 'make clean' and then rebuild/reinstall. Ken -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: sieve (imap-flags) add any information in header
Quoting Achim Altmann [EMAIL PROTECTED]: hello, if is possible to use add imap-flags with self defined messages to add in the mail-header? I would use this for an c++-prog was read this header after sieve-modification to do any actions. sample: sieve check any mail and are the rules true then add a number like 1234567 in the header from the mail. the original-mail is moved in any defined folder and a copy from this mail was had sieve modified send to an other local-smtp-gateway. Iis this possible? No. There are no documented Sieve actions for altering a message. All the imap-flags actions do is alter the IMAP flags meta-data (eg, \Seen, \Flagged, \Deleted) on a message. -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: Search: takes time of what order?
Ian McDonald wrote: Hi, Does Cyrus do any indexing or other preparation to reduce the time taken to search large mail collections? Yes, if you create a squat index for it, by using the squatter tool. Since this only indexes messages currently in the mailbox, you should setup squatter to be an EVENT in cyrus.conf, if the mailbox constantly grows. -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: [STATUS] NNTP support (10/17/02)
Scott Russell wrote: On Thu, Oct 17, 2002 at 01:11:50PM -0400, Ken Murchison wrote: FYI, the client side of nntpd is essentially complete. It now works with Pine, Netscape (Mozilla), and Outlook. The issue with Netscape and Outlook was that they both seem REQUIRE support for the XOVER extension (Netscape because of a bug and Outlook because of poor design). The only major missing functionality is support for wildmat patterns. Right now, only IMAP-style patterns are supported. So, if I've been following this right, the way to work this is to use nntpd for access to shared mailboxes (not user.*). Are you trying to share a personal mailbox or a public mailbox? Unless you specify a newsprefix to put newsgroups in their own hierarchy, nntpd will work for any mailbox that the user can read (including user.*). How does 'expire' work in this case? I'm wondering about getting rid of old articles in the shared imap mailbox. Right now, I'm using 'ipurge', but I have an 'expirenews' tool to purge entries from netnews.db which I plan on adding the article delete code to. I'm very interested in this work since it would make for a fine news2mail gateway setup I think. Yes, I'm using it right now for news2mail and I'm using lmtp2nntp for mail2news. I can read newsgroups/shared mailboxes with my Netscape client via NNTP or IMAP without INN anywhere in sight. If you can give me more details on what you're trying to accomplish, I can tell you how to set it up and/or make the necessary changes to allow what you need. If it helps visualize how this all fits together, I have attached a PDF of an xfig drawing that I put in CVS. Ken -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp netnews.pdf Description: Adobe PDF document
Re: [STATUS] NNTP support (10/17/02)
Dave McCracken wrote: --On Friday, October 18, 2002 10:05:10 -0400 Ken Murchison [EMAIL PROTECTED] wrote: Right now, I'm using 'ipurge', but I have an 'expirenews' tool to purge entries from netnews.db which I plan on adding the article delete code to. Have you gotten ipurge to be reliable? I gave up on it because it kept deleting mail that didn't match its criteria, ie I specified greater than 14 days and it often deleted mail that was less than a day old. And yes, I did report this behavior on the list a couple of times, but no one ever responded. Do you remember which version of Cyrus? I fixed a signed/unsigned problem with ipurge back in 2.1.6 which was causing behavior similar to what you describe. -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
