Re: ANNOTATEMORE => METADATA and rfc 5464
Bron Gondwana wrote: > On Tue, Nov 17, 2009 at 04:17:51PM -0500, Ken Murchison wrote: >> Bron Gondwana wrote: >>> On Tue, Nov 17, 2009 at 09:03:11AM -0500, Ken Murchison wrote: >>>> What is your new format proposal? >>> I'll see :) Not sure yet - but mainly not sizeof(unsigned long)! >> If we make a wholesale change to the database, perhaps this might be >> something we put in the 2.4 branch. It already has some >> partial/complete extensions like QRESYNC, LIST-EXTENDED, >> URLAUTH=BINARY and COMPRESS (which I backported to 2.3). >> >> I was also thinking that although the charset changes have been >> fully tested at Fastmail that it too might be a candidate for 2.4. > > Yeah, fair enough! I did commit them to CVS, but it's easy enough to > back them out and commit to a branch instead. > > Do we have a roadmap for what else people want on the 2.4 branch? > I'd be happy to put a bit more effort into polishing up those features > that are there so we can ship a 2.4 soonish. Say by April next year, > which gives us 6 months to prepare. My original vision for 2.4 was to be compliant with the LEMONADE v2 profile. At this point is can morph into anything we want. Some of the 2.4 features required changes that I felt were too in depth to put into a relatively stable 2.3. I'm pretty close to having the time to dive back into the 2.4 code. The first thing that needs to be done is to merge all of the new 2.3 stuff into 2.4. -- Kenneth Murchison Systems Programmer Project Cyrus Developer/Maintainer Carnegie Mellon University Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Cyrus IMAPd 2.3.16 Released
I am pleased to announce the release of Cyrus IMAPd 2.3.16. This release should be considered production quality. Major changes in the release are the following: - Added 'user_deny.db' to be able to selectively deny users access to Cyrus services. - Added 'popuseimapflags' option which enables setting and obeying IMAP flags in the POP server. - Added optimized method of handling an empty maildrop in pop3d. (based on work of Cyril Servant ) - Added 'annotation_definitions' option for specifying external (third-party) annotations. (courtesy of Thomas Viehmann ) - Added COMPRESSion to replication protocol. (courtesy of Bron Gondwana ) For full details, please see doc/changes.html and doc/install-upgrade.html which are included in the distribution. URLs for this release: ftp://ftp.andrew.cmu.edu/pub/cyrus/cyrus-imapd-2.3.16.tar.gz or http://ftp.andrew.cmu.edu/pub/cyrus/cyrus-imapd-2.3.16.tar.gz Questions and comments can be directed to info-cyrus@lists.andrew.cmu.edu (public list), or cyrus-b...@andrew.cmu.edu. Happy Holidays! -- Kenneth Murchison Systems Programmer Project Cyrus Developer/Maintainer Carnegie Mellon University Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Cyrus IMAPd 2.3.16 Released
Simon Matter wrote: >> I am pleased to announce the release of Cyrus IMAPd 2.3.16. This >> release should be considered production quality. Major changes in the >> release are the following: >> >> - Added 'user_deny.db' to be able to selectively deny users access to >>Cyrus services. > > While upgrading my rpms I wanted to see where the db is so I can handle it > in the package. But I can't find it and even stracing didn't show that the > file was searched for. Do we have to enable it at compile time or are > there other options beside userdeny_db to configure it? > Thanks for any hint. Its in configdir, along with the rest of the dbs. Its not created by default, since its not required for normal operation. Actually, its not the most efficient implementation right now, since it does an open/read/close per login. I need to rework it so that it does the open at service init time, leaves the db open for reading for the each process reuse, and closes it at service shutdown time. This will take a little work, because we plan on using a remote MySQL database at CMU, so the actual read function will also have to reconnect if necessary. -- Kenneth Murchison Systems Programmer Project Cyrus Developer/Maintainer Carnegie Mellon University Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Cyrus development update 12/29/09
I spent a couple of days reviving the stale 2.4 development branch by merging all of the 2.3 changes into it. This branch will now be where the most active development will be taking place. Any activity on the 2.3 branch will be mostly bugfixes. New features that are already in 2.4 are extensions that came out of the IETF Lemonade WG (for resource/bandwidth restricted devices): - LIST-EXTENDED - ESEARCH - WITHIN - ENABLE - QRESYNC - URLAUTH=BINARY With the exception of URLAUTH=BINARY, all extensions were compliant with the current I-D at the time they were implemented. I will be spending time going through the published RFCs and making sure that the implementations are complete/correct. Other features that are expected to be on the short-term roadmap are: - Bron's CHARSET changes - Morphing legacy ANNOTATEMORE extension into current METADATA extension (this will allow us to add other METADATA-dependent extensions from Lemonade WG) - Several features/exhancements that are already running in production at Fastmail (I'll let Bron elaborate). I'm sure I'm forgetting something in one of the above lists, but I'll continue to update as I see fit. Happy New Year! -- Kenneth Murchison Systems Programmer Project Cyrus Developer/Maintainer Carnegie Mellon University Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Cyrus IMAPd 2.3.16 Released
Bron Gondwana wrote: > On Mon, Jan 04, 2010 at 09:11:10AM +0100, Simon Matter wrote: >>> Or you can use a dummy backend. It's a backend which always says « OK >>> » when you try to write in it, and always says « not in db » when you >>> read in it. This backend was never committed into cyrus-imapd... Here >>> is an up-to-date version. >>> >>> Then add this in imapd.conf : >>> duplicate_db: dummy >>> >>> Ken, Bron : do you plan to include this backend into cyrus-imapd ? >>> It's very handy when we don't want to use a database (here we often >>> use dummy for annotations). >> It looks really useful to me. Any chance this will go into upstream? I'd >> prefer to include it in my RPMs if I know it's also in upstream. > > It certainly will! There's a bit of 2.3 vs 2.4 uncertainty about where > to put code. I think we've pretty much put 2.3 into maintainence mode. > I'm telling everyone that we're releasing 2.4 in April on the theory that > if you repeat something often enough it becomes true! Do we really need a dummy backend, or should we just rewrite the code so that non-critical DBs can be specified as nil/none/null and just not make the database calls? Also, in the case of disabling annotation_db, we shouldn't be advertising ANNOTATEMORE/METADATA in the IMAP capabilities. In the case of disabling duplicate_db, we shouldn't be allowing the Sieve Vacation extension, and we can't prevent mail loops caused by Sieve Redirect. -- Kenneth Murchison Systems Programmer Project Cyrus Developer/Maintainer Carnegie Mellon University Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: prevent stuck processes with large folder manipulations
I'm wondering if because the COPY might be taking a long time before
responding, that the client thinks that the server has hung or gone
away. The attached (untested) patch might solve the problem.
Paul Dekkers wrote:
Hi,
From time to time (but mostly at the start of the year ;-)), I notice a
lot of load caused by people archiving their mail-folders. Maybe this is
mostly caused by Thunderbird going mad, but I was wondering if I could
do anything on the server-side to prevent things from going bad. Because
now I see memory (and swap) exhaustion and the side-effects of that
(Linux kernel killing processes)...
One example: someone was moving tens of thousands of messages from 2009
to a new "2009 folder". Apparently Thunderbird was stuck, maybe because
these things don't happen "instantly" moving this number of messages so
the server doesn't finish quickly: but Thunderbird created a lot (~100)
of sessions / imapd-processes for this user, maybe after timeouts.
(I think) Only one process was active doing the link's, it looked like
the others were mostly waiting for a write lock (fortunately), waiting
to do the same thing. (Inspected with strace.) But when the process that
hogged the CPU was killed, the next process took over, until all similar
processes were killed. And the new archive-folder now ended up with
several duplicates, taking about millions instead of tens of thousands.
(We'll have to see how to dedup that, any ideas are appreciated
otherwise I'll write something for that.)
It just happened, but it happened before. This mail-server is not that
busy, <100 users, but it happens at least a few times per year.
Any idea how to prevent things like this? Judging from the man-pages I
don't think I could do this from within cyrus, but that I would have to
prevent from linux's ulimit or so and tune that (sounds like a tough
job)... or could I actually do this with cyrus parameters?
Curious if people have similar experiences :-)
Regards,
Paul
P.S. This specific machine is running Red Hat 4 and a version of Simon's
(s)rpm.
Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
--
Kenneth Murchison
Systems Programmer
Project Cyrus Developer/Maintainer
Carnegie Mellon University
Index: append.c
===
RCS file: /afs/andrew/system/cvs/src/cyrus/imap/append.c,v
retrieving revision 1.109.2.2
diff -u -r1.109.2.2 append.c
--- append.c28 Dec 2009 21:51:28 - 1.109.2.2
+++ append.c4 Jan 2010 15:36:28 -
@@ -828,7 +828,8 @@
struct appendstate *as,
int nummsg,
struct copymsg *copymsg,
- int nolink)
+ int nolink,
+ struct protstream *pout)
{
struct mailbox *append_mailbox = &as->m;
int msg;
@@ -841,6 +842,7 @@
int r, n;
int flag, userflag, emptyflag;
struct body *body = NULL;
+time_t start, now;
assert(append_mailbox->format == MAILBOX_FORMAT_NORMAL);
@@ -854,7 +856,15 @@
xmalloc(nummsg * sizeof(struct index_record));
/* Copy/link all files and cache info */
-for (msg = 0; msg < nummsg; msg++) {
+for (start = time(0), msg = 0; msg < nummsg; msg++) {
+ /* Send progress update to client every 30 sec */
+ if (pout && (now = time(0)) > start + 30) {
+ start = now;
+ prot_printf(pout, "* OK copied %d of %d messages\r\n",
+ msg, nummsg);
+ prot_flush(pout);
+ }
+
zero_index(message_index[msg]);
message_index[msg].uid = append_mailbox->last_uid + 1 + as->nummsg;
if (append_mailbox->options & OPT_IMAP_CONDSTORE) {
Index: append.h
===
RCS file: /afs/andrew/system/cvs/src/cyrus/imap/append.h,v
retrieving revision 1.28.2.2
diff -u -r1.28.2.2 append.h
--- append.h28 Dec 2009 21:51:28 - 1.28.2.2
+++ append.h4 Jan 2010 15:36:28 -
@@ -139,7 +139,8 @@
extern int append_copy(struct mailbox *mailbox,
struct appendstate *append_mailbox,
- int nummsg, struct copymsg *copymsg, int nolink);
+ int nummsg, struct copymsg *copymsg, int nolink,
+ struct protstream *pout);
extern int append_collectnews(struct appendstate *mailbox,
const char *group, unsigned long feeduid);
Index: index.c
===
RCS file: /afs/andrew/system/cvs/src/cyrus/imap/index.c,v
retrieving revision 1.219.2.10
diff -u -r1.219.2.10 index.c
--- index.c 28 Dec 2009 21:51:33 - 1.219.2.10
+++ index.c 4 Jan 2010 15:36:29 -
@@ -1814,7 +1814,7 @@
docopyuid = (append_mailbox.m.myrights & ACL_READ);
r = append_copy(mailbox, &append_mail
Re: Future Ideas wiki page
Thanks for adding this to the wiki. As I've said before, I'm comfortable with most, if not all, of this. I'm still working on completing the BODYPARTSTRUCTURE piece of URLAUTH=BINARY in 2.4. I'm trying to decide if I want to search through the preformatted BODYSTRUCTURE response in cyrus.cache for the requested part, or re-parse the MIME headers for the requested part on the fly. Or perhaps there is some other slick way of doing this that hasn't occurred to me yet. Bron Gondwana wrote: > Hi All, > > I've set up a new wiki page here: > > http://cyrusimap.web.cmu.edu/twiki/bin/view/Cyrus/FutureIdeas > > Linked from the roadmap: > > http://cyrusimap.web.cmu.edu/twiki/bin/view/Cyrus/RoadMap > > I've updated the Roadmap with the items I have ready right > now for 2.4, and put everything else into the bright future > under 2.5 for now, subject to "actually gets finished and > stable", obviously. > > Most of these ideas have been fleshed out in some detail > already in my postings to the devel mailing list. Some are > still a little bit raw (like having the mailbox path on disk > depend on the uniqueid rather than the actual mailbox name. > I'll expand on this another time... and it's not yet mentioned > on the wiki, but it makes a lot of things nicer!) > > Anyway, I'd love feedback on any or all of it, and if there > are other things that you feel are really important for the > future viability of Cyrus I'd love to hear about them as well. > I haven't yet had a chance to look at the QRESYNC stuff that > Ken's already done for 2.4, and we might wind up releasing > a 2.4 without a lot of these changes just because there's a > lot of work in there! > > That said, I'm pushing myself pretty aggressively to have that > list finished by April of THIS YEAR. Particularly the low > bandwidth replication, which depends on all pretty much all > of the others! > > Regards, > > Bron. > ___ > Cyrus-project mailing list > cyrus-proj...@lists.andrew.cmu.edu > https://lists.andrew.cmu.edu/mailman/listinfo/cyrus-project > -- Kenneth Murchison Systems Programmer Carnegie Mellon University Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Sieve and encoded Headers
Bron Gondwana wrote: > On Mon, Feb 08, 2010 at 07:53:21AM +0100, Garry wrote: >> Hi, >> >> after wondering for a while why occasionally my sieve script rules >> wouldn't work, I just found the reason (I guess) - Sieve doesn't >> (correctly?) decode utf encoded header lines which e.g. are in a format >> like this: >> >> Subject: >> =?utf-8?B?W0xPR10gV2F0Y2hsaXN0OiBzbWVhZ29sIGZvdW5kIEdydcOfIGF1cyBkZXIgVW50ZXJ3ZWx0IChVbmtub3duIENhY2hlKQ==?= >> >> >> I'm using version: "Cyrus timsieved v2.2.13-Debian-2.2.13-19" ... is it >> something that is fixed in a newer version? I tried finding something on >> the net, but at least the first couple of results pages didn't yield any >> insight ... > > No - it's not fixed in any released version. It is fixed in the FastMail > Cyrus patches - but it's a very invasive change to the charset encoding, > so it's been kept out of the stable line for now. > > I've CC'd Ken on this - I wonder if it's worth going back and doing a > "minimal still compatible" set of patches that fixes charset encoding in > sieve without actually changing the on disk format of the cyrus.cache It might be worth doing this for 2.3. > But - I can tell you that we're not going to be backporting this sort of > thing to the 2.2 series, so you'll certainly need to upgrade! Correct. 2.2 has basically been moth-balled. -- Kenneth Murchison Systems Programmer Carnegie Mellon University Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Sieve and encoded Headers
Bron Gondwana wrote: > On Mon, Feb 08, 2010 at 11:29:22AM -0500, Ken Murchison wrote: >> >> Bron Gondwana wrote: >>> On Mon, Feb 08, 2010 at 07:53:21AM +0100, Garry wrote: >>>> Hi, >>>> >>>> after wondering for a while why occasionally my sieve script rules >>>> wouldn't work, I just found the reason (I guess) - Sieve doesn't >>>> (correctly?) decode utf encoded header lines which e.g. are in a format >>>> like this: >>>> >>>> Subject: >>>> =?utf-8?B?W0xPR10gV2F0Y2hsaXN0OiBzbWVhZ29sIGZvdW5kIEdydcOfIGF1cyBkZXIgVW50ZXJ3ZWx0IChVbmtub3duIENhY2hlKQ==?= >>>> >>>> >>>> I'm using version: "Cyrus timsieved v2.2.13-Debian-2.2.13-19" ... is it >>>> something that is fixed in a newer version? I tried finding something on >>>> the net, but at least the first couple of results pages didn't yield any >>>> insight ... >>> No - it's not fixed in any released version. It is fixed in the FastMail >>> Cyrus patches - but it's a very invasive change to the charset encoding, >>> so it's been kept out of the stable line for now. >>> >>> I've CC'd Ken on this - I wonder if it's worth going back and doing a >>> "minimal still compatible" set of patches that fixes charset encoding in >>> sieve without actually changing the on disk format of the cyrus.cache >> It might be worth doing this for 2.3. > > Done! I've put lots of testing in to it too :) Added to the > cyrus-imapd-2_3-tail branch. Are you planning on re-comitting your charset changes to 2.4 soon? -- Kenneth Murchison Systems Programmer Carnegie Mellon University Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: User creation - automatic subscriptions
Alain Williams wrote: Summary: can safely I put mailbox subscriptions for a new user directly into their .sub file ? Hi, I am putting together a large cyrus system - 20,000 users - at a UK college. Creation of users need to be automatic, I will get a list of new users every day from central admin. Logged in as cyrus I can create the users and their mail boxes (drafts, etc) using a perl script, easy. The user then needs to be subscribed to their mailboxes. This must be done logged in as the user - that is hard, I have no way of knowing their password. You don't need to. You can proxy as any user as long as you authenticate as an admin. You need to be able to authenticate using a SASL mechanism which allows for proxying (PLAIN, DIGEST-MD5, OTP, SRP). Using cyradm, this would look like: cyradm --user cyrus --authz --auth digest-md5 localhost Using imtest, it would look like this: imtest -a cyrus -u -m digest-md5 localhost Both of these will authenticate you as cyrus (using cyrus' password), but authorize you (assume the identity) as . I do notice that the user fred's subscription list is stored in: /var/imap/user/f/fred.sub Is there any reason why I should not just create that file ? You *can* do this if you like, as long as you create it r/w by the cyrus user, but all administration *should* be done via the IMAP protocol. Come to that, is there any reason why I should not create the user's mailbox directly, ie .../users/fred/ and use reconstruct to rebuild the cyrus.cache, etc files ? No, I wouldn't recommend that. Every mailbox needs to have an entry in mailboxes.db, in addition to its directory and cyrus.* files. As I said above, all Cyrus administration *should* be done via IMAP. -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: Cyrus Authentication problems
Doug Koobs wrote: BTW, here is the relevant entry in imapd.log from using imtest: mail imapd[24864]: badlogin: localhost.localdomain[127.0.0.1] plaintext testuser SASL(-13): authentication failure: checkpass failed Is saslauthd running, and if so, with which option(s)? It might be easier to forget about imtest and make sure that saslauthd is happy first by using the testsaslauthd program? Once this is working, then you can move on to imtest. -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: User creation - automatic subscriptions
Mike Cathey wrote: Rob, On Thu, 2003-12-04 at 16:24, Rob Siemborski wrote: You need to use a SASL mechanism that supports authorization (e.g. PLAIN, DIGEST-MD5, GSSAPI...) Thanks for the quick response. I'm able to login with imtest when i use -m login. The attachment is what I get when I try to use -m plain. Do I not have it compiled with "PLAIN" support? I know that I'm normally authenticating via "plaintext" over TLS. Try: imtest -a cyrus -u pointer -m plain -t '' localhost You need to use TLS before PLAIN will be advertised. $ imtest -a cyrus -u pointer -m plain -l 0 localhost S: * OK foo Cyrus IMAP4 v2.1.15-IPv6-Debian-2.1.15-0woody.1.0 server ready C: C01 CAPABILITY S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE STARTTLS LISTEXT LIST-SUBSCRIBED ANNOTATEMORE S: C01 OK Completed C: A01 AUTHENTICATE PLAIN S: A01 NO no mechanism available Authentication failed. generic failure Security strength factor: 0 -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: problem sending mail to shared mailbox
Erik Myllymaki wrote: I created a shared mailbox but I cannot send mail to it. I get [EMAIL PROTECTED] 550 Unknown User? You should be sending to [EMAIL PROTECTED] (empty user with detail part containing the shared mailbox). -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: User creation - automatic subscriptions
Mike Cathey wrote: Ken, On Fri, 2003-12-05 at 09:59, Ken Murchison wrote: You need to use TLS before PLAIN will be advertised. Thanks! That worked. One more question (*I think*). I added some debugging statements to imtest and it looks like it's sending the normal username (-u; "pointer") when it logs into the IMAP server. What is it sending to the IMAP server to tell it that you want to authorize (-a) as another user (ie. cyrus)? I'll start poking through the SASL docs... The PLAIN response has the form: authzid\0authid\0password -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: User creation - automatic subscriptions
Ken Murchison wrote: Mike Cathey wrote: Ken, On Fri, 2003-12-05 at 09:59, Ken Murchison wrote: You need to use TLS before PLAIN will be advertised. Thanks! That worked. One more question (*I think*). I added some debugging statements to imtest and it looks like it's sending the normal username (-u; "pointer") when it logs into the IMAP server. What is it sending to the IMAP server to tell it that you want to authorize (-a) as another user (ie. cyrus)? Just realized that you have the options backwards: -a is the user to authenticate as (user whose password you know) -u is the user to proxy as (behave as if you logged in as this user) I'll start poking through the SASL docs... The PLAIN response has the form: authzid\0authid\0password -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: Murder and POP3
Does the test user have a mailbox on the backend? Because POP3 only supports one mailbox, when you authenticate, it also tries to open the mailbox. If user.test can't be found or open, authentication will fail. IMAP is different in that authentication and mailbox selection are two separate functions. What happens if you do: x SELECT INBOX in imtest? Andreas S. Kerber wrote: I'm currently implementing a cyrus murder test environment (1 backend, 1 frontend and the mupdate-master on a seperate machine). All machines with Cyrus 2.1.16, no virtual domains, unixhierarchysep: no, saslauthd uses pam. Everything is working fine (all mailbox operations and IMAP), except POP3, which is not working. After authenticating via POP3 at the frontend, it immediatly fails with "-ERR Authentication to backend server failed". IMAP works fine and talking POP3 directly to the backend works fine too. According to "ngrep" the frontend connects to the backend, reads the POP3 banner and thats it. It doesn't seem to even try to authenticate. Any idea what the problem could be? Is anybody using POP3 on a murder? This is the ngrep output from the backend when trying to connect via POP3 to the frontend: # ngrep port 110 interface: eth0 (213.182.0.0/255.255.255.128) filter: ip and ( port 110 ) T 213.182.0.:110 -> 213.182.0.:38004 [AP] +OK osiris2 Cyrus POP3 v2.1.16 server ready <[EMAIL PROTECTED]>.. This is what happens on the frontend: # pop3test -a test -w test -p 110 213.182.0. S: +OK seth Cyrus POP3 Murder v2.1.16 server ready <[EMAIL PROTECTED]> C: CAPA S: +OK List of capabilities follows S: SASL DIGEST-MD5 CRAM-MD5 S: EXPIRE NEVER S: LOGIN-DELAY 0 S: TOP S: UIDL S: PIPELINING S: RESP-CODES S: AUTH-RESP-CODE S: USER S: IMPLEMENTATION Cyrus POP3 proxy server v2.1.16 S: . C: AUTH CRAM-MD5 S: + PDM3NjE4NTI5NDIuMTM5MTk0NDZAc2V0aD4= C: dGVzdCA2ZWVkMjE0NDhmMzM2ZmEwMDA4YTc0MzdhZDQwOWU1YQ== S: -ERR Authentication to backend server failed Authentication failed. generic failure Security strength factor: 0 Connection closed. The logs on the frontend reveal nothing helpful: Dec 8 12:51:52 seth pop3d[16023]: accepted connection Dec 8 12:51:52 seth master[17910]: about to exec /usr/cyrus/bin/pop3proxyd Dec 8 12:51:52 seth pop3[17910]: executed Dec 8 12:51:52 seth pop3d[16023]: login: [213.182.0.X] test CRAM-MD5 User logged in Dec 8 12:51:52 seth pop3d[16023]: couldn't authenticate to backend server Dec 8 12:51:52 seth master[13756]: process 16023 exited, status 0 As you can see IMAP works fine: # imtest -a test -w test -p 143 213.182.0. S: * OK seth Cyrus IMAP4 Murder v2.1.16 server ready C: C01 CAPABILITY S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS NAMESPACE UI5 S: C01 OK Completed C: A01 AUTHENTICATE CRAM-MD5 S: + PDE4NzczNTIxNzEuMTM5MjA3NjVAc2V0aD4= C: dGVzdCBhZjViMWIzYTAyMjdiNmM5OWE1ZmE2YmZkYjk1ZGI4Nw== S: A01 OK Success (no protection) Authenticated. Security strength factor: 0 . LIST "" "*" * LIST (\HasNoChildren) "." "INBOX" . OK Completed The is the frontend configuration: configdirectory: /var/imap partition-default: /data/imap admins: cyradm sasl_pwcheck_method: saslauthd proxy_authname: murder osiris2_password: XX mupdate_server: mupdate_port: 3905 mupdate_username: mupdateslave1 mupdate_authname: mupdateslave1 mupdate_password: And this is the backend configuration: configdirectory: /var/imap partition-default: /data/imap admins: cyradm allowanonymouslogin: no sasl_srvtab: /var/imap/srvtab sasl_pwcheck_method: saslauthd sendmail: /usr/sbin/sendmail proxyservers: murder mupdate_server: mupdate_port: 3905 mupdate_username: backend1 mupdate_authname: backend1 mupdate_password: X If needed I can post an "strace" from a running pop3proxyd, there doesn't seem to be anything helpful in there either tough. Your help would be greatly appreciated! -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: Murder and POP3
Andreas S. Kerber wrote: On Mon, Dec 08, 2003 at 03:02:36PM +0100, Andreas S. Kerber wrote: Yes the "test" User has a mailbox on the backend and it is possible login as the "test" User on the backend, without any problems. Accessing the INBOX via IMAP works too (I've used mutt). Here is the output from the "SELECT" via imtest. [...] JFI I've just found what the problem with Murder+POP3 and IMAP 2.1.16 was. _mechs: (which is documented in 2.2-BETA), needed to be set on the frontend. If it is not set, IMAP works (it used DIGEST-MD5 to talk to the backend) but POP3 immediatly failed after the user authenticatet on the frontend. The murder works fine now :-) Is anybody using 2.2-BETA in a production environment or is it currently better to use 2.1.16 (with skiplist)? I've been running 2.2 on my production box since I started working on 2.2, without any problems. I know some others on th elist apparently are running it too. CMU is going to move to 2.2 over the winter break. -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: sieveshell connection fails, while imap works ... ?
Marc G. Fournier wrote: When trying to connect to sieve using sieveshell, using the same userid/passwd that I've verified does work with IMAP, I'm getting the following in the log file(s): Dec 9 20:28:24 xx sieve[28283]: no secret in database Dec 9 20:28:33 xx sieve[28304]: no secret in database Dec 9 20:28:36 xx sieve[28304]: Password verification failed Dec 9 20:29:01 xx sieve[28336]: no secret in database Dec 9 20:29:03 xx sieve[28336]: Password verification failed don't they use the same authentication method(s)? Yes, but sieveshell will try to use the most secure SASL mech offered. So if timsieved offers anything other than PLAIN, you need to have the users secret in an auxprop plugin. If you telnet to the sieve port, what mechs are offered. Alternatively, if you're only offering plaintext mechs and using PAM, make sure you have a PAM config for the "sieve" service. -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: Telemetry log before authentication ?
Etienne Goyer wrote: Hi, I am troubleshooting a problem where the client negociate STARTTLS with success, then fail. I guess the authentication did not work because the server does not write telemetry log. I have local6 and auth log facility set to debug, and I see nothing after the successful starttls negociation message. I was trying to figure out if the client tried to AUTHENTICATE (and, if yes, wich mechanism he tried), or just dropped it after CAPABILITY. I guess I would need telemetry of session before the authentication succeed, unless somebody could tell me for sure "no AUTHENTICATE have been tried because it would have blah in (local6|auth) facility". If authentication is attempted, you should see either success or failure logged in one or both log files. -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: Backup of Cyrus
Doug Koobs wrote: I've been doing some reading of the list archives, and have learned that my current backup process is not sufficient. I'm hoping to get some feedback on my new proposed process. I only have about 20 users, total mail store is under 300 MB. I can stop the services. I want to be able to recover from total disaster, and from user errors. For now, I will do a full backup nightly I'm using RH9 and Simon Matter's RPMs. Here are the beginnings of a script that I hope to use: ### postfix stop# Stop MTA etc/rc.d/init.d/cyrus-imapd stop# Stop Cyrus su cyrus -c "ctl_mboxlist -d" > mailboxes-`date '+%m%d%y'` # List mailboxes; file makes restore easier??? #Backup the following directories (I haven't decided on which tool yet): #/var/spool/imap #/var/lib/imap etc/rc.d/init.d/cyrus-imapd start # Start Cyrus postfix start #Start MTA Will this be sufficient? Thanks, If you're using sieve, you'll also want to backup sievedir, unless you have it nested under configdir like I do. -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: Quotawarn settings
Ramprasad A Padmanabhan wrote: Hi all , I want to use quotawarn to automatically intimate user and the admin that the user quota is above a particular %age of the quota I have put quotawarn: 90 in /etc/imapd.conf Now where Do I enter the text message ( if any ) that will go to the user Is there a way I can Cc: the warning also to the admin No email is sent to the user or anyone else. An IMAP ALERT message is sent to the IMAP client (which the client should display to the user) whenever a mailbox user the given quota is opened. -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: Login disabled user=cyrus - Installing new mail server - No worth y mechs found
Tim Branson wrote:
I am in the process of putting in a new mail server. Apparently this
distribution of SUSE 8.2 has some weird things wrong with Cyrus and
SASL, or it's just me. I would like to allow the following:
1. User accounts on the machine will have mailboxes and authenticate
with the login authentication
2. PAM must be the method of choice for authentication
Here are the config files and the log entries I received.
/etc/imapd.conf
configdirectory: /var/lib/imap
partition-default: /var/spool/imap
sievedir: /var/lib/sieve
admins: cyrus
allowanonymouslogin: no
autocreatequota: 1
reject8bit: no
quotawarn: 90
timeout: 30
poptimeout: 10
dracinterval: 0
drachost: localhost
sasl_pwcheck_method: plain
^^
This isn't valid. If you want to use PAM, then this should be
'saslauthd'. And you should run 'saslauthd -a pam'
If you only want to use plaintext authentication, then you probably also
want to add:
sasl_mech_list: PLAIN LOGIN
lmtp_overquota_perm_failure: no
#
# if you want TLS, you have to generate certificates and keys
#
#tls_cert_file: /usr/ssl/certs/cert.pem
#tls_key_file: /usr/ssl/certs/skey.pem
#tls_ca_file: /usr/ssl/CA/CAcert.pem
#tls_ca_path: /usr/ssl/CA
/etc/cyrus.conf
# standard standalone server implementation
START {
# do not delete this entry!
recover cmd="ctl_cyrusdb -r"
# this is only necessary if using idled for IMAP IDLE
# idled cmd="idled"
}
# UNIX sockets start with a slash and are put into /var/lib/imap/socket
SERVICES {
# add or remove based on preferences
imapcmd="imapd" listen="imap" prefork=0
# imaps cmd="imapd -s" listen="imaps" prefork=0
pop3cmd="pop3d" listen="pop3" prefork=0
# pop3s cmd="pop3d -s" listen="pop3s" prefork=0
sieve cmd="timsieved" listen="sieve" prefork=0
# at least one LMTP is required for delivery
# lmtp cmd="lmtpd" listen="lmtp" prefork=0
lmtpunix cmd="lmtpd" listen="/var/lib/imap/socket/lmtp" prefork=0
# this is only necessary if using notifications
# notify cmd="notifyd" listen="/var/lib/imap/socket/notify"
proto="udp" prefork=1
}
EVENTS {
# this is required
checkpoint cmd="ctl_cyrusdb -c" period=30
# this is only necessary if using duplicate delivery suppression
delprune cmd="ctl_deliver -E 3" period=1440
# this is only necessary if caching TLS sessions
tlsprune cmd="tls_prune" period=1440
# Uncomment the next entry, if you want to automatically remove
# old messages of EVERY user.
# This example calls ipurge every 60 minutes and ipurge will delete
# ALL messages older then 30 days.
# enter 'man 8 ipurge' for more details
# cleanup cmd="ipurge -d 30 -f" period=60
}
/var/log/messages
Dec 12 00:24:41 ms01 master[3932]: process 5143 exited, status 0
Dec 12 00:37:51 ms01 sshd[5167]: Accepted password for root from
:::192.168.0.173 port 1084
Dec 12 00:40:11 ms01 sshd[5285]: Accepted password for cyrus from
:::192.168.0.173 port 1085
Dec 12 00:40:23 ms01 perl: No worthy mechs found
Dec 12 00:40:26 ms01 imapd[5308]: Login disabled user=cyrus auth=cyrus
host=localhost [127.0.0.1]
Dec 12 00:40:32 ms01 perl: No worthy mechs found
Dec 12 00:40:35 ms01 imapd[5313]: Login disabled user=cyrus auth=cyrus
host=localhost [127.0.0.1]
Dec 12 00:41:00 ms01 imapd[5321]: Login disabled user=cyrus auth=cyrus
host=localhost [127.0.0.1]
Dec 12 00:42:30 ms01 perl: No worthy mechs found
Dec 12 00:42:32 ms01 imapd[5337]: Login disabled user=root auth=root
host=localhost [127.0.0.1]
Regards.
Tim Branson.
Manager of Information Technology.
331 Mallory Station Road
Franklin, TN 37067
Phone: 615-224-1007
Fax: 615-224-1414
Cell:615-456-5489
Email: [EMAIL PROTECTED]
Web Page: http://www.leecompany.com
Re: Login disabled user=cyrus - Installing new mail server - No w orth y mechs found
Tim Branson wrote: Made the changes. When I run cyradm with the following: Cyradm --user cyrus --server localhost --auth PLAIN (or LOGIN) It asks for the IMAP password. Then returns that user cyrus can't login. Here is a copy of the logfile: Dec 12 04:47:51 ms01 saslauthd[6290]: START: saslauthd 2.1.12 Dec 12 04:47:51 ms01 saslauthd[6295]: master PID is: 6295 Dec 12 04:47:51 ms01 saslauthd[6295]: daemon started, listening on /var/run/sasl2//mux Dec 12 04:50:13 ms01 perl: No worthy mechs found Dec 12 04:50:16 ms01 imapd[6305]: Login disabled user=cyrus auth=cyrus host=localhost [127.0.0.1] Dec 12 04:50:49 ms01 imapd[6312]: Login disabled user=cyrus auth=cyrus host=localhost [127.0.0.1]***Used PLAIN here * Dec 12 04:51:00 ms01 imapd[6318]: Login disabled user=cyrus auth=cyrus host=localhost [127.0.0.1] **Used Login here ** Unless the above error message is coming directly from PAM, I don't think this is a SASL or Cyrus error message. Did you configure PAM for the imap service? -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: Login disabled user=cyrus - Installing new mail server - No w orth y mechs found
Tim Branson wrote: I created a file in pam.d called imap The contents are as follows: authrequiredpam_unix2.so account requiredpam_unix2.so what happens if you replace the account line with: account sufficient pam_permit.so The error message below leads me to believe that the user's account it disabled/deactivated. -Original Message- From: Ken Murchison [mailto:[EMAIL PROTECTED] Sent: Friday, December 12, 2003 1:21 PM To: Tim Branson Cc: '[EMAIL PROTECTED]' Subject: Re: Login disabled user=cyrus - Installing new mail server - No w orth y mechs found Tim Branson wrote: > Made the changes. When I run cyradm with the following: > > Cyradm --user cyrus --server localhost --auth PLAIN (or LOGIN) > > It asks for the IMAP password. Then returns that user cyrus can't login. > > Here is a copy of the logfile: > > Dec 12 04:47:51 ms01 saslauthd[6290]: START: saslauthd 2.1.12 > Dec 12 04:47:51 ms01 saslauthd[6295]: master PID is: 6295 > Dec 12 04:47:51 ms01 saslauthd[6295]: daemon started, listening on > /var/run/sasl2//mux > Dec 12 04:50:13 ms01 perl: No worthy mechs found > Dec 12 04:50:16 ms01 imapd[6305]: Login disabled user=cyrus auth=cyrus > host=localhost [127.0.0.1] > Dec 12 04:50:49 ms01 imapd[6312]: Login disabled user=cyrus auth=cyrus > host=localhost [127.0.0.1]***Used PLAIN here > * > > Dec 12 04:51:00 ms01 imapd[6318]: Login disabled user=cyrus auth=cyrus > host=localhost [127.0.0.1] **Used Login here > ** Unless the above error message is coming directly from PAM, I don't think this is a SASL or Cyrus error message. Did you configure PAM for the imap service? -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: stage. directory?
Tim Pushor wrote: I am currently writing a backup script that selectively backs up portions of the cyrus imap system, and was wondering what exactly the stage. directory is for? Its a staging area for messages which are delivered to multiple recipients (singleinstancestore) Mine has nothing in it. It shouldn't (other than a fraction of a second). Will it ever have? Only if lmtpd crashed during delivery and doesn't unlink() the temp file(s) Will it get created automatically if I don't back it up? It should. -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: Sieve vacation question : does :addresses match case-insensitively ?
Cyrus Daboo wrote: Hi Cyrus, --On Monday, December 15, 2003 11:35 AM -0500 Cyrus Daboo <[EMAIL PROTECTED]> wrote: || Does the :addresses parameter will be matched case insentively, meaning || that the vacation will also trigger for mail addressed to || [EMAIL PROTECTED] ? | | Good question - the vacation spec is not clear on that. The RFC2821 spec | actually says that the local part of an address (to the left of the @) is | case-sensitive, whilst the domain part (to the right of the @) is not. | Thus '[EMAIL PROTECTED]' and '[EMAIL PROTECTED]' are not the | same. Of course it turns out that many implementations do treat those as | the same, so there does need to be a way to handle that in vacation. The | SIEVE base-spec gets around this by allowing comparisons (with either | case-sensitive or case-insensitive comparators) against the local or | domain part of an address separately if so desired. I will bring this | matter up on the sieve list as it needs to be cleared up wrt vacation. Further to this I see that newer versions of CMU SIEVE do case-insensitive comparisons, but older versions did not - perhaps Ken/Rob can confirm when that change was made so you can decide whether you need to upgrade/patch. AFAICT it was changed prior to 2.1.2. However, it doesn't look like this change made its way into 2.2. The question is, which behavior is correct? I'd argue that in the absence of a :comparator (or similar) argument to vacation, that treating the localpart as can sensitive is probably correct. That being said, I must have made the change in 2.1 for a reason. ;) -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: Sieve vacation question : does :addresses match case-insensitively ?
Etienne Goyer wrote: On Mon, Dec 15, 2003 at 12:59:22PM -0500, Ken Murchison wrote: Cyrus Daboo wrote: Further to this I see that newer versions of CMU SIEVE do case-insensitive comparisons, but older versions did not - perhaps Ken/Rob can confirm when that change was made so you can decide whether you need to upgrade/patch. AFAICT it was changed prior to 2.1.2. So 2.1.15 should do the comparison case-insensitively ? Yes. Take a look at look_for_me() in sieve/script.c -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: Authenticating and authorizing as different users w/an MUA?
Wil Cooley wrote: I recall being able to authenticate as one user and authorize as another at some point with cyradm; it doesn't seem to do that anymore (at least, it's not in the man page). Yeah, its not documented and the option names are almost the reverse of what imtest uses: cyradm --user --authz imtest -a -u Note that the only mechanisms that allow for proxying are PLAIN, DIGEST-MD5, OTP, SRP, KERBEROS_V4 and GSSAPI. At any rate, this tells me it's something the server and IMAP protocol are capable of. However, I don't know of any MUAs that will let you do this, which is important for certain user support issues. Does anyone know of one, or am I mistaken about being able to do this? I'm not aware of any maintream MUAs that let you do this. -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: Urgent help needed - ctl_cyrusdb[3698]: DBERROR db3: /var/imap/mailboxes.db: unexpected file type or format
Oliver Simon wrote: Help please !!! Looks like a big big problem Something has corrupted my mailbox.db, and I think, I have to bite my ars%$. There is no backup ... About 50 users, Between 20 k and 30 MB mailboxes ... Please help, what can I do to recover this ? Working with web-cyradm, Postfix 2.1.15 and cyrus 2.15 (?) ctl_cyrusdb[3698]: DBERROR db3: /var/imap/mailboxes.db: unexpected file type or format You can try db_recover. If that fails, read the BDB docs and utilizing the backups in /var/imap/db.backup1/ and /var/imap/db.backup2/ -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: Plus Addressing (ORA book)
Pollywog wrote: There is also an O'Reilly book and some of the book is available online here: http://www.oreilly.com/catalog/mimap/chapter/ch09.html Looks like a book I might want to buy. Unfortunately, a lot of this book (w.r.t. Cyrus) was out of date before it was published. It only covers Cyrus v1.6 (it does mention a little about 2.0), but is still useful as long as you don't take it as gospel when using 2.x. -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: ipurge
[EMAIL PROTECTED] wrote: I know this question has been asked by others, but I was unable to find a solution in my research. The problem I am having is with ipurge, and when I execute the command it executes, doesn't return an error, and doesn't remove the mail. We are running cyrus 2.2.1 beta, and we are using virtual domains, and the unixhierchysep instead of the standard dot (i.e. user/ instead of user.). I am attempting to removed old mail from two folders with the following commands. ipurge -f -d 3 user/*/mail/Trash ipurge -f -d 7 user/*/mail/JunkMail My understanding is that the * would include all user accounts, and could be changed to something like [EMAIL PROTECTED] (Our mail accounts contain the name and domain). No, the domain is always appended to the end of the mailboxname. Try: ipurge -f -d 3 user/%/mail/[EMAIL PROTECTED] -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: cannot login with cyradm
Nora Bernhard wrote: Hi :) I have a SuSE9.0 with the distributed cyrus-imapd from the installation cds running. Additionally, I downloaded the cyrus-sasl from the official website and compiled it with LDAP support. If I now try 'cyradm --user cyrus localhost' (the user 'cyrus' exists on the LDAP directory), I get "cannot connect to server". In /var/log/messages, I see: If all you are going to allow are plaintext mechanisms, either remove the non-plaintext SASL plugins, specify 'sasl_mech_list: PLAIN LOGIN' in imapd.conf, or use the '--auth login' option to cyradm. Dec 16 15:29:28 lx14 master[25264]: about to exec /usr/lib/cyrus/bin/imapd Dec 16 15:29:28 lx14 imap[25264]: executed Dec 16 15:29:28 lx14 imapd[25264]: accepted connection Dec 16 15:29:31 lx14 imapd[25264]: unable to open Berkeley db /etc/sasldb2: No such file or directory Dec 16 15:29:31 lx14 imapd[25264]: no OTP secret in database Dec 16 15:29:31 lx14 imapd[25264]: don't have a OTP secret Dec 16 15:29:31 lx14 imapd[25264]: badlogin: localhost[127.0.0.1] OTP [SASL(-1): generic failure: don't have a OTP secret] Dec 16 15:29:34 lx14 imapd[25264]: DIGEST-MD5 server step 1 Dec 16 15:29:34 lx14 perl: DIGEST-MD5 client step 2 Dec 16 15:29:34 lx14 imapd[25264]: DIGEST-MD5 server step 2 Dec 16 15:29:34 lx14 imapd[25264]: unable to open Berkeley db /etc/sasldb2: No such file or directory Dec 16 15:29:34 lx14 imapd[25264]: unable to open Berkeley db /etc/sasldb2: No such file or directory Dec 16 15:29:34 lx14 imapd[25264]: no secret in database Dec 16 15:29:34 lx14 imapd[25264]: badlogin: localhost[127.0.0.1] DIGEST-MD5 [SASL(-13): user not found: no secret in database] Dec 16 15:29:37 lx14 imapd[25264]: bad userid authenticated Dec 16 15:29:37 lx14 imapd[25264]: badlogin: localhost[127.0.0.1] CRAM-MD5 [SASL(-13): authentication failure: bad userid authenticated] Dec 16 15:29:40 lx14 perl: No worthy mechs found I guess there may be something wrong with the configuration of the imap-server itself!? I already tried to compile cyrus-imapd myself, but make aborts with errors (some undefined references in cyrusMasterMIB.c). Has anybody got a hint for me? Thanks, Nora -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: squatter target wildcards
Craig Ringer wrote: No, the domain is always appended to the end of the mailboxname. Try: ipurge -f -d 3 user/%/mail/[EMAIL PROTECTED] I've noticed that specifying wildcards to squatter doesn't seem to work. This makes it rather hard to automate things like squatter -s user.% cyrus$ bin/squatter -v user.% error opening user.%: Mailbox does not exist squatter probably should handle wildcards like ipurge, but how do we maintain backwards compatibility with the -r option? What do we do if someone does: squatter -r user.% In v2.2 we have added a /squat mailbox annotation, so you can get more fine-grained control over squatter. In fact, the user's can specify which of their personal mailboxes they want squatted so that the admin doesn't have to be bothered. -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: reconstruct broken in cyrus-imapd-2.1.15
Carsten Hoeger wrote: On Wed, Dec 17, Carsten Hoeger wrote: when the cyrus.* files within a mailbox are missing, reconstruct is no longer able to create them. With cyrus-imapd-2.1.9 it works as expected. 2.1.15 prints out the following message: user.x: Mailbox has an invalid format and does not create them. I am currently searching for the bug. It would be very good to know, where the error message above is printed. All of the mailbox operations are handled by mailbox.c It does not appear to be in reconstruct.c. The above message is defined in imap_err.c and I guess cyrusdb_strerror() converts the return code to strings. In mboxlist.c only syslog is used to log errors. -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: Can't SELECT mailbox as admin on frontend (Murder)
Etienne Goyer wrote:
Hi,
I can't SELECT mailbox on a frontend in a Murder when logged in as an
admin account. Example :
* OK frontend1 Cyrus IMAP4 Murder v2.1.15 server ready
. login admin ***
. OK User logged in
. select user/test123
. NO Mailbox does not exist
. logout
* BYE LOGOUT received
. OK Completed
Obviously, I have check user/test123 exist. Actually, when I connect
directly to the backend where it reside, I can SELECT it no problem.
Also, as user test123, I can't SELECT user/test123 ("NO Mailbox does not
exist" too), but I succeed when I SELECT INBOX.
Could this be related to altnamespace ? If not, what else could cause
this problem ?
I *believe* that these issues have been resolved in 2.2. If you can
grab a protocol dump of what is being sent to the backend, it might shed
some light. My guess is that the mailbox name is being sent in the
internal format, rather than the external one.
--
Kenneth Murchison Oceana Matrix Ltd.
Software Engineer 21 Princeton Place
716-662-8973 x26 Orchard Park, NY 14127
--PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: Secure Password Authentication
Andreas wrote: On Thu, Dec 18, 2003 at 04:02:25PM +0200, victor wrote: How can I use cyrus and SPA. Use the ntlm sasl plugin. I tried it once with outlook express and it didn't work, though, and I didn't pursue it further. What kind of errors were you getting? It does work here (where I wrote it), and I believe other's have used it as well. You can use it with either the user's password stored in an auxprop backend (e.g. sasldb2) or by proxying the auth to an NT/2K/Samba server. -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: Secure Password Authentication
Andreas wrote: On Thu, Dec 18, 2003 at 11:26:21AM -0500, Ken Murchison wrote: What kind of errors were you getting? It does work here (where I wrote it), and I believe other's have used it as well. You can use it with either the user's password stored in an auxprop backend (e.g. sasldb2) or by proxying the auth to an NT/2K/Samba server. imtest + ntlm worked just fine, but when using OE I got "user not found" kind of messages in cyrus' logs. I then created a certificate and started using plain text login with ssl/tls. Let me see if I still have the error messages in syslog.. Ah, found some. Using OE (on my home lan): Dec 7 21:27:26 mac imapd[14509]: NTLM server step 1 Dec 7 21:27:26 mac imapd[14509]: NTLM server step 2 Dec 7 21:27:26 mac imapd[14509]: no secret in database Dec 7 21:27:26 mac imapd[14509]: badlogin: maestro.lowtech[192.168.1.2] NTLM [SASL(-13): user not found: no secret in database] Dec 7 21:27:34 mac imapd[14509]: NTLM server step 1 Dec 7 21:27:34 mac imapd[14509]: NTLM server step 2 Dec 7 21:27:34 mac imapd[14509]: incorrect NTLM responses Dec 7 21:27:34 mac imapd[14509]: badlogin: maestro.lowtech[192.168.1.2] NTLM [SASL(-13): authentication failure: incorrect NTLM responses] Dec 7 21:27:40 mac master[14214]: process 14391 exited, status 0 This probably means that the domain that the client was sending didn't match up with what the server expected. -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: more shared folder problems
Prentice Bisbal wrote: I'm still having problem with shared folders. I'm using Simon's RPMs (latest version, just installed ysterday). Instead of "deposit" (as I posted yesterday), I created the shared folder "shared.deposit" on my system. I removed the default acl for anyone and did sam shared.deposit anonymous p sam shared.deposit prentice all When I send mail to bb+deposit, sendmail says the user is unknown: 'shared' is part of the name, so try: bb+shared.deposit -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: Secure password authentication
victor wrote: I try to install libsasl2-plug-ntlm-2.1.15-5mdk.i586.rpm on mandrake 9.0 but I can't satisfy the dependecies. Installation failed: libsasl2 == 2.1.15 is needed by libsasl2-plug-ntlm-2.1.15-5mdk This is the entire SASL library. The plugins are only useful when SASL itself is installed. libc.so.6(GLIBC_2.3) is needed by libsasl2-plug-ntlm-2.1.15-5mdk This probably means that you need to upgrade to v2.3 of glibc. libcrypto.so.0.9.7 is needed by libsasl2-plug-ntlm-2.1.15-5mdk This is part of the OpenSSL package. -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: Converting mbox to cyrus maildir w/ seen state preservation
Igor Brezac wrote: On Mon, 22 Dec 2003, Miham KEREKES wrote: Hi, I have the following capabilities: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE AUTH=NTLM AUTH=DIGEST-MD5 AUTH=CRAM-MD5 LISTEXT LIST-SUBSCRIBED ANNOTATEMORE mailutil is picking CRAM-MD5 up which does not support proxy authentication. Stop advertising CRAM-MD5 on the cyrus side. Add /tls which will allow mailutil to use PLAIN. PLAIN is the only mech implemented by c-client which support proxy auth. After I've sent my previous message, I found a similar advice in archive. However, I can't find anywhere in the config files where I could stop CRAM-MD5 from being advertised. I searched in /etc/cyrus.conf and /etc/imapd.conf, without any success. Any docs or help suggested? Add sasl_mech_list: plain login digest-md5 ntlm LOGIN and NTLM don't support proxying either. -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: Delivering to a folder
Lee wrote: We're using postfix -> lmtp -> cyrus 2.1.16 on a redhat 9 box. When I try to send a message to [EMAIL PROTECTED] its always delivered to the user's inbox. What do i need to do to get the messages delivered to the folder? Assuming that above is a placholder for the real userid, set the ACL on user//folder so that the 'anonymous' or 'anyone' userid has the 'p' (post) right. Our imapd.conf is attached below. Thanks, Lee IMAPD.CONF: # Cyrus Imapd Configuration configdirectory: /export/cyrus/imap partition-default: /export/cyrus/spool/imap admins: admin tls_cert_file: /export/cyrus/server.pem tls_key_file: /export/cyrus/server.pem allowanonymouslogin: no allowplaintext: yes sasl_mech_list: PLAIN servername: localhost autocreatequota: 0 reject8bit: no quotawarn: 90 timeout: 30 poptimeout: 10 dracinterval: 0 drachost: localhost sasl_pwcheck_method: saslauthd sievedir: /export/cyrus/sieve sendmail: /usr/sbin/sendmail #sieve_maxscriptsize: 32 #sieve_maxscripts: 5 # Get rid of folders as subfolders of INBOX altnamespace: yes unixhierarchysep: yes -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
[POLL] Cyrus 2.2 virtdomains behavior (Was: global admin without defaultdomain?)
Kendrick Vargas wrote: Hi folks, I asked earlier how I could get users within the primary (default) domain hashed into the domain/ subdirectories of the imap spool instead of being right at the toplevel without any real domain association. I was told that the defaultdomain option was meant to ease the passage from version 2.1 to 2.2, so if I simply didn't set it, I'd get the hashing all nice and pretty. Now I have a slightly different issue. I've finally gone back and set things up in this manner. No defaultdomain setting. Users are hashed in the domains as they should be, however I'd like to have a global admin. The documents say I need the defaultdomain to have a global admin. Why? Is there anyway to get around this? I'd like to have a global admin without having the defaultdomain set. I don't really understand why that would be a requirement. Maybe this behavior should be some sort of configurable flag. If someone could point me in the direction to the source I could hack past to disable this behavior, I'd greatly appreciate it. This has to do with the fact that the virtdomains code handles domains by login id and ip address simultaneously. If you don't have a fully qualified user id, the code will do a reverse lookup on the ip address of the local NIC and add that domain. The only way to prevent the appending of the domain is by setting a default domain. I could probably fix this by changing the code to only do virtdomains by one mechanism at a time, NOT both. Since the 2.2 code recently added the ability to have enumerated config options, I could change the virtdomains option to be a tri-state variable, something like [ off, byuserid, byipaddress ]. As long as nobody is depending on the current behavior, I have no problem changing this. Of course, if people do need the current bevavior, I could add a fourth state to handle this. I'd like to get some feedback from those of you that have been using the virtdomains code before I go and make any changes. Happy Holidays, Ken -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: Delivering to a folder
Lee wrote: Ken, that did it. Thank you. One last question, are there any security risks to having all of a user's mailboxes postable by anonymous? Anybody that knows that the mailbox exists can send mail directly to it. If this mailbox sits under an unlimited quotaroot, they could essentially fill up disk space by blasting th emailbox with spam. On Dec 26, 2003, at 10:15 AM, Ken Murchison wrote: Lee wrote: We're using postfix -> lmtp -> cyrus 2.1.16 on a redhat 9 box. When I try to send a message to [EMAIL PROTECTED] its always delivered to the user's inbox. What do i need to do to get the messages delivered to the folder? Assuming that above is a placholder for the real userid, set the ACL on user//folder so that the 'anonymous' or 'anyone' userid has the 'p' (post) right. Our imapd.conf is attached below. Thanks, Lee IMAPD.CONF: # Cyrus Imapd Configuration configdirectory: /export/cyrus/imap partition-default: /export/cyrus/spool/imap admins: admin tls_cert_file: /export/cyrus/server.pem tls_key_file: /export/cyrus/server.pem allowanonymouslogin: no allowplaintext: yes sasl_mech_list: PLAIN servername: localhost autocreatequota: 0 reject8bit: no quotawarn: 90 timeout: 30 poptimeout: 10 dracinterval: 0 drachost: localhost sasl_pwcheck_method: saslauthd sievedir: /export/cyrus/sieve sendmail: /usr/sbin/sendmail #sieve_maxscriptsize: 32 #sieve_maxscripts: 5 # Get rid of folders as subfolders of INBOX altnamespace: yes unixhierarchysep: yes -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: [POLL] Cyrus 2.2 virtdomains behavior (Was: global admin without defaultdomain?)
Ken Murchison wrote: Kendrick Vargas wrote: Hi folks, I asked earlier how I could get users within the primary (default) domain hashed into the domain/ subdirectories of the imap spool instead of being right at the toplevel without any real domain association. I was told that the defaultdomain option was meant to ease the passage from version 2.1 to 2.2, so if I simply didn't set it, I'd get the hashing all nice and pretty. Now I have a slightly different issue. I've finally gone back and set things up in this manner. No defaultdomain setting. Users are hashed in the domains as they should be, however I'd like to have a global admin. The documents say I need the defaultdomain to have a global admin. Why? Is there anyway to get around this? I'd like to have a global admin without having the defaultdomain set. I don't really understand why that would be a requirement. Maybe this behavior should be some sort of configurable flag. If someone could point me in the direction to the source I could hack past to disable this behavior, I'd greatly appreciate it. This has to do with the fact that the virtdomains code handles domains by login id and ip address simultaneously. If you don't have a fully qualified user id, the code will do a reverse lookup on the ip address of the local NIC and add that domain. The only way to prevent the appending of the domain is by setting a default domain. I could probably fix this by changing the code to only do virtdomains by one mechanism at a time, NOT both. Since the 2.2 code recently added the ability to have enumerated config options, I could change the virtdomains option to be a tri-state variable, something like [ off, byuserid, byipaddress ]. As long as nobody is depending on the current behavior, I have no problem changing this. Of course, if people do need the current bevavior, I could add a fourth state to handle this. I'd like to get some feedback from those of you that have been using the virtdomains code before I go and make any changes. I just committed some code to CVS which changes the virtdomains option from a SWITCH to an ENUM having 3 options: off/no/0/false/f(disabled) userid (fully qualified userids only) on/yes/1/true/t (current behavior) What this means (hopefully) is that existing installations of 2.2 code (whether virtdomains is enabled or not) should be unaffected. Those that don't want the reverse IP address lookup can use the "userid" option. -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: Created mailboxes are not showing up.
JLB wrote: On Mon, 29 Dec 2003, Tim Pushor wrote: What mail client are you using? Is the user perhaps not subscribed to those folders? Try checking their subscriptions. ...how do I do that? And as for what mail client: SquirrelMail. :) This would have to be set via some interface to c-client (e.g. PHP). To be perfect honest (even though it is rather embarrasing) I don't really understand subscriptions, even though I've been using Cyrus for years ;-) I know perhaps one tenth as much about subscriptions as you do. ;) Its a way for a client to select a subset of mailboxes that it finds "interesting" and/or wants to display, in the same fashion that you "subscribe" to newgroups. I just had a little stint with Groupwise 5.5 via IMAP (using Mozilla thunderbird) where the users were not subscribed to the folders, and none showed up - In the advanced account settings unchecking 'show only subscribed folders' made them show up. Incidentally, I am also confused about quotas. I want to set a TOTAL quota for the ENTIRE USER, NOT a quota on each individual mailbox. I wish to basically say: OK, user X can have up to 10MB of storage in their Inbox, Sent, Drafts AND Trash all at once. NOT 10MB in Inbox, 10MB in Sent, 10MB in Drafts Is there such a thing as a "sub-folder" or "sub-mailbox"? Just set a quota on the user's INBOX (user.X) and it will do what you want. -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: Subscriptions
Tim Pushor wrote: Now that I have sufficiently embarrassed myself by admitting that I really don't know what IMAP subscriptions are for: What exactly are IMAP subscriptions for? ;-) It a way for a user to tell the client that you find the subscribed mailboxes as "interesting", which normally means that the client restricts the list of displayed mailboxes to the subscribed mailboxes. It would normally be used when the server has a lot of shared folders, most of which you don't care about. It it analogous to subscribing to usenet newgroups. -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: [POLL] Cyrus 2.2 virtdomains behavior (Was: global admin without defaultdomain?)
Igor Brezac wrote: On Mon, 29 Dec 2003, Ken Murchison wrote: Ken Murchison wrote: Kendrick Vargas wrote: Hi folks, I asked earlier how I could get users within the primary (default) domain hashed into the domain/ subdirectories of the imap spool instead of being right at the toplevel without any real domain association. I was told that the defaultdomain option was meant to ease the passage from version 2.1 to 2.2, so if I simply didn't set it, I'd get the hashing all nice and pretty. Now I have a slightly different issue. I've finally gone back and set things up in this manner. No defaultdomain setting. Users are hashed in the domains as they should be, however I'd like to have a global admin. The documents say I need the defaultdomain to have a global admin. Why? Is there anyway to get around this? I'd like to have a global admin without having the defaultdomain set. I don't really understand why that would be a requirement. Maybe this behavior should be some sort of configurable flag. If someone could point me in the direction to the source I could hack past to disable this behavior, I'd greatly appreciate it. This has to do with the fact that the virtdomains code handles domains by login id and ip address simultaneously. If you don't have a fully qualified user id, the code will do a reverse lookup on the ip address of the local NIC and add that domain. The only way to prevent the appending of the domain is by setting a default domain. I could probably fix this by changing the code to only do virtdomains by one mechanism at a time, NOT both. Since the 2.2 code recently added the ability to have enumerated config options, I could change the virtdomains option to be a tri-state variable, something like [ off, byuserid, byipaddress ]. As long as nobody is depending on the current behavior, I have no problem changing this. Of course, if people do need the current bevavior, I could add a fourth state to handle this. I'd like to get some feedback from those of you that have been using the virtdomains code before I go and make any changes. I just committed some code to CVS which changes the virtdomains option from a SWITCH to an ENUM having 3 options: off/no/0/false/f(disabled) userid (fully qualified userids only) on/yes/1/true/t (current behavior) What this means (hopefully) is that existing installations of 2.2 code (whether virtdomains is enabled or not) should be unaffected. Those that don't want the reverse IP address lookup can use the "userid" option. I have not checked the code, but how does this affect global admins? If you set virtdomains:on it will behave like the current code. If you set virtdomains:userid you can have a global admin without setting defaultdomain. Like I said, you *shouldn't* notice any difference unless you switch from "on" to "userid". -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: global admin without defaultdomain?
Igor Brezac wrote: Ummm.. there aren't many mechs on my system :-) But at least this Read cyrus-sasl/doc/ Would you like me to post my config again? I don't know what to tell you about my configuration to make you believe me when I say I can't connect a global admin through anything but localhost. If I had the time and I was more understanding of C, I'd dive in the code and hunt it down, but the best I can provide right now is evidence. I don't know how bad I could screw the configuration (and I'm pretty good about reading docs), so I really don't see why this looks suspicious. Well, something has to be different. I never ran 2.2.2-Beta and perhaps I incorrectly assume that there is very little difference between it and cvs head. The code prior to recent Ken's commit discards domain part of the username if the username is in defaultdomain. So, I do not understand why do your admin logins have domain in the queries. This can also explain why you are only able to connect to localhost with your admin userid. Ken, any ideas? You could verify by looking at the commit logs, but I don't recall changing much of anything in the virtdomains code recently. So the current CVS should be identical to the last beta release. -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: Created mailboxes are not showing up.
JLB wrote: I know that THAT isn't the problem. Since it worked BEFORE this doofus came in and completely changed the imap system (without providing any notes to anyone). :) Our copy of SquirrelMail HAS NOT CHANGED since the 'old days', when we ran plain old despicable UW IMAPD, and things just worked. So since SquirrelMail has NOT changed (no, we haven't even upraded it!)... I know that's not it. Since you are dealing with someone (Rob) that is one of the authors of Cyrus and has experience configuring and hacking SquirrelMail, I am quite certain that he can solve your problem. I would suggest that you drop the attitude before you piss him off and he clams up. On Tue, 30 Dec 2003, Rob Siemborski wrote: On Tue, 30 Dec 2003, JLB wrote: Right -- squirrelmail still needs them to subscribe to the folders. What mailbox name are you trying to create? A valid name. You know, like "asdfasdf". All letters, only a few characters. I'm dense, but I'm not THAT dense. I tried many 'valid' names. "testing", "asdfsadf", "fnord", "foobar"... I didn't try to create a mailbox called "[EMAIL PROTECTED] * 5u2t/t 9898#" or anything ;) Unless you are using altnamespace, you probably want to create INBOX.whatever. In the Folder Settings page of SquirrelMail's server configuration (i.e. when you run "config/conf.pl" from the SquirrelMail base directory), it specifies that the default folder 'prefix' is indeed INBOX. Ah, then you are creating INBOX.testing and so on. I wonder if there is an extra character that shouldn't be there sneaking in (like a newline). -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper -- Jessica L. Blank, Systems Administrator, twu.net -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: Created mailboxes are not showing up.
What version of Cyrus and how is it configured? Are you using the altnamespace, unixhiersep or virtdomains options? From looking at the source, the only ways that you can get the "Invalid mailbox name" error is if the name includes a wildcard, a trailing separator, is too long or you're trying to create a mailbox in a different domain. JLB wrote: I know that THAT isn't the problem. Since it worked BEFORE this doofus came in and completely changed the imap system (without providing any notes to anyone). :) Our copy of SquirrelMail HAS NOT CHANGED since the 'old days', when we ran plain old despicable UW IMAPD, and things just worked. So since SquirrelMail has NOT changed (no, we haven't even upraded it!)... I know that's not it. On Tue, 30 Dec 2003, Rob Siemborski wrote: On Tue, 30 Dec 2003, JLB wrote: Right -- squirrelmail still needs them to subscribe to the folders. What mailbox name are you trying to create? A valid name. You know, like "asdfasdf". All letters, only a few characters. I'm dense, but I'm not THAT dense. I tried many 'valid' names. "testing", "asdfsadf", "fnord", "foobar"... I didn't try to create a mailbox called "[EMAIL PROTECTED] * 5u2t/t 9898#" or anything ;) Unless you are using altnamespace, you probably want to create INBOX.whatever. In the Folder Settings page of SquirrelMail's server configuration (i.e. when you run "config/conf.pl" from the SquirrelMail base directory), it specifies that the default folder 'prefix' is indeed INBOX. Ah, then you are creating INBOX.testing and so on. I wonder if there is an extra character that shouldn't be there sneaking in (like a newline). -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper -- Jessica L. Blank, Systems Administrator, twu.net -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: [POLL] Cyrus 2.2 virtdomains behavior (Was: global admin without defaultdomain?)
Christos Soulios wrote: This means that there is no choice for an administrator who might want to distribute users to the domains _only_ according to the IP address of the server that users connect to? I would not like my users to have the ability to choose a domain only by appending a @domain to their userid. But authentication should fail in this case, unless the user's in two different domains have the same userid and password. Are there any negatives consequences for implementing a byipaddress only option too? Don't know. Rob and I wondered what would be the reasonable thing to do if byipaddess was configured and a user used a fully qualified userid to log in. I would like to see it implemented in cyrus, if this is not a problem. Its not a problem to implement it. I'd like to get some more discussion on how the two methods can/should interact. Ken Murchison wrote: I just committed some code to CVS which changes the virtdomains option from a SWITCH to an ENUM having 3 options: off/no/0/false/f(disabled) userid(fully qualified userids only) on/yes/1/true/t(current behavior) What this means (hopefully) is that existing installations of 2.2 code (whether virtdomains is enabled or not) should be unaffected. Those that don't want the reverse IP address lookup can use the "userid" option. -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: Created mailboxes are not showing up.
JLB wrote: On Tue, 30 Dec 2003, Ken Murchison wrote: What version of Cyrus and how is it configured? Are you using the altnamespace, unixhiersep or virtdomains options? From looking at the Donno. I didn't set it up. :) Where do I look for that? /etc/imapd.conf You *really* should read the Cyrus docs so you have a basic understanding of what you dealing with. source, the only ways that you can get the "Invalid mailbox name" error is if the name includes a wildcard, a trailing separator, is too long or you're trying to create a mailbox in a different domain. OK, now THAT is weird. Since I'm sure I'm not doing any of that. You might not, but we don't know what the client is doing until we see the telemetry. Look for the 'configdir' option in /etc/imapd.conf and then create a /log/ directory (writable by the cyrus user), where is the directory specified by the configdir option and is the userid of the user trying to create a folder. The directory you create will start to fill up with telemetry logs (one per connection) named by pid. JLB wrote: I know that THAT isn't the problem. Since it worked BEFORE this doofus came in and completely changed the imap system (without providing any notes to anyone). :) Our copy of SquirrelMail HAS NOT CHANGED since the 'old days', when we ran plain old despicable UW IMAPD, and things just worked. So since SquirrelMail has NOT changed (no, we haven't even upraded it!)... I know that's not it. On Tue, 30 Dec 2003, Rob Siemborski wrote: On Tue, 30 Dec 2003, JLB wrote: Right -- squirrelmail still needs them to subscribe to the folders. What mailbox name are you trying to create? A valid name. You know, like "asdfasdf". All letters, only a few characters. I'm dense, but I'm not THAT dense. I tried many 'valid' names. "testing", "asdfsadf", "fnord", "foobar"... I didn't try to create a mailbox called "[EMAIL PROTECTED] * 5u2t/t 9898#" or anything ;) Unless you are using altnamespace, you probably want to create INBOX.whatever. In the Folder Settings page of SquirrelMail's server configuration (i.e. when you run "config/conf.pl" from the SquirrelMail base directory), it specifies that the default folder 'prefix' is indeed INBOX. Ah, then you are creating INBOX.testing and so on. I wonder if there is an extra character that shouldn't be there sneaking in (like a newline). -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper -- Jessica L. Blank, Systems Administrator, twu.net -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp -- Jessica L. Blank, Systems Administrator, twu.net -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: nntp fiddling
Amos Gouaux wrote: So, if I leave this imapd.conf setting blank, does that mean all folders that I have access to via IMAP should appear as NNTP news groups (authenticated login)? newsprefix: Prefix to be prepended to newsgroup names to make the corresponding IMAP mailbox names. Just fiddling around it seems as if I see everything except those folders under "user.". Is that correct? I noticed some old posts that indicated any folder should be viewable, but so far in my test environment I'm not seeing that Mainly just curious. I specifically do not serve user.* via NNTP, mainly because I figured somebody might screw something up. But since I now have relatively good access controls, I can probably remove this restriction. I also thought it might be disconcerting for users to see their personal folders (e.g. user.ken.*) as "newsgroups". It's funny. Ages ago I remember a friend going on about how cool it was to read mail via nn. Personally I couldn't get my head around it, but now I'm playing with NNTP access to an IMAP server. Funny how things go around like that, given enough time. (Of course I'm posting this via Gnus, another news reader! ;-) How are things running? Any issues with NNTP clients or servers? -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: nntp fiddling
Amos Gouaux wrote: On Tue, 30 Dec 2003 15:12:30 -0500, Ken Murchison <[EMAIL PROTECTED]> (km) writes: km> I specifically do not serve user.* via NNTP, mainly because I km> figured somebody might screw something up. But since I now have km> relatively good access controls, I can probably remove this km> restriction. km> I also thought it might be disconcerting for users to see their km> personal folders (e.g. user.ken.*) as "newsgroups". I'm inclined to agree. Besides, I think NNTP of read/write folders that generally won't be expired, like an INBOX, probably wouldn't work out so well. Maybe a brief comment in imapd.conf would be helpful, though. However, I'm realizing that a lot of our shared folders tend to be used more like NNTP groups than IMAP read/write folders, so this NNTP access is quite intriguing. Especially when the access permissions also apply. Very cool. Being able to set squat (that's so funny to say) and expire via annotations is so cool. km> How are things running? Any issues with NNTP clients or servers? So far, things are looking pretty good. The only oddity I've seen is from a reader called tin that at one time seemed to be pretty popular here: Your server does not have Xref: in its XOVER information. Tin will try to use XHDR XREF instead (slows down things a bit). I added support for the Xref header to CVS last week. The basic problem with Xref is that we don't know what the UID of an article will be until after its hit the disk, therefore making it difficult to insert it at delivery time. It occured to me last week that I'm already keeping track of every article by message-id in deliver.db (with group, uid and timestamp) so I can generate the Xref header on the fly and injected into the ARTICLE, BODY, OVER and HDR responses. -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: nntp fiddling
Amos Gouaux wrote: On Tue, 30 Dec 2003 15:59:16 -0500, Ken Murchison <[EMAIL PROTECTED]> (km) writes: km> I added support for the Xref header to CVS last week. Cool. Yup, now even tin happy. Any perceivable difference in performance? I was considering making the Xref stuff enabled by a config option, since not all clients need it, but if it doesn't slow things down too much, I won't bother. -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: nntp fiddling
[EMAIL PROTECTED] wrote: On Tue, 30 Dec 2003, Ken Murchison wrote: Any perceivable difference in performance? I was considering making the Xref stuff enabled by a config option, since not all clients need it, but if it doesn't slow things down too much, I won't bother. On this box? My test box is a scruffy old U10 with nearly no memory and slow drives. I can't really see a difference myself. The only slight difference appears when I unset newsprefix, presumedly because it has to search out more folders. However, even this difference seems very slight. I'm not even sure it really exists. ;-) Cool! Thanks for the feedback. You're one of only two people that has given me any substantial feedback on the NNTP support in 2.2. Happy New Year! -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: ctl_mboxlist
Richard Houston wrote: Hi all, I am trying to get my backups going for may cyrus server but am having some issues. When I run the following: su cyrus -c "ctl_mboxlist -d" I get nothing back. I am running 2.1.15 with Berkley DB databases. Any errors? Is ctl_mboxlist in cryus' path? -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: nntp fiddling
Nils Vogels wrote: Ken Murchison wrote: [EMAIL PROTECTED] wrote: On Tue, 30 Dec 2003, Ken Murchison wrote: Any perceivable difference in performance? I was considering making the Xref stuff enabled by a config option, since not all clients need it, but if it doesn't slow things down too much, I won't bother. On this box? My test box is a scruffy old U10 with nearly no memory and slow drives. I can't really see a difference myself. The only slight difference appears when I unset newsprefix, presumedly because it has to search out more folders. However, even this difference seems very slight. I'm not even sure it really exists. ;-) Cool! Thanks for the feedback. You're one of only two people that has given me any substantial feedback on the NNTP support in 2.2. Happy New Year! I've been fiddling around a bit as well, but the main problem is, that I do not have access to an NNTP feed, and Cyrus didn't not support pulling one in (using MODE READER, and sucking in articles). In the end, having to make a chain with an intermediate program that did the Cyrus <--> ISP NNTP server interaction and LMTP injection turned out to be rather a pain, hence I dropped the idea altogether, unfortunately. If this could be changed, I would love to try again ;-) Cyrus 2.2 includes the fetchnews program which will grab articles from an upstream server using the NEWNEWS command. If the upstream server doesn't allow NEWNEWS, then you can use the sucknews program (http://home.comcast.net/~bobyetman/index.html). I have tested both and still use fetchnews myself. Here are sample cyrus.conf entries: # fetch news articles fetchnews cmd="fetchnews bogey" period=5 suckcmd="suck bogey -M -bp -hl localhost -c -H -n -dd /etc -dm /var/spool/suck -dt /tmp -s -e" period=5 -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: [POLL] Cyrus 2.2 virtdomains behavior (Was: global admin without defaultdomain?)
Jure PeÄar wrote: virtdomains=ipaddr (or something) here we need to teach server the ip->domain mapping. reverse dns? most likely. server accepts & authenticates usernames without @domain on appropriate interfaces (ip adresses) and it searches for username only in the domain the ip adress the user is coming from belongs. [EMAIL PROTECTED] usernames should be rejected IMHO. global admin should be specified without the @domain and authenticated on any ip address. per domain admin users should be specified with @domain and should only authenticate when coming to the right ip address. So, you're suggesting that admins always use fully qualified userids? This would work, but it requires that an unqualified userid be checked to see if its an admin before appending the domain from the ip address. This is probably the easiest way to handle the global admin without enforcing a default domain and also allows something like: admins: cyrus [EMAIL PROTECTED] [EMAIL PROTECTED] Is there a problem if *any* user is allowed to use a fully qualified userid in an ipaddr config? -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: [POLL] Cyrus 2.2 virtdomains behavior (Was: global admin without defaultdomain?)
Christos Soulios wrote: If the domain passed in the fully qualified userid matches the domain selected from the ipaddress, then cyrus, proceeds to authenticate user using sasl. If it is different, then authentication fails without even making a query to the authentication mechanism. Can you explain why this matters. Are you limited certain domains to a particular interface for security reasons? I assumed that byaddr is just a convenience for the users. How do you propose to handle admins, especially the global admin? Jure's proposal seems to make the most sense to me at this point (admins use fully qualified userids) -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: telnet but not pop3test; -ERR [SYS/PERM] Unable to open maildrop
Bob Lockie wrote: I've been using telnet to try and debug the "-ERR [SYS/PERM] Unable to open maildrop" problem but then it ocurred to me to try pop3test and it doesn't even authenticate. # pop3test -m user -u bob localhost You want to use -a instead of -u S: +OK gw.lockie.ca Cyrus POP3 v2.1.15 server ready <[EMAIL PROTECTED]> C: CAPA S: +OK List of capabilities follows S: EXPIRE NEVER S: LOGIN-DELAY 0 S: TOP S: UIDL S: PIPELINING S: RESP-CODES S: AUTH-RESP-CODE S: USER S: IMPLEMENTATION Cyrus POP3 server v2.1.15 S: . Please enter your password: C: USER root S: +OK Name is a valid mailbox C: PASS S: -ERR [AUTH] Invalid login Authentication failed. generic failure Security strength factor: 0 # telnet localhost 110 Trying 127.0.0.1... Connected to localhost.localdomain. Escape character is '^]'. +OK gw.lockie.ca Cyrus POP3 v2.1.15 server ready <[EMAIL PROTECTED]> user bob +OK Name is a valid mailbox pass -ERR [SYS/PERM] Unable to open maildrop Does the user.bob mailbox exist? -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: [POLL] Cyrus 2.2 virtdomains behavior (Was: global admin without defaultdomain?)
Christos Soulios wrote: Quoting Rob Siemborski <[EMAIL PROTECTED]>: On Fri, 2 Jan 2004, Christos Soulios wrote: Rob Siemborski wrote: On Fri, 2 Jan 2004, Paul Boven wrote: The only argument I currently completely understand for an IP-only based setup is that of sites that need to distinguish ANONYMOUS users between domains (and prehaps that is good enough). What about being able to determine the virtual domain based on the ip address and presenting different ssl certificate for each domain? Even presenting different host name, one that is in accordance to the ssl certificate. All this happens long before authentication. Right? This would be really nice to implement. You can do that in a model that still allows users to add an @ sign and a domain to their userid. I cannot figure out how this can be achieved. And to make it clear, I will give an example. I have two domains domain1.com and domain2.com which are hosted by the hosts imap.domain1.com and imap.domain2.com respectively. These two servers must have two different certificates with cn=imap.domain1.com and cn=imap.domain2.com When the user connects to the imap.domain1.com and long before the user authentication takes place, the cyrus must be able to present the correct certificate. Because most mail clients will not accept to connect to the imap host imap.domain1.com and be presented a certificate with cn=imap.otherdomain.com But how can cyrus be able to know which is the correct certificate to present? Of course, not by retrieving the domain by the userid suffix. Then it is too late. The authentication has already taken place. In my opinion this must have taken place by the time the user connects. And then the only way for cyrus to determine the correct virtual domain is _only_ using the ip address of the server interface. Am I right or am I missing something here? IMO this should be handled by TLS. There is an extension (RFC 3546) to handle this, but I don't think its had wide deployment yet. -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: please explain
Bob Lockie wrote: What is the difference between the home_mailbox and the mail_spool_directories? None of these parameters have anything to do with Cyrus. What are you trying to configure? # The home_mailbox parameter specifies the optional pathname of a # mailbox file relative to a user's home directory. The default # mailbox file is /var/spool/mail/user or /var/mail/user. Specify # "Maildir/" for qmail-style delivery (the / is required). /var/spool/mail/user is not a relative path so is the documentation incorrect? # The mail_spool_directory parameter specifies the directory where # UNIX-style mailboxes are kept. The default setting depends on the # system type. When mail arrives to the smtp server, it is stored in the mail_spool_directory? If home_mailbox and mail_spool_directory are mutually exclusive (as I suspect) then why the seperate parameters? # The queue_directory specifies the location of the Postfix queue. # This is also the root directory of Postfix daemons that run chrooted. # See the files in examples/chroot-setup for setting up Postfix chroot # environments on different UNIX systems. The queue_directory is only for sending mail? -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: nntp fiddling
Ken Murchison wrote: Nils Vogels wrote: Ken Murchison wrote: [EMAIL PROTECTED] wrote: On Tue, 30 Dec 2003, Ken Murchison wrote: Any perceivable difference in performance? I was considering making the Xref stuff enabled by a config option, since not all clients need it, but if it doesn't slow things down too much, I won't bother. On this box? My test box is a scruffy old U10 with nearly no memory and slow drives. I can't really see a difference myself. The only slight difference appears when I unset newsprefix, presumedly because it has to search out more folders. However, even this difference seems very slight. I'm not even sure it really exists. ;-) Cool! Thanks for the feedback. You're one of only two people that has given me any substantial feedback on the NNTP support in 2.2. Happy New Year! I've been fiddling around a bit as well, but the main problem is, that I do not have access to an NNTP feed, and Cyrus didn't not support pulling one in (using MODE READER, and sucking in articles). In the end, having to make a chain with an intermediate program that did the Cyrus <--> ISP NNTP server interaction and LMTP injection turned out to be rather a pain, hence I dropped the idea altogether, unfortunately. If this could be changed, I would love to try again ;-) Cyrus 2.2 includes the fetchnews program which will grab articles from an upstream server using the NEWNEWS command. If the upstream server doesn't allow NEWNEWS, then you can use the sucknews program (http://home.comcast.net/~bobyetman/index.html). I just spent some time over the last few days adding a non-NEWNEWS mode to fetchnews, so you no longer need to use sucknews. You can either force fetchnews to not use NEWNEWS by using the -n option, or if the server doesn't support it, fetchnews will automatically fall back to using the non-NEWNEWS mode. In the non-NEWNEWS mode, fetchnews keeps track of the high water marks of each group in a fetchnews.db (essentially a newsrc file using the flat cyrusdb backend) and uses them to fetch articles that have arrived since the last invocation. -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: nntp fiddling
Nils Vogels wrote: Ken Murchison wrote: Ken Murchison wrote: Nils Vogels wrote: Ken Murchison wrote: [EMAIL PROTECTED] wrote: On Tue, 30 Dec 2003, Ken Murchison wrote: Any perceivable difference in performance? I was considering making the Xref stuff enabled by a config option, since not all clients need it, but if it doesn't slow things down too much, I won't bother. On this box? My test box is a scruffy old U10 with nearly no memory and slow drives. I can't really see a difference myself. The only slight difference appears when I unset newsprefix, presumedly because it has to search out more folders. However, even this difference seems very slight. I'm not even sure it really exists. ;-) Cool! Thanks for the feedback. You're one of only two people that has given me any substantial feedback on the NNTP support in 2.2. Happy New Year! I've been fiddling around a bit as well, but the main problem is, that I do not have access to an NNTP feed, and Cyrus didn't not support pulling one in (using MODE READER, and sucking in articles). In the end, having to make a chain with an intermediate program that did the Cyrus <--> ISP NNTP server interaction and LMTP injection turned out to be rather a pain, hence I dropped the idea altogether, unfortunately. If this could be changed, I would love to try again ;-) Cyrus 2.2 includes the fetchnews program which will grab articles from an upstream server using the NEWNEWS command. If the upstream server doesn't allow NEWNEWS, then you can use the sucknews program (http://home.comcast.net/~bobyetman/index.html). I just spent some time over the last few days adding a non-NEWNEWS mode to fetchnews, so you no longer need to use sucknews. You can either force fetchnews to not use NEWNEWS by using the -n option, or if the server doesn't support it, fetchnews will automatically fall back to using the non-NEWNEWS mode. In the non-NEWNEWS mode, fetchnews keeps track of the high water marks of each group in a fetchnews.db (essentially a newsrc file using the flat cyrusdb backend) and uses them to fetch articles that have arrived since the last invocation. Muchos gracias ;-) I will try this ASAP! Could you tell me, where I can find the new fetchnews? Is it in CVS? Yes. I also had a sucknews (but then in reverse) to grab the posts done on the Cyrus newsserver to be fed towards USENET, since my provider only allows me to use the POST command, and from what I recall, Cyrus uses IHAVE ? (Could be a little bit off here, not sure anymore). Yes, it uses IHAVE. I can take a look at adding support for POST (the commands are almost identical). Does your provider also require you to authenticate? -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: imapd dies when connecting with Mozilla-1.6beta Mail IMAP account
Hajo Beckefeld wrote: Hi List! I'm running a cyrus IMAP server 2.1.16 on an Linux 2.2.25 machine. When I try connect from an Mozilla 1.6/1.7 IMAP client, I can't establish the connection. The log just says: Jan 4 13:52:43 jinn master[12215]: about to exec /usr/cyrus/bin/imapd Jan 4 13:52:43 jinn imap[12215]: executed Jan 4 13:52:43 jinn imapd[12215]: accepted connection Jan 4 13:52:50 jinn master[2293]: process 12215 exited, signaled to death by 11 Can you provide a backtrace of a core dump and/or a telemetry log of the traffic? Since it looks like its crashing before/during authentication, you'll need to use something like ssldump (or the like) to capture the IMAP traffic. -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: imapd dies when connecting with Mozilla-1.6beta Mail IMAP account
Hajo Beckefeld wrote: Thanks for the very fast reply! Hi List! I'm running a cyrus IMAP server 2.1.16 on an Linux 2.2.25 machine. When I try connect from an Mozilla 1.6/1.7 IMAP client, I can't establish the connection. The log just says: Jan 4 13:52:43 jinn master[12215]: about to exec /usr/cyrus/bin/imapd Jan 4 13:52:43 jinn imap[12215]: executed Jan 4 13:52:43 jinn imapd[12215]: accepted connection Jan 4 13:52:50 jinn master[2293]: process 12215 exited, signaled to death by 11 Can you provide a backtrace of a core dump and/or a telemetry log of the traffic? Since it looks like its crashing before/during authentication, you'll need to use something like ssldump (or the like) to capture the IMAP traffic. Yes you're right! The Mozilla mail client is waiting for the authentication! I allready looked for a switch in cyrus-imap to enable further logging, is there anything? Not for pre-authentication traffic. Are you getting any further info in your auth.log? I don't know how to get a core dump. I'm not very confirm with that, sorry! I just try to post the tcp traffic! The IMAP traffic should at least tell us what the client is trying to do. -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: nntp fiddling
Kevin P. Fleming wrote: Ken Murchison wrote: Yes, it uses IHAVE. I can take a look at adding support for POST (the commands are almost identical). Does your provider also require you to authenticate? Ken, I'd like to try out this support too, I've been hanging around waiting for it to more stable (and get features like these added). In my case, I'd be mirroring newsgroups from 4-5 different servers, none of which I can get a feed from. That means using reader mode only, for both retrieval and posting; in my case, none of them require authentication (they are either public servers or use IP authentication (my ISP)). Would you want to feed to all of the servers, or just one? Currently, fetchnews and nntpd are only setup to have one upstream peer. Actually fetchnews can work with any server you want, but it doesn't keep track of the groups by server. So, as long as there isn't any intersection of the groups your are fetching from the servers, your won't have a problem. If anybody thinks that fetching the same groups from different servers is necessary, I can tweak the fetchnews.db format to handle this (I think). Until I add POST support, you could set a news2mail annotation on the groups that you want to feed upstream and then use lmtp2nntp I don't have 2.2.x installed yet, but my server will be undergoing a major rebuild in the next week or two and I'm looking forward to trying this out. It will be used in combination with SquirrelMail, so I'm hoping the news folders will be easily usable from there. The "news" folders are no different from "email" folders. You can feed them via NNTP and serve them via IMAP or feed them via LMTP and serve them via NNTP (or any other combo). SquirrelMail shouldn't have any problem serving up your newsgroups. -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: nntp fiddling
[EMAIL PROTECTED] wrote:
On Sun, 4 Jan 2004 [EMAIL PROTECTED] wrote:
On Sun, 4 Jan 2004, Ken Murchison wrote:
Until I add POST support, you could set a news2mail annotation on the
Hmm... grepping the source this would just be an email address, no?
I keep this up and nobody will ever answer any of my posts. ;-)
This is sweet. Works like a charm.
. SETANNOTATION news.utd.test "/vendor/cmu/cyrus-imapd/news2mail" ("value.shared" "[EMAIL PROTECTED]")
Hmmm... if the duplicate delivery db is enabled, then this and the
lmtp2nntp thing could be used to mirror listserv list <-> and news
group, huh?
Yes (or at least that was the intent). I added this for someone who was
doing exactly this (as I understood it).
--
Kenneth Murchison Oceana Matrix Ltd.
Software Engineer 21 Princeton Place
716-662-8973 x26 Orchard Park, NY 14127
--PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: nntp fiddling
[EMAIL PROTECTED] wrote: On Sun, 4 Jan 2004, Ken Murchison wrote: Until I add POST support, you could set a news2mail annotation on the Hmm... grepping the source this would just be an email address, no? Yes, and email address (or alias which the MTA can expand to multiple addresses). Is this missing from install-netnews.html? -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: nntp fiddling
Kevin P. Fleming wrote: Ken Murchison wrote: Would you want to feed to all of the servers, or just one? Currently, fetchnews and nntpd are only setup to have one upstream peer. Yes, I would want to feed messages back to all the servers. Actually fetchnews can work with any server you want, but it doesn't keep track of the groups by server. So, as long as there isn't any intersection of the groups your are fetching from the servers, your won't have a problem. If anybody thinks that fetching the same groups from different servers is necessary, I can tweak the fetchnews.db format to handle this (I think). There is no overlap between the groups from the different servers, and grouping them is easy with wildcard matching: cups.* microsoft.* infragistics.* everything else OK, so you need the newspeer option to be a *list* of peers? But you *don't* need fetchnews to track the newsgroups by host? Until I add POST support, you could set a news2mail annotation on the groups that you want to feed upstream and then use lmtp2nntp OK, I will look at that as well. My outbound message volume is very light, so I don't need anything very complicated to handle it. I'm working on POST support right now. First I have to amend tha syntax of the newspeer option to flag it for POST instead of IHAVE. I'm currently thinking the syntax will be this (since it is easy to parse): [[user[:[EMAIL PROTECTED]:port][/wildmat] Note that I had to change the delimiter of the wildmat from ':' to '/' (but the old form host[:wildmat] will still be parsed). So basically, a '@' preceding the host forces the use of POST with optional authentication. If there isn't a preceding '@' then IHAVE is used. The logic being that feeders don't normally (if ever) authenticate to each other (at least not with user/pass). -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: nntp fiddling
Kevin P. Fleming wrote: Ken Murchison wrote: There is no overlap between the groups from the different servers, and grouping them is easy with wildcard matching: cups.* microsoft.* infragistics.* everything else OK, so you need the newspeer option to be a *list* of peers? But you *don't* need fetchnews to track the newsgroups by host? Forgive my inability to answer that at this point, I haven't studied the Cyrus NNTP support documentation yet. Here is what I like to do: (A) mirror about a dozen newsgroups from news.west.cox.net (my ISP, Usenet groups) (B) mirror about a dozen newsgroups from news.microsoft.com (public NNTP server) (C) mirror six newsgroups from news.easysw.com (public NNTP server) (D) mirror about ten newsgroups from news.infragistics.com (public NNTP server) I read _and_ post to most of these groups. No single group comes from more than one place, though, each group has only a single server that I will use to get and post messages for that group. I don't know that if that answers your questions or not... but I suspect this sort of arrangement will be a common usage of Cyrus' NNTP support (for those places that don't arrange for feeds). In fact, if you want to use any of these non-Usenet groups that corporations/etc. provide, you'll never get a feed and have to use reader mode. Yeah, I'll need to expand the newspeer option to accept a whitespace separated list of servers. You'll have one entry for each server with the appropriate wildmat. -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: nntp fiddling
Ken Murchison wrote: Kevin P. Fleming wrote: Ken Murchison wrote: Would you want to feed to all of the servers, or just one? Currently, fetchnews and nntpd are only setup to have one upstream peer. Yes, I would want to feed messages back to all the servers. Actually fetchnews can work with any server you want, but it doesn't keep track of the groups by server. So, as long as there isn't any intersection of the groups your are fetching from the servers, your won't have a problem. If anybody thinks that fetching the same groups from different servers is necessary, I can tweak the fetchnews.db format to handle this (I think). There is no overlap between the groups from the different servers, and grouping them is easy with wildcard matching: cups.* microsoft.* infragistics.* everything else OK, so you need the newspeer option to be a *list* of peers? But you *don't* need fetchnews to track the newsgroups by host? Until I add POST support, you could set a news2mail annotation on the groups that you want to feed upstream and then use lmtp2nntp OK, I will look at that as well. My outbound message volume is very light, so I don't need anything very complicated to handle it. I'm working on POST support right now. First I have to amend tha syntax of the newspeer option to flag it for POST instead of IHAVE. I'm currently thinking the syntax will be this (since it is easy to parse): [[user[:[EMAIL PROTECTED]:port][/wildmat] Note that I had to change the delimiter of the wildmat from ':' to '/' (but the old form host[:wildmat] will still be parsed). So basically, a '@' preceding the host forces the use of POST with optional authentication. If there isn't a preceding '@' then IHAVE is used. The logic being that feeders don't normally (if ever) authenticate to each other (at least not with user/pass). FYI, I just committed these changes. -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: Question about some entries in my logs
Jason Williams wrote: Evening everyone. I've been working with cyrus-imapd today, getting familiar with how it works. I must say, it is very very cool. I like it a lot. I should mention, im running FreeBSD 4.9, with cyrus 2.1.15, cyrus-sasl-2.1.17, BerkeleyDB-4.1.25. I built cyrus out of the ports tree, so I could get a feel for everything. I'm planning to build everything by hand, to have more control and understand more of the underlying concepts. Anyway, I was reading the docs on the cyrus web page and was reading the part about testing cyrus. I have been able to login and authenticate to ensure it is working correctly, but there is a entry in my log that I'm not sure about. Here it is: Jan 5 23:54:39 obsidianbox imapd[8015]: OTP unavailable because can't read/write key database /etc/opiekeys: Permission denied Jan 5 23:54:43 obsidianbox imapd[8015]: no user in db This error message is coming from the ndbm database backend for sasldb2. If authentication is working, I'm not sure why you would be getting this message. Jan 5 23:54:43 obsidianbox imapd[8015]: login: localhost[::1] testuser plaintext The first line, I figured out by reading the FAQ. I needed to chown /etc/opiekeys to the user 'cyrus'. That no long shows up in my logs. However, the second field is my question. I'm not exactly sure why it is appearing. I have added my testuser to the sasldb2, using the appropriate commands. Here is additional info for reference: $ /usr/local/bin/imtest -m login -a testuser localhost Just for the hell of it, if you try the following, does the error message go away? $ /usr/local/bin/imtest -m login -a testuser -u testuser localhost S: * OK obsidianbox.courtesy.com Cyrus IMAP4 v2.1.15 server ready C: C01 CAPABILITY S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE AUTH=NTLM AUTH=OTP AUTH=DIGEST-MD5 AUTH=CRAM-MD5 S: C01 OK Completed If there is any other info I can provide to help, let me know. What do your sasl_* options look like? -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: Question about some entries in my logs
Jason Williams wrote: From imapd.conf? Here they are: # Allow the use of the SASL PLAIN mechanism. # allowplaintext: yes FYI, this is the default, so you can delete it if you want. Actually, this doesn't enable PLAIN (it gets enabled when protected by SSL/TLS). When disabled the IMAP LOGIN command and POP3 USER/PASS commands are disabled. #sasl_maximum_layer: 256 #sasl_minimum_layer: 0 sasl_pwcheck_method: auxprop #sasl_auto_transition: no #sasl_opiekeys: /etc/opiekeys Should I uncomment the last line? Seems to be accessing it, even while commented. No, you can leave it. This is the default and isn't necessary. I don't have any ideas right now, maybe a rested brain will come up with something in the morning. Or perhaps Rob or someone who's seen this before will have some thoughts. -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: Notification of new mail to client?
Jim Archer wrote: --On Tuesday, January 06, 2004 9:49 AM -0500 Rob Siemborski <[EMAIL PROTECTED]> wrote: Huh? By default in IMAP, clients need to poll for new message notifications. Cyrus does support the IDLE extension, which will send new mail notifications as they arrive, but only if you have a client that uses it. Hm, I guess I am misinformed then. My mistake, thanks for the correction. Is the IDLE extension in Cyrus turned on by default, or is there something I have to do to activate it? The client was Outlook Express 6.0. It should be enabled by default, but the server uses an internal polling method by default (--with-idle=poll). You can increase the frequency of the polling by lowering the value of the imapidlepoll option from 60 seconds down to 1 second. If you want instantaneous notifications of changes without needlessly banging on the server with a small polling interval, then you should compile Cyrus with support for idled (--with-idle=idled). -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: Question about some entries in my logs
Jason Williams wrote: Ok...here is the info requested (some of it) Please show: # ldd /path/to/sasl2/libsasldb2.so Dont seem to have that particular file. Did a find for it and it's not anywhere on my system. A different file perhaps? And # file /path/to/sasldb2 file /usr/local/etc/sasldb2.db /usr/local/etc/sasldb2.db: Berkeley DB 1.85 (Hash, version 2, native byte-order) Wait a minute. So your sasldb2 has a berkeley format, but your getting an error from the ndbm backend? What did your configure line for SASL look like? -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: Custom logging
Mark Hellman wrote: I would like to process Cyrus logs and do some date arithmetic. But this is difficult because Syslog does not log the year, only month and day. And changing Syslog date format involves recompiling its source, and risking breaking other program that depend on Syslog's default date format. One solution would be Cyrus to append a timestamp to every entry it sends to syslog. This timestamp would be in UNIX time. What parts of Cyrus source must I change to achieve this? Cyrus doesn't use any abstraction layer to call syslog(), so you either need to change every syslog() call in the source, or write something like a SYSLOG() macro which does the timestamp append and calls syslog. -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: imap migration tools
Kendrick Vargas wrote: Hi folks, I've just set up a new machine and have everything working almost exactly the way I want. I am at the last stage of migrating off an old system. I often see discussions here about which tools people need to do a proper migration from one server to another, but apparently my search foo is kinda weak. Basically I want to do a copy from IMAP to IMAP, both servers being cyrus - one version 2.1 and the other 2.2. From the searches I ran it seems that the general concensus is to use imapcp, however it's homepage seems to think it's experimental software and it hasn't been updated since august. I don't mind unsupported, but experimental kinda frightens me :-) In any case, I tried something similar a long time ago and I remember having issues with various mailboxes that simply had a crapload of mail in them. I'm wondering what people's experiences are moving several thousand messages in one mailbox and 1-500 megs worth of mail for any one folder. I don't want the script dieing half way through the transfer. Any pointers to other tools that might fit the bill would be appreciated too. Thanks much :-) I've used mailutil (which is part of UW IMAP) several times in the past. In fact this is how I take a mailing list archive (in mbox format) and inject it into my server. -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: Problems with lmtp delivery on 2.2.2-BETA
Matthew Hodgson wrote: Looking at the process_recipient() code in lmtpengine.c, I'm not sure that the quote-string parsing has been updated fully to reflect virtual domains - so I've fiddled around and come up with a version based on the existing code, and also a complete rewrite. I enclose the latter as a patch here; it hasn't been rigorously tested (at all), but has fixed my particular problem. If anyone has interest in the other version, just say - any feedback & flames appreciated. I'm looking at your current patch now to make sure it looks sane before I commit it. If you have an alternate patch, I'd like to see it also. -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: Problems with lmtp delivery on 2.2.2-BETA
Matthew Hodgson wrote:
Ken Murhcison wrote:
Matthew Hodgson wrote:
Looking at the process_recipient() code in lmtpengine.c,
I'm not sure
that the
quote-string parsing has been updated fully to reflect
virtual domains - so
I've fiddled around and come up with a version based on the
existing
code, and
also a complete rewrite. I enclose the latter as a patch here; it
hasn't been
rigorously tested (at all), but has fixed my particular
problem. If anyone
has interest in the other version, just say - any feedback & flames
appreciated.
I'm looking at your current patch now to make sure it looks
sane before
I commit it. If you have an alternate patch, I'd like to see it also.
Hi Ken,
Be sure to look at the 2nd version of the patch I submitted to the list; the
1st one included a few rather embarassing bugs.
I've abandoned the alternative patch (the minimal extension of the existing
code), as ensuring that forcedowncase vaguely works with quoted-strings as
well as virtual domains was becoming too clunky, and I'm now depending on it
for the installation here. Rather than ending up with a load of unwrapped
states, I suspect the better idea is to chuck a few state flags in as I did
with the submitted patch, I hope.
One thing you missed in you patch was the downcasing of the domain for
something like [EMAIL PROTECTED] I've written my own patch, based on
yours which I *think* handles all cases (at least it doesn in my test
harness). Try the attached patch and let me know how it works before I
commit it.
In other news, the latest CVS doesn't compile from clean when using a
berkeley backend; HAVE_BDB needs to be #defined in config.h at some point to
avoid disturbing fatal errors of the form:
Jan 8 16:51:16 foo imap[11302]: Fatal error: cyrusdb backend
Any time that configure.in is updated, you need to re-make the configure
script:
rm configure
sh SMakefile
./configure ...
Any time that a Makefile.in is updated, you should re-run configure.
--
Kenneth Murchison Oceana Matrix Ltd.
Software Engineer 21 Princeton Place
716-662-8973 x26 Orchard Park, NY 14127
--PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Index: lmtpengine.c
===
RCS file: /afs/andrew/system/cvs/src/cyrus/imap/lmtpengine.c,v
retrieving revision 1.98
diff -c -r1.98 lmtpengine.c
*** lmtpengine.c2 Jan 2004 20:34:10 - 1.98
--- lmtpengine.c8 Jan 2004 18:25:03 -
***
*** 756,761
--- 756,762
int r, sl;
address_data_t *ret = (address_data_t *) xmalloc(sizeof(address_data_t));
int forcedowncase = config_getswitch(IMAPOPT_LMTP_DOWNCASE_RCPT);
+ int quoted, detail;
assert(addr != NULL && msg != NULL);
***
*** 781,817
addr++;
}
! if (*addr == '\"') {
! addr++;
! while (*addr && *addr != '\"') {
! if (*addr == '\\') addr++;
! *dest++ = *addr++;
}
! }
! else {
! if(forcedowncase) {
! /* We should downcase the localpart up to the first + */
! while(*addr != '@' && *addr != '>' && *addr != '+') {
! if(*addr == '\\') addr++;
! *dest++ = TOLOWER(*addr++);
! }
! if (*addr == '+') {
! while(*addr != '@' && *addr != '>') {
! if(*addr == '\\') addr++;
! *dest++ = *addr++;
! }
! }
! while ((config_virtdomains || *addr != '@') && *addr != '>') {
! if(*addr == '\\') addr++;
! *dest++ = TOLOWER(*addr++);
! }
} else {
! /* Now finish the remainder of the localpart */
! while ((config_virtdomains || *addr != '@') && *addr != '>') {
! if (*addr == '\\') addr++;
! *dest++ = *addr++;
! }
!}
}
*dest = '\0';
--- 782,815
addr++;
}
! quoted = detail = 0;
! while (*addr &&
! (quoted ||
! ((config_virtdomains || *addr != '@') && *addr != '>'))) {
! /* start/end of quoted localpart, skip the quote */
! if (*addr == '\"') {
! quoted = !quoted;
! addr++;
! continue;
}
!
! /* escaped char, pass it through */
! if (*addr == '\\') {
! addr++;
! if (!*addr) break;
} else {
! /* start of detail */
! if (*addr == '+') detail = 1;
!
! /* end of localpart (unless quoted) */
! if (*addr == '@' && !quoted) detail = 0;
! }
!
! /* downcase everything accept the detail */
! if (forcedowncase && !detail)
! *dest++ = TOLOWER(*addr++);
! else
! *dest++ = *addr++;
}
*dest = '\0';
Re: SQUAT failed to open index file
Cristian Livadaru wrote: I have some of these entries in my logs Jan 8 16:07:52 vwclub imap[16435]: SQUAT failed to open index file Jan 8 16:07:52 vwclub imap[16435]: SQUAT failed can someone please tell me what they mean ? It means that a client did a SEARCH on the mailbox and a SQUAT index file (created by squatter which accelerates SEARCH) wasn't found, so the SEARCH proceeded by scanning the messages themselves. If you want to get rid of the message, either stop logging at th debug level, or create a squat index for mailboxes that get frequently searched. -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: sieve authentication
Denis V. Suhanov wrote: Hello Rob, Thursday, January 8, 2004, 1:42:58 PM, you wrote: Is there a way to disable plaintext passwords in imap but allow them in sieve (since I have it running locally). There is a bug in PHP's Net_Sieve module that makes it hang whenever timsieved does not report a PLAIN method (http://pear.php.net/bugs/bug.php?id=159). RS> If you are running 2.2.x you can have a per-serive allowplaintext option. You mean, by using a -C switch and a separate imapd.conf, only for timsieved (that's what I've done)? I failed to find any sieve-specific options in man imapd.conf In 2.2, you can prefix any option with the service name (as it appears in cyrus.conf. So the following are valid options: imap_allowplaintext sieve_allowplaintext -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: Authentication error
Christiano Anderson wrote: I am installing a Cyrus box with the following configuration: Machine: Dual Xeon 2GHz, 1Gb RAM System: Debian GNU/Linux 3.0, Cyrus 2.1 (Backported) and SASL2 (Backported) Authentication: LDAP I have created a cyrus user under LDAP directory and the PAM modules has been set up to lib_ldap.so. When I try a "testsaslauthd -u cyrus -p [hidden]" I get a Sucess status, however, a "cyradm -u cyrus localhost" doesn't work. This is because cyradm will pick the most secure authentication mechanism that the server advertises (e.g. DIGEST-MD5), and all of the non-plaintext mechanisms require that you have the user's secret stored in an auxprop plugin backend (e.g. sasldb). If you only want to use plaintext passwords via saslauthd, set your imapd.conf options to: sasl_mech_list: PLAIN LOGIN sasl_pwcheck_method: saslauthd Alternatively, OpenLDAP 2.1.x includes an auxprop plugin, which would allow you use any SASL mech with your LDAP installation. -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: Annotations
Nils Vogels wrote: Hi all, Looking around on various archives and testing out the squatter function, I have found that this function only works if I set the 'squat' annotation on a mailbox. You don't have to set the squat annotation in order for squatter to work. This led me to a small quest of the other possibilities of annotations, such as EXPIRY Unfortunately, I have not yet found a list online of all annotations Cyrus supports, and what each annotation does and takes as arguments. Did I stop looking too early, or is this really a big mystery ? ;-) The 3 vendor-specific annotations used by Cyrus are all documented in the appropriate locations: squat: squatter(8) expire: cyr_expire(8), install-netnews.html news2mail: install-netnews.html -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: Annotations
[EMAIL PROTECTED] wrote: On Sun, 11 Jan 2004, Ken Murchison wrote: The 3 vendor-specific annotations used by Cyrus are all documented in the appropriate locations: squat: squatter(8) expire: cyr_expire(8), install-netnews.html news2mail: install-netnews.html What about these? https://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/cyrus/perl/imap/cyradm.sh.diff?r1=1.14&r2=1.15 I'm curious how this comment annotation was envisioned to be used Sorry, I forgot about that one. Its a standard annotation (actually documented in the ANNOTATEMORE draft), which is used to provide a description of the mailbox. The cyradm info command will report this along with the other annotations. Currently the only process which uses /comment is nntpd which uses it in response to a LIST NEWSGROUPS command. I should probably update tools/mknewsgroups to set this annotation when it creates newsgroups mailboxes. -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: Sieve works but sieveshell/sivtest fails
Markus Wernig wrote: Hallo I have done a fresh compile of cyrus-imap 2.2.2-Beta on Solaris 9. Everything works quite as expected (it took some time to find out about the new bytecode format of sieve scripts, though). The only thing that keeps failing is sieve access via the sieve socket. # sivtest -u user localhost (with or without further options) always results in: # failure: SASL initialization # sieveshell -u user localhost has sieveshell die with: # unable to connect to server at /usr/local/bin/sieveshell line 174 When I enter a "print $!" in sieveshell after the call to sieve_get_handle I get a "Bad file number" - rather obviously, as the call didn't complete successfully and no handle was returned. Both methods (sivtest and sieveshell) give me no error in /var/log/local6.log. The log shows the connection attempt though: Are you seeing any errors in auth.log? What do you see when you telnet to the sieve port? -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: roadmap of 2.2 branch
Dmitry Alyabyev wrote: hi any prediction about date of first release inside 2.2 branch ? is the roadmap available ? Unless something bad happens, 2.2.3 should be released this week. -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: unixhierarchysep (Was: Slow response)
Jules Agee wrote: I've gotten a request (from someone I'd rather not say 'no' to) to create an IMAP account with a period in the username. If I set "unixhierarchysep=yes" in imapd.conf on an already established 2.1 server, what kinds of problems can I expect to run into? Any currently running clients which connect to an imapd with the new setting might have an issue, but other than that, well behaved clients shouldn't care. Restarting the client should get it to refresh its mailbox list. -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: lmtp deliver failed
Dmitry P. Schegolev wrote: Try to test cyrus-2.2.3 imapd + postfix, using lmtp socket. System is Gentoo. The following error occured: Jan 16 14:19:11 kenwood postfix/smtpd[11631]: connect from dgap-gw.mipt.ru[194.85.81.130] Jan 16 14:19:11 kenwood postfix/smtpd[11631]: 4A0551070F2: client=dgap-gw.mipt.ru[194.85.81.130] Jan 16 14:19:11 kenwood postfix/cleanup[11632]: 4A0551070F2: message-id=<[EMAIL PROTECTED]> Jan 16 14:19:11 kenwood postfix/qmgr[11542]: 4A0551070F2: from=<[EMAIL PROTECTED]>, size=883, nrcpt=1 (queue active) Jan 16 14:19:11 kenwood postfix/smtpd[11631]: disconnect from dgap-gw.mipt.ru[194.85.81.130] Jan 16 14:19:11 kenwood master[11636]: about to exec /usr/cyrus/bin/lmtpd Jan 16 14:19:11 kenwood lmtpunix[11636]: executed Jan 16 14:19:11 kenwood lmtpunix[11636]: accepted connection Jan 16 14:19:11 kenwood lmtpunix[11636]: lmtp connection preauth'd as postman Jan 16 14:19:11 kenwood master[1689]: process 11636 exited, signaled to death by 11 Jan 16 14:19:11 kenwood master[1689]: service lmtpunix pid 11636 in BUSY state: terminated abnormally Jan 16 14:19:11 kenwood postfix/lmtp[11635]: 4A0551070F2: to=<[EMAIL PROTECTED]>, relay=/var/imap/socket/lmtp[/var/imap/socket/ lmtp], delay=0, status=deferred (lost connection with /var/imap/socket/lmtp[/ var/imap/socket/lmtp] while sending MAIL FROM) Why it so? What does it mean "signaled to death by 11"? A backtrace of the core dump would be helpful. -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: New configure options in 2.2.3?
Rob has already answered your questions, but since I made all of the changes, I guess its my fault that the docs aren't clear. If you have any patches to the docs, please send them along. Simon Matter wrote: Hi, I have some questions regarding the configure options in 2.2.3. When I run ./configure --help I get different options than what the docs tell. I'm not sure now which options are still valid. --enable-annotatemore It's still in the docs but I can't find it in configure. Does it have no effect anymore? --with-mboxlist-db=something The upgrade docs tell me that I can still use this option to define mbox db, or is this all gone with 2.2.3. I expected this will change the defaults in 2.2.3 which are used when no db is configured in imapd.conf. The background here is that I'm looking for a way to determine which dbs are used if there are no backends configured in imapd.conf. I found out that lib/imapoptions contains the defaults but I didn't find the place where the new configure time defaults are stored after using --with-mboxlist-db=berkeley. Simon -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: nntp fiddling
Nils Vogels wrote:
Ken Murchison wrote:
Nils Vogels wrote:
Muchos gracias ;-)
I will try this ASAP! Could you tell me, where I can find the new
fetchnews? Is it in CVS?
Yes.
I also had a sucknews (but then in reverse) to grab the posts done on
the Cyrus newsserver to be fed towards USENET, since my provider only
allows me to use the POST command, and from what I recall, Cyrus uses
IHAVE ? (Could be a little bit off here, not sure anymore).
Yes, it uses IHAVE. I can take a look at adding support for POST (the
commands are almost identical). Does your provider also require you
to authenticate?
Sorry I bailed out there, got cought in this thing called IRL :)
I've just installed 2.2.3 with new fetchnews, and am kinda stuck ;)
I've created a new partition for news, and adapted the config to have
the newsuser set etc, and while this was running smoothly using lmtp
inject (via suck), I'm having some issues trying to get this to work
using fetchnews.
Fetchnews works fine, I can see articles flying around when tcpdumping
while fetchnews is running, fetchnews.db is being updated and all, but
for some reason, the articles do not show up in my new partition.
I'm trying nl.test from my upstream, and this is my current setup:
cyrus.conf:
SERVICES {
# these are only necessary if receiving/exporting usenet via NNTP
nntp cmd="nntpd" listen="nntp" prefork=0
nntps cmd="nntpd -s" listen="nntps" prefork=0
}
imapd.conf:
partition-news: /disk/3/cyrus/news
###newsspool: /var/spool/news
newsprefix: news
newspostuser: usenet
newspeer: news.myisp.nl
localhost> info news.nl.test
{news.nl.test}:
expire: 7
lastupdate: 16-Jan-2004 14:11:10 +0100
partition: news
size: 0
localhost> lam news.nl.test
anyone lrsp
imhotep# telnet 0 119
Trying 0.0.0.0...
Connected to 0.
Escape character is '^]'.
200 post.is-root.com Cyrus NNTP v2.2.3 server ready, posting allowed
groups
480 Authentication required
authinfo user
381 Give AUTHINFO PASS command
authinfo pass
281 User logged in
You can use nntptest to make the connection/authentication, instead of
telneting.
groups
500 Unrecognized command
list newsgroups
215 List of newsgroups follows:
.
LIST NEWSGROUPS will only return data for those mailboxes that have the
/comment annotation set on them. For a list of groups on the server,
use either LIST or LIST ACTIVE.
group nl.test
211 0 1 0 nl.test
article 1
423 No such article in this newsgroup
article 0
423 No such article in this newsgroup
quit
205 Connection closing
Thanks for reading this far :)
Iam trying to fetch news with:
/usr/local/cyrus/bin/fetchnews -n -u user -p password -w nl.test
news.myisp.nl
The process works, updates the watermarks, and then exits with status 0,
but unfortunately, no articles are being injected into Cyrus.
Is there a very obvious step I am missing ? Where should I look for more
hints ?
Can you get a dump of the NNTP protocol between fetchnews and your peer
and fetchnews and nntpd? Go ahead and blank out the passwords, I don't
care to see them.
--
Kenneth Murchison Oceana Matrix Ltd.
Software Engineer 21 Princeton Place
716-662-8973 x26 Orchard Park, NY 14127
--PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: SQUAT indexes?
Joe Hrbek wrote: Does anyone use the squat indexes as described in: http://asg.web.cmu.edu/cyrus/download/imapd/man/squatter.8.html If so, any opinion on it? Good, bad, ugly? I'm thinking that it would only provide a boost to those users that have an incredible amount of email in their mailbox, this is an assumption though. It works well, but is only useful for large mailboxes on which clients do text searches on the body of messages. -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: Cyrus IMAPd 2.2.3 Released
Carsten Hoeger wrote:
On Thu, Jan 15, Rob Siemborski wrote:
I'm quite pleased to announce the long-awaited stable release of Cyrus
IMAPd 2.2.3. This release contains substantial new features over the 2.1
series including extensive support for mailbox annotations, NNTP, much
more stable process accounting, and of course, virtual domains.
What about this issue:
http://asg.web.cmu.edu/archive/message.php?mailbox=archive.info-cyrus&searchterm=request%20info%20until%20later&msg=23996
Using 2.2.3 and saslauthd I get the same error.
Process 19491 attached - interrupt to quit
select(1, [0], NULL, NULL, {1480, 44}) = 1 (in [0], left {1477, 98})
time(NULL) = 1074265801
read(0, ". login cyrus secret1\r\n", 4096) = 23
socket(PF_UNIX, SOCK_STREAM, 0) = 10
connect(10, {sa_family=AF_UNIX, path="/var/run/sasl2//mux"}, 110) = 0
writev(10, [{"\0\5cyrus\0\7secret1\0\4imap\0\0", 24}], 1) = 24
read(10, "\0\2", 2) = 2
read(10, "OK", 2) = 2
close(10) = 0
select(1, [0], NULL, NULL, {0, 0}) = 0 (Timeout)
write(1, ". NO Login failed: can\'t request"..., 63) = 63
time(NULL) = 1074265801
select(1, [0], NULL, NULL, {1800, 0}
using cyrus-sasl-2.1.7
2.1.7 or 2.1.17? I just went through the trouble of configuring
pam_mysql (0.4.7) for use with saslauthd (2.1.17) and it works fine with
Cyrus 2.2.3. If you share your config, perhaps we can help.
Just out of curiosity, is there some reason why you need to use PAM,
rather than using the SQL auxprop plugin?
--
Kenneth Murchison Oceana Matrix Ltd.
Software Engineer 21 Princeton Place
716-662-8973 x26 Orchard Park, NY 14127
--PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: nntp fiddling
Nils Vogels wrote: Ken Murchison wrote: Nils Vogels wrote: The process works, updates the watermarks, and then exits with status 0, but unfortunately, no articles are being injected into Cyrus. Is there a very obvious step I am missing ? Where should I look for more hints ? Can you get a dump of the NNTP protocol between fetchnews and your peer and fetchnews and nntpd? Go ahead and blank out the passwords, I don't care to see them. After a little pondering, this wasnt necessary. When I deleted the news.* boxes, and created news.nl and then news.nl.test, instead of news.nl.test in one go, it all worked. Creating news.nl shouldn't be necessary, especially if there isn't an 'nl' newsgroup. -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: Cyrus IMAPd 2.2.3 Released
Ted Cabeen wrote: Rob Siemborski <[EMAIL PROTECTED]> writes: I'm quite pleased to announce the long-awaited stable release of Cyrus IMAPd 2.2.3. This release contains substantial new features over the 2.1 series including extensive support for mailbox annotations, NNTP, much more stable process accounting, and of course, virtual domains. This release also contains support for Berkeley DB 4.2, runtime configuration of cyrusdb backends, a socket map daemon compatible with Sendmail 8.13, and much more. Now that cyrus supports db4.2, is it recommended to upgrade installs that use db4.0 to db4,2 as part of an upgrade to 2.2.3? If so, is there anything I need to do other than point cyrus at the 4.2 libraries during the compile? (Is there a command I can run to tell what DB formats I'm using on my 2.1.15 install? I want to convert to the defaults if possible, although I'm already running skiplist for the mboxlistdb and the seendb) Use the version command in cyradm. -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: Skiplist causing DB problems?
Jason Williams wrote: Important info: FreeBSD 4.9 Cyrus-Imapd-2.1.16 Cyrus-SASL-2.1.17 I've setup two idential servers. They are both compiled with BerkeleyDB 4.1.25: I installed cyrus through the ports tree, but set different options upon compile time. (Configure options) make WITH_BDB_VER=41 WITH_SKIPLIST=YES install clean Here is the first server: (Server 1) name : Cyrus IMAPD version: v2.1.16 2003/11/19 16:45:28 vendor : Project Cyrus support-url: http://asg.web.cmu.edu/cyrus os : FreeBSD os-version : 4.9-RELEASE environment: Cyrus SASL 2.1.17 Sleepycat Software: Berkeley DB 4.1.25: (December 19, 2002) Built w/OpenSSL 0.9.7c 30 Sep 2003 Running w/OpenSSL 0.9.7c 30 Sep 2003 CMU Sieve 2.2 TCP Wrappers mmap = shared lock = fcntl nonblock = fcntl auth = unix idle = poll mailboxes.db = skiplist seen.db = skiplist subs.db = flat deliver.db = db3-nosync tls_sessions.db = db3-nosync mailboxes and seen, both set with skiplist, as suggested from twiki Here is the problem, shown in my logfiles: Jan 16 16:46:01 obsidian master[167]: process started Jan 16 16:46:01 obsidian ctl_cyrusdb[168]: recovering cyrus databases Jan 16 16:46:01 obsidian ctl_cyrusdb[168]: skiplist: recovered /var/imap/mailboxes.db (1 record, 320 bytes) in 0 seconds Jan 16 16:46:01 obsidian ctl_cyrusdb[168]: done recovering cyrus databases Jan 16 16:46:02 obsidian master[167]: ready for work Jan 16 16:46:02 obsidian ctl_cyrusdb[169]: checkpointing cyrus databases Jan 16 16:46:02 obsidian ctl_cyrusdb[169]: DBERROR: error listing log files: DB_NOTFOUND: No matching key/data pair found Jan 16 16:46:02 obsidian ctl_cyrusdb[169]: DBERROR: archive /var/imap/db: cyrusdb error These are db3 errors, not skiplist errors. If this is a new server, try deleting deliver.db, tls_sessions.db and the contents of /var/imap/db -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: nntp fiddling
Nils Vogels wrote:
Kevin P. Fleming wrote:
Ken Murchison wrote:
There is no overlap between the groups from the different servers,
and grouping them is easy with wildcard matching:
cups.*
microsoft.*
infragistics.*
everything else
OK, so you need the newspeer option to be a *list* of peers? But you
*don't* need fetchnews to track the newsgroups by host?
Forgive my inability to answer that at this point, I haven't studied
the Cyrus NNTP support documentation yet. Here is what I like to do:
(A) mirror about a dozen newsgroups from news.west.cox.net (my ISP,
Usenet groups)
(B) mirror about a dozen newsgroups from news.microsoft.com (public
NNTP server)
(C) mirror six newsgroups from news.easysw.com (public NNTP server)
(D) mirror about ten newsgroups from news.infragistics.com (public
NNTP server)
I read _and_ post to most of these groups. No single group comes from
more than one place, though, each group has only a single server that
I will use to get and post messages for that group.
Kevin, may I ask how you managed to get multiple groups using one
fetchnews command ?
I've been trying comma delimited group names (fetchnews -n -w
"nl.test,nl.someother" news.myisp.nl) but for some reason no articles
are fetched then. If I use space delimitations, only the first group works.
fetchnews(8) isn't too clear about this, I'm afraid and when I look at
example wildmats in imapd.conf(5) I see comma seperated grouplists
("peer.example.com:*,!control.*,@local.*")
Your reading of fetchnews(8) is correct, but apparently this syntax is
new to the NNTP update draft. Both LIST ACTIVE and the wildmat format
have not been formalized up until now. I tried this against INN 2.3.4
and it doesn't support comma-separated (or space separated) wildmat
patterns (which really sucks). For the time being, you'll have to use
separate fetchnews commands rather than specifiying multiple wildmats in
one command. For example, instead of:
fetchnews -n -w "nl.test,nl.someother" news.myisp.nl
do:
fetchnews -n -w "nl.test" news.myisp.nl
fetchnews -n -w "nl.someother" news.myisp.nl
--
Kenneth Murchison Oceana Matrix Ltd.
Software Engineer 21 Princeton Place
716-662-8973 x26 Orchard Park, NY 14127
--PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: Skiplist causing DB problems?
[EMAIL PROTECTED] wrote: Hello and thanks for your reply... check the permissions for /var/imap/db. I had a problem with that once. What's in /var/imap/db? centralcore# ls -la /var/imap/ total 20 drwxr-xr-x 10 cyrus cyrus 512 Jan 17 22:23 . drwxr-xr-x 21 root wheel 512 Jan 17 22:23 .. drwxr-xr-x 2 cyrus cyrus 512 Jan 17 22:23 db drwxr-xr-x 2 cyrus cyrus 512 Jan 17 22:23 log drwxr-xr-x 2 cyrus cyrus 512 Jan 17 22:23 msg drwxr-xr-x 2 cyrus cyrus 512 Jan 17 22:23 proc drwxr-xr-x 28 cyrus cyrus 512 Jan 17 22:23 quota drwxr-xr-x 28 cyrus cyrus 512 Jan 17 22:23 sieve drwxr-xr-x 2 cyrus cyrus 512 Jan 17 22:23 socket drwxr-xr-x 28 cyrus cyrus 512 Jan 17 22:23 user Also, I just tried again, using skiplist. I am getting errors now when I try and add a user to the sasldb backend: centralcore# /usr/local/sbin/saslpasswd2 -c imapadmin Jan 17 22:27:34 centralcore saslpasswd2: setpass succeeded for imapadmin Jan 17 22:27:34 centralcore saslpasswd2: error deleting entry from sasldb: DB_NOTFOUND: No matching key/data pair found Jan 17 22:27:34 centralcore last message repeated 2 times This has nothing to do with skiplist, SASL and the Cyrus databases are two entirely separate things. The errors you see are normal. saslpasswd2 is trying to delete some legacy secrets, which won't exist on a new system. The fact that setpass succeeds is all you need to see. -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: Skiplist causing DB problems? (UPDATE)
Jason Williams wrote: Good morning everyone. Thought i'd post something very interesting I noticed this morning when I came into the office. I started this thread last Friday, as I was testing two idential servers (hardware wise) with different configs. Anyway, I came in this morning and was looking around in the server that was compiled with skiplist. What is weird is that I am no longer receiving those errors my my message log... >Jan 16 16:46:02 obsidian ctl_cyrusdb[169]: checkpointing cyrus databases >Jan 16 16:46:02 obsidian ctl_cyrusdb[169]: DBERROR: error listing log files: DB_NOTFOUND: No matching key/data pair found >Jan 16 16:46:02 obsidian ctl_cyrusdb[169]: DBERROR: archive /var/imap/db: cyrusdb error Those are no longer showing up...the checkpointing does it's job and reports no errors. This is very intriguing to me. Did cyrus just need some time to figure out things on it's own? Granted, the last time I touched this server was Friday afternoon. Anyone have any idea on WHY all the sudden the errors are gone? This is on a brand new server, correct? If you only had them at startup, and for a short time thereafter, its most likely because the BDB environment didn't have any transaction logs to delete and archive (this is the part of the code that was generating the error messages). Deleting the BDB databases and environment (at my suggestion) did nothing more than start the process over again. If we had left it alone, the errors would have gone away sooner. Sorry. -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
