From mz at newyorkcity.de Sun Jun 1 06:43:38 2008 From: mz at newyorkcity.de (Martin Ziegler) Date: Sun, 01 Jun 2008 12:43:38 +0200 Subject: IMSP Authentication issue In-Reply-To: <4E3A0C4F5153C36F98C084FD@martin-zieglers-imac.local> References: <8d54b0d96688ad5d340330ec97d59096.squirrel@webmail.bi.corp.invoca.ch> <4E3A0C4F5153C36F98C084FD@martin-zieglers-imac.local> Message-ID: Any other ideas please? Thanks and enjoy the rest of the weekend. --On May 30, 2008 6:42:05 PM +0200 Martin Ziegler wrote: > Hi Simon, > > yes, it is also the same than on the old server. > > cat /etc/pam.d/imsp > > auth sufficient pam_mysql.so user=mail passwd=Paiste88 host=localhost > db=mail table=accountuser usercolumn=username passwdcolumn=password > crypt=0 logtable=log logmsgcolumn=msg logusercolumn=user > loghostcolumn=host logpidcolumn=pid logtimecolumn=time > > account required pam_mysql.so user=mail passwd=Paiste88 host=localhost > db=mail table=accountuser usercolumn=username passwdcolumn=password > crypt=0 logtable=log logmsgcolumn=msg logusercolumn=user > loghostcolumn=host logpidcolumn=pid logtimecolumn=time > > Any other ideas? > > Thanks, Martin > > > --On May 30, 2008 10:47:17 AM +0200 Simon Matter > wrote: > >>> Anyone please? >>> >>> I need to go online with my new system this afternoon and IMSPd is >>> driving me crazy. >> >> I have never used IMSPd nor MySQL authentication with saslauthd. >> But, from what I understand your authentication goes via PAM. If yes, do >> you have the same PAM configuration on your new server, most likely in >> /etc/pam.d/? >> >> Simon >> >>> >>> Thanks in advance! >>> >>> --On Donnerstag, 29. Mai 2008 11:28 +0200 Martin Ziegler >>> wrote: >>> >>>> Good Morning All, >>>> >>>> i'm currently migrating my system to a new server and unfortunately i >>>> have >>>> to recompile all the stuff. Happily it went quite well with one >>>> exception. >>>> The authentication mechanism for IMSPd is no longer working. I'm using >>>> saslauthd which connects to a MYSQL databse. This works for all other >>>> daemons without any problem including Cyrus IMAPd. When i try to log in >>>> to >>>> IMSPd saslauthd returns a successfull authentication but IMSPd says, >>>> that >>>> there is no such user on this server. On my old server i have exactly >>>> the >>>> same configuration running without problems for years now. Please find >>>> all >>>> the details below. >>>> >>>> I would be very happy if someone could point my into the right >>>> direction before i'm going mad. >>>> >>>> Thank you! >>>> >>>> Cheers, Martin >>>> >>>> BTW: In the meantime is there a working virtdomain patch available for >>>> IMSPd? >>>> >>>> ----------------- >>>> cyrus-imspd-v1.7b >>>> >>>> ./configure --prefix=/opt/cyrus/imsp --with-sasl=/opt --with-auth=unix >>>> >>>> ldd imspd: >>>> libsasl2.so.2 => /opt/lib/libsasl2.so.2 (0xb7efb000) >>>> libdl.so.2 => /lib/libdl.so.2 (0xb7ef8000) >>>> libresolv.so.2 => /lib/libresolv.so.2 (0xb7ee6000) >>>> libdb-4.0.so => /usr/lib/libdb-4.0.so (0xb7e1c000) >>>> libc.so.6 => /lib/libc.so.6 (0xb7ce2000) >>>> /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0xb7f2e000) >>>> >>>> ------------ >>>> cyrus-sasl-2.1.20.tar.gz >>>> ./configure \ >>>> --prefix=/opt \ >>>> --enable-anon \ >>>> --enable-plain \ >>>> --enable-login \ >>>> --disable-krb4 \ >>>> --disable-otp \ >>>> --disable-cram \ >>>> --disable-digest \ >>>> --with-saslauthd=/var/run/saslauthd \ >>>> --with-pam=/lib/security \ >>>> --with-dblib=berkeley \ >>>> --with-bdb-libdir=/usr/lib \ >>>> --with-bdb-incdir=/usr/include \ >>>> --with-openssl=/opt/openssl \ >>>> --with-plugindir=/opt/lib/sasl2 >>>> >>>> ------------- >>>> cat /opt/lib/sasl2/imspd.conf >>>> pwcheck_method: saslauthd >>>> -------------- >>>> >>>> testsaslauthd -u -p -s imsp >>>> 0: OK "Success." >>>> >>>> May 29 09:09:34 h1391047 saslauthd[4333]: pam_sm_authenticate called. >>>> May 29 09:09:34 h1391047 saslauthd[4333]: dbuser changed. >>>> May 29 09:09:34 h1391047 saslauthd[4333]: dbpasswd changed. >>>> May 29 09:09:34 h1391047 saslauthd[4333]: host changed. >>>> May 29 09:09:34 h1391047 saslauthd[4333]: database changed. >>>> May 29 09:09:34 h1391047 saslauthd[4333]: table changed. >>>> May 29 09:09:34 h1391047 saslauthd[4333]: usercolumn changed. >>>> May 29 09:09:34 h1391047 saslauthd[4333]: passwdcolumn changed. >>>> May 29 09:09:34 h1391047 saslauthd[4333]: crypt changed. >>>> May 29 09:09:34 h1391047 saslauthd[4333]: logtable changed. >>>> May 29 09:09:34 h1391047 saslauthd[4333]: logmsgcolumn changed. >>>> May 29 09:09:34 h1391047 saslauthd[4333]: logusercolumn changed. >>>> May 29 09:09:34 h1391047 saslauthd[4333]: loghostcolumn changed. >>>> May 29 09:09:34 h1391047 saslauthd[4333]: logpidcolumn changed. >>>> May 29 09:09:34 h1391047 saslauthd[4333]: logtimecolumn changed. >>>> May 29 09:09:34 h1391047 saslauthd[4333]: db_connect called. >>>> May 29 09:09:34 h1391047 saslauthd[4333]: returning 0 . >>>> May 29 09:09:34 h1391047 saslauthd[4333]: db_checkpasswd called. >>>> May 29 09:09:34 h1391047 saslauthd[4333]: pam_mysql: where clause = >>>> May 29 09:09:34 h1391047 saslauthd[4333]: SELECT password FROM >>>> accountuser >>>> WHERE username='' >>>> May 29 09:09:34 h1391047 saslauthd[4333]: sqlLog called. >>>> May 29 09:09:34 h1391047 saslauthd[4333]: insert into log (msg, user, >>>> host, pid, time) values('AUTH SUCCESSFUL', '', '', '4333', >>>> NOW()) May 29 09:09:34 h1391047 saslauthd[4333]: Returning 0 >>>> May 29 09:09:34 h1391047 saslauthd[4333]: returning 0 . >>>> May 29 09:09:34 h1391047 saslauthd[4333]: returning 0. >>>> >>>> -------------------- >>>> >>>> Log in to IMSPd: >>>> May 29 09:11:38 h1391047 saslauthd[4332]: pam_sm_authenticate called. >>>> May 29 09:11:38 h1391047 saslauthd[4332]: dbuser changed. >>>> May 29 09:11:38 h1391047 saslauthd[4332]: dbpasswd changed. >>>> May 29 09:11:38 h1391047 saslauthd[4332]: host changed. >>>> May 29 09:11:38 h1391047 saslauthd[4332]: database changed. >>>> May 29 09:11:38 h1391047 saslauthd[4332]: table changed. >>>> May 29 09:11:38 h1391047 saslauthd[4332]: usercolumn changed. >>>> May 29 09:11:38 h1391047 saslauthd[4332]: passwdcolumn changed. >>>> May 29 09:11:38 h1391047 saslauthd[4332]: crypt changed. >>>> May 29 09:11:38 h1391047 saslauthd[4332]: logtable changed. >>>> May 29 09:11:38 h1391047 saslauthd[4332]: logmsgcolumn changed. >>>> May 29 09:11:38 h1391047 saslauthd[4332]: logusercolumn changed. >>>> May 29 09:11:38 h1391047 saslauthd[4332]: loghostcolumn changed. >>>> May 29 09:11:38 h1391047 saslauthd[4332]: logpidcolumn changed. >>>> May 29 09:11:38 h1391047 saslauthd[4332]: logtimecolumn changed. >>>> May 29 09:11:38 h1391047 saslauthd[4332]: db_connect called. >>>> May 29 09:11:38 h1391047 saslauthd[4332]: returning 0 . >>>> May 29 09:11:38 h1391047 saslauthd[4332]: db_checkpasswd called. >>>> May 29 09:11:38 h1391047 saslauthd[4332]: pam_mysql: where clause = >>>> May 29 09:11:38 h1391047 saslauthd[4332]: SELECT password FROM >>>> accountuser >>>> WHERE username='' >>>> May 29 09:11:38 h1391047 saslauthd[4332]: sqlLog called. >>>> May 29 09:11:38 h1391047 saslauthd[4332]: insert into log (msg, user, >>>> host, pid, time) values('AUTH SUCCESSFUL', '', '', '4332', >>>> NOW()) May 29 09:11:38 h1391047 saslauthd[4332]: Returning 0 >>>> May 29 09:11:38 h1391047 saslauthd[4332]: returning 0 . >>>> May 29 09:11:38 h1391047 saslauthd[4332]: returning 0. >>>> May 29 09:11:38 h1391047 imsp[12467]: badlogin: >>>> plaintext User does not have an account on this server >>>> >>>> ---- >>>> Cyrus Home Page: http://cyrusimap.web.cmu.edu/ >>>> Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki >>>> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html >>>> >>> >>> >>> ---- >>> Cyrus Home Page: http://cyrusimap.web.cmu.edu/ >>> Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki >>> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html >>> >> >> >> > > > ---- > Cyrus Home Page: http://cyrusimap.web.cmu.edu/ > Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html > From wes at umich.edu Sun Jun 1 13:49:23 2008 From: wes at umich.edu (Wesley Craig) Date: Sun, 1 Jun 2008 13:49:23 -0400 Subject: IMSP Authentication issue In-Reply-To: References: <8d54b0d96688ad5d340330ec97d59096.squirrel@webmail.bi.corp.invoca.ch> <4E3A0C4F5153C36F98C084FD@martin-zieglers-imac.local> Message-ID: --On Donnerstag, 29. Mai 2008 11:28 +0200 Martin Ziegler wrote: > When i try to log in to IMSPd saslauthd returns a successfull > authentication but IMSPd says, that there is no such user on this > server. I presume you're also getting a syslog from imspd like this: badlogin: invalid user The message: User does not have an account on this server is associated with checks for the user's option database, i.e., does the user have an option database? is imsp.create.new.users on? can the user's option database be created? Databases are in /var/imsp. There doesn't appears to be any checking of permissions, just presence (at least in v1.7b), so you can get odd situations where early checks indicate no problem but attempts to access a user's database get "file not found". For example, /var/ imsp exists, complete with a bunch of user DBs. However, the daemon can't read what's under it. :wes From mz at newyorkcity.de Sun Jun 1 14:08:45 2008 From: mz at newyorkcity.de (Martin Ziegler) Date: Sun, 01 Jun 2008 20:08:45 +0200 Subject: IMSP Authentication issue In-Reply-To: References: <8d54b0d96688ad5d340330ec97d59096.squirrel@webmail.bi.corp.invoca.ch> <4E3A0C4F5153C36F98C084FD@martin-zieglers-imac.local> Message-ID: <12E7EFD1F255AA925B099C55@port-83-236-172-52.static.qsc.de> There is no other syslog message than the ones i posted in my initial email (SASLAUTHd which says that the authentication was successfull and IMSP which says "user does not have an account on this server). The user does have an option file. The IMSPd option file looks like imsp.sasl.allowplaintext N + common.date R + common.delivery.hosts N common.domain N imsp.admin.all N imsp.admin.bboards N imsp.create.new.users N + imsp.create.policy N parent imsp.log.level N 2 imsp.proxy.authlevel N 1 imsp.proxy.authtype N PLAINTEXT As alerady mentioned this is exactly the same setup i used for years on the old server. Also the complete IMSP directory structure was copied from the old to the new server. Only IMSPd was compiled again due to a pathname that changed. On the old server IMSP was installed in /sys/cyrus/imsp/ and now it is installed in /opt/cyrus/imsp/. # pwd /opt/cyrus/imsp # ls -al total 16 drwxr-xr-x 4 root root 4096 May 29 09:07 . drwxr-x--- 5 cyrus mail 4096 Jun 1 19:59 .. drwxr-xr-x 2 root root 4096 May 29 09:05 bin drwxr-xr-x 3 root root 4096 Jan 26 2005 var # ls -al bin/ total 84 drwxr-xr-x 2 root root 4096 May 29 09:05 . drwxr-xr-x 4 root root 4096 May 29 09:07 .. -rwxr-xr-x 1 root root 70320 May 29 09:05 imspd # ls -al var/ total 16 drwxr-xr-x 3 root root 4096 Jan 26 2005 . drwxr-xr-x 4 root root 4096 May 29 09:07 .. -rw------- 1 root root 0 Jan 26 2005 abooks -rw-r--r-- 1 root root 322 Jan 26 2005 options drwx------ 4 root root 4096 Aug 25 2006 user # ls -al var/user/ total 16 drwx------ 4 root root 4096 Aug 25 2006 . drwxr-xr-x 3 root root 4096 Jan 26 2005 .. drwx------ 2 root root 4096 May 28 23:25 drwx------ 2 root root 4096 Nov 5 2007 # lsa var/user/ total 28 drwx------ 2 root root 4096 Nov 5 2007 . drwx------ 4 root root 4096 Aug 25 2006 .. -rw-r--r-- 1 root root 11465 Nov 5 2007 abook. -rw-r--r-- 1 root root 4 Aug 7 2006 abooks -rw-r--r-- 1 root root 29 Nov 5 2007 options # cat var/user//options imsp.user.quota.usage R 5188 --On June 1, 2008 1:49:23 PM -0400 Wesley Craig wrote: > --On Donnerstag, 29. Mai 2008 11:28 +0200 Martin Ziegler > wrote: >> When i try to log in to IMSPd saslauthd returns a successfull >> authentication but IMSPd says, that there is no such user on this >> server. > > I presume you're also getting a syslog from imspd like this: > > badlogin: invalid user > > The message: > > User does not have an account on this server > > is associated with checks for the user's option database, i.e., > > does the user have an option database? > is imsp.create.new.users on? > can the user's option database be created? > > Databases are in /var/imsp. There doesn't appears to be any checking of > permissions, just presence (at least in v1.7b), so you can get odd > situations where early checks indicate no problem but attempts to access > a user's database get "file not found". For example, /var/imsp exists, > complete with a bunch of user DBs. However, the daemon can't read what's > under it. > > :wes > From wes at umich.edu Sun Jun 1 14:38:58 2008 From: wes at umich.edu (Wesley Craig) Date: Sun, 1 Jun 2008 14:38:58 -0400 Subject: IMSP Authentication issue In-Reply-To: <12E7EFD1F255AA925B099C55@port-83-236-172-52.static.qsc.de> References: <8d54b0d96688ad5d340330ec97d59096.squirrel@webmail.bi.corp.invoca.ch> <4E3A0C4F5153C36F98C084FD@martin-zieglers-imac.local> <12E7EFD1F255AA925B099C55@port-83-236-172-52.static.qsc.de> Message-ID: <2EA589CF-200C-45A5-A96C-8A6DDDE360FB@umich.edu> On 01 Jun 2008, at 14:08, Martin Ziegler wrote: > There is no other syslog message than the ones i posted in my > initial email (SASLAUTHd which says that the authentication was > successfull and IMSP which says "user does not have an account on > this server). Perhaps your syslog isn't configured to record it. The code logs that message directly before returning that code. > Only IMSPd was compiled again due to a pathname that changed. So you modified PREFIX in syncdb.c? > drwx------ 4 root root 4096 Aug 25 2006 user > drwx------ 2 root root 4096 Nov 5 2007 So you're running imspd as root? :wes From mz at newyorkcity.de Mon Jun 2 02:55:05 2008 From: mz at newyorkcity.de (Martin Ziegler) Date: Mon, 02 Jun 2008 08:55:05 +0200 Subject: IMSP Authentication issue In-Reply-To: <2EA589CF-200C-45A5-A96C-8A6DDDE360FB@umich.edu> References: <8d54b0d96688ad5d340330ec97d59096.squirrel@webmail.bi.corp.invoca.ch> <4E3A0C4F5153C36F98C084FD@martin-zieglers-imac.local> <12E7EFD1F255AA925B099C55@port-83-236-172-52.static.qsc.de> <2EA589CF-200C-45A5-A96C-8A6DDDE360FB@umich.edu> Message-ID: <3B1CF4797128991C4B50C12C@[192.168.0.2]> Yes it's running as root. I didn't modified any of the code. I just passed the new PREFIX to configure. Thanks, Martin --On Sonntag, 1. Juni 2008 14:38 -0400 Wesley Craig wrote: > On 01 Jun 2008, at 14:08, Martin Ziegler wrote: >> There is no other syslog message than the ones i posted in my >> initial email (SASLAUTHd which says that the authentication was >> successfull and IMSP which says "user does not have an account on >> this server). > > Perhaps your syslog isn't configured to record it. The code logs that > message directly before returning that code. > >> Only IMSPd was compiled again due to a pathname that changed. > > So you modified PREFIX in syncdb.c? > >> drwx------ 4 root root 4096 Aug 25 2006 user >> drwx------ 2 root root 4096 Nov 5 2007 > > So you're running imspd as root? > > :wes > From mz at newyorkcity.de Mon Jun 2 05:23:16 2008 From: mz at newyorkcity.de (Martin Ziegler) Date: Mon, 02 Jun 2008 11:23:16 +0200 Subject: IMSP Authentication issue In-Reply-To: <3B1CF4797128991C4B50C12C@[192.168.0.2]> References: <8d54b0d96688ad5d340330ec97d59096.squirrel@webmail.bi.corp.invoca.ch> <4E3A0C4F5153C36F98C084FD@martin-zieglers-imac.local> <12E7EFD1F255AA925B099C55@port-83-236-172-52.static.qsc.de> <2EA589CF-200C-45A5-A96C-8A6DDDE360FB@umich.edu> <3B1CF4797128991C4B50C12C@[192.168.0.2]> Message-ID: Just recognized that authenticating to SIEVE is also no longer working. SASLAUTHd is returning a successfull authentication but SIEVE says: sievelocal[14087]: badlogin: [127.0.0.1] PLAIN authentication failure Now i'm totally confused. Interestingly authenticating to IMAPd is working as it should. --On Montag, 2. Juni 2008 08:55 +0200 Martin Ziegler wrote: > Yes it's running as root. I didn't modified any of the code. I just > passed the new PREFIX to configure. > > Thanks, Martin > > --On Sonntag, 1. Juni 2008 14:38 -0400 Wesley Craig wrote: > >> On 01 Jun 2008, at 14:08, Martin Ziegler wrote: >>> There is no other syslog message than the ones i posted in my >>> initial email (SASLAUTHd which says that the authentication was >>> successfull and IMSP which says "user does not have an account on >>> this server). >> >> Perhaps your syslog isn't configured to record it. The code logs that >> message directly before returning that code. >> >>> Only IMSPd was compiled again due to a pathname that changed. >> >> So you modified PREFIX in syncdb.c? >> >>> drwx------ 4 root root 4096 Aug 25 2006 user >>> drwx------ 2 root root 4096 Nov 5 2007 >> >> So you're running imspd as root? >> >> :wes >> > > > ---- > Cyrus Home Page: http://cyrusimap.web.cmu.edu/ > Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html > From michael.menge at zdv.uni-tuebingen.de Mon Jun 2 07:05:07 2008 From: michael.menge at zdv.uni-tuebingen.de (Michael Menge) Date: Mon, 2 Jun 2008 13:05:07 +0200 Subject: IMSP Authentication issue In-Reply-To: References: <8d54b0d96688ad5d340330ec97d59096.squirrel@webmail.bi.corp.invoca.ch> <4E3A0C4F5153C36F98C084FD@martin-zieglers-imac.local> <12E7EFD1F255AA925B099C55@port-83-236-172-52.static.qsc.de> <2EA589CF-200C-45A5-A96C-8A6DDDE360FB@umich.edu> <3B1CF4797128991C4B50C12C@[192.168.0.2]> Message-ID: <20080602130507.vhkw3ldyck008woo@webmail.uni-tuebingen.de> Hi do you use SSL/TLS for Sieve/IMSP? In 2.3.9 the dafaultvalue for allowplaintext changed to 0 Quoting Martin Ziegler : > Just recognized that authenticating to SIEVE is also no longer working. > SASLAUTHd is returning a successfull authentication but SIEVE says: > > sievelocal[14087]: badlogin: [127.0.0.1] PLAIN authentication > failure > > Now i'm totally confused. Interestingly authenticating to IMAPd is working > as it should. > > --On Montag, 2. Juni 2008 08:55 +0200 Martin Ziegler > wrote: > >> Yes it's running as root. I didn't modified any of the code. I just >> passed the new PREFIX to configure. >> >> Thanks, Martin >> >> --On Sonntag, 1. Juni 2008 14:38 -0400 Wesley Craig wrote: >> >>> On 01 Jun 2008, at 14:08, Martin Ziegler wrote: >>>> There is no other syslog message than the ones i posted in my >>>> initial email (SASLAUTHd which says that the authentication was >>>> successfull and IMSP which says "user does not have an account on >>>> this server). >>> >>> Perhaps your syslog isn't configured to record it. The code logs that >>> message directly before returning that code. >>> >>>> Only IMSPd was compiled again due to a pathname that changed. >>> >>> So you modified PREFIX in syncdb.c? >>> >>>> drwx------ 4 root root 4096 Aug 25 2006 user >>>> drwx------ 2 root root 4096 Nov 5 2007 >>> >>> So you're running imspd as root? >>> >>> :wes >>> >> >> >> ---- >> Cyrus Home Page: http://cyrusimap.web.cmu.edu/ >> Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki >> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html >> > > > ---- > Cyrus Home Page: http://cyrusimap.web.cmu.edu/ > Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html > -------------------------------------------------------------------------------- M.Menge Tel.: (49) 7071/29-70316 Universitaet Tuebingen Fax.: (49) 7071/29-5912 Zentrum fuer Datenverarbeitung mail: michael.menge at zdv.uni-tuebingen.de Waechterstrasse 76 72074 Tuebingen -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 5339 bytes Desc: S/MIME krytographische Unterschrift Url : http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20080602/557ae6a1/attachment-0001.bin From mz at newyorkcity.de Mon Jun 2 08:18:24 2008 From: mz at newyorkcity.de (Martin Ziegler) Date: Mon, 02 Jun 2008 14:18:24 +0200 Subject: IMSP Authentication issue In-Reply-To: <20080602130507.vhkw3ldyck008woo@webmail.uni-tuebingen.de> References: <8d54b0d96688ad5d340330ec97d59096.squirrel@webmail.bi.corp.invoca.ch> <4E3A0C4F5153C36F98C084FD@martin-zieglers-imac.local> <12E7EFD1F255AA925B099C55@port-83-236-172-52.static.qsc.de> <2EA589CF-200C-45A5-A96C-8A6DDDE360FB@umich.edu> <3B1CF4797128991C4B50C12C@[192.168.0.2]> <20080602130507.vhkw3ldyck008woo@webmail.uni-tuebingen.de> Message-ID: <4207943CEFC77C880B47E405@[192.168.0.2]> No, for IMSP i'm currently not using SSL/TLS. I think SASLAUTHd wouldn't return a successfull authentication if there would be a configuration mismatch. Anyway, the versions didn't changed. All the software packages are exactly the same version than on the old server. Furthermore they were compiled with the same options except the changed PREFIX. --On Montag, 2. Juni 2008 13:05 +0200 Michael Menge wrote: > Hi > > do you use SSL/TLS for Sieve/IMSP? > In 2.3.9 the dafaultvalue for allowplaintext changed to 0 > > > > > Quoting Martin Ziegler : > >> Just recognized that authenticating to SIEVE is also no longer working. >> SASLAUTHd is returning a successfull authentication but SIEVE says: >> >> sievelocal[14087]: badlogin: [127.0.0.1] PLAIN authentication >> failure >> >> Now i'm totally confused. Interestingly authenticating to IMAPd is >> working as it should. >> >> --On Montag, 2. Juni 2008 08:55 +0200 Martin Ziegler >> wrote: >> >>> Yes it's running as root. I didn't modified any of the code. I just >>> passed the new PREFIX to configure. >>> >>> Thanks, Martin >>> >>> --On Sonntag, 1. Juni 2008 14:38 -0400 Wesley Craig >>> wrote: >>> >>>> On 01 Jun 2008, at 14:08, Martin Ziegler wrote: >>>>> There is no other syslog message than the ones i posted in my >>>>> initial email (SASLAUTHd which says that the authentication was >>>>> successfull and IMSP which says "user does not have an account on >>>>> this server). >>>> >>>> Perhaps your syslog isn't configured to record it. The code logs that >>>> message directly before returning that code. >>>> >>>>> Only IMSPd was compiled again due to a pathname that changed. >>>> >>>> So you modified PREFIX in syncdb.c? >>>> >>>>> drwx------ 4 root root 4096 Aug 25 2006 user >>>>> drwx------ 2 root root 4096 Nov 5 2007 >>>> >>>> So you're running imspd as root? >>>> >>>> :wes >>>> >>> >>> >>> ---- >>> Cyrus Home Page: http://cyrusimap.web.cmu.edu/ >>> Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki >>> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html >>> >> >> >> ---- >> Cyrus Home Page: http://cyrusimap.web.cmu.edu/ >> Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki >> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html >> > > > > ------------------------------------------------------------------------- > ------- > M.Menge Tel.: (49) 7071/29-70316 > Universitaet Tuebingen Fax.: (49) 7071/29-5912 > Zentrum fuer Datenverarbeitung mail: > michael.menge at zdv.uni-tuebingen.de > Waechterstrasse 76 > 72074 Tuebingen From shwaltz at cabm.rutgers.edu Mon Jun 2 09:01:52 2008 From: shwaltz at cabm.rutgers.edu (Shelley Waltz) Date: Mon, 2 Jun 2008 09:01:52 -0400 (EDT) Subject: Imap spool directory In-Reply-To: <71fe4e760805310345u557f380eta07971e2991e2a33@mail.gmail.com> References: <44022.192.76.178.13.1212164281.squirrel@webmail.cabm.rutgers.edu> <51602.98.221.136.138.1212198908.squirrel@webmail.cabm.rutgers.edu> <71fe4e760805310345u557f380eta07971e2991e2a33@mail.gmail.com> Message-ID: <54223.192.76.178.10.1212411712.squirrel@webmail.cabm.rutgers.edu> Alain Spineux said: > On Sat, May 31, 2008 at 3:55 AM, Shelley Waltz > wrote: >> >> Simon Matter said: >>>> I just created a new cyrus-2.3.7-2 server on RHEL5. I created the >>>> /etc/imapd.conf and started up /etc/init.d/cyrus-imapd start. >>>> >>>> On my old cyrus-2.2 server, the /var/spool/imap has all the >>>> directories >>>> for the user's mail files under a b c ... >>>> >>>> Question is ... I specified /var/spool/imap as the sppol directory in >>>> imapd.conf. however, when I started cyrus, no a b c ... directories >>>> were >>>> created. Does this only happen as I add accounts or migrate accounts? >>> >>> Yes. >>> >>> Simon >>> >>> >>> >> I migrated my mailboxes.db to the new server, so I need to create the >> /var/spool/imap/{a-z}/user/username/* and reconstruct? > > No need to create dirs! reconstruct is able to read mailbox.db and > reconstruct all missing > directories > > using something like:(depending "unixhierarchysep") > > $ reconstruct -rf user/* > or > $ reconstruct -rf user.* > > -r is a little broken and can be useless, but the '*' wilcard do the job > I loaded mailboxes.db using ctl_mboxlist -u mailboxes.dump2 . I see no messages in /var/log/messages or /var/log/maillog. Why aren't they created? unixhierarchysep is 0, the default of "." thnx S From aspineux at gmail.com Mon Jun 2 10:32:36 2008 From: aspineux at gmail.com (Alain Spineux) Date: Mon, 2 Jun 2008 16:32:36 +0200 Subject: Imap spool directory In-Reply-To: <54223.192.76.178.10.1212411712.squirrel@webmail.cabm.rutgers.edu> References: <44022.192.76.178.13.1212164281.squirrel@webmail.cabm.rutgers.edu> <51602.98.221.136.138.1212198908.squirrel@webmail.cabm.rutgers.edu> <71fe4e760805310345u557f380eta07971e2991e2a33@mail.gmail.com> <54223.192.76.178.10.1212411712.squirrel@webmail.cabm.rutgers.edu> Message-ID: <71fe4e760806020732t446f48f0wa389a766c4a8517@mail.gmail.com> On Mon, Jun 2, 2008 at 3:01 PM, Shelley Waltz wrote: > > Alain Spineux said: >> On Sat, May 31, 2008 at 3:55 AM, Shelley Waltz >> wrote: >>> >>> Simon Matter said: >>>>> I just created a new cyrus-2.3.7-2 server on RHEL5. I created the >>>>> /etc/imapd.conf and started up /etc/init.d/cyrus-imapd start. >>>>> >>>>> On my old cyrus-2.2 server, the /var/spool/imap has all the >>>>> directories >>>>> for the user's mail files under a b c ... >>>>> >>>>> Question is ... I specified /var/spool/imap as the sppol directory in >>>>> imapd.conf. however, when I started cyrus, no a b c ... directories >>>>> were >>>>> created. Does this only happen as I add accounts or migrate accounts? >>>> >>>> Yes. >>>> >>>> Simon >>>> >>>> >>>> >>> I migrated my mailboxes.db to the new server, so I need to create the >>> /var/spool/imap/{a-z}/user/username/* and reconstruct? >> >> No need to create dirs! reconstruct is able to read mailbox.db and >> reconstruct all missing >> directories >> >> using something like:(depending "unixhierarchysep") >> >> $ reconstruct -rf user/* Ops, you need to specify the domain name $ reconstruct -rf user/*@mydomain.com is working for me $ reconstruct -rf user/* will reconstruct only mailbox in the defaultdomain >> or >> $ reconstruct -rf user.* I dont know the domain notation here sorry >> >> -r is a little broken and can be useless, but the '*' wilcard do the job >> > > > I loaded mailboxes.db using ctl_mboxlist -u mailboxes.dump is a dump of the mailboxes on my old server. I then try > reconstruct -rf user.* and no mailboxes under /var/spool/imap are > reconstructed? The mailboxes.db contains the mailboxes as I can see them > if I do a ctl_mboxlist -d >mailboxes.dump2 . I see no messages in > /var/log/messages or /var/log/maillog. Why aren't they created? > unixhierarchysep is 0, the default of "." > > thnx > S > ---- > Cyrus Home Page: http://cyrusimap.web.cmu.edu/ > Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html > -- Alain Spineux aspineux gmail com May the sources be with you From shwaltz at cabm.rutgers.edu Mon Jun 2 11:46:22 2008 From: shwaltz at cabm.rutgers.edu (Shelley Waltz) Date: Mon, 2 Jun 2008 11:46:22 -0400 (EDT) Subject: Imap spool directory In-Reply-To: <71fe4e760806020732t446f48f0wa389a766c4a8517@mail.gmail.com> References: <44022.192.76.178.13.1212164281.squirrel@webmail.cabm.rutgers.edu> <51602.98.221.136.138.1212198908.squirrel@webmail.cabm.rutgers.edu> <71fe4e760805310345u557f380eta07971e2991e2a33@mail.gmail.com> <54223.192.76.178.10.1212411712.squirrel@webmail.cabm.rutgers.edu> <71fe4e760806020732t446f48f0wa389a766c4a8517@mail.gmail.com> Message-ID: <45558.192.76.178.10.1212421582.squirrel@webmail.cabm.rutgers.edu> Alain Spineux said: > On Mon, Jun 2, 2008 at 3:01 PM, Shelley Waltz > wrote: >> >> Alain Spineux said: >>> On Sat, May 31, 2008 at 3:55 AM, Shelley Waltz >>> >>> wrote: >>>> >>>> Simon Matter said: >>>>>> I just created a new cyrus-2.3.7-2 server on RHEL5. I created the >>>>>> /etc/imapd.conf and started up /etc/init.d/cyrus-imapd start. >>>>>> >>>>>> On my old cyrus-2.2 server, the /var/spool/imap has all the >>>>>> directories >>>>>> for the user's mail files under a b c ... >>>>>> >>>>>> Question is ... I specified /var/spool/imap as the sppol directory >>>>>> in >>>>>> imapd.conf. however, when I started cyrus, no a b c ... directories >>>>>> were >>>>>> created. Does this only happen as I add accounts or migrate >>>>>> accounts? >>>>> >>>>> Yes. >>>>> >>>>> Simon >>>>> >>>>> >>>>> >>>> I migrated my mailboxes.db to the new server, so I need to create the >>>> /var/spool/imap/{a-z}/user/username/* and reconstruct? >>> >>> No need to create dirs! reconstruct is able to read mailbox.db and >>> reconstruct all missing >>> directories >>> >>> using something like:(depending "unixhierarchysep") >>> >>> $ reconstruct -rf user/* > > Ops, you need to specify the domain name > > $ reconstruct -rf user/*@mydomain.com > > is working for me > > $ reconstruct -rf user/* > will reconstruct only mailbox in the defaultdomain > >>> or >>> $ reconstruct -rf user.* > > I dont know the domain notation here sorry > >>> >>> -r is a little broken and can be useless, but the '*' wilcard do the >>> job >>> >> >> >> I loaded mailboxes.db using ctl_mboxlist -u > mailboxes.dump is a dump of the mailboxes on my old server. I then try >> reconstruct -rf user.* and no mailboxes under /var/spool/imap are >> reconstructed? The mailboxes.db contains the mailboxes as I can see >> them >> if I do a ctl_mboxlist -d >mailboxes.dump2 . I see no messages in >> /var/log/messages or /var/log/maillog. Why aren't they created? >> unixhierarchysep is 0, the default of "." The issue was my not having run /usr/lib/cyrus-imapd/mkimap . Once I did this, the reconstruct worked fine. Thanks! From wes at umich.edu Mon Jun 2 14:24:32 2008 From: wes at umich.edu (Wesley Craig) Date: Mon, 2 Jun 2008 14:24:32 -0400 Subject: IMSP Authentication issue In-Reply-To: <3B1CF4797128991C4B50C12C@[192.168.0.2]> References: <8d54b0d96688ad5d340330ec97d59096.squirrel@webmail.bi.corp.invoca.ch> <4E3A0C4F5153C36F98C084FD@martin-zieglers-imac.local> <12E7EFD1F255AA925B099C55@port-83-236-172-52.static.qsc.de> <2EA589CF-200C-45A5-A96C-8A6DDDE360FB@umich.edu> <3B1CF4797128991C4B50C12C@[192.168.0.2]> Message-ID: <9CABF3C5-9196-4103-B21A-32EF12C7A8F1@umich.edu> On 02 Jun 2008, at 02:55, Martin Ziegler wrote: > Yes it's running as root. I didn't modified any of the code. I just > passed the new PREFIX to configure. The --prefix that you pass to configure isn't utilized by syncdb.c. Per notes/Setup-instructions for version 1.7b, you have to either use /var/imsp or edit the PREFIX definition in syncdb.c. :wes > --On Sonntag, 1. Juni 2008 14:38 -0400 Wesley Craig > wrote: >> So you modified PREFIX in syncdb.c? From mz at newyorkcity.de Tue Jun 3 02:38:00 2008 From: mz at newyorkcity.de (Martin Ziegler) Date: Tue, 03 Jun 2008 08:38:00 +0200 Subject: IMSP Authentication issue In-Reply-To: <9CABF3C5-9196-4103-B21A-32EF12C7A8F1@umich.edu> References: <8d54b0d96688ad5d340330ec97d59096.squirrel@webmail.bi.corp.invoca.ch> <4E3A0C4F5153C36F98C084FD@martin-zieglers-imac.local> <12E7EFD1F255AA925B099C55@port-83-236-172-52.static.qsc.de> <2EA589CF-200C-45A5-A96C-8A6DDDE360FB@umich.edu> <3B1CF4797128991C4B50C12C@[192.168.0.2]> <9CABF3C5-9196-4103-B21A-32EF12C7A8F1@umich.edu> Message-ID: Wesley, you've got it. A simple ln -s /opt/cyrus/imsp/var/ /var/imsp and eerything is working as it should. Many thanks for your help guys!!! --On June 2, 2008 2:24:32 PM -0400 Wesley Craig wrote: > On 02 Jun 2008, at 02:55, Martin Ziegler wrote: >> Yes it's running as root. I didn't modified any of the code. I just >> passed the new PREFIX to configure. > > The --prefix that you pass to configure isn't utilized by syncdb.c. Per > notes/Setup-instructions for version 1.7b, you have to either use > /var/imsp or edit the PREFIX definition in syncdb.c. > > :wes > >> --On Sonntag, 1. Juni 2008 14:38 -0400 Wesley Craig >> wrote: >>> So you modified PREFIX in syncdb.c? > From mz at newyorkcity.de Tue Jun 3 03:03:40 2008 From: mz at newyorkcity.de (Martin Ziegler) Date: Tue, 03 Jun 2008 09:03:40 +0200 Subject: IMSP Authentication issue In-Reply-To: References: <8d54b0d96688ad5d340330ec97d59096.squirrel@webmail.bi.corp.invoca.ch> <4E3A0C4F5153C36F98C084FD@martin-zieglers-imac.local> <12E7EFD1F255AA925B099C55@port-83-236-172-52.static.qsc.de> <2EA589CF-200C-45A5-A96C-8A6DDDE360FB@umich.edu> <3B1CF4797128991C4B50C12C@[192.168.0.2]> <9CABF3C5-9196-4103-B21A-32EF12C7A8F1@umich.edu> Message-ID: <4874085E3EBBE0398ED62150@port-83-236-172-52.static.qsc.de> One last question. In the meantime is there a working virtdomain patch for IMSP? --On June 3, 2008 8:38:00 AM +0200 Martin Ziegler wrote: > Wesley, you've got it. > > A simple > > ln -s /opt/cyrus/imsp/var/ /var/imsp > > and eerything is working as it should. > > Many thanks for your help guys!!! > > --On June 2, 2008 2:24:32 PM -0400 Wesley Craig wrote: > >> On 02 Jun 2008, at 02:55, Martin Ziegler wrote: >>> Yes it's running as root. I didn't modified any of the code. I just >>> passed the new PREFIX to configure. >> >> The --prefix that you pass to configure isn't utilized by syncdb.c. Per >> notes/Setup-instructions for version 1.7b, you have to either use >> /var/imsp or edit the PREFIX definition in syncdb.c. >> >> :wes >> >>> --On Sonntag, 1. Juni 2008 14:38 -0400 Wesley Craig >>> wrote: >>>> So you modified PREFIX in syncdb.c? >> > From rudi_list at babaluga.com Tue Jun 3 03:10:55 2008 From: rudi_list at babaluga.com (Rudi Bruchez) Date: Tue, 03 Jun 2008 09:10:55 +0200 Subject: breaking into the system through cyrus account ? In-Reply-To: References: <8d54b0d96688ad5d340330ec97d59096.squirrel@webmail.bi.corp.invoca.ch> <4E3A0C4F5153C36F98C084FD@martin-zieglers-imac.local> <12E7EFD1F255AA925B099C55@port-83-236-172-52.static.qsc.de> <2EA589CF-200C-45A5-A96C-8A6DDDE360FB@umich.edu> <3B1CF4797128991C4B50C12C@[192.168.0.2]> <9CABF3C5-9196-4103-B21A-32EF12C7A8F1@umich.edu> Message-ID: <4844EE7F.7030101@babaluga.com> Hello, I'm using Cyrus on a Debian box, with pop3s. I found some time ago that someone was able to place a spamming tool in the /var/spool/cyrus/ directory. I cleaned it and changed all my passwords. All seemed ok. I figured out this week that an IRC bot was at the same place. I changed my passwords again, and upgraded to the last Cyrus Debian package. It looks like the cracker gained root access. I don't have the time and window to reinstall my system. My question would be : have you already heard of such breaks ? The Cyrus account has shell access in passwd. Is it necessary ? Could I put it to /bin/false, and change it when I want to su to it for changing smth ? Thanks ! Rudi From nik at bu.edu Tue Jun 3 06:33:45 2008 From: nik at bu.edu (Nik Conwell) Date: Tue, 3 Jun 2008 06:33:45 -0400 Subject: breaking into the system through cyrus account ? In-Reply-To: <4844EE7F.7030101@babaluga.com> References: <8d54b0d96688ad5d340330ec97d59096.squirrel@webmail.bi.corp.invoca.ch> <4E3A0C4F5153C36F98C084FD@martin-zieglers-imac.local> <12E7EFD1F255AA925B099C55@port-83-236-172-52.static.qsc.de> <2EA589CF-200C-45A5-A96C-8A6DDDE360FB@umich.edu> <3B1CF4797128991C4B50C12C@[192.168.0.2]> <9CABF3C5-9196-4103-B21A-32EF12C7A8F1@umich.edu> <4844EE7F.7030101@babaluga.com> Message-ID: <2C84E793-592F-457A-B560-CE11EB308EA9@bu.edu> On Jun 3, 2008, at 3:10 AM, Rudi Bruchez wrote: > Hello, > > I'm using Cyrus on a Debian box, with pop3s. I found some time ago > that > someone was able to place a spamming tool in the /var/spool/cyrus/ > directory. I cleaned it and changed all my passwords. All seemed ok. Hopefully you are keeping up to date with these security issues with Debian SSL and OpenSSH: http://www.debian.org/security/2008/dsa-1571 http://www.debian.org/security/2008/dsa-1576 > I figured out this week that an IRC bot was at the same place. I > changed > my passwords again, and upgraded to the last Cyrus Debian package. > It looks like the cracker gained root access. I don't have the time > and > window to reinstall my system. My question would be : have you already > heard of such breaks ? > The Cyrus account has shell access in passwd. Is it necessary ? > Could I > put it to /bin/false, and change it when I want to su to it for > changing > smth ? > > Thanks ! > > Rudi > > ---- > Cyrus Home Page: http://cyrusimap.web.cmu.edu/ > Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20080603/1e9ab0a9/attachment.html From Valery.Brasseur at atosorigin.com Wed Jun 4 04:47:55 2008 From: Valery.Brasseur at atosorigin.com (Brasseur Valery) Date: Wed, 4 Jun 2008 10:47:55 +0200 Subject: bug in the proxy module ... Message-ID: Hi, I am using cyrus 2.3.11 in a murder setup... from time to time have got an hang from the pop3 proxyd ... I nail it donw to the following portion of code : in imap/proxy.c near line 266 : if (pout) { const char *err; char buf[4096]; int c; do { c = prot_read(pin, buf, sizeof(buf)); if (c == 0 || c < 0) break; prot_write(pout, buf, c); } while (c == sizeof(buf)); if ((err = prot_error(pin)) != NULL) { from time to time, the prot_read return exactly 4096 bytes, but it's the end of the message... so backend seat and wait for next command, and proxy seat and wait for the next buffer ... forever ! for me it's seems that the condition " c == sizeof(buf)" is not enough in that case. have someone else already encoutered this ? thanks valery Ce message et les pi?ces jointes sont confidentiels et r?serv?s ? l'usage exclusif de ses destinataires. Il peut ?galement ?tre prot?g? par le secret professionnel. Si vous recevez ce message par erreur, merci d'en avertir imm?diatement l'exp?diteur et de le d?truire. L'int?grit? du message ne pouvant ?tre assur?e sur Internet, la responsabilit? du groupe Atos Origin ne pourra ?tre recherch?e quant au contenu de ce message. Bien que les meilleurs efforts soient faits pour maintenir cette transmission exempte de tout virus, l'exp?diteur ne donne aucune garantie ? cet ?gard et sa responsabilit? ne saurait ?tre recherch?e pour tout dommage r?sultant d'un virus transmis. This e-mail and the documents attached are confidential and intended solely for the addressee; it may also be privileged. If you receive this e-mail in error, please notify the sender immediately and destroy it. As its integrity cannot be secured on the Internet, the Atos Origin group liability cannot be triggered for the message content. Although the sender endeavours to maintain a computer virus-free network, the sender does not warrant that this transmission is virus-free and will not be liable for any damages resulting from any virus transmitted. From kae at midnighthax.com Wed Jun 4 06:49:41 2008 From: kae at midnighthax.com (kae at midnighthax.com) Date: Wed, 4 Jun 2008 11:49:41 +0100 Subject: Not all mailboxes listed when migrating to new server In-Reply-To: <20080527183213.5c7b9a19@ws.in.tiger-computing.com> References: <20080527183213.5c7b9a19@ws.in.tiger-computing.com> Message-ID: <20080604104941.GA8694@midnighthax.com> To recap: I am migrating a Cyrus IMAP server to new hardware. To migrate the accounts I did the following on the old server: ctl_mboxlist -d > /tmp/mailboxes.dump ...and on the server: /usr/sbin/ctl_mboxlist -u < /tmp/mailboxes.dump /usr/sbin/cyrreconstruct (This is a Debian system, so the "reconstruct" command has been renamed). Within cyradm, a "lm" lists a number (maybe all) of the shared mailboxes, but only three folders from two users' mailboxes. There are 98 users with a total of 2797 folders, so are large number are not being listed. Using iampsync, I can successfully copya user's mail data from the old to the new system, but that user's mailbox is still not listed with the 'lm' command. Can anyone shed any light on what is happening here? Thanks, Keith Versions: Old server: name : Cyrus IMAPD version : v2.2.10 2004/11/23 17:52:52 vendor : Project Cyrus support-url: http://asg.web.cmu.edu/cyrus os : FreeBSD os-version : 4.11-STABLE environment: Built w/Cyrus SASL 2.1.20 Running w/Cyrus SASL 2.1.20 Built w/Sleepycat Software: Berkeley DB 3.3.11: (July 12, 2001) Running w/Sleepycat Software: Berkeley DB 3.3.11: (July 12, 2001) Built w/OpenSSL 0.9.7d 17 Mar 2004 Running w/OpenSSL 0.9.7d 17 Mar 2004 CMU Sieve 2.2 TCP Wrappers mmap = shared lock = fcntl nonblock = fcntl auth = unix idle = poll New server: name : Cyrus IMAPD version : v2.2.13-Debian-2.2.13-10 2006/11/13 16:17:53 vendor : Project Cyrus support-url: http://asg.web.cmu.edu/cyrus os : Linux os-version : 2.6.18-6-686 environment: Built w/Cyrus SASL 2.1.22 Running w/Cyrus SASL 2.1.22 Built w/Sleepycat Software: Berkeley DB 4.2.52: (December 3, 2003) Running w/Sleepycat Software: Berkeley DB 4.2.52: (December 3, 2003) Built w/OpenSSL 0.9.8c 05 Sep 2006 Running w/OpenSSL 0.9.8c 05 Sep 2006 CMU Sieve 2.2 TCP Wrappers NET-SNMP mmap = shared lock = fcntl nonblock = fcntl idle = poll From wes at umich.edu Wed Jun 4 13:56:59 2008 From: wes at umich.edu (Wesley Craig) Date: Wed, 4 Jun 2008 13:56:59 -0400 Subject: Not all mailboxes listed when migrating to new server In-Reply-To: <20080604104941.GA8694@midnighthax.com> References: <20080527183213.5c7b9a19@ws.in.tiger-computing.com> <20080604104941.GA8694@midnighthax.com> Message-ID: <6C34CCDA-D062-47A9-B397-CFCE5BC3AFC6@umich.edu> On 04 Jun 2008, at 06:49, kae at midnighthax.com wrote: > /usr/sbin/ctl_mboxlist -u < /tmp/mailboxes.dump Before you reconstruct, does ctl_mboxlist -d on the new server list all of the mailboxes that were on the old server? :wes From kae at midnighthax.com Wed Jun 4 16:43:40 2008 From: kae at midnighthax.com (Keith Edmunds) Date: Wed, 4 Jun 2008 21:43:40 +0100 Subject: Not all mailboxes listed when migrating to new server In-Reply-To: <6C34CCDA-D062-47A9-B397-CFCE5BC3AFC6@umich.edu> References: <20080527183213.5c7b9a19@ws.in.tiger-computing.com> <20080604104941.GA8694@midnighthax.com> <6C34CCDA-D062-47A9-B397-CFCE5BC3AFC6@umich.edu> Message-ID: <20080604214340.590cfe62@ws.in.tiger-computing.com> On Wed, 4 Jun 2008 13:56:59 -0400, wes at umich.edu said: > Before you reconstruct, does ctl_mboxlist -d on the new server list > all of the mailboxes that were on the old server? Yes, it does. (Not sure what the implication of that is). Thanks, Keith From wes at umich.edu Wed Jun 4 20:56:50 2008 From: wes at umich.edu (Wesley Craig) Date: Wed, 4 Jun 2008 20:56:50 -0400 Subject: Not all mailboxes listed when migrating to new server In-Reply-To: <20080604214340.590cfe62@ws.in.tiger-computing.com> References: <20080527183213.5c7b9a19@ws.in.tiger-computing.com> <20080604104941.GA8694@midnighthax.com> <6C34CCDA-D062-47A9-B397-CFCE5BC3AFC6@umich.edu> <20080604214340.590cfe62@ws.in.tiger-computing.com> Message-ID: <43922AD9-5394-4221-A866-C7206F984D65@umich.edu> On 04 Jun 2008, at 16:43, Keith Edmunds wrote: > On Wed, 4 Jun 2008 13:56:59 -0400, wes at umich.edu said: >> Before you reconstruct, does ctl_mboxlist -d on the new server list >> all of the mailboxes that were on the old server? > > Yes, it does. Are they there after you reconstruct? > (Not sure what the implication of that is). The question is which tool (if any) is removing them. :wes From kae at midnighthax.com Thu Jun 5 03:07:33 2008 From: kae at midnighthax.com (Keith Edmunds) Date: Thu, 5 Jun 2008 08:07:33 +0100 Subject: Not all mailboxes listed when migrating to new server In-Reply-To: <43922AD9-5394-4221-A866-C7206F984D65@umich.edu> References: <20080527183213.5c7b9a19@ws.in.tiger-computing.com> <20080604104941.GA8694@midnighthax.com> <6C34CCDA-D062-47A9-B397-CFCE5BC3AFC6@umich.edu> <20080604214340.590cfe62@ws.in.tiger-computing.com> <43922AD9-5394-4221-A866-C7206F984D65@umich.edu> Message-ID: <20080605080733.5bb51cdf@ws.in.tiger-computing.com> On Wed, 4 Jun 2008 20:56:50 -0400, wes at umich.edu said: > The question is which tool (if any) is removing them. I don't think any tool is removing them. Even before reconstructing, a "lm" doesn't list all the mailboxes. What I'm trying to achieve is the migration of a Cyrus installation from one server to another. Is there a better way of going about it? Thanks, Keith From list at joreybump.com Thu Jun 5 07:54:10 2008 From: list at joreybump.com (Jorey Bump) Date: Thu, 05 Jun 2008 07:54:10 -0400 Subject: Not all mailboxes listed when migrating to new server In-Reply-To: <20080527183213.5c7b9a19@ws.in.tiger-computing.com> References: <20080527183213.5c7b9a19@ws.in.tiger-computing.com> Message-ID: <4847D3E2.3020703@joreybump.com> Keith Edmunds wrote, at 05/27/2008 01:32 PM: > If I do a 'lam user.xxx' where user.xxx is one of the > accounts not listed, I get 'Mailbox does not exist'. If I > send a mail to that user on the new server and repeat the > 'lam user.xxx', I get a blank line output, suggesting that > the mailbox does now exist but with no acls. The mail sent > to that user can be seen in the filesystem. Have you tried to explicitly create the the mailbox after the fact? cm user.xxx This can be done nondestructively. I remember needing to do this for some mailboxes when I used imapsync to migrate from uw-imap. It's inconvenient, but if you're only talking about a fraction of 98 users, it might be feasible. If you've already migrated your data, you might also consider adding some flags to reconstruct: /usr/sbin/cyrreconstruct -rf My most recent migration was between two similar environments using the same version of Cyrus IMAPd (2.3.11). In that case, I simply copied all data to the new server, identified and removed the following Berkely DB files: /var/imap/deliver.db /var/imap/tls_sessions.db /var/imap/db/* Then I started Cyrus, which rebuilt the missing databases. It worked like a charm, with no need for reconstruct or imapsync. However, I don't know if this is an option for the 2.2.x series. From shwaltz at cabm.rutgers.edu Thu Jun 5 13:45:53 2008 From: shwaltz at cabm.rutgers.edu (Shelley Waltz) Date: Thu, 5 Jun 2008 13:45:53 -0400 (EDT) Subject: lmtpd Internal error: asserstion failed: append.c Message-ID: <39786.192.76.178.13.1212687953.squirrel@webmail.cabm.rutgers.edu> I am running a postfix-cyrus-amavis configuration. This is a new setup and I am testing sending a simple local message. I receive this error in attempting delivery ... (host domain.edu[/var/lib/imap/socket/lmtp] said: 421 4.3.0 lmtpd: Internal error: assertion failed: append.c: 479: stage != NULL && stage->parts[0] != '\0' (in reply to end of DATA command)) What might cause this? From jens.hoffrichter at gmail.com Thu Jun 5 16:03:11 2008 From: jens.hoffrichter at gmail.com (Jens Hoffrichter) Date: Thu, 5 Jun 2008 22:03:11 +0200 Subject: Problems with load balancing cluster on GFS Message-ID: <9b48a1210806051303x238dc845p26d4a3f3f82f9a27@mail.gmail.com> Hello everyone, I hope this is the correct mailing list to post this problem on. I'm seeing some weird behaviour with the pop3 daemon on a GFS HA cluster with load balancing. The general situation is as follows: I have 3 servers here, everyone installed with CentOS 5.1 and the latest RedHat cluster. On every server is a cyrus 2.3.12p2 from the Invoca distribution. he The servers share two common partitions for data storage on an SAN, one 1 GB partition mounted on /var/lib/imap, and one 1.2TB partition mounted on /var/spool/imap. On the /var/lib/imap partition I have set up the following directories so they point to individual directories for each node: backup, proc and socket. The backup directory was made separately because some cron.daily entries locked each other up in the night, rendering the cluster useless. In front of the three backend servers is a load balancer, which balances pop3, imap, lmtp and timsieved on a round robin basis to each node. The load balancer is used (or will be used ;) ) by two perdition servers which connect to the pop or imap port on the LB, which distributes them to a running node. The idea behind this is that we can shut down any node without a notable service interruption, and we only have one backend system instead of several one. We want to migrate away from a murder based setup, so any comments in that direction won't be very useful for me at this stage ;) The problematic behaviour I see at the moment: I have migrated ~100 test mailboxes from the old backend system, and I'm in the process of performing load tests on the new system to get an impression how the performance will be, and if we are on the right track. From the mailboxes around 80 are empty, 10 are medium filled and 10 are filled to the maximum storage, which is about the distribution we will be talking about after putting the system live. The load test is performed with jakarta-jmeter from apache.org, which chooses one of the mailboxes, and performs either a pop-3 or imap login to the backend, using the load balancer. The distribution is roughly that I do 5 pop3 logins for 1 imap login, with a performance about 5 logins/sec. After 30 to 60 seconds into the test, randomly one of the backend servers pop3ds will stop working. It is still accepting connections, but doesn't send a banner anymore. This is recognized by the load balancer as "working" (as the port is still open), but one after another all my connections will hit the malfunctioning server and the test basically stalls. A restart of the cyrus service stops the problem for another 30 - 60 seconds. If I just stop the one offending server, so it won't be used by the LB anymore, the test usually finishes without a problem...... At first I thought that this was a problem related to entropy, but it even persisted after I turned off "allowapop", and unconfigured everything relating to TLS (as SSL/TLS will be handled completely by the perdition, we don't need it) My personal guess is that it is somehow related to the port tests by the load balancer, as normally a connection from the load balancer is the last thing I see in the log of the offending backend server. The port tests are easily distinguishable, as the LB just opens a TCP connection and instantly resets it before it reads any data from the pop3d, not even waiting for a banner. After this happens, there are no more log entries regarding pop3d, or log entries from the master that it spawns new pop3 processes. My second guess was that it is related to locking, but the IMAP server just continues to run fine, and doesn't have a problem. At the moment, I'm running out of ideas where to look, and my knowledge about cyrus debugging is quite limited (never had such a problem before ;) ), so any ideas or points how to debug the problem would be appreciated. Oh yes, I tried to strace the pop3d, and from the pop3d which generates the last log entry normally comes a SIGPIPE, as the end point isn't connected anymore to the pop3d. It looks a bit like master doesn't recognize that there is a problem regarding spawning off new children, and assigns new connections to a dysfunctional pop3d. Any ideas, hints, questions will be greatly appreciated, if information is missing I will provide what I can :) Thanks in advance! Regards, Jens From list at joreybump.com Thu Jun 5 16:49:21 2008 From: list at joreybump.com (Jorey Bump) Date: Thu, 05 Jun 2008 16:49:21 -0400 Subject: Problems with load balancing cluster on GFS In-Reply-To: <9b48a1210806051303x238dc845p26d4a3f3f82f9a27@mail.gmail.com> References: <9b48a1210806051303x238dc845p26d4a3f3f82f9a27@mail.gmail.com> Message-ID: <48485151.6040709@joreybump.com> Jens Hoffrichter wrote, at 06/05/2008 04:03 PM: > At first I thought that this was a problem related to entropy, but it > even persisted after I turned off "allowapop", and unconfigured > everything relating to TLS (as SSL/TLS will be handled completely by > the perdition, we don't need it) To rule it out completely, watch it during your test: watch -n 0 'cat /proc/sys/kernel/random/entropy_avail' It might start blocking when it gets as low as 100 (healthy seems to be above 1000). If you're at the console (not a remote terminal), type on the keyboard to add entropy and see if this helps. If it does, you may have a cyrus-sasl that uses /dev/random (the default). Check the source RPM to verify, and adjust it to use /dev/urandom to stop the blocking. From shwaltz at cabm.rutgers.edu Fri Jun 6 08:51:13 2008 From: shwaltz at cabm.rutgers.edu (Shelley Waltz) Date: Fri, 6 Jun 2008 08:51:13 -0400 (EDT) Subject: lmtpd Internal error: asserstion failed: append.c In-Reply-To: <39786.192.76.178.13.1212687953.squirrel@webmail.cabm.rutgers.edu> References: <39786.192.76.178.13.1212687953.squirrel@webmail.cabm.rutgers.edu> Message-ID: <55973.192.76.178.13.1212756673.squirrel@webmail.cabm.rutgers.edu> Shelley Waltz said: > I am running a postfix-cyrus-amavis configuration. This is a new setup > and I am testing sending a simple local message. I receive this error in > attempting > delivery ... > > (host domain.edu[/var/lib/imap/socket/lmtp] said: 421 4.3.0 lmtpd: > Internal error: assertion failed: append.c: 479: stage != NULL && > stage->parts[0] != '\0' (in reply to end of DATA command)) > > What might cause this? > > ---- > Cyrus Home Page: http://cyrusimap.web.cmu.edu/ > Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html > I am still stumped by this. Here is more information. RHEL5 cyrus-imapd-2.3.7-2.el5 cyrus.conf # standard standalone server implementation START { # do not delete this entry! recover cmd="ctl_cyrusdb -r" # this is only necessary if using idled for IMAP IDLE idled cmd="idled" # replication services - for master server #syncclient cmd="/usr/lib/cyrus-imapd/sync_client -r" listen="csync" } # UNIX sockets start with a slash and are put into /var/lib/imap/sockets SERVICES { # add or remove based on preferences imap cmd="imapd" listen="imap" prefork=5 imaps cmd="imapd -s" listen="imaps" prefork=1 pop3 cmd="pop3d" listen="pop3" prefork=3 pop3s cmd="pop3d -s" listen="pop3s" prefork=1 sieve cmd="timsieved" listen="sieve" prefork=0 # these are only necessary if receiving/exporting usenet via NNTP # nntp cmd="nntpd" listen="nntp" prefork=3 # nntps cmd="nntpd -s" listen="nntps" prefork=1 # at least one LMTP is required for delivery # lmtp cmd="lmtpd" listen="lmtp" prefork=0 lmtpunix cmd="lmtpd" listen="/var/lib/imap/socket/lmtp" prefork=1 # this is only necessary if using notifications # notify cmd="notifyd" listen="/var/lib/imap/socket/notify" proto="udp" prefork=1 # replication services - for replica server #syncserver cmd="/usr/lib/cyrus-imapd/sync_server" listen="csync" } EVENTS { # this is required checkpoint cmd="ctl_cyrusdb -c" period=30 # this is only necessary if using duplicate delivery suppression, # Sieve or NNTP delprune cmd="cyr_expire -E 3" at=0400 # this is only necessary if caching TLS sessions tlsprune cmd="tls_prune" at=0400 } imapd.conf configdirectory: /var/lib/imap partition-default: /var/spool/imap quotawarn: 75 admins: cyrus cyrusadmin sievedir: /var/lib/imap/sieve sieve_maxscriptsize: 64 sendmail: /usr/sbin/sendmail hashimapspool: true allowplaintext: 1 sasl_pwcheck_method: saslauthd sasl_mech_list: PLAIN LOGIN allowapop: 0 autocreatequota: 250000 autocreateinboxfolders: Sent|Trash|AAA-Spam|AAA-Virus autosubscribeinboxfolders: Sent|Trash|AAA-Spam|AAA-Virus autosubscribesharedfolders: Report-SPAM|Report-NOTSPAM #autocreate_sieve_script: #autocreate_sieve_compiledscript: #generate_compiled_sieve_script: 0 #sync_machineid: 1 sync_authname: replica sync_log: 1 sync_host: replica.domain.edu sync_repeat_interval: 5 sync_password: xxxxxxx tls_cert_file: /etc/pki/tls/certs/imapdcert.pem tls_key_file: /etc/pki/tls/certs/imapdkey.pem tls_ca_file: /etc/pki/tls/certs/ca-bundle.crt annotation_db: skiplist duplicate_db: skiplist mboxkey_db: skiplist mboxlist_db: skiplist ptscache_db: skiplist quota_db: quotalegacy seenstate_db: skiplist subscription_db: flat tlscache_db: skiplist postfix/main.cf debug_peer_list = 127.0.0.1 a.b.c.d/24 alias_database = hash:/etc/postfix/aliases alias_maps = hash:/etc/postfix/aliases mailbox_transport = lmtp:unix:/var/lib/imap/socket/lmtp # myhostname = master.domain.edu mydomain = domain.edu myorigin = $mydomain mydestination = $myhostname, localhost.$mydomain, $mydomain mynetworks = a.b.c.d/24 127.0.0.0/8 masquerade_domains = domain.edu local_recipient_maps = $alias_maps local_transport = local queue_minfree = 75000000 message_size_limit = 50000000 content_filter = smtp-amavis:[127.0.0.1]:10024 max_use = 10 # sasl auth config broken_sasl_auth_clients = yes smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous smtpd_sasl_tls_security_options = $smtpd_sasl_security_options smtpd_sasl_local_domain = # smtp restrictions to prevent UCE smtpd_delay_reject = yes smtpd_helo_required = yes disable_vrfy_command = yes smtpd_client_restrictions = check_client_access hash:/etc/postfix/access, permit smtpd_helo_restrictions = permit_mynetworks, reject_invalid_hostname, check_helo_access hash:/etc/postfix/helo_access, permit smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, reject_rbl_client zen.spamhaus.org, reject_rbl_client bl.spamcop.net, reject_rbl_client psbl.surriel.com, permit notify_classes = bounce, policy, protocol, resource, software # tls for smtp auth and relaying # Opportunistic TLS - TLS tried first, but otherwise delivery continues using clear # smtpd_use_tls = yes !deprecated, use next line smtpd_tls_security_level = may smtpd_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt smtpd_tls_cert_file = /etc/pki/tls/certs/smtpdcert.pem smtpd_tls_key_file = /etc/pki/tls/certs/smtpdkey.pem smtpd_tls_loglevel = 2 smtpd_tls_received_header = yes smtpd_tls_session_cache_database = btree:/etc/postfix/smtpd.scache smtpd_tls_session_cache_timeout = 3600s tls_random_source = dev:/dev/urandom postfix/master.cf smtp inet n - n - - smtpd 81 inet n - n - - smtpd -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject -v #submission inet n - n - - smtpd # -o smtpd_enforce_tls=yes # -o smtpd_sasl_auth_enable=yes # -o smtpd_client_restrictions=permit_sasl_authenticated,reject #smtps inet n - n - - smtpd # -o smtpd_tls_wrappermode=yes # -o smtpd_sasl_auth_enable=yes # -o smtpd_client_restrictions=permit_sasl_authenticated,reject #628 inet n - n - - qmqpd pickup fifo n - n 60 1 pickup cleanup unix n - n - 0 cleanup qmgr fifo n - n 300 1 qmgr #qmgr fifo n - n 300 1 oqmgr tlsmgr unix - - n 1000? 1 tlsmgr rewrite unix - - n - - trivial-rewrite bounce unix - - n - 0 bounce defer unix - - n - 0 bounce trace unix - - n - 0 bounce verify unix - - n - 1 verify flush unix n - n 1000? 0 flush proxymap unix - - n - - proxymap smtp unix - - n - - smtp # When relaying mail as backup MX, disable fallback_relay to avoid MX loops relay unix - - n - - smtp -o fallback_relay= # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5 showq unix n - n - - showq error unix - - n - - error discard unix - - n - - discard local unix - n n - - local virtual unix - n n - - virtual lmtp unix - - n - - lmtp anvil unix - - n - 1 anvil scache unix - - n - 1 scache # # ==================================================================== # Interfaces to non-Postfix software. Be sure to examine the manual # pages of the non-Postfix software to find out what options it wants. # # Many of the following services use the Postfix pipe(8) delivery # agent. See the pipe(8) man page for information about ${recipient} # and other message envelope options. # ==================================================================== # # Amavisd-new Mail/Virus Scanning daemon smtp-amavis unix - - n - 4 lmtp -o lmtp_data_done_timeout=1200 -o lmtp_send_xforward_command=yes -o disable_dns_lookups=yes -o max_use=20 127.0.0.1:10025 inet n - n - - smtpd -o content_filter= -o smtpd_delay_reject=no -o smtpd_client_restrictions=permit_mynetworks,reject -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o smtpd_data_restrictions=reject_unauth_pipelining -o smtpd_end_of_data_restrictions= -o smtpd_restriction_classes= -o mynetworks=127.0.0.0/8 -o smtpd_error_sleep_time=0 -o smtpd_soft_error_limit=1001 -o smtpd_hard_error_limit=1000 -o smtpd_client_connection_count_limit=0 -o smtpd_client_connection_rate_limit=0 -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters -o local_header_rewrite_clients= # # maildrop. See the Postfix MAILDROP_README file for details. # Also specify in main.cf: maildrop_destination_recipient_limit=1 # maildrop unix - n n - - pipe flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient} # # The Cyrus deliver program has changed incompatibly, multiple times. # old-cyrus unix - n n - - pipe flags=R user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -m ${extension} ${user} # Cyrus 2.1.5 (Amos Gouaux) # Also specify in main.cf: cyrus_destination_recipient_limit=1 cyrus unix - n n - - pipe user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m ${extension} ${user} # # See the Postfix UUCP_README file for configuration details. # uucp unix - n n - - pipe flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) # # Other external delivery methods. # ifmail unix - n n - - pipe flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) bsmtp unix - n n - - pipe flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient Any suggestions on causes for the lmtp error are appreciated. S From jens.hoffrichter at gmail.com Fri Jun 6 09:46:54 2008 From: jens.hoffrichter at gmail.com (Jens Hoffrichter) Date: Fri, 6 Jun 2008 15:46:54 +0200 Subject: Problems with load balancing cluster on GFS In-Reply-To: <48485151.6040709@joreybump.com> References: <9b48a1210806051303x238dc845p26d4a3f3f82f9a27@mail.gmail.com> <48485151.6040709@joreybump.com> Message-ID: <9b48a1210806060646y41236851jb2024d54e233c5b3@mail.gmail.com> Hello Jorey 2008/6/5 Jorey Bump : >> At first I thought that this was a problem related to entropy, but it >> even persisted after I turned off "allowapop", and unconfigured >> everything relating to TLS (as SSL/TLS will be handled completely by >> the perdition, we don't need it) > > To rule it out completely, watch it during your test: > > watch -n 0 'cat /proc/sys/kernel/random/entropy_avail' > > It might start blocking when it gets as low as 100 (healthy seems to be > above 1000). If you're at the console (not a remote terminal), type on the > keyboard to add entropy and see if this helps. If it does, you may have a > cyrus-sasl that uses /dev/random (the default). Check the source RPM to > verify, and adjust it to use /dev/urandom to stop the blocking. Thanks for that hint, I didn't know that you could monitor available entropy that way, that is very useful to know :) But it doesn't seem to be related to entropy. Though on one of the nodes entropy is usually quite low (between 100 and 300), it never drops below the 100 mark, and when running a load test, that node and another failed, and on the one failing was more than 3000 entropy available. To rule it out completely I started rngd on all the nodes, feeding from /dev/urandom (I know, not perfect, but better than nothing ;) ), but that didn't change anything. And I checked the compilation settings for my cyrus-sasl package, it already takes /dev/urandom as entropy source. So I think I can rule it out mostly.... But thanks for the input. Regards, Jens From list at joreybump.com Fri Jun 6 10:20:27 2008 From: list at joreybump.com (Jorey Bump) Date: Fri, 06 Jun 2008 10:20:27 -0400 Subject: Problems with load balancing cluster on GFS In-Reply-To: <9b48a1210806060646y41236851jb2024d54e233c5b3@mail.gmail.com> References: <9b48a1210806051303x238dc845p26d4a3f3f82f9a27@mail.gmail.com> <48485151.6040709@joreybump.com> <9b48a1210806060646y41236851jb2024d54e233c5b3@mail.gmail.com> Message-ID: <484947AB.3040300@joreybump.com> Jens Hoffrichter wrote, at 06/06/2008 09:46 AM: > But it doesn't seem to be related to entropy. Though on one of the > nodes entropy is usually quite low (between 100 and 300), it never > drops below the 100 mark, and when running a load test, that node and > another failed, and on the one failing was more than 3000 entropy > available. > > To rule it out completely I started rngd on all the nodes, feeding > from /dev/urandom (I know, not perfect, but better than nothing ;) ), > but that didn't change anything. And I checked the compilation > settings for my cyrus-sasl package, it already takes /dev/urandom as > entropy source. So I think I can rule it out mostly.... Yeah, it shouldn't lock with urandom. You might want to play around with poptimeout and popminpoll, to see if that has any effect on your load balancing test. Is jakarta-jmeter distributing these logins among enough different users to simulate real-world conditions? What do your imap/debug logs say when the lockup occurs? While I support POP3, I encourage all of my users to use IMAP, so I don't have many problems with pop3d (except for brute force attacks, which I solved by increasing sasl_minimum_layer, but that won't help you here). From aspineux at gmail.com Fri Jun 6 11:02:32 2008 From: aspineux at gmail.com (Alain Spineux) Date: Fri, 6 Jun 2008 17:02:32 +0200 Subject: lmtpd Internal error: asserstion failed: append.c In-Reply-To: <55973.192.76.178.13.1212756673.squirrel@webmail.cabm.rutgers.edu> References: <39786.192.76.178.13.1212687953.squirrel@webmail.cabm.rutgers.edu> <55973.192.76.178.13.1212756673.squirrel@webmail.cabm.rutgers.edu> Message-ID: <71fe4e760806060802p1ce5ed0eicfecd27a454a7296@mail.gmail.com> On Fri, Jun 6, 2008 at 2:51 PM, Shelley Waltz wrote: > > Shelley Waltz said: >> I am running a postfix-cyrus-amavis configuration. This is a new setup >> and I am testing sending a simple local message. I receive this error in >> attempting >> delivery ... >> >> (host domain.edu[/var/lib/imap/socket/lmtp] said: 421 4.3.0 lmtpd: >> Internal error: assertion failed: append.c: 479: stage != NULL && >> stage->parts[0] != '\0' (in reply to end of DATA command)) >> >> What might cause this? >> >> ---- >> Cyrus Home Page: http://cyrusimap.web.cmu.edu/ >> Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki >> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html >> > I am still stumped by this. Here is more information. > > RHEL5 cyrus-imapd-2.3.7-2.el5 A real Redhat ? Then you should have support and should ask them ! Is it a random or recurrent problem ? Is it a 64bit OS ? Can you try to send the same email to two of _YOUR_ user As workaround, you coul try this : - Can you try to add this is imapd.conf singleinstancestore: 0 - as last resort you could try to replace mailbox_transport = lmtp:unix:/var/lib/imap/socket/lmtp by local_transport = lmtp:unix:/var/lib/imap/socket/lmtp > cyrus.conf > > # standard standalone server implementation > > START { > # do not delete this entry! > recover cmd="ctl_cyrusdb -r" > > # this is only necessary if using idled for IMAP IDLE > idled cmd="idled" > > # replication services - for master server > #syncclient cmd="/usr/lib/cyrus-imapd/sync_client -r" listen="csync" > } > > # UNIX sockets start with a slash and are put into /var/lib/imap/sockets > SERVICES { > # add or remove based on preferences > imap cmd="imapd" listen="imap" prefork=5 > imaps cmd="imapd -s" listen="imaps" prefork=1 > pop3 cmd="pop3d" listen="pop3" prefork=3 > pop3s cmd="pop3d -s" listen="pop3s" prefork=1 > sieve cmd="timsieved" listen="sieve" prefork=0 > > # these are only necessary if receiving/exporting usenet via NNTP > # nntp cmd="nntpd" listen="nntp" prefork=3 > # nntps cmd="nntpd -s" listen="nntps" prefork=1 > > # at least one LMTP is required for delivery > # lmtp cmd="lmtpd" listen="lmtp" prefork=0 > lmtpunix cmd="lmtpd" listen="/var/lib/imap/socket/lmtp" prefork=1 > > # this is only necessary if using notifications > # notify cmd="notifyd" listen="/var/lib/imap/socket/notify" > proto="udp" > prefork=1 > > # replication services - for replica server > #syncserver cmd="/usr/lib/cyrus-imapd/sync_server" listen="csync" > } > > EVENTS { > # this is required > checkpoint cmd="ctl_cyrusdb -c" period=30 > > # this is only necessary if using duplicate delivery suppression, > # Sieve or NNTP > delprune cmd="cyr_expire -E 3" at=0400 > > # this is only necessary if caching TLS sessions > tlsprune cmd="tls_prune" at=0400 > } > > > imapd.conf > configdirectory: /var/lib/imap > partition-default: /var/spool/imap > quotawarn: 75 > admins: cyrus cyrusadmin > sievedir: /var/lib/imap/sieve > sieve_maxscriptsize: 64 > sendmail: /usr/sbin/sendmail > hashimapspool: true > allowplaintext: 1 > sasl_pwcheck_method: saslauthd > sasl_mech_list: PLAIN LOGIN > allowapop: 0 > autocreatequota: 250000 > autocreateinboxfolders: Sent|Trash|AAA-Spam|AAA-Virus > autosubscribeinboxfolders: Sent|Trash|AAA-Spam|AAA-Virus > autosubscribesharedfolders: Report-SPAM|Report-NOTSPAM > #autocreate_sieve_script: > #autocreate_sieve_compiledscript: > #generate_compiled_sieve_script: 0 > #sync_machineid: 1 > sync_authname: replica > sync_log: 1 > sync_host: replica.domain.edu > sync_repeat_interval: 5 > sync_password: xxxxxxx > tls_cert_file: /etc/pki/tls/certs/imapdcert.pem > tls_key_file: /etc/pki/tls/certs/imapdkey.pem > tls_ca_file: /etc/pki/tls/certs/ca-bundle.crt > annotation_db: skiplist > duplicate_db: skiplist > mboxkey_db: skiplist > mboxlist_db: skiplist > ptscache_db: skiplist > quota_db: quotalegacy > seenstate_db: skiplist > subscription_db: flat > tlscache_db: skiplist > > > postfix/main.cf > > debug_peer_list = 127.0.0.1 a.b.c.d/24 > alias_database = hash:/etc/postfix/aliases > alias_maps = hash:/etc/postfix/aliases > mailbox_transport = lmtp:unix:/var/lib/imap/socket/lmtp > # > myhostname = master.domain.edu > mydomain = domain.edu > myorigin = $mydomain > mydestination = $myhostname, localhost.$mydomain, $mydomain > mynetworks = a.b.c.d/24 127.0.0.0/8 > masquerade_domains = domain.edu > local_recipient_maps = $alias_maps > local_transport = local > queue_minfree = 75000000 > message_size_limit = 50000000 > content_filter = smtp-amavis:[127.0.0.1]:10024 > max_use = 10 > # sasl auth config > broken_sasl_auth_clients = yes > smtpd_sasl_auth_enable = yes > smtpd_sasl_security_options = noanonymous > smtpd_sasl_tls_security_options = $smtpd_sasl_security_options > smtpd_sasl_local_domain = > # smtp restrictions to prevent UCE > smtpd_delay_reject = yes > smtpd_helo_required = yes > disable_vrfy_command = yes > smtpd_client_restrictions = > check_client_access hash:/etc/postfix/access, > permit > smtpd_helo_restrictions = > permit_mynetworks, > reject_invalid_hostname, > check_helo_access hash:/etc/postfix/helo_access, > permit > smtpd_recipient_restrictions = > permit_sasl_authenticated, > permit_mynetworks, > reject_unauth_destination, > reject_rbl_client zen.spamhaus.org, > reject_rbl_client bl.spamcop.net, > reject_rbl_client psbl.surriel.com, > permit > notify_classes = bounce, policy, protocol, resource, software > # tls for smtp auth and relaying > # Opportunistic TLS - TLS tried first, but otherwise delivery continues > using clear > # smtpd_use_tls = yes !deprecated, use next line > smtpd_tls_security_level = may > smtpd_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt > smtpd_tls_cert_file = /etc/pki/tls/certs/smtpdcert.pem > smtpd_tls_key_file = /etc/pki/tls/certs/smtpdkey.pem > smtpd_tls_loglevel = 2 > smtpd_tls_received_header = yes > smtpd_tls_session_cache_database = btree:/etc/postfix/smtpd.scache > smtpd_tls_session_cache_timeout = 3600s > tls_random_source = dev:/dev/urandom > > postfix/master.cf > > smtp inet n - n - - smtpd > 81 inet n - n - - smtpd > -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject -v > #submission inet n - n - - smtpd > # -o smtpd_enforce_tls=yes > # -o smtpd_sasl_auth_enable=yes > # -o smtpd_client_restrictions=permit_sasl_authenticated,reject > #smtps inet n - n - - smtpd > # -o smtpd_tls_wrappermode=yes > # -o smtpd_sasl_auth_enable=yes > # -o smtpd_client_restrictions=permit_sasl_authenticated,reject > #628 inet n - n - - qmqpd > pickup fifo n - n 60 1 pickup > cleanup unix n - n - 0 cleanup > qmgr fifo n - n 300 1 qmgr > #qmgr fifo n - n 300 1 oqmgr > tlsmgr unix - - n 1000? 1 tlsmgr > rewrite unix - - n - - trivial-rewrite > bounce unix - - n - 0 bounce > defer unix - - n - 0 bounce > trace unix - - n - 0 bounce > verify unix - - n - 1 verify > flush unix n - n 1000? 0 flush > proxymap unix - - n - - proxymap > smtp unix - - n - - smtp > # When relaying mail as backup MX, disable fallback_relay to avoid MX loops > relay unix - - n - - smtp > -o fallback_relay= > # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5 > showq unix n - n - - showq > error unix - - n - - error > discard unix - - n - - discard > local unix - n n - - local > virtual unix - n n - - virtual > lmtp unix - - n - - lmtp > anvil unix - - n - 1 anvil > scache unix - - n - 1 > scache > # > # ==================================================================== > # Interfaces to non-Postfix software. Be sure to examine the manual > # pages of the non-Postfix software to find out what options it wants. > # > # Many of the following services use the Postfix pipe(8) delivery > # agent. See the pipe(8) man page for information about ${recipient} > # and other message envelope options. > # ==================================================================== > # > # Amavisd-new Mail/Virus Scanning daemon > smtp-amavis unix - - n - 4 lmtp > -o lmtp_data_done_timeout=1200 > -o lmtp_send_xforward_command=yes > -o disable_dns_lookups=yes > -o max_use=20 > > 127.0.0.1:10025 inet n - n - - smtpd > -o content_filter= > -o smtpd_delay_reject=no > -o smtpd_client_restrictions=permit_mynetworks,reject > -o smtpd_helo_restrictions= > -o smtpd_sender_restrictions= > -o smtpd_recipient_restrictions=permit_mynetworks,reject > -o smtpd_data_restrictions=reject_unauth_pipelining > -o smtpd_end_of_data_restrictions= > -o smtpd_restriction_classes= > -o mynetworks=127.0.0.0/8 > -o smtpd_error_sleep_time=0 > -o smtpd_soft_error_limit=1001 > -o smtpd_hard_error_limit=1000 > -o smtpd_client_connection_count_limit=0 > -o smtpd_client_connection_rate_limit=0 > -o > receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters > -o local_header_rewrite_clients= > # > # maildrop. See the Postfix MAILDROP_README file for details. > # Also specify in main.cf: maildrop_destination_recipient_limit=1 > # > maildrop unix - n n - - pipe > flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient} > # > # The Cyrus deliver program has changed incompatibly, multiple times. > # > old-cyrus unix - n n - - pipe > flags=R user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -m ${extension} > ${user} > # Cyrus 2.1.5 (Amos Gouaux) > # Also specify in main.cf: cyrus_destination_recipient_limit=1 > cyrus unix - n n - - pipe > user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m > ${extension} ${user} > # > # See the Postfix UUCP_README file for configuration details. > # > uucp unix - n n - - pipe > flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail > ($recipient) > # > # Other external delivery methods. > # > ifmail unix - n n - - pipe > flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) > bsmtp unix - n n - - pipe > flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop > $recipient > > > Any suggestions on causes for the lmtp error are appreciated. > S > > ---- > Cyrus Home Page: http://cyrusimap.web.cmu.edu/ > Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html > -- Alain Spineux aspineux gmail com May the sources be with you From klaus.steinberger at physik.uni-muenchen.de Fri Jun 6 11:38:27 2008 From: klaus.steinberger at physik.uni-muenchen.de (Klaus Steinberger) Date: Fri, 06 Jun 2008 17:38:27 +0200 Subject: Problems with load balancing cluster on GFS In-Reply-To: References: Message-ID: <20080606173827.14785rlsvbbvtxk4@testwebmail.physik.uni-muenchen.de> > I'm seeing some weird behaviour with the pop3 daemon on a GFS HA > cluster with load balancing. I would not advise running cyrus-imapd on top of GFS. GFS is even with the best tuning possible very slow regarding small files (the typical load type of a cyrus-imapd). GFS runs into heavy locking with that type of load. So don't do it. What I'm currently doing: I run on top of a RH Cluster (using Scientific Linux) virtual machines with XEN. rgmanager handles very well the failover of XEN instances. So I just run one VM with a cyrus-imapd. (this cluster handles all of my DMZ servers, e.g. it runs VM's for static webpages, typo3 and so on, currently around 15 VM's). The cluster is a 3 node setup with an SAN Storage. A Logical Volume is exported to the XEN VM, inside this Volume i create again a Volume Group. A Logical Volume is created for /var/spool/imap, which is formated just as ext3. There is no cluster locking necessary as just one virtual machine accesses this Volume. As the Volume Group is inside the VM, I can use Snapshots also (not possible on clvm). Current size of my Imap Server is 2500 users and currently 250 GByte of Mailboxes used (growing and growing). I don't see how to avoid a murder setup if you need more than one machine running cyrus-imapd in parallel. Sincerly, Klaus ---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 3373 bytes Desc: S/MIME krytographische Unterschrift Url : http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20080606/baf85d48/attachment.bin From jens.hoffrichter at gmail.com Fri Jun 6 12:01:46 2008 From: jens.hoffrichter at gmail.com (Jens Hoffrichter) Date: Fri, 6 Jun 2008 18:01:46 +0200 Subject: Problems with load balancing cluster on GFS In-Reply-To: <484947AB.3040300@joreybump.com> References: <9b48a1210806051303x238dc845p26d4a3f3f82f9a27@mail.gmail.com> <48485151.6040709@joreybump.com> <9b48a1210806060646y41236851jb2024d54e233c5b3@mail.gmail.com> <484947AB.3040300@joreybump.com> Message-ID: <9b48a1210806060901s5f5e597dj41c0c9f15c47501c@mail.gmail.com> Hello, 2008/6/6 Jorey Bump : > Yeah, it shouldn't lock with urandom. You might want to play around with > poptimeout and popminpoll, to see if that has any effect on your load > balancing test. Is jakarta-jmeter distributing these logins among enough > different users to simulate real-world conditions? What do your imap/debug > logs say when the lockup occurs? Yes, I have configured jmeter to use all those 100 mailbox users in a round robin fashion, so this should be close to a real world setup. The log simply stops saying anything, especially about pop3 connections. But I think I have solved the current problem: The problem appears to be related to the Berkeley DB environment in /var/lib/imap/db . Although I don't use that format, as all of the databases are configured using skiplist, cyrus still initializes the environment on every connection. And if some other process has locked the database, it does a futex call on the mmap region, and goes to sleep. The problem seems to be that with using GFS, it doesn't get a signal that the database is unlocked, and stays sleeping forever. I discovered this today when I systematically strace'd (with strace -p, which apparently sends some kind of signal to the process) all pop3d processes on one of the hanging machines, and suddenly everything started to work again, including the hanging note. A closer examination told me that it then does the futex call again, unlocks that and just continues. My solution for this is now that I disabled bdb while compiling, and everything works like a charm now, though the performance is not yet there where I expected it to be. But I'm not sure if that is my loadbalancing test or the cluster config :) > While I support POP3, I encourage all of my users to use IMAP, so I don't > have many problems with pop3d (except for brute force attacks, which I > solved by increasing sasl_minimum_layer, but that won't help you here). Not an option here, the customer I'm building the cluster for supports only POP3 to the outside, and IMAP only for the internal webmail app. So POP3 HAS to run ;) Regards, Jens From jens.hoffrichter at gmail.com Fri Jun 6 12:10:23 2008 From: jens.hoffrichter at gmail.com (Jens Hoffrichter) Date: Fri, 6 Jun 2008 18:10:23 +0200 Subject: Problems with load balancing cluster on GFS In-Reply-To: <20080606173827.14785rlsvbbvtxk4@testwebmail.physik.uni-muenchen.de> References: <20080606173827.14785rlsvbbvtxk4@testwebmail.physik.uni-muenchen.de> Message-ID: <9b48a1210806060910r55c7066au7d4a8407e5bc78ef@mail.gmail.com> Hallo Klaus, 2008/6/6 Klaus Steinberger : >> I'm seeing some weird behaviour with the pop3 daemon on a GFS HA >> cluster with load balancing. > > I would not advise running cyrus-imapd on top of GFS. GFS is even with the > best tuning possible very slow regarding small files (the typical load type > of a cyrus-imapd). GFS runs into heavy locking with that type of load. So > don't do it. Thanks for the advice, but currently I am tied to that setup, due that we are operating on a schedule, and are nearly going live with that. And I just can't afford to redo everything at the moment. But I will monitor performance very closely, will have a fallback plan if it just doesn't do what I expect it to do, and I will start with a low load on it. If you guys are interested in that setup, I will keep you updated how the things progress :) > Current size of my Imap Server is 2500 users and currently 250 GByte of > Mailboxes used (growing and growing). Well, we will be talking about something in the range of above 50k mailboxes, so a single machine is just out of question. And some sort of standby will be needed. I didn't do the concept for this system, though, I'm just the one who has to implement it ;) > I don't see how to avoid a murder setup if you need more than one machine > running cyrus-imapd in parallel. Well, there are other possibilities I have seen, especially together with perdition and an LDAP server (which we have here anyways). But that is more in the region of an active-passive setup instead of an active-active setup. And I must admit that I don't know murder that well, only that it logs very little into the logfiles when delivering a mail ;) I don't think I can easily go away from the current setup I'm working on, but I will monitor it very closely. As I said in the other mail, I have solved the problem I had, but the performance is behind my expectations. So I will need to do some more testing to confirm if I can go live with that cluster. Regards, Jens From shwaltz at cabm.rutgers.edu Fri Jun 6 12:12:00 2008 From: shwaltz at cabm.rutgers.edu (Shelley Waltz) Date: Fri, 6 Jun 2008 12:12:00 -0400 (EDT) Subject: lmtpd Internal error: asserstion failed: append.c In-Reply-To: <71fe4e760806060802p1ce5ed0eicfecd27a454a7296@mail.gmail.com> References: <39786.192.76.178.13.1212687953.squirrel@webmail.cabm.rutgers.edu> <55973.192.76.178.13.1212756673.squirrel@webmail.cabm.rutgers.edu> <71fe4e760806060802p1ce5ed0eicfecd27a454a7296@mail.gmail.com> Message-ID: <42924.192.76.178.13.1212768720.squirrel@webmail.cabm.rutgers.edu> After further debugging, I discovered that /var/spool/imap/stage. and /var/spool/imap/sync. were owned by root.root rather than cyrus.mail I am puzzled by how this could be, but once I changed the ownership, it worked fine. Thanks much for the help. S Alain Spineux said: > On Fri, Jun 6, 2008 at 2:51 PM, Shelley Waltz > wrote: >> >> Shelley Waltz said: >>> I am running a postfix-cyrus-amavis configuration. This is a new setup >>> and I am testing sending a simple local message. I receive this error >>> in >>> attempting >>> delivery ... >>> >>> (host domain.edu[/var/lib/imap/socket/lmtp] said: 421 4.3.0 lmtpd: >>> Internal error: assertion failed: append.c: 479: stage != NULL && >>> stage->parts[0] != '\0' (in reply to end of DATA command)) >>> >>> What might cause this? >>> >>> ---- >>> Cyrus Home Page: http://cyrusimap.web.cmu.edu/ >>> Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki >>> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html >>> >> I am still stumped by this. Here is more information. >> >> RHEL5 cyrus-imapd-2.3.7-2.el5 > > A real Redhat ? Then you should have support and should ask them ! > > Is it a random or recurrent problem ? > Is it a 64bit OS ? > Can you try to send the same email to two of _YOUR_ user > > As workaround, you coul try this : > > - Can you try to add this is imapd.conf > > singleinstancestore: 0 > > - as last resort you could try to replace > > mailbox_transport = lmtp:unix:/var/lib/imap/socket/lmtp > by > local_transport = lmtp:unix:/var/lib/imap/socket/lmtp > > > >> cyrus.conf >> >> # standard standalone server implementation >> >> START { >> # do not delete this entry! >> recover cmd="ctl_cyrusdb -r" >> >> # this is only necessary if using idled for IMAP IDLE >> idled cmd="idled" >> >> # replication services - for master server >> #syncclient cmd="/usr/lib/cyrus-imapd/sync_client -r" listen="csync" >> } >> >> # UNIX sockets start with a slash and are put into /var/lib/imap/sockets >> SERVICES { >> # add or remove based on preferences >> imap cmd="imapd" listen="imap" prefork=5 >> imaps cmd="imapd -s" listen="imaps" prefork=1 >> pop3 cmd="pop3d" listen="pop3" prefork=3 >> pop3s cmd="pop3d -s" listen="pop3s" prefork=1 >> sieve cmd="timsieved" listen="sieve" prefork=0 >> >> # these are only necessary if receiving/exporting usenet via NNTP >> # nntp cmd="nntpd" listen="nntp" prefork=3 >> # nntps cmd="nntpd -s" listen="nntps" prefork=1 >> >> # at least one LMTP is required for delivery >> # lmtp cmd="lmtpd" listen="lmtp" prefork=0 >> lmtpunix cmd="lmtpd" listen="/var/lib/imap/socket/lmtp" >> prefork=1 >> >> # this is only necessary if using notifications >> # notify cmd="notifyd" listen="/var/lib/imap/socket/notify" >> proto="udp" >> prefork=1 >> >> # replication services - for replica server >> #syncserver cmd="/usr/lib/cyrus-imapd/sync_server" listen="csync" >> } >> >> EVENTS { >> # this is required >> checkpoint cmd="ctl_cyrusdb -c" period=30 >> >> # this is only necessary if using duplicate delivery suppression, >> # Sieve or NNTP >> delprune cmd="cyr_expire -E 3" at=0400 >> >> # this is only necessary if caching TLS sessions >> tlsprune cmd="tls_prune" at=0400 >> } >> >> >> imapd.conf >> configdirectory: /var/lib/imap >> partition-default: /var/spool/imap >> quotawarn: 75 >> admins: cyrus cyrusadmin >> sievedir: /var/lib/imap/sieve >> sieve_maxscriptsize: 64 >> sendmail: /usr/sbin/sendmail >> hashimapspool: true >> allowplaintext: 1 >> sasl_pwcheck_method: saslauthd >> sasl_mech_list: PLAIN LOGIN >> allowapop: 0 >> autocreatequota: 250000 >> autocreateinboxfolders: Sent|Trash|AAA-Spam|AAA-Virus >> autosubscribeinboxfolders: Sent|Trash|AAA-Spam|AAA-Virus >> autosubscribesharedfolders: Report-SPAM|Report-NOTSPAM >> #autocreate_sieve_script: >> #autocreate_sieve_compiledscript: >> #generate_compiled_sieve_script: 0 >> #sync_machineid: 1 >> sync_authname: replica >> sync_log: 1 >> sync_host: replica.domain.edu >> sync_repeat_interval: 5 >> sync_password: xxxxxxx >> tls_cert_file: /etc/pki/tls/certs/imapdcert.pem >> tls_key_file: /etc/pki/tls/certs/imapdkey.pem >> tls_ca_file: /etc/pki/tls/certs/ca-bundle.crt >> annotation_db: skiplist >> duplicate_db: skiplist >> mboxkey_db: skiplist >> mboxlist_db: skiplist >> ptscache_db: skiplist >> quota_db: quotalegacy >> seenstate_db: skiplist >> subscription_db: flat >> tlscache_db: skiplist >> >> >> postfix/main.cf >> >> debug_peer_list = 127.0.0.1 a.b.c.d/24 >> alias_database = hash:/etc/postfix/aliases >> alias_maps = hash:/etc/postfix/aliases >> mailbox_transport = lmtp:unix:/var/lib/imap/socket/lmtp >> # >> myhostname = master.domain.edu >> mydomain = domain.edu >> myorigin = $mydomain >> mydestination = $myhostname, localhost.$mydomain, $mydomain >> mynetworks = a.b.c.d/24 127.0.0.0/8 >> masquerade_domains = domain.edu >> local_recipient_maps = $alias_maps >> local_transport = local >> queue_minfree = 75000000 >> message_size_limit = 50000000 >> content_filter = smtp-amavis:[127.0.0.1]:10024 >> max_use = 10 >> # sasl auth config >> broken_sasl_auth_clients = yes >> smtpd_sasl_auth_enable = yes >> smtpd_sasl_security_options = noanonymous >> smtpd_sasl_tls_security_options = $smtpd_sasl_security_options >> smtpd_sasl_local_domain = >> # smtp restrictions to prevent UCE >> smtpd_delay_reject = yes >> smtpd_helo_required = yes >> disable_vrfy_command = yes >> smtpd_client_restrictions = >> check_client_access hash:/etc/postfix/access, >> permit >> smtpd_helo_restrictions = >> permit_mynetworks, >> reject_invalid_hostname, >> check_helo_access hash:/etc/postfix/helo_access, >> permit >> smtpd_recipient_restrictions = >> permit_sasl_authenticated, >> permit_mynetworks, >> reject_unauth_destination, >> reject_rbl_client zen.spamhaus.org, >> reject_rbl_client bl.spamcop.net, >> reject_rbl_client psbl.surriel.com, >> permit >> notify_classes = bounce, policy, protocol, resource, software >> # tls for smtp auth and relaying >> # Opportunistic TLS - TLS tried first, but otherwise delivery continues >> using clear >> # smtpd_use_tls = yes !deprecated, use next line >> smtpd_tls_security_level = may >> smtpd_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt >> smtpd_tls_cert_file = /etc/pki/tls/certs/smtpdcert.pem >> smtpd_tls_key_file = /etc/pki/tls/certs/smtpdkey.pem >> smtpd_tls_loglevel = 2 >> smtpd_tls_received_header = yes >> smtpd_tls_session_cache_database = btree:/etc/postfix/smtpd.scache >> smtpd_tls_session_cache_timeout = 3600s >> tls_random_source = dev:/dev/urandom >> >> postfix/master.cf >> >> smtp inet n - n - - smtpd >> 81 inet n - n - - smtpd >> -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject -v >> #submission inet n - n - - smtpd >> # -o smtpd_enforce_tls=yes >> # -o smtpd_sasl_auth_enable=yes >> # -o smtpd_client_restrictions=permit_sasl_authenticated,reject >> #smtps inet n - n - - smtpd >> # -o smtpd_tls_wrappermode=yes >> # -o smtpd_sasl_auth_enable=yes >> # -o smtpd_client_restrictions=permit_sasl_authenticated,reject >> #628 inet n - n - - qmqpd >> pickup fifo n - n 60 1 pickup >> cleanup unix n - n - 0 cleanup >> qmgr fifo n - n 300 1 qmgr >> #qmgr fifo n - n 300 1 oqmgr >> tlsmgr unix - - n 1000? 1 tlsmgr >> rewrite unix - - n - - trivial-rewrite >> bounce unix - - n - 0 bounce >> defer unix - - n - 0 bounce >> trace unix - - n - 0 bounce >> verify unix - - n - 1 verify >> flush unix n - n 1000? 0 flush >> proxymap unix - - n - - proxymap >> smtp unix - - n - - smtp >> # When relaying mail as backup MX, disable fallback_relay to avoid MX >> loops >> relay unix - - n - - smtp >> -o fallback_relay= >> # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5 >> showq unix n - n - - showq >> error unix - - n - - error >> discard unix - - n - - discard >> local unix - n n - - local >> virtual unix - n n - - virtual >> lmtp unix - - n - - lmtp >> anvil unix - - n - 1 anvil >> scache unix - - n - 1 >> scache >> # >> # ==================================================================== >> # Interfaces to non-Postfix software. Be sure to examine the manual >> # pages of the non-Postfix software to find out what options it wants. >> # >> # Many of the following services use the Postfix pipe(8) delivery >> # agent. See the pipe(8) man page for information about ${recipient} >> # and other message envelope options. >> # ==================================================================== >> # >> # Amavisd-new Mail/Virus Scanning daemon >> smtp-amavis unix - - n - 4 lmtp >> -o lmtp_data_done_timeout=1200 >> -o lmtp_send_xforward_command=yes >> -o disable_dns_lookups=yes >> -o max_use=20 >> >> 127.0.0.1:10025 inet n - n - - smtpd >> -o content_filter= >> -o smtpd_delay_reject=no >> -o smtpd_client_restrictions=permit_mynetworks,reject >> -o smtpd_helo_restrictions= >> -o smtpd_sender_restrictions= >> -o smtpd_recipient_restrictions=permit_mynetworks,reject >> -o smtpd_data_restrictions=reject_unauth_pipelining >> -o smtpd_end_of_data_restrictions= >> -o smtpd_restriction_classes= >> -o mynetworks=127.0.0.0/8 >> -o smtpd_error_sleep_time=0 >> -o smtpd_soft_error_limit=1001 >> -o smtpd_hard_error_limit=1000 >> -o smtpd_client_connection_count_limit=0 >> -o smtpd_client_connection_rate_limit=0 >> -o >> receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters >> -o local_header_rewrite_clients= >> # >> # maildrop. See the Postfix MAILDROP_README file for details. >> # Also specify in main.cf: maildrop_destination_recipient_limit=1 >> # >> maildrop unix - n n - - pipe >> flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient} >> # >> # The Cyrus deliver program has changed incompatibly, multiple times. >> # >> old-cyrus unix - n n - - pipe >> flags=R user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -m ${extension} >> ${user} >> # Cyrus 2.1.5 (Amos Gouaux) >> # Also specify in main.cf: cyrus_destination_recipient_limit=1 >> cyrus unix - n n - - pipe >> user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m >> ${extension} ${user} >> # >> # See the Postfix UUCP_README file for configuration details. >> # >> uucp unix - n n - - pipe >> flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail >> ($recipient) >> # >> # Other external delivery methods. >> # >> ifmail unix - n n - - pipe >> flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) >> bsmtp unix - n n - - pipe >> flags=Fq. user=foo argv=/usr/local/sbin/bsmtp -f $sender $nexthop >> $recipient >> >> >> Any suggestions on causes for the lmtp error are appreciated. >> S >> From jmadden at ivytech.edu Fri Jun 6 12:51:24 2008 From: jmadden at ivytech.edu (John Madden) Date: Fri, 06 Jun 2008 12:51:24 -0400 Subject: Problems with load balancing cluster on GFS In-Reply-To: <9b48a1210806060910r55c7066au7d4a8407e5bc78ef@mail.gmail.com> References: <20080606173827.14785rlsvbbvtxk4@testwebmail.physik.uni-muenchen.de> <9b48a1210806060910r55c7066au7d4a8407e5bc78ef@mail.gmail.com> Message-ID: <1212771084.3385.252.camel@localhost.localdomain> > > Current size of my Imap Server is 2500 users and currently 250 GByte of > > Mailboxes used (growing and growing). > Well, we will be talking about something in the range of above 50k > mailboxes, so a single machine is just out of question. And some sort > of standby will be needed. I didn't do the concept for this system, > though, I'm just the one who has to implement it ;) A single machine is not out of the question for that number of mailboxes, but is perhaps for the amount of traffic driven by your user behavior -- that's what you need to determine. We happily run 350k mailboxes on a single system with the determining factor being I/O contention during mail delivery. Depending on your storage, you won't necessarily be able to fix that contention by running multiple machines. I wouldn't count out a single machine with lots of (relatively small) storage pools to build performance. John -- John Madden Sr. UNIX Systems Engineer Ivy Tech Community College of Indiana jmadden at ivytech.edu From satimis at yahoo.com Sun Jun 8 09:15:58 2008 From: satimis at yahoo.com (Stephen Liu) Date: Sun, 8 Jun 2008 21:15:58 +0800 (CST) Subject: Cyrus - can't create user mailbox Message-ID: <910696.77059.qm@web35204.mail.mud.yahoo.com> Hi folks, Ubuntu 6.06 drake amd64 I'm following; Cyrus https://help.ubuntu.com/community/Cyrus building IMAP/POP servers. Packages installed; postfix cyrus-admin-2.2 cyrus-clients-2.2 cyrus-imapd-2.2 sasl2-bin cyrus-pop3d-2.2 libc-client-dev gamin * end * Everything is going on smoothly w/o problem. Coming to creating Mailbox I can't proceed further; $ cyradm -u cyrus localhost Password: localhost> cm user.satimiscyrus createmailbox: Permission denied * end * $ tail /var/log/mail.log Jun 8 18:09:16 lampserver cyrus/imap[4478]: executed Jun 8 18:09:16 lampserver cyrus/imap[4478]: accepted connection Jun 8 18:09:16 lampserver cyrus/imap[4478]: badlogin: localhost [127.0.0.1] plaintext satimis SASL(-1): generic failure: checkpass failed Jun 8 18:10:19 lampserver cyrus/master[3881]: process 4478 exited, status 0 Jun 8 18:11:04 lampserver cyrus/master[4480]: about to exec /usr/lib/cyrus/bin/imapd Jun 8 18:11:04 lampserver cyrus/imap[4480]: executed Jun 8 18:11:04 lampserver cyrus/imap[4480]: accepted connection Jun 8 18:11:13 lampserver cyrus/imap[4480]: badlogin: localhost [127.0.0.1] DIGEST-MD5 [SASL(-13): authentication failure: client response doesn't match what we generated] Jun 8 18:11:16 lampserver cyrus/imap[4480]: login: localhost [127.0.0.1] anonymous ANONYMOUS User logged in Jun 8 18:12:54 lampserver cyrus/master[3881]: process 4480 exited, status 0 * end * $ su - cyrus -c cyradm localhost Password: localhost> cm user.satimiscyrus createmailbox: Permission denied * end * $ tail /var/log/mail.log Jun 8 18:27:14 lampserver cyrus/ctl_cyrusdb[4497]: archiving log file: /var/lib/cyrus/db/log.0000000001 Jun 8 18:27:14 lampserver cyrus/ctl_cyrusdb[4497]: archiving database file: /var/lib/cyrus/mailboxes.db Jun 8 18:27:14 lampserver cyrus/ctl_cyrusdb[4497]: archiving log file: /var/lib/cyrus/db/log.0000000001 Jun 8 18:27:14 lampserver cyrus/ctl_cyrusdb[4497]: done checkpointing cyrus databases Jun 8 18:27:14 lampserver cyrus/master[3881]: process 4497 exited, status 0 Jun 8 18:42:51 lampserver cyrus/master[4511]: about to exec /usr/lib/cyrus/bin/imapd Jun 8 18:42:51 lampserver cyrus/imap[4511]: executed Jun 8 18:42:51 lampserver cyrus/imap[4511]: accepted connection Jun 8 18:43:00 lampserver cyrus/imap[4511]: badlogin: localhost [127.0.0.1] DIGEST-MD5 [SASL(-13): authentication failure: client response doesn't match what we generated] Jun 8 18:43:03 lampserver cyrus/imap[4511]: login: localhost [127.0.0.1] anonymous ANONYMOUS User logged in [/code] I can't resolve badlogin: localhost [127.0.0.1] DIGEST-MD5 [SASL(-13): authentication failure: client response doesn't match what we generated I have been trying a day w/o breakthrough $ sudo grep "^partition-" /etc/imapd.conf partition-default: /var/spool/cyrus/mail partition-news: /var/spool/cyrus/news $ sudo ls -ld /var/spool/cyrus/mail drwxr-x--- 29 cyrus mail 4096 2008-05-24 21:46 /var/spool/cyrus/mail $ sudo ls -ld /var/spool/cyrus/news drwxr-x--- 29 cyrus mail 4096 2008-05-24 21:46 /var/spool/cyrus/news Please help. TIA B.R. Stephen L Send instant messages to your online friends http://uk.messenger.yahoo.com From dick at nagual.nl Sun Jun 8 11:36:06 2008 From: dick at nagual.nl (Dick Hoogendijk) Date: Sun, 8 Jun 2008 17:36:06 +0200 Subject: Cyrus - can't create user mailbox In-Reply-To: <910696.77059.qm@web35204.mail.mud.yahoo.com> References: <910696.77059.qm@web35204.mail.mud.yahoo.com> Message-ID: <20080608173606.00001a42@westmark> On Sun, 8 Jun 2008 21:15:58 +0800 (CST) Stephen Liu wrote: > $ cyradm -u cyrus localhost > Password: > localhost> cm user.satimiscyrus > createmailbox: Permission denied > * end * Does the user cyrus exist w/ it's password in sasldb2? Did you check all the permissions? -- Dick Hoogendijk -- PGP/GnuPG key: 01D2433D ++ http://nagual.nl/ + SunOS sxde 01/08 ++ From satimis at yahoo.com Sun Jun 8 12:26:41 2008 From: satimis at yahoo.com (Stephen Liu) Date: Mon, 9 Jun 2008 00:26:41 +0800 (CST) Subject: Cyrus - can't create user mailbox In-Reply-To: <910696.77059.qm@web35204.mail.mud.yahoo.com> Message-ID: <810164.19647.qm@web35207.mail.mud.yahoo.com> Hi folks, Further to my 1st posting listed at the bottom, I found out the trick. I must use the password created on running; # saslpasswd2 -c cyrus NOT on running; # passwd cyrus What will be the use of the 2nd password? Thanks. Now on running; $ cyradm -u cyrus localhost Password: localhost> cm user.satimiscyrus localhost> quit it works. But I can't find this new user NOR its mailbox. $ locate satimiscyrus No printout $ sudo ls -la /var/spool/cyrus/ Password: total 20 drwxr-xr-x 4 cyrus mail 4096 2008-06-07 16:44 . drwxr-xr-x 9 root root 4096 2008-05-24 21:46 .. -rw------- 1 cyrus mail 126 2008-06-07 17:32 .bash_history drwxr-x--- 29 cyrus mail 4096 2008-05-24 21:46 mail drwxr-x--- 29 cyrus mail 4096 2008-05-24 21:46 news * end * $ sudo ls -la /var/spool/cyrus/mail total 116 drwxr-x--- 29 cyrus mail 4096 2008-05-24 21:46 . drwxr-xr-x 4 cyrus mail 4096 2008-06-07 16:44 .. drwxr-xr-x 2 cyrus mail 4096 2008-05-24 21:46 a drwxr-xr-x 2 cyrus mail 4096 2008-05-24 21:46 b drwxr-xr-x 2 cyrus mail 4096 2008-05-24 21:46 c drwxr-xr-x 2 cyrus mail 4096 2008-05-24 21:46 d drwxr-xr-x 2 cyrus mail 4096 2008-05-24 21:46 e drwxr-xr-x 2 cyrus mail 4096 2008-05-24 21:46 f drwxr-xr-x 2 cyrus mail 4096 2008-05-24 21:46 g drwxr-xr-x 2 cyrus mail 4096 2008-05-24 21:46 h drwxr-xr-x 2 cyrus mail 4096 2008-05-24 21:46 i drwxr-xr-x 2 cyrus mail 4096 2008-05-24 21:46 j drwxr-xr-x 2 cyrus mail 4096 2008-05-24 21:46 k drwxr-xr-x 2 cyrus mail 4096 2008-05-24 21:46 l drwxr-xr-x 2 cyrus mail 4096 2008-05-24 21:46 m drwxr-xr-x 2 cyrus mail 4096 2008-05-24 21:46 n drwxr-xr-x 2 cyrus mail 4096 2008-05-24 21:46 o drwxr-xr-x 2 cyrus mail 4096 2008-05-24 21:46 p drwxr-xr-x 2 cyrus mail 4096 2008-05-24 21:46 q drwxr-xr-x 2 cyrus mail 4096 2008-05-24 21:46 r drwxr-xr-x 2 cyrus mail 4096 2008-05-24 21:46 s drwxr-xr-x 2 cyrus mail 4096 2008-05-24 21:46 stage. drwxr-xr-x 2 cyrus mail 4096 2008-05-24 21:46 t drwxr-xr-x 3 cyrus mail 4096 2008-06-08 22:52 u drwxr-xr-x 2 cyrus mail 4096 2008-05-24 21:46 v drwxr-xr-x 2 cyrus mail 4096 2008-05-24 21:46 w drwxr-xr-x 2 cyrus mail 4096 2008-05-24 21:46 x drwxr-xr-x 2 cyrus mail 4096 2008-05-24 21:46 y drwxr-xr-x 2 cyrus mail 4096 2008-05-24 21:46 z * end * sudo cat /etc/sasldb2 | grep cyrus Binary file (standard input) matches Please help. TIA B.R. Stephen L --- Stephen Liu wrote: > Hi folks, > > > Ubuntu 6.06 drake amd64 > > > I'm following; > > Cyrus > https://help.ubuntu.com/community/Cyrus > > building IMAP/POP servers. > > > Packages installed; > > postfix > > cyrus-admin-2.2 > cyrus-clients-2.2 > cyrus-imapd-2.2 > sasl2-bin > cyrus-pop3d-2.2 > > libc-client-dev > gamin > * end * > > > Everything is going on smoothly w/o problem. > > > Coming to creating Mailbox I can't proceed further; > > > $ cyradm -u cyrus localhost > Password: > localhost> cm user.satimiscyrus > createmailbox: Permission denied > * end * > > > $ tail /var/log/mail.log > Jun 8 18:09:16 lampserver cyrus/imap[4478]: executed > Jun 8 18:09:16 lampserver cyrus/imap[4478]: accepted connection > Jun 8 18:09:16 lampserver cyrus/imap[4478]: badlogin: localhost > [127.0.0.1] plaintext satimis SASL(-1): generic failure: checkpass > failed > Jun 8 18:10:19 lampserver cyrus/master[3881]: process 4478 exited, > status 0 > Jun 8 18:11:04 lampserver cyrus/master[4480]: about to exec > /usr/lib/cyrus/bin/imapd > Jun 8 18:11:04 lampserver cyrus/imap[4480]: executed > Jun 8 18:11:04 lampserver cyrus/imap[4480]: accepted connection > Jun 8 18:11:13 lampserver cyrus/imap[4480]: badlogin: localhost > [127.0.0.1] DIGEST-MD5 [SASL(-13): authentication failure: client > response doesn't match what we generated] > Jun 8 18:11:16 lampserver cyrus/imap[4480]: login: localhost > [127.0.0.1] anonymous ANONYMOUS User logged in > Jun 8 18:12:54 lampserver cyrus/master[3881]: process 4480 exited, > status 0 > * end * > > > $ su - cyrus -c cyradm localhost > Password: > localhost> cm user.satimiscyrus > createmailbox: Permission denied > * end * > > > $ tail /var/log/mail.log > Jun 8 18:27:14 lampserver cyrus/ctl_cyrusdb[4497]: archiving log > file: > /var/lib/cyrus/db/log.0000000001 > Jun 8 18:27:14 lampserver cyrus/ctl_cyrusdb[4497]: archiving > database > file: /var/lib/cyrus/mailboxes.db > Jun 8 18:27:14 lampserver cyrus/ctl_cyrusdb[4497]: archiving log > file: > /var/lib/cyrus/db/log.0000000001 > Jun 8 18:27:14 lampserver cyrus/ctl_cyrusdb[4497]: done > checkpointing > cyrus databases > Jun 8 18:27:14 lampserver cyrus/master[3881]: process 4497 exited, > status 0 > Jun 8 18:42:51 lampserver cyrus/master[4511]: about to exec > /usr/lib/cyrus/bin/imapd > Jun 8 18:42:51 lampserver cyrus/imap[4511]: executed > Jun 8 18:42:51 lampserver cyrus/imap[4511]: accepted connection > Jun 8 18:43:00 lampserver cyrus/imap[4511]: badlogin: localhost > [127.0.0.1] DIGEST-MD5 [SASL(-13): authentication failure: client > response doesn't match what we generated] > Jun 8 18:43:03 lampserver cyrus/imap[4511]: login: localhost > [127.0.0.1] anonymous ANONYMOUS User logged in > [/code] > > > I can't resolve > badlogin: localhost [127.0.0.1] DIGEST-MD5 [SASL(-13): authentication > failure: client response doesn't match what we generated > > > > I have been trying a day w/o breakthrough > > > $ sudo grep "^partition-" /etc/imapd.conf > partition-default: /var/spool/cyrus/mail > partition-news: /var/spool/cyrus/news > > > > $ sudo ls -ld /var/spool/cyrus/mail > drwxr-x--- 29 cyrus mail 4096 2008-05-24 21:46 /var/spool/cyrus/mail > > > > $ sudo ls -ld /var/spool/cyrus/news > drwxr-x--- 29 cyrus mail 4096 2008-05-24 21:46 /var/spool/cyrus/news > > > > Please help. TIA > > > B.R. > Stephen L > > Send instant messages to your online friends > http://uk.messenger.yahoo.com > ---- > Cyrus Home Page: http://cyrusimap.web.cmu.edu/ > Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html > Send instant messages to your online friends http://uk.messenger.yahoo.com From satimis at yahoo.com Sun Jun 8 12:32:05 2008 From: satimis at yahoo.com (Stephen Liu) Date: Mon, 9 Jun 2008 00:32:05 +0800 (CST) Subject: Cyrus - can't create user mailbox In-Reply-To: <20080608173606.00001a42@westmark> Message-ID: <824052.3420.qm@web35204.mail.mud.yahoo.com> --- Dick Hoogendijk wrote: > On Sun, 8 Jun 2008 21:15:58 +0800 (CST) > Stephen Liu wrote: > > > $ cyradm -u cyrus localhost > > Password: > > localhost> cm user.satimiscyrus > > createmailbox: Permission denied > > * end * > > Does the user cyrus exist w/ it's password in sasldb2? > Did you check all the permissions? Hi Dick, /etc/sasldb2 is a command file. I don't understand its content, only codes. However on running; $ sudo cat /etc/sasldb2 | grep cyrus Binary file (standard input) matches B.R. Stephen Send instant messages to your online friends http://uk.messenger.yahoo.com From simon.matter at invoca.ch Sun Jun 8 12:54:00 2008 From: simon.matter at invoca.ch (Simon Matter) Date: Sun, 8 Jun 2008 18:54:00 +0200 (CEST) Subject: Cyrus - can't create user mailbox In-Reply-To: <810164.19647.qm@web35207.mail.mud.yahoo.com> References: <810164.19647.qm@web35207.mail.mud.yahoo.com> Message-ID: > Hi folks, > > > Further to my 1st posting listed at the bottom, I found out the trick. > I must use the password created on running; > > # saslpasswd2 -c cyrus > > > NOT on running; > # passwd cyrus > > > What will be the use of the 2nd password? Thanks. > > > Now on running; > > > $ cyradm -u cyrus localhost > Password: > localhost> cm user.satimiscyrus > localhost> quit > > it works. But I can't find this new user NOR its mailbox. Login via IMAP and your mailbox is there (locate is only useful after updatedb has run so don't expect it to show anything immediately). You can also try the cyradm command 'lm' and it should show your mailbox. Simon > > > $ locate satimiscyrus > No printout > > > $ sudo ls -la /var/spool/cyrus/ > Password: > total 20 > drwxr-xr-x 4 cyrus mail 4096 2008-06-07 16:44 . > drwxr-xr-x 9 root root 4096 2008-05-24 21:46 .. > -rw------- 1 cyrus mail 126 2008-06-07 17:32 .bash_history > drwxr-x--- 29 cyrus mail 4096 2008-05-24 21:46 mail > drwxr-x--- 29 cyrus mail 4096 2008-05-24 21:46 news > * end * > > > $ sudo ls -la /var/spool/cyrus/mail > total 116 > drwxr-x--- 29 cyrus mail 4096 2008-05-24 21:46 . > drwxr-xr-x 4 cyrus mail 4096 2008-06-07 16:44 .. > drwxr-xr-x 2 cyrus mail 4096 2008-05-24 21:46 a > drwxr-xr-x 2 cyrus mail 4096 2008-05-24 21:46 b > drwxr-xr-x 2 cyrus mail 4096 2008-05-24 21:46 c > drwxr-xr-x 2 cyrus mail 4096 2008-05-24 21:46 d > drwxr-xr-x 2 cyrus mail 4096 2008-05-24 21:46 e > drwxr-xr-x 2 cyrus mail 4096 2008-05-24 21:46 f > drwxr-xr-x 2 cyrus mail 4096 2008-05-24 21:46 g > drwxr-xr-x 2 cyrus mail 4096 2008-05-24 21:46 h > drwxr-xr-x 2 cyrus mail 4096 2008-05-24 21:46 i > drwxr-xr-x 2 cyrus mail 4096 2008-05-24 21:46 j > drwxr-xr-x 2 cyrus mail 4096 2008-05-24 21:46 k > drwxr-xr-x 2 cyrus mail 4096 2008-05-24 21:46 l > drwxr-xr-x 2 cyrus mail 4096 2008-05-24 21:46 m > drwxr-xr-x 2 cyrus mail 4096 2008-05-24 21:46 n > drwxr-xr-x 2 cyrus mail 4096 2008-05-24 21:46 o > drwxr-xr-x 2 cyrus mail 4096 2008-05-24 21:46 p > drwxr-xr-x 2 cyrus mail 4096 2008-05-24 21:46 q > drwxr-xr-x 2 cyrus mail 4096 2008-05-24 21:46 r > drwxr-xr-x 2 cyrus mail 4096 2008-05-24 21:46 s > drwxr-xr-x 2 cyrus mail 4096 2008-05-24 21:46 stage. > drwxr-xr-x 2 cyrus mail 4096 2008-05-24 21:46 t > drwxr-xr-x 3 cyrus mail 4096 2008-06-08 22:52 u > drwxr-xr-x 2 cyrus mail 4096 2008-05-24 21:46 v > drwxr-xr-x 2 cyrus mail 4096 2008-05-24 21:46 w > drwxr-xr-x 2 cyrus mail 4096 2008-05-24 21:46 x > drwxr-xr-x 2 cyrus mail 4096 2008-05-24 21:46 y > drwxr-xr-x 2 cyrus mail 4096 2008-05-24 21:46 z > * end * > > > sudo cat /etc/sasldb2 | grep cyrus > Binary file (standard input) matches > > > Please help. TIA > > > B.R. > Stephen L > > > > > --- Stephen Liu wrote: > >> Hi folks, >> >> >> Ubuntu 6.06 drake amd64 >> >> >> I'm following; >> >> Cyrus >> https://help.ubuntu.com/community/Cyrus >> >> building IMAP/POP servers. >> >> >> Packages installed; >> >> postfix >> >> cyrus-admin-2.2 >> cyrus-clients-2.2 >> cyrus-imapd-2.2 >> sasl2-bin >> cyrus-pop3d-2.2 >> >> libc-client-dev >> gamin >> * end * >> >> >> Everything is going on smoothly w/o problem. >> >> >> Coming to creating Mailbox I can't proceed further; >> >> >> $ cyradm -u cyrus localhost >> Password: >> localhost> cm user.satimiscyrus >> createmailbox: Permission denied >> * end * >> >> >> $ tail /var/log/mail.log >> Jun 8 18:09:16 lampserver cyrus/imap[4478]: executed >> Jun 8 18:09:16 lampserver cyrus/imap[4478]: accepted connection >> Jun 8 18:09:16 lampserver cyrus/imap[4478]: badlogin: localhost >> [127.0.0.1] plaintext satimis SASL(-1): generic failure: checkpass >> failed >> Jun 8 18:10:19 lampserver cyrus/master[3881]: process 4478 exited, >> status 0 >> Jun 8 18:11:04 lampserver cyrus/master[4480]: about to exec >> /usr/lib/cyrus/bin/imapd >> Jun 8 18:11:04 lampserver cyrus/imap[4480]: executed >> Jun 8 18:11:04 lampserver cyrus/imap[4480]: accepted connection >> Jun 8 18:11:13 lampserver cyrus/imap[4480]: badlogin: localhost >> [127.0.0.1] DIGEST-MD5 [SASL(-13): authentication failure: client >> response doesn't match what we generated] >> Jun 8 18:11:16 lampserver cyrus/imap[4480]: login: localhost >> [127.0.0.1] anonymous ANONYMOUS User logged in >> Jun 8 18:12:54 lampserver cyrus/master[3881]: process 4480 exited, >> status 0 >> * end * >> >> >> $ su - cyrus -c cyradm localhost >> Password: >> localhost> cm user.satimiscyrus >> createmailbox: Permission denied >> * end * >> >> >> $ tail /var/log/mail.log >> Jun 8 18:27:14 lampserver cyrus/ctl_cyrusdb[4497]: archiving log >> file: >> /var/lib/cyrus/db/log.0000000001 >> Jun 8 18:27:14 lampserver cyrus/ctl_cyrusdb[4497]: archiving >> database >> file: /var/lib/cyrus/mailboxes.db >> Jun 8 18:27:14 lampserver cyrus/ctl_cyrusdb[4497]: archiving log >> file: >> /var/lib/cyrus/db/log.0000000001 >> Jun 8 18:27:14 lampserver cyrus/ctl_cyrusdb[4497]: done >> checkpointing >> cyrus databases >> Jun 8 18:27:14 lampserver cyrus/master[3881]: process 4497 exited, >> status 0 >> Jun 8 18:42:51 lampserver cyrus/master[4511]: about to exec >> /usr/lib/cyrus/bin/imapd >> Jun 8 18:42:51 lampserver cyrus/imap[4511]: executed >> Jun 8 18:42:51 lampserver cyrus/imap[4511]: accepted connection >> Jun 8 18:43:00 lampserver cyrus/imap[4511]: badlogin: localhost >> [127.0.0.1] DIGEST-MD5 [SASL(-13): authentication failure: client >> response doesn't match what we generated] >> Jun 8 18:43:03 lampserver cyrus/imap[4511]: login: localhost >> [127.0.0.1] anonymous ANONYMOUS User logged in >> [/code] >> >> >> I can't resolve >> badlogin: localhost [127.0.0.1] DIGEST-MD5 [SASL(-13): authentication >> failure: client response doesn't match what we generated >> >> >> >> I have been trying a day w/o breakthrough >> >> >> $ sudo grep "^partition-" /etc/imapd.conf >> partition-default: /var/spool/cyrus/mail >> partition-news: /var/spool/cyrus/news >> >> >> >> $ sudo ls -ld /var/spool/cyrus/mail >> drwxr-x--- 29 cyrus mail 4096 2008-05-24 21:46 /var/spool/cyrus/mail >> >> >> >> $ sudo ls -ld /var/spool/cyrus/news >> drwxr-x--- 29 cyrus mail 4096 2008-05-24 21:46 /var/spool/cyrus/news >> >> >> >> Please help. TIA >> >> >> B.R. >> Stephen L >> >> Send instant messages to your online friends >> http://uk.messenger.yahoo.com >> ---- >> Cyrus Home Page: http://cyrusimap.web.cmu.edu/ >> Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki >> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html >> > > > Send instant messages to your online friends http://uk.messenger.yahoo.com > ---- > Cyrus Home Page: http://cyrusimap.web.cmu.edu/ > Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html > From wes at umich.edu Sun Jun 8 13:36:54 2008 From: wes at umich.edu (Wesley Craig) Date: Sun, 8 Jun 2008 13:36:54 -0400 Subject: Not all mailboxes listed when migrating to new server In-Reply-To: <20080605080733.5bb51cdf@ws.in.tiger-computing.com> References: <20080527183213.5c7b9a19@ws.in.tiger-computing.com> <20080604104941.GA8694@midnighthax.com> <6C34CCDA-D062-47A9-B397-CFCE5BC3AFC6@umich.edu> <20080604214340.590cfe62@ws.in.tiger-computing.com> <43922AD9-5394-4221-A866-C7206F984D65@umich.edu> <20080605080733.5bb51cdf@ws.in.tiger-computing.com> Message-ID: On 05 Jun 2008, at 03:07, Keith Edmunds wrote: > On Wed, 4 Jun 2008 20:56:50 -0400, wes at umich.edu said: >> The question is which tool (if any) is removing them. > > I don't think any tool is removing them. Even before reconstructing, a > "lm" doesn't list all the mailboxes. So the data is still there if you dump the DB? That's interesting. > What I'm trying to achieve is the migration of a Cyrus installation > from > one server to another. Is there a better way of going about it? Without knowing a lot more about your situation, I couldn't recommend one method over any of the many others. What you're trying to do ought to work, tho. :wes From satimis at yahoo.com Sun Jun 8 22:39:23 2008 From: satimis at yahoo.com (Stephen Liu) Date: Mon, 9 Jun 2008 10:39:23 +0800 (CST) Subject: Cyrus - can't create user mailbox In-Reply-To: Message-ID: <195213.13641.qm@web35207.mail.mud.yahoo.com> Hi Simon, Thanks for your advice. It is my first time running cyrus-imap to setup a LAMP server. Most times I run courier-imap. This is a test running headless on installation and w/o X packages installed. The server is working. Postfix can send mails via telnet. I suppose it can also receive mail because the mail sent to "satimiscyrus" has not been rejected so far. But I can't locate the mail. Also neither I can login on SquirrelMail. On /etc/postfix/main.cf mailbox_transport = cyrus mailbox_transport = lmtp:unix:/var/run/lmtp User "satimiscyrus" is created with "useradd" $ sudo ls -la /home/satimiscyrus/ total 24 drwxr-xr-x 2 satimiscyrus users 4096 2008-06-09 09:47 . drwxr-xr-x 7 root root 4096 2008-06-09 09:29 .. -rw------- 1 satimiscyrus users 74 2008-06-09 09:47 .bash_history -rw-r--r-- 1 satimiscyrus users 220 2008-06-09 09:29 .bash_logout -rw-r--r-- 1 satimiscyrus users 414 2008-06-09 09:29 .bash_profile -rw-r--r-- 1 satimiscyrus users 2227 2008-06-09 09:29 .bashrc - snip - > > $ cyradm -u cyrus localhost > > Password: > > localhost> cm user.satimiscyrus > > localhost> quit > > > > it works. But I can't find this new user NOR its mailbox. > > Login via IMAP and your mailbox is there (locate is only useful after > updatedb has run so don't expect it to show anything immediately). > You can also try the cyradm command 'lm' and it should show your > mailbox. $ sudo updatedb $ locate satimiscyrus /var/spool/cyrus/mail/u/user^satimiscyrus /var/spool/cyrus/mail/u/user^satimiscyrus/cyrus.cache /var/spool/cyrus/mail/u/user^satimiscyrus/cyrus.header /var/spool/cyrus/mail/u/user^satimiscyrus/cyrus.index The mailbox is there. What is user^ for? $ sudo ls /var/spool/cyrus/mail/ a c e g i k m o q s t v x z b d f h j l n p r stage. u w y $ sudo ls /var/spool/cyrus/mail/u/user^satimiscyrus cyrus.cache cyrus.header cyrus.index $ cyradm -u satimiscyrus localhost Password: localhost> lm user.satimiscyrus user.satimiscyrus (\HasNoChildren) What does (\HasNoChildren) indicate ? localhost> lm satimiscyrus localhost> lm satimiscyrus.% both without printout. I can't find the mailbox with 'lm' Please help. TIA P.S. Where can I find a relevant document other than; http://cyrusimap.web.cmu.edu/twiki/bin/view/Cyrus/WebHome B.R. Stephen L Send instant messages to your online friends http://uk.messenger.yahoo.com From michael.menge at zdv.uni-tuebingen.de Mon Jun 9 02:31:58 2008 From: michael.menge at zdv.uni-tuebingen.de (Michael Menge) Date: Mon, 9 Jun 2008 08:31:58 +0200 Subject: Cyrus - can't create user mailbox In-Reply-To: <195213.13641.qm@web35207.mail.mud.yahoo.com> References: <195213.13641.qm@web35207.mail.mud.yahoo.com> Message-ID: <20080609083158.w5qek8aggso0kgos@webmail.uni-tuebingen.de> Hi Stephen, Quoting Stephen Liu : > >> > $ cyradm -u cyrus localhost >> > Password: >> > localhost> cm user.satimiscyrus >> > localhost> quit >> > >> > it works. But I can't find this new user NOR its mailbox. >> > $ locate satimiscyrus > /var/spool/cyrus/mail/u/user^satimiscyrus > /var/spool/cyrus/mail/u/user^satimiscyrus/cyrus.cache > /var/spool/cyrus/mail/u/user^satimiscyrus/cyrus.header > /var/spool/cyrus/mail/u/user^satimiscyrus/cyrus.index > > > The mailbox is there. What is user^ for? This indicates that you have set unixhierarchysep: 1 in /etc/imapd.conf To create a Inbox for the user satimiscyrus you have to use cm user/satimiscyrus The ^ is the reperentation of the . on filesystem. > > $ cyradm -u satimiscyrus localhost > Password: > localhost> lm user.satimiscyrus > user.satimiscyrus (HasNoChildren) > > > What does (HasNoChildren) indicate ? > This means there are no subfolders > > localhost> lm satimiscyrus > localhost> lm satimiscyrus.% > both without printout. > > -------------------------------------------------------------------------------- M.Menge Tel.: (49) 7071/29-70316 Universitaet Tuebingen Fax.: (49) 7071/29-5912 Zentrum fuer Datenverarbeitung mail: michael.menge at zdv.uni-tuebingen.de Waechterstrasse 76 72074 Tuebingen -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 5339 bytes Desc: S/MIME krytographische Unterschrift Url : http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20080609/edb02af0/attachment-0001.bin From satimis at yahoo.com Mon Jun 9 02:32:13 2008 From: satimis at yahoo.com (Stephen Liu) Date: Mon, 9 Jun 2008 14:32:13 +0800 (CST) Subject: Authentication problem Message-ID: <714250.57983.qm@web35203.mail.mud.yahoo.com> Hi folks, On running; $ su # imtest -m login -p imap localhost S: * OK lampserver Cyrus IMAP4 v2.2.12-Debian-2.2.12-4ubuntu1 server ready C: C01 CAPABILITY S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE AUTH=NTLM AUTH=ANONYMOUS AUTH=DIGEST-MD5 AUTH=CRAM-MD5 SASL-IR S: C01 OK Completed Please enter your password: C: L01 LOGIN root {9} S: + go ahead C: S: L01 NO Login failed: generic failure Authentication failed. generic failure Security strength factor: 0 * end * It hangs there. I have to exit it manually; C: Q01 LOGOUT Connection closed. Please advise where shall I check and how to fix the problem. TIA B.R. Stephen L Send instant messages to your online friends http://uk.messenger.yahoo.com From simon.matter at invoca.ch Mon Jun 9 03:58:08 2008 From: simon.matter at invoca.ch (Simon Matter) Date: Mon, 9 Jun 2008 09:58:08 +0200 (CEST) Subject: Authentication problem In-Reply-To: <714250.57983.qm@web35203.mail.mud.yahoo.com> References: <714250.57983.qm@web35203.mail.mud.yahoo.com> Message-ID: <3a756ca6a0117d7e9421c508aad793ed.squirrel@webmail.bi.corp.invoca.ch> > Hi folks, > > > On running; > > $ su > > # imtest -m login -p imap localhost > S: * OK lampserver Cyrus IMAP4 v2.2.12-Debian-2.2.12-4ubuntu1 server > ready > C: C01 CAPABILITY > S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS > NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND > BINARY SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE > AUTH=NTLM AUTH=ANONYMOUS AUTH=DIGEST-MD5 AUTH=CRAM-MD5 SASL-IR > S: C01 OK Completed > Please enter your password: > C: L01 LOGIN root {9} > S: + go ahead > C: > S: L01 NO Login failed: generic failure > Authentication failed. generic failure > Security strength factor: 0 > * end * > > It hangs there. I have to exit it manually; > > C: Q01 LOGOUT > Connection closed. > > > Please advise where shall I check and how to fix the problem. TIA You should post your configs (/etc/cyrus.conf and /etc/imapd.conf) which will make it easier for someone to help you. Simon From satimis at yahoo.com Mon Jun 9 05:04:12 2008 From: satimis at yahoo.com (Stephen Liu) Date: Mon, 9 Jun 2008 17:04:12 +0800 (CST) Subject: Authentication problem In-Reply-To: <3a756ca6a0117d7e9421c508aad793ed.squirrel@webmail.bi.corp.invoca.ch> Message-ID: <187860.83641.qm@web35208.mail.mud.yahoo.com> --- Simon Matter wrote: - snip - > > Please advise where shall I check and how to fix the problem. TIA > > You should post your configs (/etc/cyrus.conf and /etc/imapd.conf) > which > will make it easier for someone to help you. Hi Simon, cyrus.conf and imapd.conf are as follows. Those lines, commented out, have been deleted to shorten the length of this posting. $ cat /etc/cyrus.conf # Debian defaults for Cyrus IMAP server/cluster implementation # see cyrus.conf(5) for more information # # All the tcp services are tcpd-wrapped. see hosts_access(5) # $Id: cyrus.conf 120 2005-05-01 03:23:18Z sven $ START { # do not delete this entry! recover cmd="/usr/sbin/ctl_cyrusdb -r" # this is only necessary if using idled for IMAP IDLE # this is NOT to be enabled right now in Debian builds #idled cmd="idled" # this is useful on backend nodes of a Murder cluster # it causes the backend to syncronize its mailbox list with # the mupdate master upon startup #mupdatepush cmd="/usr/sbin/ctl_mboxlist -m" # this is recommended if using duplicate delivery suppression delprune cmd="/usr/sbin/ctl_deliver -E 3" # this is recommended if caching TLS sessions tlsprune cmd="/usr/sbin/tls_prune" } # UNIX sockets start with a slash and are absolute paths # you can use a maxchild=# to limit the maximum number of forks of a service # you can use babysit=true and maxforkrate=# to keep tight tabs on the service # most services also accept -U (limit number of reuses) and -T (timeout) SERVICES { # --- Normal cyrus spool, or Murder backends --- # add or remove based on preferences imap cmd="imapd -U 30" listen="imap" prefork=0 maxchild=100 imaps cmd="imapd -s -U 30" listen="imaps" prefork=0 maxchild=100 #pop3 cmd="pop3d -U 30" listen="pop3" prefork=0 maxchild=50 #pop3s cmd="pop3d -s -U 30" listen="pop3s" prefork=0 maxchild=50 #nntp cmd="nntpd -U 30" listen="nntp" prefork=0 maxchild=100 #nntps cmd="nntpd -s -U 30" listen="nntps" prefork=0 maxchild=100 # At least one form of LMTP is required for delivery # (you must keep the Unix socket name in sync with imap.conf) #lmtp cmd="lmtpd" listen="localhost:lmtp" prefork=0 maxchild=20 lmtpunix cmd="lmtpd" listen="/var/run/cyrus/socket/lmtp" prefork=0 maxchild=20 # ---------------------------------------------- # useful if you need to give users remote access to sieve # by default, we limit this to localhost in Debian sieve cmd="timsieved" listen="localhost:sieve" prefork=0 maxchild=100 # this one is needed for the notification services notify cmd="notifyd" listen="/var/run/cyrus/socket/notify" proto="udp" prefork=1 # --- Murder frontends ------------------------- - snip - # ---------------------------------------------- } EVENTS { # this is required checkpoint cmd="/usr/sbin/ctl_cyrusdb -c" period=30 # this is only necessary if using duplicate delivery suppression delprune cmd="/usr/sbin/ctl_deliver -E 3" at=0401 # this is only necessary if caching TLS sessions tlsprune cmd="/usr/sbin/tls_prune" at=0401 } admins: cyrus unixhierarchysep: 1 * end * $ cat /etc/imapd.conf # Debian Cyrus imapd.conf # $Id: imapd.conf 229 2005-12-08 23:26:29Z astronut $ # See imapd.conf(5) for more information and more options # Configuration directory configdirectory: /var/lib/cyrus # Which partition to use for default mailboxes defaultpartition: default partition-default: /var/spool/cyrus/mail # News setup partition-news: /var/spool/cyrus/news newsspool: /var/spool/news # Alternate namespace # If enabled, activate the alternate namespace as documented in # /usr/share/doc/cyrus-doc-2.2/html/altnamespace.html, where an user's # subfolders are in the same level as the INBOX # See also userprefix and sharedprefix on imapd.conf(5) altnamespace: no # UNIX Hierarchy Convention # Set to yes, and cyrus will accept dots in names, and use the forward # slash "/" to delimit levels of the hierarchy. This is done by converting # internally all dots to "^", and all "/" to dots. So the "rabbit.holes" # mailbox of user "helmer.fudd" is stored in "user.elmer^fud.rabbit^holes" unixhierarchysep: yes - snip - # Uncomment the following and add the space-separated users who # have admin rights for all services. admins: cyrus - sni - # No anonymous logins #allowanonymouslogin: no allowanonymouslogin: yes # Minimum time between POP mail fetches in minutes popminpoll: 1 # If nonzero, normal users may create their own IMAP accounts by creating # the mailbox INBOX. The user's quota is set to the value if it is positive, # otherwise the user has unlimited quota. autocreatequota: 0 # umask used by Cyrus programs umask: 077 - snip - # If enabled, cyrdeliver will look for Sieve scripts in user's home # directories: ~user/.sieve. sieveusehomedir: false # If sieveusehomedir is false, this directory is searched for Sieve scripts. sievedir: /var/spool/sieve - snip - # If enabled, the partitions will also be hashed, in addition to the hashing # done on configuration directories. This is recommended if one partition has a # very bushy mailbox tree. hashimapspool: true # Allow plaintext logins by default (SASL PLAIN) allowplaintext: yes # Force PLAIN/LOGIN authentication only # (you need to uncomment this if you are not using an auxprop-based SASL # mechanism. saslauthd users, that means you!). And pay attention to # sasl_minimum_layer and allowapop below, too. #sasl_mech_list: PLAIN - snip - # Do note that, since sasl will be run as user cyrus, you may have a lot of # trouble to set this up right. #sasl_pwcheck_method: auxprop sasl_pwcheck_method: saslauthd # What auxpropd plugins to load, if using sasl_pwcheck_method: auxprop # by default, all plugins are tried (which is probably NOT what you want). #sasl_auxprop_plugin: sasldb # If enabled, the SASL library will automatically create authentication secrets # when given a plaintext password. Refer to SASL documentation sasl_auto_transition: no # # SSL/TLS Options # - snip - # File containing one or more Certificate Authority (CA) certificates. #tls_ca_file: /etc/ssl/certs/cyrus-imapd-ca.pem # Path to directory with certificates of CAs. tls_ca_path: /etc/ssl/certs # The length of time (in minutes) that a TLS session will be cached for later # reuse. The maximum value is 1440 (24 hours), the default. A value of 0 will # disable session caching. tls_session_timeout: 1440 # The list of SSL/TLS ciphers to allow, in decreasing order of precedence. # The format of the string is described in ciphers(1). The Debian default # selects TLSv1 high-security ciphers only, and removes all anonymous ciphers # from the list (because they provide no defense against man-in-the-middle # attacks). It also orders the list so that stronger ciphers come first. tls_cipher_list: TLSv1+HIGH:!aNULL:@STRENGTH - snip - ## KEEP THESE IN SYNC WITH cyrus.conf ## # Unix domain socket that lmtpd listens on. lmtpsocket: /var/run/cyrus/socket/lmtp # Unix domain socket that idled listens on. idlesocket: /var/run/cyrus/socket/idle # Unix domain socket that the new mail notification daemon listens on. notifysocket: /var/run/cyrus/socket/notify # Syslog prefix. Defaults to cyrus (so logging is done as cyrus/imap etc.) syslog_prefix: cyrus - snip - * end * B.R. Stephen L Send instant messages to your online friends http://uk.messenger.yahoo.com From satimis at yahoo.com Mon Jun 9 05:36:37 2008 From: satimis at yahoo.com (Stephen Liu) Date: Mon, 9 Jun 2008 17:36:37 +0800 (CST) Subject: Cyrus - can't create user mailbox In-Reply-To: <20080609083158.w5qek8aggso0kgos@webmail.uni-tuebingen.de> Message-ID: <562695.14351.qm@web35205.mail.mud.yahoo.com> Hi Michael, Thanks for your advice. > Quoting Stephen Liu : > > > > >> > $ cyradm -u cyrus localhost > >> > Password: > >> > localhost> cm user.satimiscyrus > >> > localhost> quit > >> > > >> > it works. But I can't find this new user NOR its mailbox. > >> > > $ locate satimiscyrus > > /var/spool/cyrus/mail/u/user^satimiscyrus > > /var/spool/cyrus/mail/u/user^satimiscyrus/cyrus.cache > > /var/spool/cyrus/mail/u/user^satimiscyrus/cyrus.header > > /var/spool/cyrus/mail/u/user^satimiscyrus/cyrus.index > > > > > > The mailbox is there. What is user^ for? > > This indicates that you have set unixhierarchysep: 1 in > /etc/imapd.conf $ cat /etc/imapd.conf | grep unixhierarchysep unixhierarchysep: yes It is set as "yes" > To create a Inbox for the user satimiscyrus you have to use > cm user/satimiscyrus > > The ^ is the reperentation of the . on filesystem. Tried to delete the mailbox without success. Performed following steps; $ su - cyrus Password: $ cyradm -u cyrus localhost Password: localhost> dm user.satimiscyrus deletemailbox: Permission denied I can't delete the mailbox created previously. Continued localhost> cm user/satimiscyrus localhost> lm user.groupware (\HasNoChildren) user/satimiscyrus (\HasNoChildren) user.satimiscyrus (\HasNoChildren) Still can't create the subdirectory. Continued localhost> quit $ exit logout $ sudo updatedb $ locate satimiscyrus /home/satimiscyrus /home/satimiscyrus/.bash_history /home/satimiscyrus/.bash_logout /home/satimiscyrus/.bash_profile /home/satimiscyrus/.bashrc /var/spool/cyrus/mail/s/user/satimiscyrus /var/spool/cyrus/mail/s/user/satimiscyrus/cyrus.cache /var/spool/cyrus/mail/s/user/satimiscyrus/cyrus.header /var/spool/cyrus/mail/s/user/satimiscyrus/cyrus.index /var/spool/cyrus/mail/u/user^satimiscyrus /var/spool/cyrus/mail/u/user^satimiscyrus/cyrus.cache /var/spool/cyrus/mail/u/user^satimiscyrus/cyrus.header /var/spool/cyrus/mail/u/user^satimiscyrus/cyrus.index * end * Send a webmail to satimiscyrus on Gmail. The mail never arrives. B.R. Stephen L Send instant messages to your online friends http://uk.messenger.yahoo.com From simon.matter at invoca.ch Mon Jun 9 05:45:57 2008 From: simon.matter at invoca.ch (Simon Matter) Date: Mon, 9 Jun 2008 11:45:57 +0200 (CEST) Subject: Authentication problem In-Reply-To: <187860.83641.qm@web35208.mail.mud.yahoo.com> References: <187860.83641.qm@web35208.mail.mud.yahoo.com> Message-ID: <6b22eee8523d2dbb8af8c35b9415d103.squirrel@webmail.bi.corp.invoca.ch> > --- Simon Matter wrote: > > - snip - > >> > Please advise where shall I check and how to fix the problem. TIA >> >> You should post your configs (/etc/cyrus.conf and /etc/imapd.conf) >> which >> will make it easier for someone to help you. > > > Hi Simon, > > > cyrus.conf and imapd.conf are as follows. Those lines, commented out, > have been deleted to shorten the length of this posting. OK, since you are using saslauthd you should also post the saslauthd and related configs (PAM or whatever mech you are using). Simon > > > $ cat /etc/cyrus.conf > # Debian defaults for Cyrus IMAP server/cluster implementation > # see cyrus.conf(5) for more information > # > # All the tcp services are tcpd-wrapped. see hosts_access(5) > # $Id: cyrus.conf 120 2005-05-01 03:23:18Z sven $ > > START { > # do not delete this entry! > recover cmd="/usr/sbin/ctl_cyrusdb -r" > > # this is only necessary if using idled for IMAP IDLE > # this is NOT to be enabled right now in Debian builds > #idled cmd="idled" > > # this is useful on backend nodes of a Murder cluster > # it causes the backend to syncronize its mailbox list with > # the mupdate master upon startup > #mupdatepush cmd="/usr/sbin/ctl_mboxlist -m" > > # this is recommended if using duplicate delivery suppression > delprune cmd="/usr/sbin/ctl_deliver -E 3" > # this is recommended if caching TLS sessions > tlsprune cmd="/usr/sbin/tls_prune" > } > > # UNIX sockets start with a slash and are absolute paths > # you can use a maxchild=# to limit the maximum number of forks of a > service > # you can use babysit=true and maxforkrate=# to keep tight tabs on the > service > # most services also accept -U (limit number of reuses) and -T > (timeout) > SERVICES { > # --- Normal cyrus spool, or Murder backends --- > # add or remove based on preferences > imap cmd="imapd -U 30" listen="imap" prefork=0 > maxchild=100 > imaps cmd="imapd -s -U 30" listen="imaps" prefork=0 > maxchild=100 > #pop3 cmd="pop3d -U 30" listen="pop3" prefork=0 > maxchild=50 > #pop3s cmd="pop3d -s -U 30" listen="pop3s" prefork=0 > maxchild=50 > > > #nntp cmd="nntpd -U 30" listen="nntp" prefork=0 > maxchild=100 > #nntps cmd="nntpd -s -U 30" listen="nntps" prefork=0 > maxchild=100 > > # At least one form of LMTP is required for delivery > # (you must keep the Unix socket name in sync with imap.conf) > #lmtp cmd="lmtpd" listen="localhost:lmtp" prefork=0 > maxchild=20 > lmtpunix cmd="lmtpd" listen="/var/run/cyrus/socket/lmtp" > prefork=0 maxchild=20 > # ---------------------------------------------- > > # useful if you need to give users remote access to sieve > # by default, we limit this to localhost in Debian > sieve cmd="timsieved" listen="localhost:sieve" > prefork=0 maxchild=100 > > # this one is needed for the notification services > notify cmd="notifyd" > listen="/var/run/cyrus/socket/notify" proto="udp" prefork=1 > > # --- Murder frontends ------------------------- > > - snip - > > > # ---------------------------------------------- > } > > EVENTS { > # this is required > checkpoint cmd="/usr/sbin/ctl_cyrusdb -c" period=30 > > # this is only necessary if using duplicate delivery > suppression > > > delprune cmd="/usr/sbin/ctl_deliver -E 3" at=0401 > > # this is only necessary if caching TLS sessions > tlsprune cmd="/usr/sbin/tls_prune" at=0401 > } > > admins: cyrus > unixhierarchysep: 1 > * end * > > > > $ cat /etc/imapd.conf > # Debian Cyrus imapd.conf > # $Id: imapd.conf 229 2005-12-08 23:26:29Z astronut $ > # See imapd.conf(5) for more information and more options > > # Configuration directory > configdirectory: /var/lib/cyrus > > # Which partition to use for default mailboxes > defaultpartition: default > partition-default: /var/spool/cyrus/mail > > # News setup > partition-news: /var/spool/cyrus/news > newsspool: /var/spool/news > > # Alternate namespace > # If enabled, activate the alternate namespace as documented in > # /usr/share/doc/cyrus-doc-2.2/html/altnamespace.html, where an user's > # subfolders are in the same level as the INBOX > # See also userprefix and sharedprefix on imapd.conf(5) > altnamespace: no > > # UNIX Hierarchy Convention > # Set to yes, and cyrus will accept dots in names, and use the forward > # slash "/" to delimit levels of the hierarchy. This is done by > converting > # internally all dots to "^", and all "/" to dots. So the > "rabbit.holes" > # mailbox of user "helmer.fudd" is stored in > "user.elmer^fud.rabbit^holes" > unixhierarchysep: yes > > > - snip - > > > # Uncomment the following and add the space-separated users who > # have admin rights for all services. > admins: cyrus > > > - sni - > > > # No anonymous logins > #allowanonymouslogin: no > allowanonymouslogin: yes > > # Minimum time between POP mail fetches in minutes > popminpoll: 1 > > # If nonzero, normal users may create their own IMAP accounts by > creating > # the mailbox INBOX. The user's quota is set to the value if it is > positive, > # otherwise the user has unlimited quota. > autocreatequota: 0 > > # umask used by Cyrus programs > umask: 077 > > - snip - > > # If enabled, cyrdeliver will look for Sieve scripts in user's home > # directories: ~user/.sieve. > sieveusehomedir: false > > # If sieveusehomedir is false, this directory is searched for Sieve > scripts. > sievedir: /var/spool/sieve > > > - snip - > > > # If enabled, the partitions will also be hashed, in addition to the > hashing > # done on configuration directories. This is recommended if one > partition has a > # very bushy mailbox tree. > hashimapspool: true > > # Allow plaintext logins by default (SASL PLAIN) > allowplaintext: yes > > # Force PLAIN/LOGIN authentication only > # (you need to uncomment this if you are not using an auxprop-based > SASL > # mechanism. saslauthd users, that means you!). And pay attention to > # sasl_minimum_layer and allowapop below, too. > #sasl_mech_list: PLAIN > > > - snip - > > > # Do note that, since sasl will be run as user cyrus, you may have a > lot of > # trouble to set this up right. > #sasl_pwcheck_method: auxprop > sasl_pwcheck_method: saslauthd > > # What auxpropd plugins to load, if using sasl_pwcheck_method: auxprop > # by default, all plugins are tried (which is probably NOT what you > want). > #sasl_auxprop_plugin: sasldb > > # If enabled, the SASL library will automatically create authentication > secrets > # when given a plaintext password. Refer to SASL documentation > sasl_auto_transition: no > > # > # SSL/TLS Options > # > > - snip - > > > # File containing one or more Certificate Authority (CA) certificates. > #tls_ca_file: /etc/ssl/certs/cyrus-imapd-ca.pem > > # Path to directory with certificates of CAs. > tls_ca_path: /etc/ssl/certs > > # The length of time (in minutes) that a TLS session will be cached for > later > # reuse. The maximum value is 1440 (24 hours), the default. A value > of 0 will > # disable session caching. > tls_session_timeout: 1440 > > # The list of SSL/TLS ciphers to allow, in decreasing order of > precedence. > # The format of the string is described in ciphers(1). The Debian > default > # selects TLSv1 high-security ciphers only, and removes all anonymous > ciphers > # from the list (because they provide no defense against > man-in-the-middle > # attacks). It also orders the list so that stronger ciphers come > first. > tls_cipher_list: TLSv1+HIGH:!aNULL:@STRENGTH > > > - snip - > > > ## KEEP THESE IN SYNC WITH cyrus.conf > ## > # Unix domain socket that lmtpd listens on. > lmtpsocket: /var/run/cyrus/socket/lmtp > > # Unix domain socket that idled listens on. > idlesocket: /var/run/cyrus/socket/idle > > # Unix domain socket that the new mail notification daemon listens on. > notifysocket: /var/run/cyrus/socket/notify > > # Syslog prefix. Defaults to cyrus (so logging is done as cyrus/imap > etc.) > syslog_prefix: cyrus > > > - snip - > * end * > > > B.R. > Stephen L > > > Send instant messages to your online friends http://uk.messenger.yahoo.com > ---- > Cyrus Home Page: http://cyrusimap.web.cmu.edu/ > Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html > From satimis at yahoo.com Mon Jun 9 06:07:45 2008 From: satimis at yahoo.com (Stephen Liu) Date: Mon, 9 Jun 2008 18:07:45 +0800 (CST) Subject: Authentication problem In-Reply-To: <6b22eee8523d2dbb8af8c35b9415d103.squirrel@webmail.bi.corp.invoca.ch> Message-ID: <112299.14910.qm@web35208.mail.mud.yahoo.com> --- Simon Matter wrote: - snip - > > cyrus.conf and imapd.conf are as follows. Those lines, commented > out, > > have been deleted to shorten the length of this posting. > > OK, since you are using saslauthd you should also post the saslauthd > and > related configs (PAM or whatever mech you are using). $ cat /etc/default/saslauthd # # Settings for saslauthd daemon # # Should saslauthd run automatically on startup? (default: no) START=yes # Which authentication mechanisms should saslauthd use? (default: pam) # # Available options in this Debian package: # getpwent -- use the getpwent() library function # kerberos5 -- use Kerberos 5 # pam -- use PAM # rimap -- use a remote IMAP server # shadow -- use the local shadow password file # sasldb -- use the local sasldb database file # ldap -- use LDAP (configuration is in /etc/saslauthd.conf) # # Only one option may be used at a time. See the saslauthd man page # for more information. # # Example: MECHANISMS="pam" MECHANISMS="pam" # Additional options for this mechanism. (default: none) # See the saslauthd man page for information about mech-specific options. MECH_OPTIONS="" # How many saslauthd processes should we run? (default: 5) # A value of 0 will fork a new process for each connection. THREADS=5 # Other options (default: -c) # See the saslauthd man page for information about these options. # # Example for postfix users: "-c -m /var/spool/postfix/var/run/saslauthd" # Note: See /usr/share/doc/sasl2-bin/README.Debian OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd -r" * end * $ locate pam /etc/pam.conf /etc/pam.d /etc/pam.d/atd /etc/pam.d/chage /etc/pam.d/chfn /etc/pam.d/chsh /etc/pam.d/common-account /etc/pam.d/common-auth /etc/pam.d/common-password /etc/pam.d/common-session /etc/pam.d/cron /etc/pam.d/cupsys /etc/pam.d/cvs /etc/pam.d/dovecot /etc/pam.d/groupadd /etc/pam.d/groupdel /etc/pam.d/groupmod /etc/pam.d/imap /etc/pam.d/lmtp /etc/pam.d/login /etc/pam.d/newusers /etc/pam.d/other /etc/pam.d/passwd /etc/pam.d/pop /etc/pam.d/ppp /etc/pam.d/sieve /etc/pam.d/ssh /etc/pam.d/su /etc/pam.d/sudo /etc/pam.d/useradd /etc/pam.d/userdel /etc/pam.d/usermod /etc/pam.d/vsftpd .... ..... * end * $ cat /etc/pam.conf # ---------------------------------------------------------------------------# # /etc/pam.conf # # ---------------------------------------------------------------------------# # # NOTE # ---- # # NOTE: Most program use a file under the /etc/pam.d/ directory to setup their # PAM service modules. This file is used only if that directory does not exist. # ---------------------------------------------------------------------------# # Format: # serv. module ctrl module [path] ...[args..] # # name type flag # * end * What other file/files I have to check ? Thanks. B.R. Stephen > > $ cat /etc/cyrus.conf > > # Debian defaults for Cyrus IMAP server/cluster implementation > > # see cyrus.conf(5) for more information > > # > > # All the tcp services are tcpd-wrapped. see hosts_access(5) > > # $Id: cyrus.conf 120 2005-05-01 03:23:18Z sven $ > > > > START { > > # do not delete this entry! > > recover cmd="/usr/sbin/ctl_cyrusdb -r" > > > > # this is only necessary if using idled for IMAP IDLE > > # this is NOT to be enabled right now in Debian builds > > #idled cmd="idled" > > > > # this is useful on backend nodes of a Murder cluster > > # it causes the backend to syncronize its mailbox list with > > # the mupdate master upon startup > > #mupdatepush cmd="/usr/sbin/ctl_mboxlist -m" > > > > # this is recommended if using duplicate delivery > suppression > > delprune cmd="/usr/sbin/ctl_deliver -E 3" > > # this is recommended if caching TLS sessions > > tlsprune cmd="/usr/sbin/tls_prune" > > } > > > > # UNIX sockets start with a slash and are absolute paths > > # you can use a maxchild=# to limit the maximum number of forks of > a > > service > > # you can use babysit=true and maxforkrate=# to keep tight tabs on > the > > service > > # most services also accept -U (limit number of reuses) and -T > > (timeout) > > SERVICES { > > # --- Normal cyrus spool, or Murder backends --- > > # add or remove based on preferences > > imap cmd="imapd -U 30" listen="imap" prefork=0 > > maxchild=100 > > imaps cmd="imapd -s -U 30" listen="imaps" > prefork=0 > > maxchild=100 > > #pop3 cmd="pop3d -U 30" listen="pop3" prefork=0 > > maxchild=50 > > #pop3s cmd="pop3d -s -U 30" listen="pop3s" > prefork=0 > > maxchild=50 > > > > > > #nntp cmd="nntpd -U 30" listen="nntp" prefork=0 > > maxchild=100 > > #nntps cmd="nntpd -s -U 30" listen="nntps" > prefork=0 > > maxchild=100 > > > > # At least one form of LMTP is required for delivery > > # (you must keep the Unix socket name in sync with > imap.conf) > > #lmtp cmd="lmtpd" listen="localhost:lmtp" > prefork=0 > > maxchild=20 > > lmtpunix cmd="lmtpd" > listen="/var/run/cyrus/socket/lmtp" > > prefork=0 maxchild=20 > > # ---------------------------------------------- > > > > # useful if you need to give users remote access to sieve > > # by default, we limit this to localhost in Debian > > sieve cmd="timsieved" listen="localhost:sieve" > > prefork=0 maxchild=100 > > > > # this one is needed for the notification services > > notify cmd="notifyd" > > listen="/var/run/cyrus/socket/notify" proto="udp" prefork=1 > > > > # --- Murder frontends ------------------------- > > > > - snip - > > > > > > # ---------------------------------------------- > > } > > > > EVENTS { > > # this is required > > checkpoint cmd="/usr/sbin/ctl_cyrusdb -c" period=30 > > > > # this is only necessary if using duplicate delivery > > suppression > > > > > > delprune cmd="/usr/sbin/ctl_deliver -E 3" at=0401 > > > > # this is only necessary if caching TLS sessions > > tlsprune cmd="/usr/sbin/tls_prune" at=0401 > > } > > > > admins: cyrus > > unixhierarchysep: 1 > > * end * > > > > > > > > $ cat /etc/imapd.conf > > # Debian Cyrus imapd.conf > > # $Id: imapd.conf 229 2005-12-08 23:26:29Z astronut $ > > # See imapd.conf(5) for more information and more options > > > > # Configuration directory > > configdirectory: /var/lib/cyrus > > > > # Which partition to use for default mailboxes > > defaultpartition: default > > partition-default: /var/spool/cyrus/mail > > > > # News setup > > partition-news: /var/spool/cyrus/news > > newsspool: /var/spool/news > > > > # Alternate namespace > > # If enabled, activate the alternate namespace as documented in > > # /usr/share/doc/cyrus-doc-2.2/html/altnamespace.html, where an > user's > > # subfolders are in the same level as the INBOX > > # See also userprefix and sharedprefix on imapd.conf(5) > > altnamespace: no > > > > # UNIX Hierarchy Convention > > # Set to yes, and cyrus will accept dots in names, and use the > forward > > # slash "/" to delimit levels of the hierarchy. This is done by > > converting > > # internally all dots to "^", and all "/" to dots. So the > > "rabbit.holes" > > # mailbox of user "helmer.fudd" is stored in > > "user.elmer^fud.rabbit^holes" > > unixhierarchysep: yes > > > > > > - snip - > > > > > > # Uncomment the following and add the space-separated users who > > # have admin rights for all services. > > admins: cyrus > > > > > > - sni - > > > > > > # No anonymous logins > > #allowanonymouslogin: no > > allowanonymouslogin: yes > > > > # Minimum time between POP mail fetches in minutes > > popminpoll: 1 > > > > # If nonzero, normal users may create their own IMAP accounts by > > creating > > # the mailbox INBOX. The user's quota is set to the value if it is > > positive, > > # otherwise the user has unlimited quota. > > autocreatequota: 0 > > > > # umask used by Cyrus programs > > umask: 077 > > > > - snip - > > > > # If enabled, cyrdeliver will look for Sieve scripts in user's home > > # directories: ~user/.sieve. > > sieveusehomedir: false > > > > # If sieveusehomedir is false, this directory is searched for Sieve > > scripts. > > sievedir: /var/spool/sieve > > > > > > - snip - > > > > > > # If enabled, the partitions will also be hashed, in addition to > the > > hashing > > # done on configuration directories. This is recommended if one > > partition has a > > # very bushy mailbox tree. > > hashimapspool: true > > > > # Allow plaintext logins by default (SASL PLAIN) > > allowplaintext: yes > > > > # Force PLAIN/LOGIN authentication only > > # (you need to uncomment this if you are not using an auxprop-based > > SASL > > # mechanism. saslauthd users, that means you!). And pay attention > to > > # sasl_minimum_layer and allowapop below, too. > > #sasl_mech_list: PLAIN > > > > > > - snip - > > > > > > # Do note that, since sasl will be run as user cyrus, you may have > a > > lot of > > # trouble to set this up right. > > #sasl_pwcheck_method: auxprop > > sasl_pwcheck_method: saslauthd > > > > # What auxpropd plugins to load, if using sasl_pwcheck_method: > auxprop > > # by default, all plugins are tried (which is probably NOT what you > > want). > > #sasl_auxprop_plugin: sasldb > > > > # If enabled, the SASL library will automatically create > authentication > > secrets > > # when given a plaintext password. Refer to SASL documentation > > sasl_auto_transition: no > > > > # > > # SSL/TLS Options > > # > > > > - snip - > > > > > > # File containing one or more Certificate Authority (CA) > certificates. > > #tls_ca_file: /etc/ssl/certs/cyrus-imapd-ca.pem > > > > # Path to directory with certificates of CAs. > > tls_ca_path: /etc/ssl/certs > > > > # The length of time (in minutes) that a TLS session will be cached > for > > later > > # reuse. The maximum value is 1440 (24 hours), the default. A > value > > of 0 will > > # disable session caching. > > tls_session_timeout: 1440 > > > > # The list of SSL/TLS ciphers to allow, in decreasing order of > > precedence. > > # The format of the string is described in ciphers(1). The Debian > > default > > # selects TLSv1 high-security ciphers only, and removes all > anonymous > > ciphers > > # from the list (because they provide no defense against > > man-in-the-middle > > # attacks). It also orders the list so that stronger ciphers come > > first. > > tls_cipher_list: TLSv1+HIGH:!aNULL:@STRENGTH > > > > > > - snip - > > > > > > ## KEEP THESE IN SYNC WITH cyrus.conf > > ## > > # Unix domain socket that lmtpd listens on. > > lmtpsocket: /var/run/cyrus/socket/lmtp > > > > # Unix domain socket that idled listens on. > > idlesocket: /var/run/cyrus/socket/idle > > > > # Unix domain socket that the new mail notification daemon listens > on. > > notifysocket: /var/run/cyrus/socket/notify > > > > # Syslog prefix. Defaults to cyrus (so logging is done as > cyrus/imap > > etc.) > > syslog_prefix: cyrus > > > > > > - snip - > > * end * > > > > > > B.R. > > Stephen L Send instant messages to your online friends http://uk.messenger.yahoo.com From simon.matter at invoca.ch Mon Jun 9 07:06:46 2008 From: simon.matter at invoca.ch (Simon Matter) Date: Mon, 9 Jun 2008 13:06:46 +0200 (CEST) Subject: Authentication problem In-Reply-To: <112299.14910.qm@web35208.mail.mud.yahoo.com> References: <112299.14910.qm@web35208.mail.mud.yahoo.com> Message-ID: > > --- Simon Matter wrote: > > - snip - > > >> > cyrus.conf and imapd.conf are as follows. Those lines, commented >> out, >> > have been deleted to shorten the length of this posting. >> >> OK, since you are using saslauthd you should also post the saslauthd >> and >> related configs (PAM or whatever mech you are using). > > > $ cat /etc/default/saslauthd > # > # Settings for saslauthd daemon > # > > # Should saslauthd run automatically on startup? (default: no) > START=yes > > # Which authentication mechanisms should saslauthd use? (default: pam) > # > # Available options in this Debian package: > # getpwent -- use the getpwent() library function > # kerberos5 -- use Kerberos 5 > # pam -- use PAM > # rimap -- use a remote IMAP server > # shadow -- use the local shadow password file > # sasldb -- use the local sasldb database file > # ldap -- use LDAP (configuration is in /etc/saslauthd.conf) > # > # Only one option may be used at a time. See the saslauthd man page > # for more information. > # > # Example: MECHANISMS="pam" > MECHANISMS="pam" > > # Additional options for this mechanism. (default: none) > # See the saslauthd man page for information about mech-specific > options. > MECH_OPTIONS="" > > # How many saslauthd processes should we run? (default: 5) > # A value of 0 will fork a new process for each connection. > THREADS=5 > > # Other options (default: -c) > # See the saslauthd man page for information about these options. > # > # Example for postfix users: "-c -m > /var/spool/postfix/var/run/saslauthd" > # Note: See /usr/share/doc/sasl2-bin/README.Debian > OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd -r" > * end * > > > $ locate pam > /etc/pam.conf > /etc/pam.d > /etc/pam.d/atd > /etc/pam.d/chage > /etc/pam.d/chfn > /etc/pam.d/chsh > /etc/pam.d/common-account > /etc/pam.d/common-auth > /etc/pam.d/common-password > /etc/pam.d/common-session > /etc/pam.d/cron > /etc/pam.d/cupsys > /etc/pam.d/cvs > /etc/pam.d/dovecot > /etc/pam.d/groupadd > /etc/pam.d/groupdel > /etc/pam.d/groupmod > /etc/pam.d/imap > /etc/pam.d/lmtp > /etc/pam.d/login > /etc/pam.d/newusers > /etc/pam.d/other > /etc/pam.d/passwd > /etc/pam.d/pop > /etc/pam.d/ppp > /etc/pam.d/sieve > /etc/pam.d/ssh > /etc/pam.d/su > /etc/pam.d/sudo > /etc/pam.d/useradd > /etc/pam.d/userdel > /etc/pam.d/usermod > /etc/pam.d/vsftpd For example /etc/pam.d/imap, /etc/pam.d/lmtp, /etc/pam.d/pop and /etc/pam.d/sieve. How are they configured? There is one more thing. You tried 'imtest -m login -p imap localhost' as root which means per default it tries to authenticate as user root. Maybe you want to try imtest -m login -p imap -u satimiscyrus localhost Simon > .... > ..... > * end * > > > $ cat /etc/pam.conf > # > ---------------------------------------------------------------------------# > # /etc/pam.conf > # > # > ---------------------------------------------------------------------------# > # > # NOTE > # ---- > # > # NOTE: Most program use a file under the /etc/pam.d/ directory to > setup their > # PAM service modules. This file is used only if that directory does > not exist. > # > ---------------------------------------------------------------------------# > > # Format: > # serv. module ctrl module [path] ...[args..] > # > # name type flag > # > * end * > > > What other file/files I have to check ? Thanks. > > > > B.R. > Stephen > > > > > > > >> > $ cat /etc/cyrus.conf >> > # Debian defaults for Cyrus IMAP server/cluster implementation >> > # see cyrus.conf(5) for more information >> > # >> > # All the tcp services are tcpd-wrapped. see hosts_access(5) >> > # $Id: cyrus.conf 120 2005-05-01 03:23:18Z sven $ >> > >> > START { >> > # do not delete this entry! >> > recover cmd="/usr/sbin/ctl_cyrusdb -r" >> > >> > # this is only necessary if using idled for IMAP IDLE >> > # this is NOT to be enabled right now in Debian builds >> > #idled cmd="idled" >> > >> > # this is useful on backend nodes of a Murder cluster >> > # it causes the backend to syncronize its mailbox list with >> > # the mupdate master upon startup >> > #mupdatepush cmd="/usr/sbin/ctl_mboxlist -m" >> > >> > # this is recommended if using duplicate delivery >> suppression >> > delprune cmd="/usr/sbin/ctl_deliver -E 3" >> > # this is recommended if caching TLS sessions >> > tlsprune cmd="/usr/sbin/tls_prune" >> > } >> > >> > # UNIX sockets start with a slash and are absolute paths >> > # you can use a maxchild=# to limit the maximum number of forks of >> a >> > service >> > # you can use babysit=true and maxforkrate=# to keep tight tabs on >> the >> > service >> > # most services also accept -U (limit number of reuses) and -T >> > (timeout) >> > SERVICES { >> > # --- Normal cyrus spool, or Murder backends --- >> > # add or remove based on preferences >> > imap cmd="imapd -U 30" listen="imap" prefork=0 >> > maxchild=100 >> > imaps cmd="imapd -s -U 30" listen="imaps" >> prefork=0 >> > maxchild=100 >> > #pop3 cmd="pop3d -U 30" listen="pop3" prefork=0 >> > maxchild=50 >> > #pop3s cmd="pop3d -s -U 30" listen="pop3s" >> prefork=0 >> > maxchild=50 >> > >> > >> > #nntp cmd="nntpd -U 30" listen="nntp" prefork=0 >> > maxchild=100 >> > #nntps cmd="nntpd -s -U 30" listen="nntps" >> prefork=0 >> > maxchild=100 >> > >> > # At least one form of LMTP is required for delivery >> > # (you must keep the Unix socket name in sync with >> imap.conf) >> > #lmtp cmd="lmtpd" listen="localhost:lmtp" >> prefork=0 >> > maxchild=20 >> > lmtpunix cmd="lmtpd" >> listen="/var/run/cyrus/socket/lmtp" >> > prefork=0 maxchild=20 >> > # ---------------------------------------------- >> > >> > # useful if you need to give users remote access to sieve >> > # by default, we limit this to localhost in Debian >> > sieve cmd="timsieved" listen="localhost:sieve" >> > prefork=0 maxchild=100 >> > >> > # this one is needed for the notification services >> > notify cmd="notifyd" >> > listen="/var/run/cyrus/socket/notify" proto="udp" prefork=1 >> > >> > # --- Murder frontends ------------------------- >> > >> > - snip - >> > >> > >> > # ---------------------------------------------- >> > } >> > >> > EVENTS { >> > # this is required >> > checkpoint cmd="/usr/sbin/ctl_cyrusdb -c" period=30 >> > >> > # this is only necessary if using duplicate delivery >> > suppression >> > >> > >> > delprune cmd="/usr/sbin/ctl_deliver -E 3" at=0401 >> > >> > # this is only necessary if caching TLS sessions >> > tlsprune cmd="/usr/sbin/tls_prune" at=0401 >> > } >> > >> > admins: cyrus >> > unixhierarchysep: 1 >> > * end * >> > >> > >> > >> > $ cat /etc/imapd.conf >> > # Debian Cyrus imapd.conf >> > # $Id: imapd.conf 229 2005-12-08 23:26:29Z astronut $ >> > # See imapd.conf(5) for more information and more options >> > >> > # Configuration directory >> > configdirectory: /var/lib/cyrus >> > >> > # Which partition to use for default mailboxes >> > defaultpartition: default >> > partition-default: /var/spool/cyrus/mail >> > >> > # News setup >> > partition-news: /var/spool/cyrus/news >> > newsspool: /var/spool/news >> > >> > # Alternate namespace >> > # If enabled, activate the alternate namespace as documented in >> > # /usr/share/doc/cyrus-doc-2.2/html/altnamespace.html, where an >> user's >> > # subfolders are in the same level as the INBOX >> > # See also userprefix and sharedprefix on imapd.conf(5) >> > altnamespace: no >> > >> > # UNIX Hierarchy Convention >> > # Set to yes, and cyrus will accept dots in names, and use the >> forward >> > # slash "/" to delimit levels of the hierarchy. This is done by >> > converting >> > # internally all dots to "^", and all "/" to dots. So the >> > "rabbit.holes" >> > # mailbox of user "helmer.fudd" is stored in >> > "user.elmer^fud.rabbit^holes" >> > unixhierarchysep: yes >> > >> > >> > - snip - >> > >> > >> > # Uncomment the following and add the space-separated users who >> > # have admin rights for all services. >> > admins: cyrus >> > >> > >> > - sni - >> > >> > >> > # No anonymous logins >> > #allowanonymouslogin: no >> > allowanonymouslogin: yes >> > >> > # Minimum time between POP mail fetches in minutes >> > popminpoll: 1 >> > >> > # If nonzero, normal users may create their own IMAP accounts by >> > creating >> > # the mailbox INBOX. The user's quota is set to the value if it is >> > positive, >> > # otherwise the user has unlimited quota. >> > autocreatequota: 0 >> > >> > # umask used by Cyrus programs >> > umask: 077 >> > >> > - snip - >> > >> > # If enabled, cyrdeliver will look for Sieve scripts in user's home >> > # directories: ~user/.sieve. >> > sieveusehomedir: false >> > >> > # If sieveusehomedir is false, this directory is searched for Sieve >> > scripts. >> > sievedir: /var/spool/sieve >> > >> > >> > - snip - >> > >> > >> > # If enabled, the partitions will also be hashed, in addition to >> the >> > hashing >> > # done on configuration directories. This is recommended if one >> > partition has a >> > # very bushy mailbox tree. >> > hashimapspool: true >> > >> > # Allow plaintext logins by default (SASL PLAIN) >> > allowplaintext: yes >> > >> > # Force PLAIN/LOGIN authentication only >> > # (you need to uncomment this if you are not using an auxprop-based >> > SASL >> > # mechanism. saslauthd users, that means you!). And pay attention >> to >> > # sasl_minimum_layer and allowapop below, too. >> > #sasl_mech_list: PLAIN >> > >> > >> > - snip - >> > >> > >> > # Do note that, since sasl will be run as user cyrus, you may have >> a >> > lot of >> > # trouble to set this up right. >> > #sasl_pwcheck_method: auxprop >> > sasl_pwcheck_method: saslauthd >> > >> > # What auxpropd plugins to load, if using sasl_pwcheck_method: >> auxprop >> > # by default, all plugins are tried (which is probably NOT what you >> > want). >> > #sasl_auxprop_plugin: sasldb >> > >> > # If enabled, the SASL library will automatically create >> authentication >> > secrets >> > # when given a plaintext password. Refer to SASL documentation >> > sasl_auto_transition: no >> > >> > # >> > # SSL/TLS Options >> > # >> > >> > - snip - >> > >> > >> > # File containing one or more Certificate Authority (CA) >> certificates. >> > #tls_ca_file: /etc/ssl/certs/cyrus-imapd-ca.pem >> > >> > # Path to directory with certificates of CAs. >> > tls_ca_path: /etc/ssl/certs >> > >> > # The length of time (in minutes) that a TLS session will be cached >> for >> > later >> > # reuse. The maximum value is 1440 (24 hours), the default. A >> value >> > of 0 will >> > # disable session caching. >> > tls_session_timeout: 1440 >> > >> > # The list of SSL/TLS ciphers to allow, in decreasing order of >> > precedence. >> > # The format of the string is described in ciphers(1). The Debian >> > default >> > # selects TLSv1 high-security ciphers only, and removes all >> anonymous >> > ciphers >> > # from the list (because they provide no defense against >> > man-in-the-middle >> > # attacks). It also orders the list so that stronger ciphers come >> > first. >> > tls_cipher_list: TLSv1+HIGH:!aNULL:@STRENGTH >> > >> > >> > - snip - >> > >> > >> > ## KEEP THESE IN SYNC WITH cyrus.conf >> > ## >> > # Unix domain socket that lmtpd listens on. >> > lmtpsocket: /var/run/cyrus/socket/lmtp >> > >> > # Unix domain socket that idled listens on. >> > idlesocket: /var/run/cyrus/socket/idle >> > >> > # Unix domain socket that the new mail notification daemon listens >> on. >> > notifysocket: /var/run/cyrus/socket/notify >> > >> > # Syslog prefix. Defaults to cyrus (so logging is done as >> cyrus/imap >> > etc.) >> > syslog_prefix: cyrus >> > >> > >> > - snip - >> > * end * >> > >> > >> > B.R. >> > Stephen L > > > Send instant messages to your online friends http://uk.messenger.yahoo.com > ---- > Cyrus Home Page: http://cyrusimap.web.cmu.edu/ > Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html > From aspineux at gmail.com Mon Jun 9 07:15:39 2008 From: aspineux at gmail.com (Alain Spineux) Date: Mon, 9 Jun 2008 13:15:39 +0200 Subject: Cyrus - can't create user mailbox In-Reply-To: <562695.14351.qm@web35205.mail.mud.yahoo.com> References: <20080609083158.w5qek8aggso0kgos@webmail.uni-tuebingen.de> <562695.14351.qm@web35205.mail.mud.yahoo.com> Message-ID: <71fe4e760806090415s189af734q870e1aca73e6a754@mail.gmail.com> On Mon, Jun 9, 2008 at 11:36 AM, Stephen Liu wrote: > Hi Michael, > > > Thanks for your advice. > > >> Quoting Stephen Liu : >> >> > >> >> > $ cyradm -u cyrus localhost >> >> > Password: >> >> > localhost> cm user.satimiscyrus >> >> > localhost> quit >> >> > >> >> > it works. But I can't find this new user NOR its mailbox. >> >> >> > $ locate satimiscyrus >> > /var/spool/cyrus/mail/u/user^satimiscyrus >> > /var/spool/cyrus/mail/u/user^satimiscyrus/cyrus.cache >> > /var/spool/cyrus/mail/u/user^satimiscyrus/cyrus.header >> > /var/spool/cyrus/mail/u/user^satimiscyrus/cyrus.index >> > >> > >> > The mailbox is there. What is user^ for? >> >> This indicates that you have set unixhierarchysep: 1 in >> /etc/imapd.conf > > > $ cat /etc/imapd.conf | grep unixhierarchysep > unixhierarchysep: yes > > > It is set as "yes" > > >> To create a Inbox for the user satimiscyrus you have to use >> cm user/satimiscyrus >> >> The ^ is the reperentation of the . on filesystem. > > > Tried to delete the mailbox without success. Performed following > steps; > > > $ su - cyrus > Password: > > $ cyradm -u cyrus localhost > Password: > localhost> dm user.satimiscyrus > deletemailbox: Permission denied > > I can't delete the mailbox created previously. Because you need to give yourself the right before > sam user.satimiscyrus manager x or maybe > sam user.satimiscyrus manager c then > dm user.satimiscyrus > > > Continued > > localhost> cm user/satimiscyrus > localhost> lm > user.groupware (\HasNoChildren) user/satimiscyrus (\HasNoChildren) > > user.satimiscyrus (\HasNoChildren) > > Still can't create the subdirectory. I dont understand ! > > > Continued > localhost> quit > $ exit > logout > > > $ sudo updatedb in this case 'find' is more appropriate than locate > > > $ locate satimiscyrus find / -iname "*satimiscyrus*" > /home/satimiscyrus > /home/satimiscyrus/.bash_history > /home/satimiscyrus/.bash_logout > /home/satimiscyrus/.bash_profile > /home/satimiscyrus/.bashrc > /var/spool/cyrus/mail/s/user/satimiscyrus > /var/spool/cyrus/mail/s/user/satimiscyrus/cyrus.cache > /var/spool/cyrus/mail/s/user/satimiscyrus/cyrus.header > /var/spool/cyrus/mail/s/user/satimiscyrus/cyrus.index > /var/spool/cyrus/mail/u/user^satimiscyrus > /var/spool/cyrus/mail/u/user^satimiscyrus/cyrus.cache > /var/spool/cyrus/mail/u/user^satimiscyrus/cyrus.header > /var/spool/cyrus/mail/u/user^satimiscyrus/cyrus.index > * end * > > > Send a webmail to satimiscyrus on Gmail. The mail never arrives. Is your MX pointers configured ? Is your SMTP reachable from outside ? Did you look in postfix log ? > > > > B.R. > Stephen L > > Send instant messages to your online friends http://uk.messenger.yahoo.com > ---- > Cyrus Home Page: http://cyrusimap.web.cmu.edu/ > Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html > -- Alain Spineux aspineux gmail com May the sources be with you From michael.menge at zdv.uni-tuebingen.de Mon Jun 9 07:22:39 2008 From: michael.menge at zdv.uni-tuebingen.de (Michael Menge) Date: Mon, 9 Jun 2008 13:22:39 +0200 Subject: Cyrus - can't create user mailbox In-Reply-To: <562695.14351.qm@web35205.mail.mud.yahoo.com> References: <562695.14351.qm@web35205.mail.mud.yahoo.com> Message-ID: <20080609132239.69avp0pdk4oo004g@webmail.uni-tuebingen.de> Quoting Stephen Liu : > > > $ cat /etc/imapd.conf | grep unixhierarchysep > unixhierarchysep: yes > > > It is set as "yes" yes and 1 mean the same, unixhierarchsep is used. > > >> To create a Inbox for the user satimiscyrus you have to use >> cm user/satimiscyrus >> >> The ^ is the reperentation of the . on filesystem. > > > Tried to delete the mailbox without success. Performed following > steps; > > > $ su - cyrus > Password: > > $ cyradm -u cyrus localhost > Password: > localhost> dm user.satimiscyrus > deletemailbox: Permission denied > > I can't delete the mailbox created previously. as stated from cyradm the user cyrus does not have the permission to delete the mailbox. Use "sam user.satimiscyrus cyrus c" or "sam user.satimiscyrus cyrus all" the first will only set the permission to create subfolders and to delete the folder, the seconds gives cyrus all permissions > > > Continued > > localhost> cm user/satimiscyrus > localhost> lm > user.groupware (\HasNoChildren) user/satimiscyrus (\HasNoChildren) > > user.satimiscyrus (\HasNoChildren) > > Still can't create the subdirectory. > which subdirectory? user/satimiscyrus has been created (second solder on first line) > > Continued > localhost> quit > $ exit > logout > > > $ sudo updatedb > > > $ locate satimiscyrus > /home/satimiscyrus > /home/satimiscyrus/.bash_history > /home/satimiscyrus/.bash_logout > /home/satimiscyrus/.bash_profile > /home/satimiscyrus/.bashrc > /var/spool/cyrus/mail/s/user/satimiscyrus > /var/spool/cyrus/mail/s/user/satimiscyrus/cyrus.cache > /var/spool/cyrus/mail/s/user/satimiscyrus/cyrus.header > /var/spool/cyrus/mail/s/user/satimiscyrus/cyrus.index > /var/spool/cyrus/mail/u/user^satimiscyrus > /var/spool/cyrus/mail/u/user^satimiscyrus/cyrus.cache > /var/spool/cyrus/mail/u/user^satimiscyrus/cyrus.header > /var/spool/cyrus/mail/u/user^satimiscyrus/cyrus.index > * end * > > > Send a webmail to satimiscyrus on Gmail. The mail never arrives. > Did you recieve a bounce or is the message still queued? Are there related entries in you maillogs and cyruslogs? -------------------------------------------------------------------------------- M.Menge Tel.: (49) 7071/29-70316 Universitaet Tuebingen Fax.: (49) 7071/29-5912 Zentrum fuer Datenverarbeitung mail: michael.menge at zdv.uni-tuebingen.de Waechterstrasse 76 72074 Tuebingen -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 5339 bytes Desc: S/MIME krytographische Unterschrift Url : http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20080609/5ce2f541/attachment.bin From satimis at yahoo.com Mon Jun 9 07:26:57 2008 From: satimis at yahoo.com (Stephen Liu) Date: Mon, 9 Jun 2008 19:26:57 +0800 (CST) Subject: Authentication problem In-Reply-To: Message-ID: <7987.29421.qm@web35206.mail.mud.yahoo.com> --- Simon Matter wrote: Sorry previously I made a mistake on posting /etc/default/saslauthd It should read as; $ cat /etc/default/saslauthd # This needs to be uncommented before saslauthd will be run automatically START=yes PARAMS="-m /var/spool/postfix/var/run/saslauthd -r" # You must specify the authentication mechanisms you wish to use. # This defaults to "pam" for PAM support, but may also include # "shadow" or "sasldb", like this: # MECHANISMS="pam shadow" MECHANISMS="pam" * end * > > $ locate pam > > /etc/pam.conf > > /etc/pam.d > > /etc/pam.d/atd > > /etc/pam.d/chage > > /etc/pam.d/chfn > > /etc/pam.d/chsh > > /etc/pam.d/common-account > > /etc/pam.d/common-auth > > /etc/pam.d/common-password > > /etc/pam.d/common-session > > /etc/pam.d/cron > > /etc/pam.d/cupsys > > /etc/pam.d/cvs > > /etc/pam.d/dovecot > > /etc/pam.d/groupadd > > /etc/pam.d/groupdel > > /etc/pam.d/groupmod > > /etc/pam.d/imap > > /etc/pam.d/lmtp > > /etc/pam.d/login > > /etc/pam.d/newusers > > /etc/pam.d/other > > /etc/pam.d/passwd > > /etc/pam.d/pop > > /etc/pam.d/ppp > > /etc/pam.d/sieve > > /etc/pam.d/ssh > > /etc/pam.d/su > > /etc/pam.d/sudo > > /etc/pam.d/useradd > > /etc/pam.d/userdel > > /etc/pam.d/usermod > > /etc/pam.d/vsftpd > > For example /etc/pam.d/imap, /etc/pam.d/lmtp, /etc/pam.d/pop and > /etc/pam.d/sieve. How are they configured? $ cat /etc/pam.d/imap @include common-auth @include common-account $ cat /etc/pam.d/lmtp @include common-auth @include common-account $ cat /etc/pam.d/pop @include common-auth @include common-account $ cat /etc/pam.d/sieve @include common-auth @include common-account > There is one more thing. You tried 'imtest -m login -p imap > localhost' as > root which means per default it tries to authenticate as user root. > Maybe you want to try > > imtest -m login -p imap -u satimiscyrus localhost $ imtest -m login -p imap -u satimiscyrus localhost S: * OK lampserver Cyrus IMAP4 v2.2.12-Debian-2.2.12-4ubuntu1 server ready C: C01 CAPABILITY S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE AUTH=NTLM AUTH=ANONYMOUS AUTH=DIGEST-MD5 AUTH=CRAM-MD5 SASL-IR S: C01 OK Completed Please enter your password: C: L01 LOGIN satimis {12} S: + go ahead C: S: L01 NO Login failed: generic failure Authentication failed. generic failure Security strength factor: 0 (it is hanging here) then pressing [Ctrl]+c ^@C: Q01 LOGOUT Connection closed. B.R. Stephen > > > > $ cat /etc/pam.conf > > # > > > ---------------------------------------------------------------------------# > > # /etc/pam.conf > > # > > # > > > ---------------------------------------------------------------------------# > > # > > # NOTE > > # ---- > > # > > # NOTE: Most program use a file under the /etc/pam.d/ directory to > > setup their > > # PAM service modules. This file is used only if that directory > does > > not exist. > > # > > > ---------------------------------------------------------------------------# > > > > # Format: > > # serv. module ctrl module [path] ...[args..] > > # > > # name type flag > > # > > * end * > > > > > > What other file/files I have to check ? Thanks. > > > > > > > > B.R. > > Stephen > > > > > > > > > > > > > > > >> > $ cat /etc/cyrus.conf > >> > # Debian defaults for Cyrus IMAP server/cluster implementation > >> > # see cyrus.conf(5) for more information > >> > # > >> > # All the tcp services are tcpd-wrapped. see hosts_access(5) > >> > # $Id: cyrus.conf 120 2005-05-01 03:23:18Z sven $ > >> > > >> > START { > >> > # do not delete this entry! > >> > recover cmd="/usr/sbin/ctl_cyrusdb -r" > >> > > >> > # this is only necessary if using idled for IMAP IDLE > >> > # this is NOT to be enabled right now in Debian builds > >> > #idled cmd="idled" > >> > > >> > # this is useful on backend nodes of a Murder cluster > >> > # it causes the backend to syncronize its mailbox list > with > >> > # the mupdate master upon startup > >> > #mupdatepush cmd="/usr/sbin/ctl_mboxlist -m" > >> > > >> > # this is recommended if using duplicate delivery > >> suppression > >> > delprune cmd="/usr/sbin/ctl_deliver -E 3" > >> > # this is recommended if caching TLS sessions > >> > tlsprune cmd="/usr/sbin/tls_prune" > >> > } > >> > > >> > # UNIX sockets start with a slash and are absolute paths > >> > # you can use a maxchild=# to limit the maximum number of forks > of > >> a > >> > service > >> > # you can use babysit=true and maxforkrate=# to keep tight tabs > on > >> the > >> > service > >> > # most services also accept -U (limit number of reuses) and -T > >> > (timeout) > >> > SERVICES { > >> > # --- Normal cyrus spool, or Murder backends --- > >> > # add or remove based on preferences > >> > imap cmd="imapd -U 30" listen="imap" > prefork=0 > >> > maxchild=100 > >> > imaps cmd="imapd -s -U 30" listen="imaps" > >> prefork=0 > >> > maxchild=100 > >> > #pop3 cmd="pop3d -U 30" listen="pop3" > prefork=0 > >> > maxchild=50 > >> > #pop3s cmd="pop3d -s -U 30" listen="pop3s" > >> prefork=0 > >> > maxchild=50 > >> > > >> > > >> > #nntp cmd="nntpd -U 30" listen="nntp" > prefork=0 > >> > maxchild=100 > >> > #nntps cmd="nntpd -s -U 30" listen="nntps" > >> prefork=0 > >> > maxchild=100 > >> > > >> > # At least one form of LMTP is required for delivery > >> > # (you must keep the Unix socket name in sync with > >> imap.conf) > >> > #lmtp cmd="lmtpd" listen="localhost:lmtp" > >> prefork=0 > >> > maxchild=20 > >> > lmtpunix cmd="lmtpd" > >> listen="/var/run/cyrus/socket/lmtp" > >> > prefork=0 maxchild=20 > >> > # ---------------------------------------------- > >> > > >> > # useful if you need to give users remote access to > sieve > >> > # by default, we limit this to localhost in Debian > >> > sieve cmd="timsieved" listen="localhost:sieve" > >> > prefork=0 maxchild=100 > >> > > >> > # this one is needed for the notification services > >> > notify cmd="notifyd" > >> > listen="/var/run/cyrus/socket/notify" proto="udp" prefork=1 > >> > > >> > # --- Murder frontends ------------------------- > >> > > >> > - snip - > >> > > >> > > >> > # ---------------------------------------------- > >> > } > >> > > >> > EVENTS { > >> > # this is required > >> > checkpoint cmd="/usr/sbin/ctl_cyrusdb -c" period=30 > >> > > >> > # this is only necessary if using duplicate delivery > >> > suppression > >> > > >> > > >> > delprune cmd="/usr/sbin/ctl_deliver -E 3" at=0401 > >> > > >> > # this is only necessary if caching TLS sessions > >> > tlsprune cmd="/usr/sbin/tls_prune" at=0401 > >> > } > >> > > >> > admins: cyrus > >> > unixhierarchysep: 1 > >> > * end * > >> > > >> > > >> > > >> > $ cat /etc/imapd.conf > >> > # Debian Cyrus imapd.conf > >> > # $Id: imapd.conf 229 2005-12-08 23:26:29Z astronut $ > >> > # See imapd.conf(5) for more information and more options > >> > > >> > # Configuration directory > >> > configdirectory: /var/lib/cyrus > >> > > >> > # Which partition to use for default mailboxes > >> > defaultpartition: default > >> > partition-default: /var/spool/cyrus/mail > >> > > >> > # News setup > >> > partition-news: /var/spool/cyrus/news > >> > newsspool: /var/spool/news > >> > > >> > # Alternate namespace > >> > # If enabled, activate the alternate namespace as documented in > >> > # /usr/share/doc/cyrus-doc-2.2/html/altnamespace.html, where an > >> user's > >> > # subfolders are in the same level as the INBOX > >> > # See also userprefix and sharedprefix on imapd.conf(5) > >> > altnamespace: no > >> > > >> > # UNIX Hierarchy Convention > >> > # Set to yes, and cyrus will accept dots in names, and use the > >> forward > >> > # slash "/" to delimit levels of the hierarchy. This is done by > >> > converting > >> > # internally all dots to "^", and all "/" to dots. So the > >> > "rabbit.holes" > >> > # mailbox of user "helmer.fudd" is stored in > >> > "user.elmer^fud.rabbit^holes" > >> > unixhierarchysep: yes > >> > > >> > > >> > - snip - > >> > > >> > > >> > # Uncomment the following and add the space-separated users who > >> > # have admin rights for all services. > >> > admins: cyrus > >> > > >> > > >> > - sni - > >> > > >> > > >> > # No anonymous logins > >> > #allowanonymouslogin: no > >> > allowanonymouslogin: yes > >> > > >> > # Minimum time between POP mail fetches in minutes > >> > popminpoll: 1 > >> > > >> > # If nonzero, normal users may create their own IMAP accounts by > >> > creating > >> > # the mailbox INBOX. The user's quota is set to the value if it > is > >> > positive, > >> > # otherwise the user has unlimited quota. > >> > autocreatequota: 0 > >> > > >> > # umask used by Cyrus programs > >> > umask: 077 > >> > > >> > - snip - > >> > > >> > # If enabled, cyrdeliver will look for Sieve scripts in user's > home > >> > # directories: ~user/.sieve. > >> > sieveusehomedir: false > >> > > >> > # If sieveusehomedir is false, this directory is searched for > Sieve > >> > scripts. > >> > sievedir: /var/spool/sieve > >> > > >> > > >> > - snip - > >> > > >> > > >> > # If enabled, the partitions will also be hashed, in addition to > >> the > >> > hashing > >> > # done on configuration directories. This is recommended if one > >> > partition has a > >> > # very bushy mailbox tree. > >> > hashimapspool: true > >> > > >> > # Allow plaintext logins by default (SASL PLAIN) > >> > allowplaintext: yes > >> > > >> > # Force PLAIN/LOGIN authentication only > >> > # (you need to uncomment this if you are not using an > auxprop-based > >> > SASL > >> > # mechanism. saslauthd users, that means you!). And pay > attention > >> to > >> > # sasl_minimum_layer and allowapop below, too. > >> > #sasl_mech_list: PLAIN > >> > > >> > > >> > - snip - > >> > > >> > > >> > # Do note that, since sasl will be run as user cyrus, you may > have > >> a > >> > lot of > >> > # trouble to set this up right. > >> > #sasl_pwcheck_method: auxprop > >> > sasl_pwcheck_method: saslauthd > >> > > >> > # What auxpropd plugins to load, if using sasl_pwcheck_method: > >> auxprop > >> > # by default, all plugins are tried (which is probably NOT what > you > >> > want). > >> > #sasl_auxprop_plugin: sasldb > >> > > >> > # If enabled, the SASL library will automatically create > >> authentication > >> > secrets > >> > # when given a plaintext password. Refer to SASL documentation > >> > sasl_auto_transition: no > >> > > >> > # > >> > # SSL/TLS Options > >> > # > >> > > >> > - snip - > >> > > >> > > >> > # File containing one or more Certificate Authority (CA) > >> certificates. > >> > #tls_ca_file: /etc/ssl/certs/cyrus-imapd-ca.pem > >> > > >> > # Path to directory with certificates of CAs. > >> > tls_ca_path: /etc/ssl/certs > >> > > >> > # The length of time (in minutes) that a TLS session will be > cached > >> for > >> > later > >> > # reuse. The maximum value is 1440 (24 hours), the default. A > >> value > >> > of 0 will > >> > # disable session caching. > >> > tls_session_timeout: 1440 > >> > > >> > # The list of SSL/TLS ciphers to allow, in decreasing order of > >> > precedence. > >> > # The format of the string is described in ciphers(1). The > Debian > >> > default > >> > # selects TLSv1 high-security ciphers only, and removes all > >> anonymous > >> > ciphers > >> > # from the list (because they provide no defense against > >> > man-in-the-middle > >> > # attacks). It also orders the list so that stronger ciphers > come > >> > first. > >> > tls_cipher_list: TLSv1+HIGH:!aNULL:@STRENGTH > >> > > >> > > >> > - snip - > >> > > >> > > >> > ## KEEP THESE IN SYNC WITH cyrus.conf > >> > ## > >> > # Unix domain socket that lmtpd listens on. > >> > lmtpsocket: /var/run/cyrus/socket/lmtp > >> > > >> > # Unix domain socket that idled listens on. > >> > idlesocket: /var/run/cyrus/socket/idle > >> > > >> > # Unix domain socket that the new mail notification daemon > listens > >> on. > >> > notifysocket: /var/run/cyrus/socket/notify > >> > > >> > # Syslog prefix. Defaults to cyrus (so logging is done as > >> cyrus/imap > >> > etc.) > >> > syslog_prefix: cyrus > >> > > >> > > >> > - snip - > >> > * end * > >> > > >> > > >> > B.R. > >> > Stephen L > > > > > > Send instant messages to your online friends > http://uk.messenger.yahoo.com > > ---- > > Cyrus Home Page: http://cyrusimap.web.cmu.edu/ > > Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki > > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html > > > > > Send instant messages to your online friends http://uk.messenger.yahoo.com From satimis at yahoo.com Mon Jun 9 07:41:35 2008 From: satimis at yahoo.com (Stephen Liu) Date: Mon, 9 Jun 2008 19:41:35 +0800 (CST) Subject: Cyrus - can't create user mailbox In-Reply-To: <71fe4e760806090415s189af734q870e1aca73e6a754@mail.gmail.com> Message-ID: <704928.58082.qm@web35207.mail.mud.yahoo.com> Hi Alain, Thanks for your advice. > > $ cyradm -u cyrus localhost > > Password: > > localhost> dm user.satimiscyrus > > deletemailbox: Permission denied > > > > I can't delete the mailbox created previously. > > Because you need to give yourself the right before Whether I have to run the command as root? > > localhost> cm user/satimiscyrus > > localhost> lm > > user.groupware (\HasNoChildren) user/satimiscyrus > (\HasNoChildren) > > > > user.satimiscyrus (\HasNoChildren) > > > > Still can't create the subdirectory. > > I dont understand ! The maildir and subdir haven't been created. (\HasNoChildren) > > $ sudo updatedb > > in this case 'find' is more appropriate than locate > > > > > $ locate satimiscyrus > > find / -iname "*satimiscyrus*" $ sudo find / -name "*satimiscyrus*" Password: /var/spool/cyrus/mail/s/user/satimiscyrus /var/spool/cyrus/mail/u/user^satimiscyrus /home/satimiscyrus > > Send a webmail to satimiscyrus on Gmail. The mail never arrives. > > Is your MX pointers configured ? Is your SMTP reachable from outside > ? > Did you look in postfix log ? Yes. $ tail /var/log/mail.log Jun 9 19:11:28 lampserver cyrus/ctl_cyrusdb[4753]: archiving log file: /var/lib/cyrus/db/log.000000 0001 Jun 9 19:11:28 lampserver cyrus/ctl_cyrusdb[4753]: done checkpointing cyrus databases Jun 9 19:11:28 lampserver cyrus/master[3881]: process 4753 exited, status 0 Jun 9 19:18:53 lampserver cyrus/master[4798]: about to exec /usr/lib/cyrus/bin/imapd Jun 9 19:18:53 lampserver cyrus/imap[4798]: executed Jun 9 19:18:53 lampserver cyrus/imap[4798]: accepted connection Jun 9 19:19:42 lampserver cyrus/imap[4798]: badlogin: localhost [127.0.0.1] plaintext satimis SASL( -1): generic failure: checkpass failed Jun 9 19:21:53 lampserver cyrus/master[3881]: process 4798 exited, status 0 Jun 9 19:31:36 lampserver postfix/qmgr[4188]: C18198781EC: from=, size=1834, nrcpt=1 (queue active) Jun 9 19:31:36 lampserver postfix/lmtp[4835]: C18198781EC: to=, relay=non e, delay=7874, status=deferred (connect to /var/run/lmtp[/var/run/lmtp]: No such file or directory) * end * B.R. satimis Send instant messages to your online friends http://uk.messenger.yahoo.com From Valery.Brasseur at atosorigin.com Mon Jun 9 08:52:24 2008 From: Valery.Brasseur at atosorigin.com (Brasseur Valery) Date: Mon, 9 Jun 2008 14:52:24 +0200 Subject: bug in the proxy module ... Message-ID: Hi, I am using cyrus 2.3.11 in a murder setup... from time to time have got an hang from the pop3 proxyd ... I nail it donw to the following portion of code : in imap/proxy.c near line 266 : if (pout) { const char *err; char buf[4096]; int c; do { c = prot_read(pin, buf, sizeof(buf)); if (c == 0 || c < 0) break; prot_write(pout, buf, c); } while (c == sizeof(buf)); if ((err = prot_error(pin)) != NULL) { from time to time, the prot_read return exactly 4096 bytes, but it's the end of the message... so backend seat and wait for next command, and proxy seat and wait for the next buffer ... forever ! for me it's seems that the condition " c == sizeof(buf)" is not enough in that case. have someone else already encoutered this ? thanks valery Ce message et les pi?ces jointes sont confidentiels et r?serv?s ? l'usage exclusif de ses destinataires. Il peut ?galement ?tre prot?g? par le secret professionnel. Si vous recevez ce message par erreur, merci d'en avertir imm?diatement l'exp?diteur et de le d?truire. L'int?grit? du message ne pouvant ?tre assur?e sur Internet, la responsabilit? du groupe Atos Origin ne pourra ?tre recherch?e quant au contenu de ce message. Bien que les meilleurs efforts soient faits pour maintenir cette transmission exempte de tout virus, l'exp?diteur ne donne aucune garantie ? cet ?gard et sa responsabilit? ne saurait ?tre recherch?e pour tout dommage r?sultant d'un virus transmis. This e-mail and the documents attached are confidential and intended solely for the addressee; it may also be privileged. If you receive this e-mail in error, please notify the sender immediately and destroy it. As its integrity cannot be secured on the Internet, the Atos Origin group liability cannot be triggered for the message content. Although the sender endeavours to maintain a computer virus-free network, the sender does not warrant that this transmission is virus-free and will not be liable for any damages resulting from any virus transmitted. From simon.matter at invoca.ch Mon Jun 9 08:58:07 2008 From: simon.matter at invoca.ch (Simon Matter) Date: Mon, 9 Jun 2008 14:58:07 +0200 (CEST) Subject: Authentication problem In-Reply-To: <7987.29421.qm@web35206.mail.mud.yahoo.com> References: <7987.29421.qm@web35206.mail.mud.yahoo.com> Message-ID: > > --- Simon Matter wrote: > > > Sorry previously I made a mistake on posting /etc/default/saslauthd > > > It should read as; > > $ cat /etc/default/saslauthd > # This needs to be uncommented before saslauthd will be run > automatically > START=yes > PARAMS="-m /var/spool/postfix/var/run/saslauthd -r" > # You must specify the authentication mechanisms you wish to use. > # This defaults to "pam" for PAM support, but may also include > # "shadow" or "sasldb", like this: > # MECHANISMS="pam shadow" > > MECHANISMS="pam" > * end * > > >> > $ locate pam >> > /etc/pam.conf >> > /etc/pam.d >> > /etc/pam.d/atd >> > /etc/pam.d/chage >> > /etc/pam.d/chfn >> > /etc/pam.d/chsh >> > /etc/pam.d/common-account >> > /etc/pam.d/common-auth >> > /etc/pam.d/common-password >> > /etc/pam.d/common-session >> > /etc/pam.d/cron >> > /etc/pam.d/cupsys >> > /etc/pam.d/cvs >> > /etc/pam.d/dovecot >> > /etc/pam.d/groupadd >> > /etc/pam.d/groupdel >> > /etc/pam.d/groupmod >> > /etc/pam.d/imap >> > /etc/pam.d/lmtp >> > /etc/pam.d/login >> > /etc/pam.d/newusers >> > /etc/pam.d/other >> > /etc/pam.d/passwd >> > /etc/pam.d/pop >> > /etc/pam.d/ppp >> > /etc/pam.d/sieve >> > /etc/pam.d/ssh >> > /etc/pam.d/su >> > /etc/pam.d/sudo >> > /etc/pam.d/useradd >> > /etc/pam.d/userdel >> > /etc/pam.d/usermod >> > /etc/pam.d/vsftpd >> >> For example /etc/pam.d/imap, /etc/pam.d/lmtp, /etc/pam.d/pop and >> /etc/pam.d/sieve. How are they configured? > > > $ cat /etc/pam.d/imap > @include common-auth > @include common-account Well, now you should provide us the common-auth and common-account configs. > > > $ cat /etc/pam.d/lmtp > @include common-auth > @include common-account > > > $ cat /etc/pam.d/pop > @include common-auth > @include common-account > > > $ cat /etc/pam.d/sieve > @include common-auth > @include common-account > > > >> There is one more thing. You tried 'imtest -m login -p imap >> localhost' as >> root which means per default it tries to authenticate as user root. >> Maybe you want to try >> >> imtest -m login -p imap -u satimiscyrus localhost > > > $ imtest -m login -p imap -u satimiscyrus localhost > S: * OK lampserver Cyrus IMAP4 v2.2.12-Debian-2.2.12-4ubuntu1 server > ready > C: C01 CAPABILITY > S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS > NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND > BINARY SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE > AUTH=NTLM AUTH=ANONYMOUS AUTH=DIGEST-MD5 AUTH=CRAM-MD5 SASL-IR > S: C01 OK Completed > Please enter your password: > C: L01 LOGIN satimis {12} > S: + go ahead > C: > S: L01 NO Login failed: generic failure > Authentication failed. generic failure > Security strength factor: 0 > (it is hanging here) I have the feeling you should add this to your imapd.conf: sasl_mech_list: PLAIN Regards, Simon > then pressing [Ctrl]+c > ^@C: Q01 LOGOUT > Connection closed. > > > > B.R. > Stephen > > >> > >> > $ cat /etc/pam.conf >> > # >> > >> > ---------------------------------------------------------------------------# >> > # /etc/pam.conf >> > # >> > # >> > >> > ---------------------------------------------------------------------------# >> > # >> > # NOTE >> > # ---- >> > # >> > # NOTE: Most program use a file under the /etc/pam.d/ directory to >> > setup their >> > # PAM service modules. This file is used only if that directory >> does >> > not exist. >> > # >> > >> > ---------------------------------------------------------------------------# >> > >> > # Format: >> > # serv. module ctrl module [path] ...[args..] >> > # >> > # name type flag >> > # >> > * end * >> > >> > >> > What other file/files I have to check ? Thanks. >> > >> > >> > >> > B.R. >> > Stephen >> > >> > >> > >> > >> > >> > >> > >> >> > $ cat /etc/cyrus.conf >> >> > # Debian defaults for Cyrus IMAP server/cluster implementation >> >> > # see cyrus.conf(5) for more information >> >> > # >> >> > # All the tcp services are tcpd-wrapped. see hosts_access(5) >> >> > # $Id: cyrus.conf 120 2005-05-01 03:23:18Z sven $ >> >> > >> >> > START { >> >> > # do not delete this entry! >> >> > recover cmd="/usr/sbin/ctl_cyrusdb -r" >> >> > >> >> > # this is only necessary if using idled for IMAP IDLE >> >> > # this is NOT to be enabled right now in Debian builds >> >> > #idled cmd="idled" >> >> > >> >> > # this is useful on backend nodes of a Murder cluster >> >> > # it causes the backend to syncronize its mailbox list >> with >> >> > # the mupdate master upon startup >> >> > #mupdatepush cmd="/usr/sbin/ctl_mboxlist -m" >> >> > >> >> > # this is recommended if using duplicate delivery >> >> suppression >> >> > delprune cmd="/usr/sbin/ctl_deliver -E 3" >> >> > # this is recommended if caching TLS sessions >> >> > tlsprune cmd="/usr/sbin/tls_prune" >> >> > } >> >> > >> >> > # UNIX sockets start with a slash and are absolute paths >> >> > # you can use a maxchild=# to limit the maximum number of forks >> of >> >> a >> >> > service >> >> > # you can use babysit=true and maxforkrate=# to keep tight tabs >> on >> >> the >> >> > service >> >> > # most services also accept -U (limit number of reuses) and -T >> >> > (timeout) >> >> > SERVICES { >> >> > # --- Normal cyrus spool, or Murder backends --- >> >> > # add or remove based on preferences >> >> > imap cmd="imapd -U 30" listen="imap" >> prefork=0 >> >> > maxchild=100 >> >> > imaps cmd="imapd -s -U 30" listen="imaps" >> >> prefork=0 >> >> > maxchild=100 >> >> > #pop3 cmd="pop3d -U 30" listen="pop3" >> prefork=0 >> >> > maxchild=50 >> >> > #pop3s cmd="pop3d -s -U 30" listen="pop3s" >> >> prefork=0 >> >> > maxchild=50 >> >> > >> >> > >> >> > #nntp cmd="nntpd -U 30" listen="nntp" >> prefork=0 >> >> > maxchild=100 >> >> > #nntps cmd="nntpd -s -U 30" listen="nntps" >> >> prefork=0 >> >> > maxchild=100 >> >> > >> >> > # At least one form of LMTP is required for delivery >> >> > # (you must keep the Unix socket name in sync with >> >> imap.conf) >> >> > #lmtp cmd="lmtpd" listen="localhost:lmtp" >> >> prefork=0 >> >> > maxchild=20 >> >> > lmtpunix cmd="lmtpd" >> >> listen="/var/run/cyrus/socket/lmtp" >> >> > prefork=0 maxchild=20 >> >> > # ---------------------------------------------- >> >> > >> >> > # useful if you need to give users remote access to >> sieve >> >> > # by default, we limit this to localhost in Debian >> >> > sieve cmd="timsieved" listen="localhost:sieve" >> >> > prefork=0 maxchild=100 >> >> > >> >> > # this one is needed for the notification services >> >> > notify cmd="notifyd" >> >> > listen="/var/run/cyrus/socket/notify" proto="udp" prefork=1 >> >> > >> >> > # --- Murder frontends ------------------------- >> >> > >> >> > - snip - >> >> > >> >> > >> >> > # ---------------------------------------------- >> >> > } >> >> > >> >> > EVENTS { >> >> > # this is required >> >> > checkpoint cmd="/usr/sbin/ctl_cyrusdb -c" period=30 >> >> > >> >> > # this is only necessary if using duplicate delivery >> >> > suppression >> >> > >> >> > >> >> > delprune cmd="/usr/sbin/ctl_deliver -E 3" at=0401 >> >> > >> >> > # this is only necessary if caching TLS sessions >> >> > tlsprune cmd="/usr/sbin/tls_prune" at=0401 >> >> > } >> >> > >> >> > admins: cyrus >> >> > unixhierarchysep: 1 >> >> > * end * >> >> > >> >> > >> >> > >> >> > $ cat /etc/imapd.conf >> >> > # Debian Cyrus imapd.conf >> >> > # $Id: imapd.conf 229 2005-12-08 23:26:29Z astronut $ >> >> > # See imapd.conf(5) for more information and more options >> >> > >> >> > # Configuration directory >> >> > configdirectory: /var/lib/cyrus >> >> > >> >> > # Which partition to use for default mailboxes >> >> > defaultpartition: default >> >> > partition-default: /var/spool/cyrus/mail >> >> > >> >> > # News setup >> >> > partition-news: /var/spool/cyrus/news >> >> > newsspool: /var/spool/news >> >> > >> >> > # Alternate namespace >> >> > # If enabled, activate the alternate namespace as documented in >> >> > # /usr/share/doc/cyrus-doc-2.2/html/altnamespace.html, where an >> >> user's >> >> > # subfolders are in the same level as the INBOX >> >> > # See also userprefix and sharedprefix on imapd.conf(5) >> >> > altnamespace: no >> >> > >> >> > # UNIX Hierarchy Convention >> >> > # Set to yes, and cyrus will accept dots in names, and use the >> >> forward >> >> > # slash "/" to delimit levels of the hierarchy. This is done by >> >> > converting >> >> > # internally all dots to "^", and all "/" to dots. So the >> >> > "rabbit.holes" >> >> > # mailbox of user "helmer.fudd" is stored in >> >> > "user.elmer^fud.rabbit^holes" >> >> > unixhierarchysep: yes >> >> > >> >> > >> >> > - snip - >> >> > >> >> > >> >> > # Uncomment the following and add the space-separated users who >> >> > # have admin rights for all services. >> >> > admins: cyrus >> >> > >> >> > >> >> > - sni - >> >> > >> >> > >> >> > # No anonymous logins >> >> > #allowanonymouslogin: no >> >> > allowanonymouslogin: yes >> >> > >> >> > # Minimum time between POP mail fetches in minutes >> >> > popminpoll: 1 >> >> > >> >> > # If nonzero, normal users may create their own IMAP accounts by >> >> > creating >> >> > # the mailbox INBOX. The user's quota is set to the value if it >> is >> >> > positive, >> >> > # otherwise the user has unlimited quota. >> >> > autocreatequota: 0 >> >> > >> >> > # umask used by Cyrus programs >> >> > umask: 077 >> >> > >> >> > - snip - >> >> > >> >> > # If enabled, cyrdeliver will look for Sieve scripts in user's >> home >> >> > # directories: ~user/.sieve. >> >> > sieveusehomedir: false >> >> > >> >> > # If sieveusehomedir is false, this directory is searched for >> Sieve >> >> > scripts. >> >> > sievedir: /var/spool/sieve >> >> > >> >> > >> >> > - snip - >> >> > >> >> > >> >> > # If enabled, the partitions will also be hashed, in addition to >> >> the >> >> > hashing >> >> > # done on configuration directories. This is recommended if one >> >> > partition has a >> >> > # very bushy mailbox tree. >> >> > hashimapspool: true >> >> > >> >> > # Allow plaintext logins by default (SASL PLAIN) >> >> > allowplaintext: yes >> >> > >> >> > # Force PLAIN/LOGIN authentication only >> >> > # (you need to uncomment this if you are not using an >> auxprop-based >> >> > SASL >> >> > # mechanism. saslauthd users, that means you!). And pay >> attention >> >> to >> >> > # sasl_minimum_layer and allowapop below, too. >> >> > #sasl_mech_list: PLAIN >> >> > >> >> > >> >> > - snip - >> >> > >> >> > >> >> > # Do note that, since sasl will be run as user cyrus, you may >> have >> >> a >> >> > lot of >> >> > # trouble to set this up right. >> >> > #sasl_pwcheck_method: auxprop >> >> > sasl_pwcheck_method: saslauthd >> >> > >> >> > # What auxpropd plugins to load, if using sasl_pwcheck_method: >> >> auxprop >> >> > # by default, all plugins are tried (which is probably NOT what >> you >> >> > want). >> >> > #sasl_auxprop_plugin: sasldb >> >> > >> >> > # If enabled, the SASL library will automatically create >> >> authentication >> >> > secrets >> >> > # when given a plaintext password. Refer to SASL documentation >> >> > sasl_auto_transition: no >> >> > >> >> > # >> >> > # SSL/TLS Options >> >> > # >> >> > >> >> > - snip - >> >> > >> >> > >> >> > # File containing one or more Certificate Authority (CA) >> >> certificates. >> >> > #tls_ca_file: /etc/ssl/certs/cyrus-imapd-ca.pem >> >> > >> >> > # Path to directory with certificates of CAs. >> >> > tls_ca_path: /etc/ssl/certs >> >> > >> >> > # The length of time (in minutes) that a TLS session will be >> cached >> >> for >> >> > later >> >> > # reuse. The maximum value is 1440 (24 hours), the default. A >> >> value >> >> > of 0 will >> >> > # disable session caching. >> >> > tls_session_timeout: 1440 >> >> > >> >> > # The list of SSL/TLS ciphers to allow, in decreasing order of >> >> > precedence. >> >> > # The format of the string is described in ciphers(1). The >> Debian >> >> > default >> >> > # selects TLSv1 high-security ciphers only, and removes all >> >> anonymous >> >> > ciphers >> >> > # from the list (because they provide no defense against >> >> > man-in-the-middle >> >> > # attacks). It also orders the list so that stronger ciphers >> come >> >> > first. >> >> > tls_cipher_list: TLSv1+HIGH:!aNULL:@STRENGTH >> >> > >> >> > >> >> > - snip - >> >> > >> >> > >> >> > ## KEEP THESE IN SYNC WITH cyrus.conf >> >> > ## >> >> > # Unix domain socket that lmtpd listens on. >> >> > lmtpsocket: /var/run/cyrus/socket/lmtp >> >> > >> >> > # Unix domain socket that idled listens on. >> >> > idlesocket: /var/run/cyrus/socket/idle >> >> > >> >> > # Unix domain socket that the new mail notification daemon >> listens >> >> on. >> >> > notifysocket: /var/run/cyrus/socket/notify >> >> > >> >> > # Syslog prefix. Defaults to cyrus (so logging is done as >> >> cyrus/imap >> >> > etc.) >> >> > syslog_prefix: cyrus >> >> > >> >> > >> >> > - snip - >> >> > * end * >> >> > >> >> > >> >> > B.R. >> >> > Stephen L >> > >> > >> > Send instant messages to your online friends >> http://uk.messenger.yahoo.com >> > ---- >> > Cyrus Home Page: http://cyrusimap.web.cmu.edu/ >> > Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki >> > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html >> > >> >> >> > > > Send instant messages to your online friends http://uk.messenger.yahoo.com > ---- > Cyrus Home Page: http://cyrusimap.web.cmu.edu/ > Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html > From simon.matter at invoca.ch Mon Jun 9 09:05:17 2008 From: simon.matter at invoca.ch (Simon Matter) Date: Mon, 9 Jun 2008 15:05:17 +0200 (CEST) Subject: Cyrus - can't create user mailbox In-Reply-To: <704928.58082.qm@web35207.mail.mud.yahoo.com> References: <704928.58082.qm@web35207.mail.mud.yahoo.com> Message-ID: <7857a3adf174a3cc37927ea8b35a7e8c.squirrel@webmail.bi.corp.invoca.ch> > Hi Alain, > > > Thanks for your advice. > > >> > $ cyradm -u cyrus localhost >> > Password: >> > localhost> dm user.satimiscyrus >> > deletemailbox: Permission denied >> > >> > I can't delete the mailbox created previously. >> >> Because you need to give yourself the right before > > > Whether I have to run the command as root? NO, you shouldn't run this as root! If you want to delete a cyrus mailbox you have to give the cyrus admin user the rights to do so (as someone else already stated). > > >> > localhost> cm user/satimiscyrus >> > localhost> lm >> > user.groupware (\HasNoChildren) user/satimiscyrus >> (\HasNoChildren) >> > >> > user.satimiscyrus (\HasNoChildren) >> > >> > Still can't create the subdirectory. >> >> I dont understand ! > > > The maildir and subdir haven't been created. (\HasNoChildren) > > >> > $ sudo updatedb >> >> in this case 'find' is more appropriate than locate >> >> > >> > $ locate satimiscyrus >> >> find / -iname "*satimiscyrus*" > > > $ sudo find / -name "*satimiscyrus*" > Password: > /var/spool/cyrus/mail/s/user/satimiscyrus > /var/spool/cyrus/mail/u/user^satimiscyrus > /home/satimiscyrus > > > >> > Send a webmail to satimiscyrus on Gmail. The mail never arrives. >> >> Is your MX pointers configured ? Is your SMTP reachable from outside >> ? >> Did you look in postfix log ? > > > Yes. > > $ tail /var/log/mail.log > Jun 9 19:11:28 lampserver cyrus/ctl_cyrusdb[4753]: archiving log file: > /var/lib/cyrus/db/log.000000 > 0001 > Jun 9 19:11:28 lampserver cyrus/ctl_cyrusdb[4753]: done checkpointing > cyrus databases > Jun 9 19:11:28 lampserver cyrus/master[3881]: process 4753 exited, > status 0 > Jun 9 19:18:53 lampserver cyrus/master[4798]: about to exec > /usr/lib/cyrus/bin/imapd > Jun 9 19:18:53 lampserver cyrus/imap[4798]: executed > Jun 9 19:18:53 lampserver cyrus/imap[4798]: accepted connection > Jun 9 19:19:42 lampserver cyrus/imap[4798]: badlogin: localhost > [127.0.0.1] plaintext satimis SASL( > -1): generic failure: checkpass failed > Jun 9 19:21:53 lampserver cyrus/master[3881]: process 4798 exited, > status 0 > Jun 9 19:31:36 lampserver postfix/qmgr[4188]: C18198781EC: > from=, size=1834, > nrcpt=1 (queue active) > Jun 9 19:31:36 lampserver postfix/lmtp[4835]: C18198781EC: > to=, relay=non > e, delay=7874, status=deferred (connect to > /var/run/lmtp[/var/run/lmtp]: No such file or directory) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Try to find out where you cyrus creates it's lmtp socket and point your postfix config to it. I don't know Debian but I think it should come with some docs to get things to work. (Ubuntu ins mainly a copy of Debian so the same should apply there as well). Maybe some Debian/Ubuntu user can point you to the right docs. Simon > * end * > > > B.R. > satimis > > Send instant messages to your online friends http://uk.messenger.yahoo.com > ---- > Cyrus Home Page: http://cyrusimap.web.cmu.edu/ > Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html > From brennan at columbia.edu Mon Jun 9 09:04:55 2008 From: brennan at columbia.edu (Joseph Brennan) Date: Mon, 09 Jun 2008 09:04:55 -0400 Subject: Cyrus - can't create user mailbox In-Reply-To: <704928.58082.qm@web35207.mail.mud.yahoo.com> References: <704928.58082.qm@web35207.mail.mud.yahoo.com> Message-ID: <960D3019F031B93F81462A37@sodor.cc.columbia.edu> >> > $ cyradm -u cyrus localhost >> > Password: >> > localhost> dm user.satimiscyrus >> > deletemailbox: Permission denied >> > >> > I can't delete the mailbox created previously. >> >> Because you need to give yourself the right before > > Whether I have to run the command as root? Root doesn't matter. The cyrus user needs permission to delete. This is a safety feature. sam user.satimiscyrus cyrus all >> > localhost> cm user/satimiscyrus >> > localhost> lm >> > user.groupware (\HasNoChildren) >> > user/satimiscyrus (\HasNoChildren) >> > user.satimiscyrus (\HasNoChildren) >> > >> > Still can't create the subdirectory. It did what you asked, but I don't think you asked for what you wanted. > $ sudo find / -name "*satimiscyrus*" > Password: > /var/spool/cyrus/mail/s/user/satimiscyrus > /var/spool/cyrus/mail/u/user^satimiscyrus > /home/satimiscyrus This looks correct. Note: (1) Cyrus user.satimiscyrus = filesystem user/satimiscyrus (2) Cyrus user/satimiscyrus = filesystem user^satimiscyrus (3) is not a Cyrus mailbox I would expect mail addressed to satimiscyrus to end up in (1). (2) is not a user mailbox. It could work as a bboard mailbox but that's not what you want in this case. Joseph Brennan Columbia University Information Technology From satimis at yahoo.com Mon Jun 9 09:53:21 2008 From: satimis at yahoo.com (Stephen Liu) Date: Mon, 9 Jun 2008 21:53:21 +0800 (CST) Subject: Cyrus - can't create user mailbox In-Reply-To: <20080609132239.69avp0pdk4oo004g@webmail.uni-tuebingen.de> Message-ID: <740344.32480.qm@web35204.mail.mud.yahoo.com> Hi Michael, > > $ cat /etc/imapd.conf | grep unixhierarchysep > > unixhierarchysep: yes > > > > > > It is set as "yes" > > yes and 1 mean the same, unixhierarchsep is used. Noted with thanks. > > I can't delete the mailbox created previously. > > as stated from cyradm the user cyrus does not have the permission to > delete > the mailbox. Use "sam user.satimiscyrus cyrus c" or > "sam user.satimiscyrus cyrus all" the first will only set the > permission to create subfolders and to delete the folder, the seconds > > gives cyrus all permissions Performed following steps; $ cyradm -u cyrus localhost Password: localhost> sam user.satimiscyrus cyrus c localhost> dm user.satimiscyrus localhost> lm user.groupware (\HasNoChildren) user/satimiscyrus (\HasNoChildren) localhost> quit Done. > Did you recieve a bounce or is the message still queued? The mail sent from Yahoo several hours ago has already been returned to the sender. I think the second mail sent from Gmail is still bouncing on Internet. > Are there > related entries in you maillogs and cyruslogs? $ sudo ls /var/log/ | grep mail Password: mail.err mail.info mail.log mail.warn $ tail /var/log/mail.err No printout $ tail /var/log/mail.info Jun 9 21:26:17 lampserver cyrus/tls_prune[3887]: tls_prune: purged 0 out of 0 entries Jun 9 21:26:17 lampserver cyrus/master[3881]: ready for work Jun 9 21:26:17 lampserver cyrus/ctl_cyrusdb[3888]: checkpointing cyrus databases Jun 9 21:26:17 lampserver cyrus/ctl_cyrusdb[3888]: done checkpointing cyrus databases Jun 9 21:26:25 lampserver postfix/master[4183]: daemon started -- version 2.2.10, configu ration /etc/postfix Jun 9 21:26:25 lampserver postfix/qmgr[4188]: C18198781EC: from=, s ize=1834, nrcpt=1 (queue active) Jun 9 21:26:25 lampserver postfix/lmtp[4196]: C18198781EC: to=, relay=none, delay=14763, status=deferred (connect to /var/run/lmtp[/var/run/lmtp]: No suc h file or directory) Jun 9 21:34:17 lampserver cyrus/imap[4447]: badlogin: localhost [127.0.0.1] DIGEST-MD5 [S ASL(-13): user not found: no secret in database] Jun 9 21:34:20 lampserver cyrus/imap[4447]: login: localhost [127.0.0.1] anonymous ANONYM OUS User logged in Jun 9 21:37:31 lampserver cyrus/imap[4447]: login: localhost [127.0.0.1] cyrus DIGEST-MD5 User logged in * end * $ tail /var/log/mail.warn Jun 2 18:32:06 lampserver cyrus/master[3881]: WARNING: cannot find executable for service 'imap' -- ignored Jun 2 18:32:06 lampserver cyrus/master[3881]: WARNING: cannot find executable for service 'pop3' -- ignored Jun 2 18:32:06 lampserver cyrus/master[3881]: WARNING: cannot find executable for service 'nntp' -- ignored Jun 3 22:35:08 lampserver cyrus/master[3881]: WARNING: cannot find executable for service 'imap' -- ignored Jun 3 22:35:08 lampserver cyrus/master[3881]: WARNING: cannot find executable for service 'pop3' -- ignored Jun 3 22:35:08 lampserver cyrus/master[3881]: WARNING: cannot find executable for service 'nntp' -- ignored Jun 6 18:47:50 lampserver cyrus/master[3881]: WARNING: cannot find executable for service 'imap' -- ignored Jun 6 18:47:50 lampserver cyrus/master[3881]: WARNING: cannot find executable for service 'pop3' -- ignored Jun 6 18:47:50 lampserver cyrus/master[3881]: WARNING: cannot find executable for service 'nntp' -- ignored Jun 9 18:15:12 lampserver cyrus/imap[4675]: idle for too long, closing connection * end * $ sudo ls /var/log/ | grep cyrus No printout B.R. Stephen Send instant messages to your online friends http://uk.messenger.yahoo.com From satimis at yahoo.com Mon Jun 9 10:07:47 2008 From: satimis at yahoo.com (Stephen Liu) Date: Mon, 9 Jun 2008 22:07:47 +0800 (CST) Subject: Cyrus - can't create user mailbox In-Reply-To: <7857a3adf174a3cc37927ea8b35a7e8c.squirrel@webmail.bi.corp.invoca.ch> Message-ID: <222395.43070.qm@web35206.mail.mud.yahoo.com> Hi Simon, > > Whether I have to run the command as root? > > NO, you shouldn't run this as root! > If you want to delete a cyrus mailbox you have to give the cyrus > admin > user the rights to do so (as someone else already stated). Noted with thanks. > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > > Try to find out where you cyrus creates it's lmtp socket and point > your > postfix config to it. > > I don't know Debian but I think it should come with some docs to get > things to work. (Ubuntu ins mainly a copy of Debian so the same > should > apply there as well). Maybe some Debian/Ubuntu user can point you to > the > right docs. $ cat /etc/cyrus.conf | grep socket # UNIX sockets start with a slash and are absolute paths # (you must keep the Unix socket name in sync with imap.conf) lmtpunix cmd="lmtpd" listen="/var/run/cyrus/socket/lmtp" prefork=0 maxchild=20 notify cmd="notifyd" listen="/var/run/cyrus/socket/notify" proto="udp" prefork=1 * end * Would it be /var/run/cyrus/socket/lmtp ? $ sudo ls -la /var/run/cyrus/socket | grep lmtp srwxrwxrwx 1 root root 0 2008-06-09 21:26 lmtp $ sudo ls -la /var/run/cyrus/socket/ total 0 drwxr-x--- 2 cyrus mail 80 2008-06-09 21:26 . drwxr-xr-x 3 cyrus mail 60 2008-06-09 21:26 .. srwxrwxrwx 1 root root 0 2008-06-09 21:26 lmtp srwxrwxrwx 1 root root 0 2008-06-09 21:26 notify * end * How to link it to postfix config? Thanks B.R. Stephen Send instant messages to your online friends http://uk.messenger.yahoo.com From satimis at yahoo.com Mon Jun 9 10:11:59 2008 From: satimis at yahoo.com (Stephen Liu) Date: Mon, 9 Jun 2008 22:11:59 +0800 (CST) Subject: Cyrus - can't create user mailbox In-Reply-To: <960D3019F031B93F81462A37@sodor.cc.columbia.edu> Message-ID: <905582.85676.qm@web35208.mail.mud.yahoo.com> Hi Joseph, > > Whether I have to run the command as root? > > Root doesn't matter. The cyrus user needs permission to delete. > This is a safety feature. sam user.satimiscyrus cyrus all Noted with thanks. > >> > localhost> cm user/satimiscyrus > >> > localhost> lm > >> > user.groupware (\HasNoChildren) > >> > user/satimiscyrus (\HasNoChildren) > >> > user.satimiscyrus (\HasNoChildren) > >> > > >> > Still can't create the subdirectory. > > It did what you asked, but I don't think you asked for what > you wanted. Noted. > > $ sudo find / -name "*satimiscyrus*" > > Password: > > /var/spool/cyrus/mail/s/user/satimiscyrus > > /var/spool/cyrus/mail/u/user^satimiscyrus > > /home/satimiscyrus > > This looks correct. Note: > (1) Cyrus user.satimiscyrus = filesystem user/satimiscyrus > (2) Cyrus user/satimiscyrus = filesystem user^satimiscyrus > (3) is not a Cyrus mailbox > > I would expect mail addressed to satimiscyrus to end up in (1). > > (2) is not a user mailbox. It could work as a bboard mailbox but > that's not what you want in this case. What is a bboard mailbox? Thanks B.R. Stephen Send instant messages to your online friends http://uk.messenger.yahoo.com From michael.menge at zdv.uni-tuebingen.de Mon Jun 9 10:19:48 2008 From: michael.menge at zdv.uni-tuebingen.de (Michael Menge) Date: Mon, 09 Jun 2008 16:19:48 +0200 Subject: Cyrus - can't create user mailbox In-Reply-To: <740344.32480.qm@web35204.mail.mud.yahoo.com> References: <740344.32480.qm@web35204.mail.mud.yahoo.com> Message-ID: <20080609161948.10801d3izg3rckys@wm03.uni-tuebingen.de> Quoting Stephen Liu : > $ tail /var/log/mail.info .... > Jun 9 21:26:25 lampserver postfix/qmgr[4188]: C18198781EC: > from=, s > ize=1834, nrcpt=1 (queue active) > Jun 9 21:26:25 lampserver postfix/lmtp[4196]: C18198781EC: > to=, > relay=none, delay=14763, status=deferred (connect to > /var/run/lmtp[/var/run/lmtp]: No such file or directory) > here is the problem, postfix and cyrus must be configured to use the same socket and it must exist and have the correct permissions > > $ sudo ls /var/log/ | grep cyrus > No printout the maillogs show that syslogd/syslog-ng is configured that cyruslogs are written to mail.* -------------------------------------------------------------------------------- M.Menge Tel.: (49) 7071/29-70316 Universitaet Tuebingen Fax.: (49) 7071/29-5912 Zentrum fuer Datenverarbeitung mail: michael.menge at zdv.uni-tuebingen.de Waechterstrasse 76 72074 Tuebingen -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 5339 bytes Desc: S/MIME krytographische Unterschrift Url : http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20080609/ebb02464/attachment.bin From roba at annandale.ca Mon Jun 9 10:23:17 2008 From: roba at annandale.ca (Robert Annandale) Date: Mon, 9 Jun 2008 15:23:17 +0100 (BST) Subject: unsubscribe In-Reply-To: <20080609161948.10801d3izg3rckys@wm03.uni-tuebingen.de> References: <740344.32480.qm@web35204.mail.mud.yahoo.com> <20080609161948.10801d3izg3rckys@wm03.uni-tuebingen.de> Message-ID: unsubscribe From satimis at yahoo.com Mon Jun 9 10:27:35 2008 From: satimis at yahoo.com (Stephen Liu) Date: Mon, 9 Jun 2008 22:27:35 +0800 (CST) Subject: Authentication problem In-Reply-To: Message-ID: <607090.65594.qm@web35203.mail.mud.yahoo.com> Hi Simon, - snip - > > $ cat /etc/pam.d/imap > > @include common-auth > > @include common-account > > Well, now you should provide us the common-auth and common-account > configs. $ locate common-auth /etc/pam.d/common-auth /usr/share/pam/common-auth /usr/share/pam/common-auth.md5sums $ cat /etc/pam.d/common-auth auth required pam_unix.so nullok_secure $ cat /usr/share/pam/common-auth auth required pam_unix.so nullok_secure $ sudo find / -name common-account /etc/pam.d/common-account /usr/share/pam/common-account $ cat /etc/pam.d/common-account - snip- account required pam_unix.so $ cat /usr/share/pam/common-account - snip - account required pam_unix.so - snip - > I have the feeling you should add this to your imapd.conf: > > sasl_mech_list: PLAIN $ cat /etc/imapd.conf | grep sasl_mech_list #sasl_mech_list: PLAIN to uncomment this line? Thanks B.R. Stephen > > then pressing [Ctrl]+c > > ^@C: Q01 LOGOUT > > Connection closed. > > > > > > > > B.R. > > Stephen > > > > > >> > > >> > $ cat /etc/pam.conf > >> > # > >> > > >> > > > ---------------------------------------------------------------------------# > >> > # /etc/pam.conf > >> > # > >> > # > >> > > >> > > > ---------------------------------------------------------------------------# > >> > # > >> > # NOTE > >> > # ---- > >> > # > >> > # NOTE: Most program use a file under the /etc/pam.d/ directory > to > >> > setup their > >> > # PAM service modules. This file is used only if that directory > >> does > >> > not exist. > >> > # > >> > > >> > > > ---------------------------------------------------------------------------# > >> > > >> > # Format: > >> > # serv. module ctrl module [path] ...[args..] > >> > # > >> > # name type flag > >> > # > >> > * end * > >> > > >> > > >> > What other file/files I have to check ? Thanks. > >> > > >> > > >> > > >> > B.R. > >> > Stephen > >> > > >> > > >> > > >> > > >> > > >> > > >> > > >> >> > $ cat /etc/cyrus.conf > >> >> > # Debian defaults for Cyrus IMAP server/cluster > implementation > >> >> > # see cyrus.conf(5) for more information > >> >> > # > >> >> > # All the tcp services are tcpd-wrapped. see hosts_access(5) > >> >> > # $Id: cyrus.conf 120 2005-05-01 03:23:18Z sven $ > >> >> > > >> >> > START { > >> >> > # do not delete this entry! > >> >> > recover cmd="/usr/sbin/ctl_cyrusdb -r" > >> >> > > >> >> > # this is only necessary if using idled for IMAP IDLE > >> >> > # this is NOT to be enabled right now in Debian > builds > >> >> > #idled cmd="idled" > >> >> > > >> >> > # this is useful on backend nodes of a Murder cluster > >> >> > # it causes the backend to syncronize its mailbox > list > >> with > >> >> > # the mupdate master upon startup > >> >> > #mupdatepush cmd="/usr/sbin/ctl_mboxlist -m" > >> >> > > >> >> > # this is recommended if using duplicate delivery > >> >> suppression > >> >> > delprune cmd="/usr/sbin/ctl_deliver -E 3" > >> >> > # this is recommended if caching TLS sessions > >> >> > tlsprune cmd="/usr/sbin/tls_prune" > >> >> > } > >> >> > > >> >> > # UNIX sockets start with a slash and are absolute paths > >> >> > # you can use a maxchild=# to limit the maximum number of > forks > >> of > >> >> a > >> >> > service > >> >> > # you can use babysit=true and maxforkrate=# to keep tight > tabs > >> on > >> >> the > >> >> > service > >> >> > # most services also accept -U (limit number of reuses) and > -T > >> >> > (timeout) > >> >> > SERVICES { > >> >> > # --- Normal cyrus spool, or Murder backends --- > >> >> > # add or remove based on preferences > >> >> > imap cmd="imapd -U 30" listen="imap" > >> prefork=0 > >> >> > maxchild=100 > >> >> > imaps cmd="imapd -s -U 30" listen="imaps" > >> >> prefork=0 > >> >> > maxchild=100 > >> >> > #pop3 cmd="pop3d -U 30" listen="pop3" > >> prefork=0 > >> >> > maxchild=50 > >> >> > #pop3s cmd="pop3d -s -U 30" listen="pop3s" > >> >> prefork=0 > >> >> > maxchild=50 > >> >> > > >> >> > > >> >> > #nntp cmd="nntpd -U 30" listen="nntp" > >> prefork=0 > >> >> > maxchild=100 > >> >> > #nntps cmd="nntpd -s -U 30" listen="nntps" > >> >> prefork=0 > >> >> > maxchild=100 > >> >> > > >> >> > # At least one form of LMTP is required for delivery > >> >> > # (you must keep the Unix socket name in sync with > >> >> imap.conf) > >> >> > #lmtp cmd="lmtpd" listen="localhost:lmtp" > >> >> prefork=0 > >> >> > maxchild=20 > >> >> > lmtpunix cmd="lmtpd" > >> >> listen="/var/run/cyrus/socket/lmtp" > >> >> > prefork=0 maxchild=20 > >> >> > # ---------------------------------------------- > >> >> > > >> >> > # useful if you need to give users remote access to > >> sieve > >> >> > # by default, we limit this to localhost in Debian > >> >> > sieve cmd="timsieved" > listen="localhost:sieve" > >> >> > prefork=0 maxchild=100 > >> >> > > >> >> > # this one is needed for the notification services > >> >> > notify cmd="notifyd" > >> >> > listen="/var/run/cyrus/socket/notify" proto="udp" prefork=1 > >> >> > > >> >> > # --- Murder frontends ------------------------- > >> >> > > >> >> > - snip - > >> >> > > >> >> > > >> >> > # ---------------------------------------------- > >> >> > } > >> >> > > >> >> > EVENTS { > >> >> > # this is required > >> >> > checkpoint cmd="/usr/sbin/ctl_cyrusdb -c" > period=30 > >> >> > > >> >> > # this is only necessary if using duplicate delivery > >> >> > suppression > >> >> > > >> >> > > >> >> > delprune cmd="/usr/sbin/ctl_deliver -E 3" > at=0401 > >> >> > > >> >> > # this is only necessary if caching TLS sessions > >> >> > tlsprune cmd="/usr/sbin/tls_prune" at=0401 > >> >> > } > >> >> > > >> >> > admins: cyrus > >> >> > unixhierarchysep: 1 > >> >> > * end * > >> >> > > >> >> > > >> >> > > >> >> > $ cat /etc/imapd.conf > >> >> > # Debian Cyrus imapd.conf > >> >> > # $Id: imapd.conf 229 2005-12-08 23:26:29Z astronut $ > >> >> > # See imapd.conf(5) for more information and more options > >> >> > > >> >> > # Configuration directory > >> >> > configdirectory: /var/lib/cyrus > >> >> > > >> >> > # Which partition to use for default mailboxes > >> >> > defaultpartition: default > >> >> > partition-default: /var/spool/cyrus/mail > >> >> > > >> >> > # News setup > >> >> > partition-news: /var/spool/cyrus/news > >> >> > newsspool: /var/spool/news > >> >> > > >> >> > # Alternate namespace > >> >> > # If enabled, activate the alternate namespace as documented > in > >> >> > # /usr/share/doc/cyrus-doc-2.2/html/altnamespace.html, where > an > >> >> user's > >> >> > # subfolders are in the same level as the INBOX > >> >> > # See also userprefix and sharedprefix on imapd.conf(5) > >> >> > altnamespace: no > >> >> > > >> >> > # UNIX Hierarchy Convention > >> >> > # Set to yes, and cyrus will accept dots in names, and use > the > >> >> forward > >> >> > # slash "/" to delimit levels of the hierarchy. This is done > by > >> >> > converting > >> >> > # internally all dots to "^", and all "/" to dots. So the > >> >> > "rabbit.holes" > >> >> > # mailbox of user "helmer.fudd" is stored in > >> >> > "user.elmer^fud.rabbit^holes" > >> >> > unixhierarchysep: yes > >> >> > > >> >> > > >> >> > - snip - > >> >> > > >> >> > > >> >> > # Uncomment the following and add the space-separated users > who > >> >> > # have admin rights for all services. > >> >> > admins: cyrus > >> >> > > >> >> > > >> >> > - sni - > >> >> > > >> >> > > >> >> > # No anonymous logins > >> >> > #allowanonymouslogin: no > >> >> > allowanonymouslogin: yes > >> >> > > >> >> > # Minimum time between POP mail fetches in minutes > >> >> > popminpoll: 1 > >> >> > > >> >> > # If nonzero, normal users may create their own IMAP accounts > by > >> >> > creating > >> >> > # the mailbox INBOX. The user's quota is set to the value if > it > >> is > >> >> > positive, > >> >> > # otherwise the user has unlimited quota. > >> >> > autocreatequota: 0 > >> >> > > >> >> > # umask used by Cyrus programs > >> >> > umask: 077 > >> >> > > >> >> > - snip - > >> >> > > >> >> > # If enabled, cyrdeliver will look for Sieve scripts in > user's > >> home > >> >> > # directories: ~user/.sieve. > >> >> > sieveusehomedir: false > >> >> > > >> >> > # If sieveusehomedir is false, this directory is searched for > >> Sieve > >> >> > scripts. > >> >> > sievedir: /var/spool/sieve > >> >> > > >> >> > > >> >> > - snip - > >> >> > > >> >> > > >> >> > # If enabled, the partitions will also be hashed, in addition > to > >> >> the > >> >> > hashing > >> >> > # done on configuration directories. This is recommended if > one > >> >> > partition has a > >> >> > # very bushy mailbox tree. > >> >> > hashimapspool: true > >> >> > > >> >> > # Allow plaintext logins by default (SASL PLAIN) > >> >> > allowplaintext: yes > >> >> > > >> >> > # Force PLAIN/LOGIN authentication only > >> >> > # (you need to uncomment this if you are not using an > >> auxprop-based > >> >> > SASL > >> >> > # mechanism. saslauthd users, that means you!). And pay > >> attention > >> >> to > >> >> > # sasl_minimum_layer and allowapop below, too. > >> >> > #sasl_mech_list: PLAIN > >> >> > > >> >> > > >> >> > - snip - > >> >> > > >> >> > > >> >> > # Do note that, since sasl will be run as user cyrus, you may > >> have > >> >> a > >> >> > lot of > >> >> > # trouble to set this up right. > >> >> > #sasl_pwcheck_method: auxprop > >> >> > sasl_pwcheck_method: saslauthd > >> >> > > >> >> > # What auxpropd plugins to load, if using > sasl_pwcheck_method: > >> >> auxprop > >> >> > # by default, all plugins are tried (which is probably NOT > what > >> you > >> >> > want). > >> >> > #sasl_auxprop_plugin: sasldb > >> >> > > >> >> > # If enabled, the SASL library will automatically create > >> >> authentication > >> >> > secrets > >> >> > # when given a plaintext password. Refer to SASL > documentation > >> >> > sasl_auto_transition: no > >> >> > > >> >> > # > >> >> > # SSL/TLS Options > >> >> > # > >> >> > > >> >> > - snip - > >> >> > > >> >> > > >> >> > # File containing one or more Certificate Authority (CA) > >> >> certificates. > >> >> > #tls_ca_file: /etc/ssl/certs/cyrus-imapd-ca.pem > >> >> > > >> >> > # Path to directory with certificates of CAs. > >> >> > tls_ca_path: /etc/ssl/certs > >> >> > > >> >> > # The length of time (in minutes) that a TLS session will be > >> cached > >> >> for > >> >> > later > >> >> > # reuse. The maximum value is 1440 (24 hours), the default. > A > >> >> value > >> >> > of 0 will > >> >> > # disable session caching. > >> >> > tls_session_timeout: 1440 > >> >> > > >> >> > # The list of SSL/TLS ciphers to allow, in decreasing order > of > >> >> > precedence. > >> >> > # The format of the string is described in ciphers(1). The > >> Debian > >> >> > default > >> >> > # selects TLSv1 high-security ciphers only, and removes all > >> >> anonymous > >> >> > ciphers > >> >> > # from the list (because they provide no defense against > >> >> > man-in-the-middle > >> >> > # attacks). It also orders the list so that stronger ciphers > >> come > >> >> > first. > >> >> > tls_cipher_list: TLSv1+HIGH:!aNULL:@STRENGTH > >> >> > > >> >> > > >> >> > - snip - > >> >> > > >> >> > > >> >> > ## KEEP THESE IN SYNC WITH cyrus.conf > >> >> > ## > >> >> > # Unix domain socket that lmtpd listens on. > >> >> > lmtpsocket: /var/run/cyrus/socket/lmtp > >> >> > > >> >> > # Unix domain socket that idled listens on. > >> >> > idlesocket: /var/run/cyrus/socket/idle > >> >> > > >> >> > # Unix domain socket that the new mail notification daemon > >> listens > >> >> on. > >> >> > notifysocket: /var/run/cyrus/socket/notify > >> >> > > >> >> > # Syslog prefix. Defaults to cyrus (so logging is done as > >> >> cyrus/imap > >> >> > etc.) > >> >> > syslog_prefix: cyrus > >> >> > > >> >> > > >> >> > - snip - > >> >> > * end * > >> >> > > >> >> > > >> >> > B.R. > >> >> > Stephen L > >> > > >> > > >> > Send instant messages to your online friends > >> http://uk.messenger.yahoo.com > >> > ---- > >> > Cyrus Home Page: http://cyrusimap.web.cmu.edu/ > >> > Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki > >> > List Archives/Info: > http://asg.web.cmu.edu/cyrus/mailing-list.html > >> > > >> > >> > >> > > > > > > Send instant messages to your online friends > http://uk.messenger.yahoo.com > > ---- > > Cyrus Home Page: http://cyrusimap.web.cmu.edu/ > > Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki > > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html > > > > > Send instant messages to your online friends http://uk.messenger.yahoo.com From jens.hoffrichter at gmail.com Mon Jun 9 10:44:41 2008 From: jens.hoffrichter at gmail.com (Jens Hoffrichter) Date: Mon, 9 Jun 2008 16:44:41 +0200 Subject: Cyrus - can't create user mailbox In-Reply-To: <9b48a1210806090739w8b86221i6002309b7ec7686c@mail.gmail.com> References: <7857a3adf174a3cc37927ea8b35a7e8c.squirrel@webmail.bi.corp.invoca.ch> <222395.43070.qm@web35206.mail.mud.yahoo.com> <9b48a1210806090739w8b86221i6002309b7ec7686c@mail.gmail.com> Message-ID: <9b48a1210806090744n88e298dn1f8d65413d263a7@mail.gmail.com> This mail accidently went off-list....So here a resend ---------- Forwarded message ---------- From: Jens Hoffrichter Date: 2008/6/9 Subject: Re: Cyrus - can't create user mailbox To: Stephen Liu Hi Stephen, 2008/6/9 Stephen Liu : >> Try to find out where you cyrus creates it's lmtp socket and point >> your >> postfix config to it. >> >> I don't know Debian but I think it should come with some docs to get >> things to work. (Ubuntu ins mainly a copy of Debian so the same >> should >> apply there as well). Maybe some Debian/Ubuntu user can point you to >> the >> right docs. > > > $ cat /etc/cyrus.conf | grep socket > # UNIX sockets start with a slash and are absolute paths > # (you must keep the Unix socket name in sync with imap.conf) > lmtpunix cmd="lmtpd" listen="/var/run/cyrus/socket/lmtp" > prefork=0 maxchild=20 > notify cmd="notifyd" > listen="/var/run/cyrus/socket/notify" proto="udp" prefork=1 > * end * > > > Would it be /var/run/cyrus/socket/lmtp ? Yep, it would be it. But please note that the postfix smtpd under Debian (and probably Ubuntu as well) runs in a chroot environment. You can see this by looking in your /etc/postfix/master.cf file, look at the line with smtp in the beginning and look in the right column for the chroot. Which one that is should be documented in the top of the file. If the smtpd runs in a chroot environment, it will expect the lmtp socket relative to the chroot path, normally /var/spool/postfix, so the correct complete path for the socket would be /var/spool/postfix/var/run/cyrus/socket/notify ;) This created a lot of headache for me when configuring sasl, until I figured it out. Regards, Jens From michael.menge at zdv.uni-tuebingen.de Mon Jun 9 10:56:33 2008 From: michael.menge at zdv.uni-tuebingen.de (Michael Menge) Date: Mon, 09 Jun 2008 16:56:33 +0200 Subject: Authentication problem In-Reply-To: References: <7987.29421.qm@web35206.mail.mud.yahoo.com> Message-ID: <20080609165633.98827fdbhor2lzgo@wm03.uni-tuebingen.de> >> $ imtest -m login -p imap -u satimiscyrus localhost >> S: * OK lampserver Cyrus IMAP4 v2.2.12-Debian-2.2.12-4ubuntu1 server >> ready >> C: C01 CAPABILITY >> S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS >> NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND >> BINARY SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE >> AUTH=NTLM AUTH=ANONYMOUS AUTH=DIGEST-MD5 AUTH=CRAM-MD5 SASL-IR >> S: C01 OK Completed >> Please enter your password: >> C: L01 LOGIN satimis {12} >> S: + go ahead >> C: >> S: L01 NO Login failed: generic failure >> Authentication failed. generic failure >> Security strength factor: 0 >> (it is hanging here) > > I have the feeling you should add this to your imapd.conf: > > sasl_mech_list: PLAIN > I miss AUTH=LOGIN and AUTH=PLAIN so "sasl_mech_list: PLAIN" will only cause that no auth mech will be available. Maybe a sasl package is not installed/found ll /usr/lib/sasl2/ show for me lrwxrwxrwx 1 root root 22 2006-09-04 16:18 libanonymous.so -> libanonymous.so.2.0.21* lrwxrwxrwx 1 root root 22 2006-09-04 16:18 libanonymous.so.2 -> libanonymous.so.2.0.21* -rwxr-xr-x 1 root root 13216 2006-06-16 16:40 libanonymous.so.2.0.21* lrwxrwxrwx 1 root root 18 2006-09-04 16:18 liblogin.so -> liblogin.so.2.0.21* lrwxrwxrwx 1 root root 18 2006-09-04 16:18 liblogin.so.2 -> liblogin.so.2.0.21* -rwxr-xr-x 1 root root 13724 2006-06-16 16:41 liblogin.so.2.0.21* lrwxrwxrwx 1 root root 18 2006-09-04 16:21 libplain.so -> libplain.so.2.0.21* lrwxrwxrwx 1 root root 18 2006-09-04 16:21 libplain.so.2 -> libplain.so.2.0.21* -rwxr-xr-x 1 root root 14268 2006-06-16 16:40 libplain.so.2.0.21* lrwxrwxrwx 1 root root 19 2006-09-04 16:18 libsasldb.so -> libsasldb.so.2.0.21* lrwxrwxrwx 1 root root 19 2006-09-04 16:18 libsasldb.so.2 -> libsasldb.so.2.0.21* -rwxr-xr-x 1 root root 18316 2006-06-16 16:40 libsasldb.so.2.0.21* -------------------------------------------------------------------------------- M.Menge Tel.: (49) 7071/29-70316 Universitaet Tuebingen Fax.: (49) 7071/29-5912 Zentrum fuer Datenverarbeitung mail: michael.menge at zdv.uni-tuebingen.de Waechterstrasse 76 72074 Tuebingen -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 5339 bytes Desc: S/MIME krytographische Unterschrift Url : http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20080609/20319c4e/attachment.bin From satimis at yahoo.com Mon Jun 9 12:49:21 2008 From: satimis at yahoo.com (Stephen Liu) Date: Tue, 10 Jun 2008 00:49:21 +0800 (CST) Subject: Cyrus - can't create user mailbox In-Reply-To: <9b48a1210806090744n88e298dn1f8d65413d263a7@mail.gmail.com> Message-ID: <755322.63995.qm@web35203.mail.mud.yahoo.com> Hi Jens, Thanks for your advice. - snip - > > Would it be /var/run/cyrus/socket/lmtp ? > Yep, it would be it. > > But please note that the postfix smtpd under Debian (and probably > Ubuntu as well) runs in a chroot environment. You can see this by > looking in your /etc/postfix/master.cf file, look at the line with > smtp in the beginning and look in the right column for the chroot. > Which one that is should be documented in the top of the file. $ cat /etc/postfix/master.cf | grep smtp smtp inet n - - - - smtpd smtp unix - - - - - smtp relay unix - - - - - smtp # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5 bsmtp unix - n n - - pipe flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient * end * There are only 2 lines there with smtp in the beginning. > If the smtpd runs in a chroot environment, it will expect the lmtp > socket relative to the chroot path, normally /var/spool/postfix, so > the correct complete path for the socket would be > /var/spool/postfix/var/run/cyrus/socket/notify ;) This created a lot > of headache for me when configuring sasl, until I figured it out. $ sudo nano /etc/cyrus.conf change both lines. changing; lmtpunix cmd="lmtpd" listen="/var/run/cyrus/socket/lmtp" prefork=0 maxchild=20 as; lmtpunix cmd="lmtpd" listen="/var/spool/postfix/var/run/cyrus/socket/lmtp" prefork=0 maxchild=20 changing; notify cmd="notifyd" listen="/var/run/cyrus/socket/notify" proto="udp" prefork=1 as; notify cmd="notifyd" listen="/var/spool/postfix/var/run/cyrus/socket/notify" proto="udp" prefork=1 Still can't receive mails. $ sudo ls -la /var/spool/cyrus/mail/s/user/satimiscyrus Password: total 20 drwx------ 2 cyrus mail 4096 2008-06-09 16:35 . drwx------ 3 cyrus mail 4096 2008-06-09 16:35 .. -rw------- 1 cyrus mail 4 2008-06-09 16:35 cyrus.cache -rw------- 1 cyrus mail 158 2008-06-09 16:35 cyrus.header -rw------- 1 cyrus mail 76 2008-06-09 16:35 cyrus.index * end * $ tail /var/log/mail.log Jun 10 00:35:41 lampserver cyrus/ctl_cyrusdb[4952]: archiving log file: /var/lib/cyrus/db/log.0000000001 Jun 10 00:35:41 lampserver cyrus/ctl_cyrusdb[4952]: archiving database file: /var/lib/cyrus/mailboxes.db Jun 10 00:35:41 lampserver cyrus/ctl_cyrusdb[4952]: archiving log file: /var/lib/cyrus/db/log.0000000001 Jun 10 00:35:41 lampserver cyrus/ctl_cyrusdb[4952]: done checkpointing cyrus databases Jun 10 00:35:41 lampserver cyrus/master[4948]: process 4952 exited, status 0 Jun 10 00:36:30 lampserver postfix/smtpd[4955]: connect from ti-out-0910.google.com[209.85.142.187] Jun 10 00:36:30 lampserver postfix/smtpd[4955]: D21EA87820E: client=ti-out-0910.google.com[209.85.142.187] Jun 10 00:36:30 lampserver postfix/cleanup[4956]: D21EA87820E: message-id= Jun 10 00:36:30 lampserver postfix/qmgr[4188]: D21EA87820E: from=, size=1842, nrcpt=1 (queue active) Jun 10 00:36:30 lampserver postfix/lmtp[4958]: D21EA87820E: to=, relay=none, delay=0, status=deferred (connect to /var/run/lmtp[/var/run/lmtp]: No such file or directory) * end * $ tail /var/log/mail.warn Jun 6 18:47:50 lampserver cyrus/master[3881]: WARNING: cannot find executable for service 'nntp' -- ignored Jun 9 18:15:12 lampserver cyrus/imap[4675]: idle for too long, closing connection Jun 9 23:48:17 lampserver cyrus/master[4594]: unable to create notify listener socket: No such file or directory Jun 10 00:08:08 lampserver cyrus/master[4745]: unable to create lmtpunix listener socket: No such file or directory Jun 10 00:08:08 lampserver cyrus/master[4745]: unable to create notify listener socket: No such file or directory Jun 10 00:12:38 lampserver cyrus/master[4805]: unable to create lmtpunix listener socket: No such file or directory Jun 10 00:12:39 lampserver cyrus/master[4805]: unable to create notify listener socket: No such file or directory Jun 10 00:32:46 lampserver cyrus/master[4902]: unable to create notify listener socket: No such file or directory Jun 10 00:35:41 lampserver cyrus/master[4948]: unable to create lmtpunix listener socket: No such file or directory Jun 10 00:35:41 lampserver cyrus/master[4948]: unable to create notify listener socket: No such file or directory * end * B.R. Stephen Send instant messages to your online friends http://uk.messenger.yahoo.com From aspineux at gmail.com Mon Jun 9 12:54:01 2008 From: aspineux at gmail.com (Alain Spineux) Date: Mon, 9 Jun 2008 18:54:01 +0200 Subject: Cyrus - can't create user mailbox In-Reply-To: <222395.43070.qm@web35206.mail.mud.yahoo.com> References: <7857a3adf174a3cc37927ea8b35a7e8c.squirrel@webmail.bi.corp.invoca.ch> <222395.43070.qm@web35206.mail.mud.yahoo.com> Message-ID: <71fe4e760806090954i19f747b5g2b2f73ab97ad801@mail.gmail.com> On Mon, Jun 9, 2008 at 4:07 PM, Stephen Liu wrote: > Hi Simon, > > >> > Whether I have to run the command as root? >> >> NO, you shouldn't run this as root! >> If you want to delete a cyrus mailbox you have to give the cyrus >> admin >> user the rights to do so (as someone else already stated). > > > Noted with thanks. > > >> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ >> >> Try to find out where you cyrus creates it's lmtp socket and point >> your >> postfix config to it. >> >> I don't know Debian but I think it should come with some docs to get >> things to work. (Ubuntu ins mainly a copy of Debian so the same >> should >> apply there as well). Maybe some Debian/Ubuntu user can point you to >> the >> right docs. > > > $ cat /etc/cyrus.conf | grep socket > # UNIX sockets start with a slash and are absolute paths > # (you must keep the Unix socket name in sync with imap.conf) > lmtpunix cmd="lmtpd" listen="/var/run/cyrus/socket/lmtp" > prefork=0 maxchild=20 > notify cmd="notifyd" > listen="/var/run/cyrus/socket/notify" proto="udp" prefork=1 > * end * > > > Would it be /var/run/cyrus/socket/lmtp ? You have somewhere int your postfix main.cf "/var/run/lmtp", probably a mailbox_transport=... or a local_transport=.... You must replace it by the cyrus path : /var/run/cyrus/socket/lmtp If smtpd daemon is chrooted this become more difficult ! You have 2 possibilities - just try to replace the 'y' in master.cf by a 'n' to make smtpd not chrooted - change the path in cyrus.conf to move the socket somewhere bellow the postfix chroot jail. Be carefull cyrus must have enough right in the postfix directory to create the socket. > > > $ sudo ls -la /var/run/cyrus/socket | grep lmtp > srwxrwxrwx 1 root root 0 2008-06-09 21:26 lmtp > > > $ sudo ls -la /var/run/cyrus/socket/ > total 0 > drwxr-x--- 2 cyrus mail 80 2008-06-09 21:26 . > drwxr-xr-x 3 cyrus mail 60 2008-06-09 21:26 .. > srwxrwxrwx 1 root root 0 2008-06-09 21:26 lmtp > srwxrwxrwx 1 root root 0 2008-06-09 21:26 notify > * end * > > > How to link it to postfix config? Thanks > > > > B.R. > Stephen > > > Send instant messages to your online friends http://uk.messenger.yahoo.com > ---- > Cyrus Home Page: http://cyrusimap.web.cmu.edu/ > Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html > -- Alain Spineux aspineux gmail com May the sources be with you From satimis at yahoo.com Mon Jun 9 13:06:25 2008 From: satimis at yahoo.com (Stephen Liu) Date: Tue, 10 Jun 2008 01:06:25 +0800 (CST) Subject: Authentication problem In-Reply-To: <20080609165633.98827fdbhor2lzgo@wm03.uni-tuebingen.de> Message-ID: <323027.79613.qm@web35207.mail.mud.yahoo.com> Hi Michael, > > I have the feeling you should add this to your imapd.conf: > > > > sasl_mech_list: PLAIN > > > I miss AUTH=LOGIN and AUTH=PLAIN > so "sasl_mech_list: PLAIN" will only cause that no auth mech > will be available. Performed following test; $ sudo nano /etc/imapd.conf adding; AUTH=LOGIN AUTH=PLAIN at the bottom. $ imtest -m login -p imap -u satimiscyrus localhost just hanging there. Also tried uncomment the line; sasl_mech_list: PLAIN $ imtest -m login -p imap -u satimiscyrus localhost S: * OK lampserver Cyrus IMAP4 v2.2.12-Debian-2.2.12-4ubuntu1 server ready C: C01 CAPABILITY S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE S: C01 OK Completed Please enter your password: C: L01 LOGIN satimis {12} S: + go ahead C: S: L01 NO Login failed: generic failure Authentication failed. generic failure Security strength factor: 0 Still the same result. > Maybe a sasl package is not installed/found > ll /usr/lib/sasl2/ show for me > > lrwxrwxrwx 1 root root 22 2006-09-04 16:18 libanonymous.so -> > libanonymous.so.2.0.21* > lrwxrwxrwx 1 root root 22 2006-09-04 16:18 libanonymous.so.2 -> > libanonymous.so.2.0.21* > -rwxr-xr-x 1 root root 13216 2006-06-16 16:40 > libanonymous.so.2.0.21* > lrwxrwxrwx 1 root root 18 2006-09-04 16:18 liblogin.so -> > liblogin.so.2.0.21* > lrwxrwxrwx 1 root root 18 2006-09-04 16:18 liblogin.so.2 -> > liblogin.so.2.0.21* > -rwxr-xr-x 1 root root 13724 2006-06-16 16:41 liblogin.so.2.0.21* > lrwxrwxrwx 1 root root 18 2006-09-04 16:21 libplain.so -> > libplain.so.2.0.21* > lrwxrwxrwx 1 root root 18 2006-09-04 16:21 libplain.so.2 -> > libplain.so.2.0.21* > -rwxr-xr-x 1 root root 14268 2006-06-16 16:40 libplain.so.2.0.21* > lrwxrwxrwx 1 root root 19 2006-09-04 16:18 libsasldb.so -> > libsasldb.so.2.0.21* > lrwxrwxrwx 1 root root 19 2006-09-04 16:18 libsasldb.so.2 -> > libsasldb.so.2.0.21* > -rwxr-xr-x 1 root root 18316 2006-06-16 16:40 libsasldb.so.2.0.21* $ ls -l /usr/lib/sasl2/ total 500 -rw-r--r-- 1 root root 19036 2006-04-24 19:38 libanonymous.a -rw-r--r-- 1 root root 855 2006-04-24 19:38 libanonymous.la lrwxrwxrwx 1 root root 22 2008-04-18 07:24 libanonymous.so -> libanonymous.so.2.0.19 lrwxrwxrwx 1 root root 22 2008-04-18 07:24 libanonymous.so.2 -> libanonymous.so.2.0.19 -rw-r--r-- 1 root root 15712 2006-04-24 19:38 libanonymous.so.2.0.19 -rw-r--r-- 1 root root 21802 2006-04-24 19:38 libcrammd5.a -rw-r--r-- 1 root root 841 2006-04-24 19:38 libcrammd5.la lrwxrwxrwx 1 root root 20 2008-04-18 07:24 libcrammd5.so -> libcrammd5.so.2.0.19 lrwxrwxrwx 1 root root 20 2008-04-18 07:24 libcrammd5.so.2 -> libcrammd5.so.2.0.19 -rw-r--r-- 1 root root 19104 2006-04-24 19:38 libcrammd5.so.2.0.19 -rw-r--r-- 1 root root 59792 2006-04-24 19:38 libdigestmd5.a -rw-r--r-- 1 root root 864 2006-04-24 19:38 libdigestmd5.la lrwxrwxrwx 1 root root 22 2008-04-18 07:24 libdigestmd5.so -> libdigestmd5.so.2.0.19 lrwxrwxrwx 1 root root 22 2008-04-18 07:24 libdigestmd5.so.2 -> libdigestmd5.so.2.0.19 -rw-r--r-- 1 root root 46336 2006-04-24 19:38 libdigestmd5.so.2.0.19 -rw-r--r-- 1 root root 19262 2006-04-24 19:38 liblogin.a -rw-r--r-- 1 root root 835 2006-04-24 19:38 liblogin.la lrwxrwxrwx 1 root root 18 2008-04-18 07:24 liblogin.so -> liblogin.so.2.0.19 lrwxrwxrwx 1 root root 18 2008-04-18 07:24 liblogin.so.2 -> liblogin.so.2.0.19 -rw-r--r-- 1 root root 16352 2006-04-24 19:38 liblogin.so.2.0.19 -rw-r--r-- 1 root root 38724 2006-04-24 19:38 libntlm.a -rw-r--r-- 1 root root 829 2006-04-24 19:38 libntlm.la lrwxrwxrwx 1 root root 17 2008-04-18 07:24 libntlm.so -> libntlm.so.2.0.19 lrwxrwxrwx 1 root root 17 2008-04-18 07:24 libntlm.so.2 -> libntlm.so.2.0.19 -rw-r--r-- 1 root root 32264 2006-04-24 19:38 libntlm.so.2.0.19 -rw-r--r-- 1 root root 27142 2006-04-24 19:38 libotp.a -rw-r--r-- 1 root root 829 2006-04-24 19:38 libotp.la lrwxrwxrwx 1 root root 16 2008-04-18 07:24 libotp.so -> libotp.so.2.0.19 lrwxrwxrwx 1 root root 16 2008-04-18 07:24 libotp.so.2 -> libotp.so.2.0.19 -rw-r--r-- 1 root root 48856 2006-04-24 19:38 libotp.so.2.0.19 -rw-r--r-- 1 root root 19342 2006-04-24 19:38 libplain.a -rw-r--r-- 1 root root 835 2006-04-24 19:38 libplain.la lrwxrwxrwx 1 root root 18 2008-04-18 07:24 libplain.so -> libplain.so.2.0.19 lrwxrwxrwx 1 root root 18 2008-04-18 07:24 libplain.so.2 -> libplain.so.2.0.19 -rw-r--r-- 1 root root 16384 2006-04-24 19:38 libplain.so.2.0.19 -rw-r--r-- 1 root root 29164 2006-04-24 19:38 libsasldb.a -rw-r--r-- 1 root root 856 2006-04-24 19:38 libsasldb.la lrwxrwxrwx 1 root root 19 2008-04-18 07:24 libsasldb.so -> libsasldb.so.2.0.19 lrwxrwxrwx 1 root root 19 2008-04-18 07:24 libsasldb.so.2 -> libsasldb.so.2.0.19 -rw-r--r-- 1 root root 21288 2006-04-24 19:38 libsasldb.so.2.0.19 * end * B.R. Stephen Send instant messages to your online friends http://uk.messenger.yahoo.com From satimis at yahoo.com Mon Jun 9 13:19:07 2008 From: satimis at yahoo.com (Stephen Liu) Date: Tue, 10 Jun 2008 01:19:07 +0800 (CST) Subject: Cyrus - can't create user mailbox In-Reply-To: <71fe4e760806090954i19f747b5g2b2f73ab97ad801@mail.gmail.com> Message-ID: <595783.84388.qm@web35203.mail.mud.yahoo.com> Hi Alain, - snip - > > Would it be /var/run/cyrus/socket/lmtp ? > > You have somewhere int your postfix main.cf "/var/run/lmtp", > probably > a mailbox_transport=... or a local_transport=.... > You must replace it by the cyrus path : /var/run/cyrus/socket/lmtp $ cat /etc/postfix/main.cf | grep /var/run/lmtp mailbox_transport = lmtp:unix:/var/run/lmtp I suppose you meant this line? > If smtpd daemon is chrooted this become more difficult ! > You have 2 possibilities > - just try to replace the 'y' in master.cf by a 'n' to make smtpd not > chrooted $ cat /etc/postfix/master.cf | grep y # service type private unpriv chroot wakeup maxproc command + args # (yes) (yes) (yes) (never) (100) # -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes # -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes verify unix - - - - 1 verify proxymap unix - - n - - proxymap # When relaying mail as backup MX, disable fallback_relay to avoid MX loops relay unix - - - - - smtp -o fallback_relay= # Many of the following services use the Postfix pipe(8) delivery # Also specify in main.cf: maildrop_destination_recipient_limit=1 # Other external delivery methods. flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py # The Cyrus deliver program has changed incompatibly, multiple times. cyrus unix - n n - - pipe flags=R user=cyrus argv=/usr/sbin/cyrdeliver -e -m "${extension}" ${user} * end * No 'y' found. > - change the path in cyrus.conf to move the socket somewhere bellow > the > postfix chroot jail. Be carefull cyrus must have enough right in the > postfix directory to create the socket. Could you please explain in more detail how to make it? TIA B.R. Stephen Send instant messages to your online friends http://uk.messenger.yahoo.com From jens.hoffrichter at gmail.com Mon Jun 9 13:26:51 2008 From: jens.hoffrichter at gmail.com (Jens Hoffrichter) Date: Mon, 9 Jun 2008 19:26:51 +0200 Subject: Cyrus - can't create user mailbox In-Reply-To: <755322.63995.qm@web35203.mail.mud.yahoo.com> References: <9b48a1210806090744n88e298dn1f8d65413d263a7@mail.gmail.com> <755322.63995.qm@web35203.mail.mud.yahoo.com> Message-ID: <9b48a1210806091026v1a37598di8052c26de977e2e@mail.gmail.com> Hi Stephen, 2008/6/9 Stephen Liu : > Thanks for your advice. No problem - we all struggled at some point and were glad for help :) > $ cat /etc/postfix/master.cf | grep smtp > smtp inet n - - - - smtpd > > smtp unix - - - - - smtp > relay unix - - - - - smtp > # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5 > bsmtp unix - n n - - pipe > flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender > $recipient > * end * > > There are only 2 lines there with smtp in the beginning. >From this snippet you don't see if chroot is enabled by default - the default is denoted by the -, and documented in the line directly before the beginning of the transports. But as I know Debian and Ubuntu, they have probably activated chroot. > $ sudo nano /etc/cyrus.conf > > change both lines. > > changing; > lmtpunix cmd="lmtpd" listen="/var/run/cyrus/socket/lmtp" > prefork=0 maxchild=20 > > as; > lmtpunix cmd="lmtpd" > listen="/var/spool/postfix/var/run/cyrus/socket/lmtp" prefork=0 > maxchild=20 > > > changing; > notify cmd="notifyd" listen="/var/run/cyrus/socket/notify" > proto="udp" prefork=1 > > as; > notify cmd="notifyd" > listen="/var/spool/postfix/var/run/cyrus/socket/notify" proto="udp" > prefork=1 I guess you won't need to change this line, as this is independent from postfix. > Jun 10 00:36:30 lampserver postfix/smtpd[4955]: D21EA87820E: > client=ti-out-0910.google.com[209.85.142.187] > Jun 10 00:36:30 lampserver postfix/cleanup[4956]: D21EA87820E: > message-id= > Jun 10 00:36:30 lampserver postfix/qmgr[4188]: D21EA87820E: > from=, size=1842, nrcpt=1 (queue active) > Jun 10 00:36:30 lampserver postfix/lmtp[4958]: D21EA87820E: > to=, relay=none, delay=0, status=deferred > (connect to /var/run/lmtp[/var/run/lmtp]: No such file or directory) As you see here, it tries to connect to the socket "/var/run/lmtp", but the cyrus default was /var/run/cyrus/socket/lmtp, or the postfix chroot equivalent. So EITHER you change the delivery socket in postfix (which I currently don't know how to do, as I use a different delivery approach on my postfix server - and a different IMAP server ;) ), or you try either /var/run/postfix/var/run/lmtp or /var/run/lmtp in the lmtpunix line in cyrus.conf I hope that helps :) Regards, Jens From list at joreybump.com Mon Jun 9 13:42:08 2008 From: list at joreybump.com (Jorey Bump) Date: Mon, 09 Jun 2008 13:42:08 -0400 Subject: Cyrus - can't create user mailbox In-Reply-To: <595783.84388.qm@web35203.mail.mud.yahoo.com> References: <595783.84388.qm@web35203.mail.mud.yahoo.com> Message-ID: <484D6B70.1080603@joreybump.com> Stephen Liu wrote, at 06/09/2008 01:19 PM: > $ cat /etc/postfix/master.cf | grep y This is useless, because: > # service type private unpriv chroot wakeup maxproc command + args > # (yes) (yes) (yes) (never) (100) The chroot setting defaults to yes, so a 'y' does not need to be explicitly set. > # -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes > # -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes > verify unix - - - - 1 verify > proxymap unix - - n - - proxymap > # When relaying mail as backup MX, disable fallback_relay to avoid MX > loops > relay unix - - - - - smtp > -o fallback_relay= All those dashes represent the specified defaults for that column. > No 'y' found. Stop guessing. Post your entire master.cf. >> - change the path in cyrus.conf to move the socket somewhere bellow >> the >> postfix chroot jail. Be carefull cyrus must have enough right in the >> postfix directory to create the socket. > > > Could you please explain in more detail how to make it? TIA There's no need to run Postfix in a chroot jail. You are better off disabling chroot entirely (explicitly with an 'n' in master.cf). From wes at umich.edu Mon Jun 9 13:53:41 2008 From: wes at umich.edu (Wesley Craig) Date: Mon, 9 Jun 2008 13:53:41 -0400 Subject: Authentication problem In-Reply-To: <323027.79613.qm@web35207.mail.mud.yahoo.com> References: <323027.79613.qm@web35207.mail.mud.yahoo.com> Message-ID: On 09 Jun 2008, at 13:06, Stephen Liu wrote: > S: L01 NO Login failed: generic failure These generic login failures typically produce a log message in your security logs. :wes From aspineux at gmail.com Mon Jun 9 17:27:35 2008 From: aspineux at gmail.com (Alain Spineux) Date: Mon, 9 Jun 2008 23:27:35 +0200 Subject: Cyrus - can't create user mailbox In-Reply-To: <484D6B70.1080603@joreybump.com> References: <595783.84388.qm@web35203.mail.mud.yahoo.com> <484D6B70.1080603@joreybump.com> Message-ID: <71fe4e760806091427q6be48445u3aa6e7dd4a5a5ad6@mail.gmail.com> On Mon, Jun 9, 2008 at 7:42 PM, Jorey Bump wrote: > Stephen Liu wrote, at 06/09/2008 01:19 PM: > > There's no need to run Postfix in a chroot jail. You are better off > disabling chroot entirely (explicitly with an 'n' in master.cf). > ---- > Cyrus Home Page: http://cyrusimap.web.cmu.edu/ > Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html > I agree. Make a copy of your master.cf and replace all '-' in the 5th column by 'n' Then the possible problem is that master.cf or main.cf could contains some configuration stuff to run in a chroot jail. run the folowing command and report the result # postconf -n Then in main.cf replace mailbox_transport = lmtp:unix:/var/run/lmtp by mailbox_transport = lmtp:unix:/var/run/cyrus/socket/lmtp Restart all, and try to send an email, look in the postfix log to see what is the next problem :-) -- Alain Spineux aspineux gmail com May the sources be with you From satimis at yahoo.com Mon Jun 9 19:03:54 2008 From: satimis at yahoo.com (Stephen Liu) Date: Tue, 10 Jun 2008 07:03:54 +0800 (CST) Subject: Cyrus - can't create user mailbox In-Reply-To: <484D6B70.1080603@joreybump.com> Message-ID: <147705.24806.qm@web35206.mail.mud.yahoo.com> Hi Jorey, - snip - > All those dashes represent the specified defaults for that column. > > > No 'y' found. > > Stop guessing. Post your entire master.cf. $ cat /etc/postfix/master.cf # # Postfix master process configuration file. For details on the format # of the file, see the Postfix master(5) manual page. # # ========================================================================== # service type private unpriv chroot wakeup maxproc command + args # (yes) (yes) (yes) (never) (100) # ========================================================================== smtp inet n - - - - smtpd #submission inet n - - - - smtpd # -o smtpd_etrn_restrictions=reject # -o smtpd_client_restrictions=permit_sasl_authenticated,reject #smtps inet n - - - - smtpd # -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes #submission inet n - - - - smtpd # -o smtpd_etrn_restrictions=reject # -o smtpd_enforce_tls=yes -o smtpd_sasl_auth_enable=yes #628 inet n - - - - qmqpd pickup fifo n - - 60 1 pickup cleanup unix n - - - 0 cleanup qmgr fifo n - n 300 1 qmgr #qmgr fifo n - - 300 1 oqmgr tlsmgr unix - - - 1000? 1 tlsmgr rewrite unix - - - - - trivial-rewrite bounce unix - - - - 0 bounce defer unix - - - - 0 bounce trace unix - - - - 0 bounce verify unix - - - - 1 verify flush unix n - - 1000? 0 flush proxymap unix - - n - - proxymap smtp unix - - - - - smtp # When relaying mail as backup MX, disable fallback_relay to avoid MX loops relay unix - - - - - smtp -o fallback_relay= # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5 showq unix n - - - - showq error unix - - - - - error discard unix - - - - - discard local unix - n n - - local virtual unix - n n - - virtual lmtp unix - - n - - lmtp anvil unix - - - - 1 anvil scache unix - - - - 1 scache # # ==================================================================== # Interfaces to non-Postfix software. Be sure to examine the manual # pages of the non-Postfix software to find out what options it wants. # # Many of the following services use the Postfix pipe(8) delivery # agent. See the pipe(8) man page for information about ${recipient} # and other message envelope options. # ==================================================================== # # maildrop. See the Postfix MAILDROP_README file for details. # Also specify in main.cf: maildrop_destination_recipient_limit=1 # maildrop unix - n n - - pipe flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient} # # See the Postfix UUCP_README file for configuration details. # uucp unix - n n - - pipe flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) # # Other external delivery methods. # ifmail unix - n n - - pipe flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) bsmtp unix - n n - - pipe flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient scalemail-backend unix - n n - 2 pipe flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension} mailman unix - n n - - pipe flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py ${nexthop} ${user} # The Cyrus deliver program has changed incompatibly, multiple times. cyrus unix - n n - - pipe flags=R user=cyrus argv=/usr/sbin/cyrdeliver -e -m "${extension}" ${user} * end * Others noted with thanks B.R. Stephen Send instant messages to your online friends http://uk.messenger.yahoo.com From satimis at yahoo.com Mon Jun 9 19:17:00 2008 From: satimis at yahoo.com (Stephen Liu) Date: Tue, 10 Jun 2008 07:17:00 +0800 (CST) Subject: Authentication problem In-Reply-To: Message-ID: <714636.23443.qm@web35201.mail.mud.yahoo.com> Hi Wesley, > On 09 Jun 2008, at 13:06, Stephen Liu wrote: > > S: L01 NO Login failed: generic failure > > These generic login failures typically produce a log message in your > > security logs. Here are the logs $ sudo ls -la /var/log/ total 48048 drwxr-xr-x 8 root root 4096 2008-06-10 06:55 . drwxr-xr-x 14 root root 4096 2008-04-18 07:27 .. drwxr-xr-x 2 root root 4096 2008-04-18 07:28 apache2 -rw-r--r-- 1 root root 2856 2008-04-18 07:27 aptitude -rw-r----- 1 root adm 299868 2008-06-10 07:10 auth.log -rw-r----- 1 root adm 48035 2008-05-04 06:47 auth.log.0 -rw-rw-r-- 1 root utmp 1920 2008-05-05 03:50 btmp drwxr-xr-x 2 root root 4096 2008-05-07 06:25 cups -rw-r----- 1 root adm 710332 2008-06-10 06:55 daemon.log -rw-r----- 1 root adm 69032 2008-05-04 06:03 daemon.log.0 -rw-r----- 1 root adm 404471 2008-06-10 06:56 debug -rw-r----- 1 root adm 76075 2008-05-04 05:59 debug.0 -rw-r--r-- 1 root root 19690 2008-06-10 06:54 dmesg -rw-r----- 1 root adm 224936 2008-06-07 12:23 dpkg.log -rw-r--r-- 1 root root 15896 2008-06-09 23:16 evms-engine.1.log -rw-r--r-- 1 root root 15896 2008-06-09 21:26 evms-engine.2.log -rw-r--r-- 1 root root 15896 2008-06-09 16:11 evms-engine.3.log -rw-r--r-- 1 root root 15896 2008-06-09 14:10 evms-engine.4.log -rw-r--r-- 1 root root 15896 2008-06-09 08:10 evms-engine.5.log -rw-r--r-- 1 root root 15896 2008-06-08 22:08 evms-engine.6.log -rw-r--r-- 1 root root 15896 2008-06-08 17:57 evms-engine.7.log -rw-r--r-- 1 root root 15896 2008-06-07 23:39 evms-engine.8.log -rw-r--r-- 1 root root 15896 2008-06-07 22:13 evms-engine.9.log -rw-r--r-- 1 root root 15896 2008-06-10 06:54 evms-engine.log -rw-r--r-- 1 root root 32160 2008-06-10 01:22 faillog -rw-r--r-- 1 root root 681 2008-04-24 01:24 fontconfig.log drwxr-xr-x 3 root root 4096 2008-04-18 07:29 installer -rw-r----- 1 root adm 2000232 2008-06-10 06:55 kern.log -rw-r----- 1 root adm 455682 2008-05-04 05:59 kern.log.0 -rw-rw-r-- 1 root utmp 293460 2008-06-10 07:10 lastlog -rw-r--r-- 1 root root 0 2008-04-18 07:30 lpr.log -rw-r--r-- 1 root root 3437682 2008-06-10 00:59 mail.err -rw-r--r-- 1 root root 6462532 2008-06-10 06:55 mail.info -rw-r--r-- 1 root root 11019216 2008-06-10 06:55 mail.log -rw-r--r-- 1 root root 6322797 2008-06-10 00:59 mail.warn -rw-r----- 1 root adm 1698219 2008-06-10 06:55 messages -rw-r----- 1 root adm 386020 2008-05-04 06:47 messages.0 drwxr-s--- 2 mysql adm 4096 2008-06-10 06:55 mysql -rw-r----- 1 mysql adm 0 2008-05-06 01:32 mysql.err -rw-r----- 1 mysql adm 0 2008-05-07 06:25 mysql.log -rw-r----- 1 mysql adm 20 2008-05-06 01:32 mysql.log.1.gz drwxr-sr-x 2 news news 4096 2008-04-18 07:30 news drwxr-x--- 2 proxy proxy 4096 2008-05-07 06:25 squid -rw-r----- 1 root adm 13395209 2008-06-10 07:09 syslog -rw-r----- 1 root adm 424533 2008-05-07 06:25 syslog.0 -rw-r----- 1 root adm 115845 2008-05-04 06:25 syslog.1.gz -rw-r--r-- 1 root root 268321 2008-06-10 06:54 udev -rw-r----- 1 root adm 5228 2008-06-10 01:22 user.log -rw-r----- 1 root adm 5058 2008-05-04 06:03 user.log.0 -rw-r--r-- 1 root root 0 2008-04-18 07:30 uucp.log -rw-rw-r-- 1 root utmp 939264 2008-06-10 07:10 wtmp * end * Which is the security log? Thanks $ tail /var/log/auth.log Jun 10 01:22:12 lampserver login[4403]: (pam_unix) session opened for user root by (ui d=0) Jun 10 01:22:12 lampserver login[31808]: ROOT LOGIN on `tty1' Jun 10 01:22:22 lampserver saslauthd[4198]: server_exit : master exited: 4198 Jun 10 01:22:22 lampserver sshd[4218]: Received signal 15; terminating. Jun 10 06:55:13 lampserver saslauthd[4197]: detach_tty : master pid is: 4197 Jun 10 06:55:13 lampserver saslauthd[4197]: ipc_init : listening on socket: /va r/spool/postfix/var/run/saslauthd/mux Jun 10 06:55:13 lampserver sshd[4224]: Server listening on :: port 2222. Jun 10 06:56:26 lampserver sshd[4432]: Accepted password for satimis from 192.168.0.10 port 46317 ssh2 Jun 10 06:56:26 lampserver sshd[4434]: (pam_unix) session opened for user satimis by ( uid=0) Jun 10 07:07:33 lampserver sudo: satimis : TTY=pts/0 ; PWD=/home/satimis ; USER=root ; COMMAND=/bin/ls /var/log/ * end * B.R. Stephen Send instant messages to your online friends http://uk.messenger.yahoo.com From satimis at yahoo.com Mon Jun 9 19:57:30 2008 From: satimis at yahoo.com (Stephen Liu) Date: Tue, 10 Jun 2008 07:57:30 +0800 (CST) Subject: Cyrus - can't create user mailbox In-Reply-To: <71fe4e760806091427q6be48445u3aa6e7dd4a5a5ad6@mail.gmail.com> Message-ID: <920236.54691.qm@web35206.mail.mud.yahoo.com> Hi Alain, > On Mon, Jun 9, 2008 at 7:42 PM, Jorey Bump > wrote: > > Stephen Liu wrote, at 06/09/2008 01:19 PM: > > > > There's no need to run Postfix in a chroot jail. You are better off > > disabling chroot entirely (explicitly with an 'n' in master.cf). > > ---- > > Cyrus Home Page: http://cyrusimap.web.cmu.edu/ > > Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki > > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html > > > > I agree. Make a copy of your master.cf and replace all '-' in the 5th > column by 'n' > Then the possible problem is that master.cf or main.cf could contains > some configuration stuff to run > in a chroot jail. run the folowing command and report the result > > # postconf -n $ sudo cp -p /etc/postfix/main.cf /etc/postfix/main.cf.bak.20080610 $ sudo nano /etc/postfix/master.cf On the 5th column changing all '-' to 'n' $ sudo postconf -n alias_database = hash:/etc/aliases alias_maps = hash:/etc/aliases append_dot_mydomain = no biff = no broken_sasl_auth_clients = yes config_directory = /etc/postfix inet_interfaces = all inet_protocols = all mailbox_size_limit = 0 mailbox_transport = lmtp:unix:/var/run/lmtp mydestination = satimis.com, localhost.localdomain, localhost.satimis.com myhostname = lampserver mynetworks = 127.0.0.0/8 myorigin = /etc/mailname recipient_delimiter = + relayhost = smtp_tls_note_starttls_offer = yes smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache smtp_use_tls = yes smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu) smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination smtpd_sasl_auth_enable = yes smtpd_sasl_local_domain = smtpd_sasl_security_options = noanonymous smtpd_tls_CAfile = /etc/ssl/certs/cacert.pem smtpd_tls_auth_only = no smtpd_tls_cert_file = /etc/ssl/certs/smtpd.crt smtpd_tls_key_file = /etc/ssl/private/smtpd.key smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache smtpd_tls_session_cache_timeout = 3600s smtpd_use_tls = yes tls_random_source = dev:/dev/urandom * end * > Then in main.cf replace > > mailbox_transport = lmtp:unix:/var/run/lmtp > by > mailbox_transport = lmtp:unix:/var/run/cyrus/socket/lmtp > > > Restart all, and try to send an email, > look in the postfix log to see what is the next problem :-) $ sudo cp -p /etc/postfix/main.cf /etc/postfix/main.cf.bak.20080610 $ sudo nano /etc/postfix/main.cf Change; mailbox_transport = lmtp:unix:/var/run/lmtp to; mailbox_transport = lmtp:unix:/var/run/cyrus/socket/lmtp $ sudo /etc/init.d/postfix restart * Stopping Postfix Mail Transport Agent postfix [ ok ] * Starting Postfix Mail Transport Agent postfix [ ok ] Send a webmail on GMail to satimiscyrus. It doesn't arrive. $ sudo ls -la /var/spool/cyrus/mail/s/user/satimiscyrus total 20 drwx------ 2 cyrus mail 4096 2008-06-09 16:35 . drwx------ 3 cyrus mail 4096 2008-06-09 16:35 .. -rw------- 1 cyrus mail 4 2008-06-09 16:35 cyrus.cache -rw------- 1 cyrus mail 158 2008-06-09 16:35 cyrus.header -rw------- 1 cyrus mail 76 2008-06-09 16:35 cyrus.index * end * $ tail /var/log/mail.log Jun 10 07:25:04 lampserver cyrus/ctl_cyrusdb[4652]: archiving log file: /var/lib/cyrus/db/log.0000000001 Jun 10 07:25:04 lampserver cyrus/ctl_cyrusdb[4652]: done checkpointing cyrus databases Jun 10 07:25:04 lampserver cyrus/master[3881]: process 4652 exited, status 0 Jun 10 07:32:15 lampserver postfix/master[4183]: terminating on signal 15 Jun 10 07:32:16 lampserver postfix/master[4733]: daemon started -- version 2.2.10, configuration /etc/postfix Jun 10 07:35:30 lampserver postfix/smtpd[4737]: connect from ti-out-0910.google.com[209.85.142.191] Jun 10 07:35:30 lampserver postfix/smtpd[4737]: 61C00878214: client=ti-out-0910.google.com[209.85.142.191] Jun 10 07:35:30 lampserver postfix/cleanup[4742]: 61C00878214: message-id= Jun 10 07:35:30 lampserver postfix/qmgr[4735]: 61C00878214: from=, size=1842, nrcpt=1 (qu eue active) Jun 10 07:35:30 lampserver postfix/lmtp[4744]: 61C00878214: to=, relay=none, delay=0, status=deferred (connect to /var/run/cyrus/socket/lmtp[/var/run/cyrus/socket/lmtp]: Permission denied) * end * $ tail /var/log/mail.warn Jun 10 00:59:52 lampserver cyrus/imap[31720]: Fatal error: invalid option name on line 322 of configuration file /etc/imapd.conf Jun 10 00:59:52 lampserver cyrus/master[4948]: service imap pid 31720 in READY state: terminated abnormally Jun 10 00:59:52 lampserver cyrus/imap[31721]: Fatal error: invalid option name on line 322 of configuration file /etc/imapd.conf Jun 10 00:59:52 lampserver cyrus/master[4948]: service imap pid 31721 in READY state: terminated abnormally Jun 10 00:59:52 lampserver cyrus/imap[31722]: Fatal error: invalid option name on line 322 of configuration file /etc/imapd.conf Jun 10 00:59:52 lampserver cyrus/master[4948]: service imap pid 31722 in READY state: terminated abnormally Jun 10 00:59:52 lampserver cyrus/imap[31723]: Fatal error: invalid option name on line 322 of configuration file /etc/imapd.conf Jun 10 00:59:52 lampserver cyrus/master[4948]: service imap pid 31723 in READY state: terminated abnormally Jun 10 00:59:52 lampserver cyrus/imap[31724]: Fatal error: invalid option name on line 322 of configuration file /etc/imapd.conf Jun 10 00:59:52 lampserver cyrus/master[4948]: service imap pid 31724 in READY state: terminated abnormally * end * On /etc/imapd line 322 is already at the bottom of the file, an empty space. B.R. Stephen Send instant messages to your online friends http://uk.messenger.yahoo.com From satimis at yahoo.com Mon Jun 9 21:55:56 2008 From: satimis at yahoo.com (Stephen Liu) Date: Tue, 10 Jun 2008 09:55:56 +0800 (CST) Subject: Cyrus - can't create user mailbox In-Reply-To: <9b48a1210806091026v1a37598di8052c26de977e2e@mail.gmail.com> Message-ID: <333792.40322.qm@web35207.mail.mud.yahoo.com> --- Jens Hoffrichter wrote: > > $ cat /etc/postfix/master.cf | grep smtp > > smtp inet n - - - - smtpd > > > > smtp unix - - - - - smtp > > relay unix - - - - - smtp > > # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5 > > bsmtp unix - n n - - pipe > > flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop > -f$sender > > $recipient > > * end * > > > > There are only 2 lines there with smtp in the beginning. > From this snippet you don't see if chroot is enabled by default - the > default is denoted by the -, and documented in the line directly > before the beginning of the transports. But as I know Debian and > Ubuntu, they have probably activated chroot. > > > $ sudo nano /etc/cyrus.conf > > > > change both lines. > > > > changing; > > lmtpunix cmd="lmtpd" listen="/var/run/cyrus/socket/lmtp" > > prefork=0 maxchild=20 > > > > as; > > lmtpunix cmd="lmtpd" > > listen="/var/spool/postfix/var/run/cyrus/socket/lmtp" prefork=0 > > maxchild=20 > > > > > > changing; > > notify cmd="notifyd" listen="/var/run/cyrus/socket/notify" > > proto="udp" prefork=1 > > > > as; > > notify cmd="notifyd" > > listen="/var/spool/postfix/var/run/cyrus/socket/notify" proto="udp" > > prefork=1 > I guess you won't need to change this line, as this is independent > from postfix. > > > Jun 10 00:36:30 lampserver postfix/smtpd[4955]: D21EA87820E: > > client=ti-out-0910.google.com[209.85.142.187] > > Jun 10 00:36:30 lampserver postfix/cleanup[4956]: D21EA87820E: > > > message-id= > > Jun 10 00:36:30 lampserver postfix/qmgr[4188]: D21EA87820E: > > from=, size=1842, nrcpt=1 (queue active) > > Jun 10 00:36:30 lampserver postfix/lmtp[4958]: D21EA87820E: > > to=, relay=none, delay=0, status=deferred > > (connect to /var/run/lmtp[/var/run/lmtp]: No such file or > directory) > As you see here, it tries to connect to the socket "/var/run/lmtp", > but the cyrus default was /var/run/cyrus/socket/lmtp, or the postfix > chroot equivalent. > > So EITHER you change the delivery socket in postfix (which I > currently > don't know how to do, as I use a different delivery approach on my > postfix server - and a different IMAP server ;) ), or you try either > /var/run/postfix/var/run/lmtp or /var/run/lmtp in the lmtpunix line > in > cyrus.conf > > I hope that helps :) > > Regards, > Jens Hi Jens, Perform another test according to your advice. But it still fails. Mail can't be delivered to the Server. $ tail /var/log/mail.log Jun 10 09:09:14 lampserver cyrus/ctl_cyrusdb[4896]: done checkpointing cyrus databases Jun 10 09:09:14 lampserver cyrus/master[4892]: process 4896 exited, status 0 Jun 10 09:10:16 lampserver postfix/master[4733]: terminating on signal 15 Jun 10 09:10:16 lampserver postfix/master[4978]: daemon started -- version 2.2.10, configuration /etc/postfix Jun 10 09:14:10 lampserver postfix/smtpd[4982]: connect from ti-out-0910.google.com[209.85.142.184] Jun 10 09:14:10 lampserver postfix/smtpd[4982]: 40275878215: client=ti-out-0910.google.com[209.85.142.184] Jun 10 09:14:10 lampserver postfix/cleanup[4987]: 40275878215: message-id= Jun 10 09:14:10 lampserver postfix/qmgr[4981]: 40275878215: from=, size=1842, nrcpt=1 (queue active) Jun 10 09:14:10 lampserver postfix/lmtp[4989]: 40275878215: to=, relay=none, delay=0, status=deferred (connect to /var/run/cyrus/socket/lmtp[/var/run/cyrus/socket/lmtp]: Permission denied) Jun 10 09:14:40 lampserver postfix/smtpd[4982]: disconnect from ti-out-0910.google.com[209.85.142.184] * end * However based on following complaint; Jun 10 09:14:10 lampserver postfix/lmtp[4989]: 40275878215: to=, relay=none, delay=0, status=deferred (connect to /var/run/cyrus/socket/lmtp[/var/run/cyrus/socket/lmtp]: Permission denied) I found following thread on googling; postfix+cyrus21 http://unixadmintalk.com/f11/postfix-cyrus21-89421/ According to their suggest I found follows; $ sudo ls -l /var/run/cyrus/socket total 0 srwxrwxrwx 1 root root 0 2008-06-10 06:55 lmtp srwxrwxrwx 1 root root 0 2008-06-10 09:09 notify $ sudo ls -ld /var/run/cyrus/socket drwxr-x--- 2 cyrus mail 80 2008-06-10 09:09 /var/run/cyrus/socket $ id postfix uid=107(postfix) gid=111(postfix) groups=111(postfix) $ sudo adduser postfix lmtp adduser: The group `lmtp' does not exist. What shall I do? Creating the group 'lmtp' ? If YES, what specific command I have to run not to jeopardize other settings. If still fails how to revert back to its original state? TIA B.R. Stephen L Send instant messages to your online friends http://uk.messenger.yahoo.com From list at joreybump.com Mon Jun 9 23:50:29 2008 From: list at joreybump.com (Jorey Bump) Date: Mon, 09 Jun 2008 23:50:29 -0400 Subject: Cyrus - can't create user mailbox In-Reply-To: <333792.40322.qm@web35207.mail.mud.yahoo.com> References: <333792.40322.qm@web35207.mail.mud.yahoo.com> Message-ID: <484DFA05.1010406@joreybump.com> Stephen Liu wrote, at 06/09/2008 09:55 PM: > Jun 10 09:14:10 lampserver postfix/lmtp[4989]: 40275878215: > to=, relay=none, delay=0, status=deferred > (connect to > /var/run/cyrus/socket/lmtp[/var/run/cyrus/socket/lmtp]: Permission > denied) > $ sudo ls -l /var/run/cyrus/socket > total 0 > srwxrwxrwx 1 root root 0 2008-06-10 06:55 lmtp > $ sudo ls -ld /var/run/cyrus/socket > drwxr-x--- 2 cyrus mail 80 2008-06-10 09:09 /var/run/cyrus/socket > $ id postfix > uid=107(postfix) gid=111(postfix) groups=111(postfix) Now just add the user postfix to the mail group. From Rudy.Gevaert at UGent.be Tue Jun 10 06:02:44 2008 From: Rudy.Gevaert at UGent.be (Rudy Gevaert) Date: Tue, 10 Jun 2008 12:02:44 +0200 Subject: seen db Message-ID: <484E5144.5030901@UGent.be> Hi, I'm seeing this in my logs mail5r/syncserver[19755]: seen_db: user nick^andries at ugent.be opened /mail/mail5r/var/imap/domain/u/ugent.be/user/n/nick^andries.seen mail5r/master[12683]: process 19755 exited, signaled to death by 11 mail5r/master[12683]: service syncserver pid 19755 in BUSY state: terminated abnormally Deleting the seen file on the replica, or reconstructing doesn't help. I need to delete the mailbox on the replica and resync it. It's only for certain users, so I don't think it has to do with my upgrade from sarge to etch. (I brought down my lun on sarge machine, and brought it up on the etch machine). I'm running 2.3.12p2 on sarge and etch. An other downside is that my replication hangs on that user. sync_client bails out, and restarts but with that user... So he keeps retrying. I would appreciate further help in debugging the problem. -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- Rudy Gevaert Rudy.Gevaert at UGent.be tel:+32 9 264 4734 Directie ICT, afd. Infrastructuur ICT Department, Infrastructure office Groep Systemen Systems group Universiteit Gent Ghent University Krijgslaan 281, gebouw S9, 9000 Gent, Belgie www.UGent.be -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- From satimis at yahoo.com Tue Jun 10 07:42:45 2008 From: satimis at yahoo.com (Stephen Liu) Date: Tue, 10 Jun 2008 19:42:45 +0800 (CST) Subject: Cyrus - can't create user mailbox In-Reply-To: <484DFA05.1010406@joreybump.com> Message-ID: <140289.67516.qm@web35202.mail.mud.yahoo.com> --- Jorey Bump wrote: > Stephen Liu wrote, at 06/09/2008 09:55 PM: > > > Jun 10 09:14:10 lampserver postfix/lmtp[4989]: 40275878215: > > to=, relay=none, delay=0, status=deferred > > (connect to > > /var/run/cyrus/socket/lmtp[/var/run/cyrus/socket/lmtp]: Permission > > denied) > > > $ sudo ls -l /var/run/cyrus/socket > > total 0 > > srwxrwxrwx 1 root root 0 2008-06-10 06:55 lmtp > > > $ sudo ls -ld /var/run/cyrus/socket > > drwxr-x--- 2 cyrus mail 80 2008-06-10 09:09 /var/run/cyrus/socket > > > $ id postfix > > uid=107(postfix) gid=111(postfix) groups=111(postfix) > > Now just add the user postfix to the mail group. Hi Jorey, Sorry I'm not very clear. Whether follow the guy's suggestion running; $ sudo adduser postfix lmtp ??? Thanks On http://unixadmintalk.com/f11/postfix-cyrus21-89421/ His output is; $ id postfix uid=101(postfix) gid=103(postfix) groups=103(postfix),45(sasl),1001(lmtp) The output here is; $ id postfix uid=107(postfix) gid=111(postfix) groups=111(postfix) How about sasl? B.R. Stephen Send instant messages to your online friends http://uk.messenger.yahoo.com From list at joreybump.com Tue Jun 10 08:30:12 2008 From: list at joreybump.com (Jorey Bump) Date: Tue, 10 Jun 2008 08:30:12 -0400 Subject: Cyrus - can't create user mailbox In-Reply-To: <140289.67516.qm@web35202.mail.mud.yahoo.com> References: <140289.67516.qm@web35202.mail.mud.yahoo.com> Message-ID: <484E73D4.6080406@joreybump.com> Stephen Liu wrote, at 06/10/2008 07:42 AM: > --- Jorey Bump wrote: > >> Stephen Liu wrote, at 06/09/2008 09:55 PM: >> >>> Jun 10 09:14:10 lampserver postfix/lmtp[4989]: 40275878215: >>> to=, relay=none, delay=0, status=deferred >>> (connect to >>> /var/run/cyrus/socket/lmtp[/var/run/cyrus/socket/lmtp]: Permission >>> denied) Postfix can't access your socket. >>> $ sudo ls -l /var/run/cyrus/socket >>> total 0 >>> srwxrwxrwx 1 root root 0 2008-06-10 06:55 lmtp >>> $ sudo ls -ld /var/run/cyrus/socket >>> drwxr-x--- 2 cyrus mail 80 2008-06-10 09:09 /var/run/cyrus/socket Only the cyrus user and members of the mail group can access your socket. >>> $ id postfix >>> uid=107(postfix) gid=111(postfix) groups=111(postfix) >> Now just add the user postfix to the mail group. Currently, the postfix user only belongs to the postfix group. Users can belong to multiple groups. Add the postfix user to the mail group, so it can access your socket. > Sorry I'm not very clear. Whether follow the guy's suggestion running; > > $ sudo adduser postfix lmtp > > ??? Thanks I see no lmtp group in your configuration, so I don't expect this to have any effect. > On > http://unixadmintalk.com/f11/postfix-cyrus21-89421/ Don't blindly follow howtos without understanding the underlying concepts. > His output is; > > $ id postfix > uid=101(postfix) gid=103(postfix) > groups=103(postfix),45(sasl),1001(lmtp) He is apparently creating specialized groups that presumably have differing needs, which is fine, but you don't need to add this complexity at this stage. You can revisit this once you have a working solution and understand the reasoning behind it, but I wouldn't bother unless your platform imposes this on you. > The output here is; > $ id postfix > uid=107(postfix) gid=111(postfix) groups=111(postfix) Yes. Now add the postfix user to the mail group, and the permissions error should disappear. > How about sasl? Concentrate on fixing one error at a time. I don't use a special sasl group on my system. You might not need one, either. From brong at fastmail.fm Tue Jun 10 09:07:19 2008 From: brong at fastmail.fm (Bron Gondwana) Date: Tue, 10 Jun 2008 23:07:19 +1000 Subject: seen db In-Reply-To: <484E5144.5030901@UGent.be> References: <484E5144.5030901@UGent.be> Message-ID: <20080610130719.GB18259@brong.net> On Tue, Jun 10, 2008 at 12:02:44PM +0200, Rudy Gevaert wrote: > Hi, > > I'm seeing this in my logs > > mail5r/syncserver[19755]: seen_db: user nick^andries at ugent.be opened > /mail/mail5r/var/imap/domain/u/ugent.be/user/n/nick^andries.seen > mail5r/master[12683]: process 19755 exited, signaled to death by 11 > mail5r/master[12683]: service syncserver pid 19755 in BUSY state: > terminated abnormally > > Deleting the seen file on the replica, or reconstructing doesn't help. > I need to delete the mailbox on the replica and resync it. > > It's only for certain users, so I don't think it has to do with my > upgrade from sarge to etch. (I brought down my lun on sarge machine, > and brought it up on the etch machine). I'm running 2.3.12p2 on sarge > and etch. > > An other downside is that my replication hangs on that user. > sync_client bails out, and restarts but with that user... So he keeps > retrying. > > I would appreciate further help in debugging the problem. Are you running a 64 bit kernel? (just wondering - we have hit pretty much the same issue - and were wondering about dodgy kernel issues being a proble - it's only one machine that seems to have corrupted seen files, only on replicas) We've been running 2.3.12 for about a week, and it's only last night that we had anything funny show up at all. Interestingly, it's probably the first time cyr_expire ran on 2.3.12 just before that - and also the first time our check-replication script was running, which loads a lot of seen files on BOTH ends. Bron. From satimis at yahoo.com Tue Jun 10 09:21:09 2008 From: satimis at yahoo.com (Stephen Liu) Date: Tue, 10 Jun 2008 21:21:09 +0800 (CST) Subject: Cyrus - can't create user mailbox In-Reply-To: <484E73D4.6080406@joreybump.com> Message-ID: <640164.38924.qm@web35205.mail.mud.yahoo.com> Hi Jorey, - snip - > > The output here is; > > $ id postfix > > uid=107(postfix) gid=111(postfix) groups=111(postfix) > > Yes. Now add the postfix user to the mail group, and the permissions > error should disappear. I'm prepared to run; $ sudo groupadd mail -g 1001 $ useradd postfix -u 1001 -g 1001 Shall I use number 1001? OR another number? However on /etc/group I found following entries; mail:x:8:dovecot dovecot:x:113: I don't have dovecot-* running. Shall I remove them manually? Thanks Other advice noted with thanks B.R. Stephen Send instant messages to your online friends http://uk.messenger.yahoo.com From Rudy.Gevaert at UGent.be Tue Jun 10 09:29:01 2008 From: Rudy.Gevaert at UGent.be (Rudy Gevaert) Date: Tue, 10 Jun 2008 15:29:01 +0200 Subject: seen db In-Reply-To: <20080610130719.GB18259@brong.net> References: <484E5144.5030901@UGent.be> <20080610130719.GB18259@brong.net> Message-ID: <484E819D.2040208@UGent.be> Bron Gondwana wrote: > Are you running a 64 bit kernel? Yes, but the system is 32bit (I run 64bit kernel + 32 emulation support) > (just wondering - we have hit pretty much the same issue - and were > wondering about dodgy kernel issues being a proble - it's only one > machine that seems to have corrupted seen files, only on replicas) > We've been running 2.3.12 for about a week, and it's only last night > that we had anything funny show up at all. > > Interestingly, it's probably the first time cyr_expire ran on 2.3.12 > just before that - and also the first time our check-replication > script was running, which loads a lot of seen files on BOTH ends. Here cyr_expire has been running on 2.3.12 for a couple of weeks. But here the first time too with the 64bit kernel. I can try with a 32bit kernel tomorrow. In attachment a strace to show where it segfaults Rudy -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- Rudy Gevaert Rudy.Gevaert at UGent.be tel:+32 9 264 4734 Directie ICT, afd. Infrastructuur Direction ICT, Infrastructure dept. Groep Systemen Systems group Universiteit Gent Ghent University Krijgslaan 281, gebouw S9, 9000 Gent, Belgie www.UGent.be -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: cyrus Url: http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20080610/5a558c29/attachment-0001.ksh From brong at fastmail.fm Tue Jun 10 09:42:08 2008 From: brong at fastmail.fm (Bron Gondwana) Date: Tue, 10 Jun 2008 23:42:08 +1000 Subject: seen db In-Reply-To: <484E819D.2040208@UGent.be> References: <484E5144.5030901@UGent.be> <20080610130719.GB18259@brong.net> <484E819D.2040208@UGent.be> Message-ID: <1213105328.27592.1257699873@webmail.messagingengine.com> On Tue, 10 Jun 2008 15:29:01 +0200, "Rudy Gevaert" said: > Bron Gondwana wrote: > > > Are you running a 64 bit kernel? > > Yes, but the system is 32bit (I run 64bit kernel + 32 emulation support) Interesting, so do we (on etch as well) > > (just wondering - we have hit pretty much the same issue - and were > > wondering about dodgy kernel issues being a proble - it's only one > > machine that seems to have corrupted seen files, only on replicas) > > > > We've been running 2.3.12 for about a week, and it's only last night > > that we had anything funny show up at all. > > > > Interestingly, it's probably the first time cyr_expire ran on 2.3.12 > > just before that - and also the first time our check-replication > > script was running, which loads a lot of seen files on BOTH ends. > > Here cyr_expire has been running on 2.3.12 for a couple of weeks. But > here the first time too with the 64bit kernel. There you go. We've had the 64bit kernel approximately forever, but only just upgraded from 2.6.20 series to 2.6.25. > I can try with a 32bit kernel tomorrow. > > In attachment a strace to show where it segfaults Almost certainly boring, since it's file corruption. The file itself would be significantly more interesting. My guess - you'll be finding little blocks of (small n)*4 bytes which happen to be NULL. It's when they intersect with the pointers table that things get interesting. Oh - can you tell me. Did the file checkpoint sometime not too long before it got corrupted? I've got a small set of theories, but I'm reading the skiplist source code (again!) to see if they make sense... Bron. -- Bron Gondwana brong at fastmail.fm From list at joreybump.com Tue Jun 10 11:53:29 2008 From: list at joreybump.com (Jorey Bump) Date: Tue, 10 Jun 2008 11:53:29 -0400 Subject: Cyrus - can't create user mailbox In-Reply-To: <640164.38924.qm@web35205.mail.mud.yahoo.com> References: <640164.38924.qm@web35205.mail.mud.yahoo.com> Message-ID: <484EA379.9010804@joreybump.com> Stephen Liu wrote, at 06/10/2008 09:21 AM: >>> The output here is; >>> $ id postfix >>> uid=107(postfix) gid=111(postfix) groups=111(postfix) >> Yes. Now add the postfix user to the mail group, and the permissions >> error should disappear. > > I'm prepared to run; > > $ sudo groupadd mail -g 1001 I didn't say add the mail group. > $ useradd postfix -u 1001 -g 1001 I didn't say add the postfix user. > Shall I use number 1001? OR another number? Don't. Stop guessing. > However on /etc/group I found following entries; > > mail:x:8:dovecot See, you already have a mail group. Leave it. > dovecot:x:113: And you seem to have dovecot installed, which shouldn't be a problem if you're not using it. > I don't have dovecot-* running. Shall I remove them manually? Thanks No, you should avoid manually removing applications on systems like Debian. Use the package manager to remove it. There's also a chance that Debian has some utilities for managing your mail system that you may want to look into. Personally, I don't like Debian's wizards, tools, or over-reaching modifications, so I don't use it. But if you like the system they offer, it can be easy to maintain. All you need to do is add the (existing) postfix user to the (existing) mail group. This can be as easy as editing /etc/groups, using the more secure vigr command, or any other number of ways your system provides. You should also be aware of your platform's documentation, especially if it's going to back you into certain corners. In any case, refer to it to learn about permissions, ownership, and how to add a user to a group. Then simply add postfix to the mail group and report back any new errors or success. From aspineux at gmail.com Tue Jun 10 12:42:37 2008 From: aspineux at gmail.com (Alain Spineux) Date: Tue, 10 Jun 2008 18:42:37 +0200 Subject: Cyrus - can't create user mailbox In-Reply-To: <640164.38924.qm@web35205.mail.mud.yahoo.com> References: <484E73D4.6080406@joreybump.com> <640164.38924.qm@web35205.mail.mud.yahoo.com> Message-ID: <71fe4e760806100942j58dac7e9j8dbc5d8d8e9efbef@mail.gmail.com> On Tue, Jun 10, 2008 at 3:21 PM, Stephen Liu wrote: > Hi Jorey, > > > - snip - > > >> > The output here is; >> > $ id postfix >> > uid=107(postfix) gid=111(postfix) groups=111(postfix) >> >> Yes. Now add the postfix user to the mail group, and the permissions >> error should disappear. > > > I'm prepared to run; > > $ sudo groupadd mail -g 1001 > $ useradd postfix -u 1001 -g 1001 > > Shall I use number 1001? OR another number? > > > However on /etc/group I found following entries; > > mail:x:8:dovecot > dovecot:x:113: if you can edit /etc/group, change mail group like that mail:x:8:dovecot,postfix and restart postfix private joke: I dont understand why all ubuntu and debian users use always the same prompt : "$ sudo " :-) > > > I don't have dovecot-* running. Shall I remove them manually? Thanks > > > Other advice noted with thanks > > > > B.R. > Stephen > > Send instant messages to your online friends http://uk.messenger.yahoo.com > ---- > Cyrus Home Page: http://cyrusimap.web.cmu.edu/ > Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html > -- Alain Spineux aspineux gmail com May the sources be with you From marcelohca at gmail.com Tue Jun 10 15:38:10 2008 From: marcelohca at gmail.com (Marcelo Henrique Cabral Ariza) Date: Tue, 10 Jun 2008 16:38:10 -0300 Subject: Virtdomains + per-domain-quota Message-ID: <484ED822.6060302@gmail.com> Hello everybody! I work in an ISP, and i have a mail server with +-700 domains. I just building a Postfix+cyrus+ldap+dspam system for this domains and need a help whith domain quota. Someone can help me? Thanks Marcelo Londrina - Parana - Brazil From satimis at yahoo.com Tue Jun 10 21:06:35 2008 From: satimis at yahoo.com (Stephen Liu) Date: Wed, 11 Jun 2008 09:06:35 +0800 (CST) Subject: Cyrus - can't create user mailbox - SOLVED In-Reply-To: <71fe4e760806100942j58dac7e9j8dbc5d8d8e9efbef@mail.gmail.com> Message-ID: <363072.93117.qm@web35208.mail.mud.yahoo.com> Hi Alain, Problem solved. Mail arrives. - snip - > > However on /etc/group I found following entries; > > > > mail:x:8:dovecot > > dovecot:x:113: > > if you can edit /etc/group, change mail group like that > > mail:x:8:dovecot,postfix > > and restart postfix Edit /etc/group and restart postfix $ sudo nano /etc/cyrus.conf changing back; lmtpunix cmd="lmtpd" listen="/var/spool/postfix/var/run/cyrus/socket/lmtp" prefork=0 maxchild=20 as; lmtpunix cmd="lmtpd" listen="/var/run/cyrus/socket/lmtp" prefork=0 maxchild=20 This above step is necessary otherwise mail won't arrive. $ sudo /etc/init.d/cyrus2.2 restart Stopping Cyrus IMAPd: cyrmaster. Waiting for complete shutdown... Starting Cyrus IMAPd: cyrmaster. Send satimiscyrus a mail on GMail. Mail arrives NOW. $ tail /var/log/mail.log Jun 11 08:30:29 lampserver cyrus/lmtpunix[4627]: executed Jun 11 08:30:29 lampserver cyrus/lmtpunix[4627]: accepted connection Jun 11 08:30:29 lampserver cyrus/lmtpunix[4627]: lmtp connection preauth'd as postman Jun 11 08:30:29 lampserver cyrus/lmtpunix[4627]: IOERROR: fstating sieve script /var/spool/sieve/s/satimiscyrus/defaultbc: No such file or directory Jun 11 08:30:29 lampserver cyrus/lmtpunix[4627]: duplicate_check: user.satimiscyrus 0 Jun 11 08:30:29 lampserver cyrus/lmtpunix[4627]: mystore: starting txn 2147483652 Jun 11 08:30:29 lampserver cyrus/lmtpunix[4627]: mystore: committing txn 2147483652 Jun 11 08:30:29 lampserver cyrus/lmtpunix[4627]: duplicate_mark: user.satimiscyrus 1213144229 1 Jun 11 08:30:29 lampserver postfix/lmtp[4626]: 0208587821B: to=, relay=/var/run/cyrus/socket/lmtp[/var/run/cyrus/socket/lmtp], delay=1, status=sent (250 2.1.5 Ok) Jun 11 08:30:29 lampserver postfix/qmgr[4501]: 0208587821B: removed * end * $ sudo ls -la /var/spool/cyrus/mail/s/user/satimiscyrus total 24 drwx------ 2 cyrus mail 4096 2008-06-11 08:30 . drwx------ 3 cyrus mail 4096 2008-06-09 16:35 .. -rw------- 1 cyrus mail 2054 2008-06-11 08:30 1. -rw------- 1 cyrus mail 1760 2008-06-11 08:30 cyrus.cache -rw------- 1 cyrus mail 158 2008-06-09 16:35 cyrus.header -rw------- 1 cyrus mail 136 2008-06-11 08:30 cyrus.index * end * $ sudo nano /var/spool/cyrus/mail/s/user/satimiscyrus/1. read the mail. Why the arriving mail is numbered as '1.'? I'll revert the change on chroot to the original state later to see whether it has effect. Athentication problem still remains intact. $ imtest -m login -p imap -u satimiscyrus localhost S: * OK lampserver Cyrus IMAP4 v2.2.12-Debian-2.2.12-4ubuntu1 server ready C: C01 CAPABILITY S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE S: C01 OK Completed Please enter your password: C: L01 LOGIN satimis {12} S: + go ahead C: S: L01 NO Login failed: generic failure Authentication failed. generic failure Security strength factor: 0 C: Q01 LOGOUT Connection closed. * end * I'll continue to solve this problem on another thread. > private joke: I dont understand why all ubuntu and debian users use > always the same prompt : "$ sudo " :-) It is Debian/Ubuntu way. They use sudoer instead of "su" changing to root. Previously I met another joke. Folks on Internet seeing my postings asked me why not following Debian/Ubutu way of operation while working on them. B.R. Stephen Send instant messages to your online friends http://uk.messenger.yahoo.com From dimma at higis.ru Wed Jun 11 00:49:18 2008 From: dimma at higis.ru (Dmitriy Kirhlarov) Date: Wed, 11 Jun 2008 08:49:18 +0400 Subject: Virtdomains + per-domain-quota In-Reply-To: <484ED822.6060302@gmail.com> References: <484ED822.6060302@gmail.com> Message-ID: <484F594E.9060904@higis.ru> Marcelo Henrique Cabral Ariza wrote: > Hello everybody! > > I work in an ISP, and i have a mail server with +-700 domains. I just > building a Postfix+cyrus+ldap+dspam system for this domains and need a > help whith domain quota. Someone can help me? you can create partition per domain and use quota per partition. WBR Dmitriy From Rudy.Gevaert at UGent.be Wed Jun 11 04:52:31 2008 From: Rudy.Gevaert at UGent.be (Rudy Gevaert) Date: Wed, 11 Jun 2008 10:52:31 +0200 Subject: seen db In-Reply-To: <1213105328.27592.1257699873@webmail.messagingengine.com> References: <484E5144.5030901@UGent.be> <20080610130719.GB18259@brong.net> <484E819D.2040208@UGent.be> <1213105328.27592.1257699873@webmail.messagingengine.com> Message-ID: <484F924F.2000609@UGent.be> Bron Gondwana wrote: > On Tue, 10 Jun 2008 15:29:01 +0200, "Rudy Gevaert" said: >> Bron Gondwana wrote: >> >>> Are you running a 64 bit kernel? >> Yes, but the system is 32bit (I run 64bit kernel + 32 emulation support) > > Interesting, so do we (on etch as well) > >>> (just wondering - we have hit pretty much the same issue - and were >>> wondering about dodgy kernel issues being a proble - it's only one >>> machine that seems to have corrupted seen files, only on replicas) >> >>> We've been running 2.3.12 for about a week, and it's only last night >>> that we had anything funny show up at all. >>> >>> Interestingly, it's probably the first time cyr_expire ran on 2.3.12 >>> just before that - and also the first time our check-replication >>> script was running, which loads a lot of seen files on BOTH ends. >> Here cyr_expire has been running on 2.3.12 for a couple of weeks. But >> here the first time too with the 64bit kernel. > > There you go. We've had the 64bit kernel approximately forever, but only > just upgraded from 2.6.20 series to 2.6.25. > >> I can try with a 32bit kernel tomorrow. Unfortunate with the 32bit kernel 2.6.24-2 it sync_server still segfaults. >> In attachment a strace to show where it segfaults > > Almost certainly boring, since it's file corruption. The file itself would > be significantly more interesting. My guess - you'll be finding little blocks > of (small n)*4 bytes which happen to be NULL. It's when they intersect with > the pointers table that things get interesting. > Oh - can you tell me. Did the file checkpoint sometime not too long before it > got corrupted? The cases I saw it did. > I've got a small set of theories, but I'm reading the skiplist source code > (again!) to see if they make sense... > > Bron. I'm also wondering if what would happen if I brought up a master. Surely the imap processes would also segfault. Right? Here I can delete the mailbox on the replica and sync again. As a reconstruct doesn't help. -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- Rudy Gevaert Rudy.Gevaert at UGent.be tel:+32 9 264 4734 Directie ICT, afd. Infrastructuur ICT Department, Infrastructure office Groep Systemen Systems group Universiteit Gent Ghent University Krijgslaan 281, gebouw S9, 9000 Gent, Belgie www.UGent.be -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- From brong at fastmail.fm Wed Jun 11 07:40:35 2008 From: brong at fastmail.fm (Bron Gondwana) Date: Wed, 11 Jun 2008 21:40:35 +1000 Subject: seen db In-Reply-To: <484F924F.2000609@UGent.be> References: <484E5144.5030901@UGent.be> <20080610130719.GB18259@brong.net> <484E819D.2040208@UGent.be> <1213105328.27592.1257699873@webmail.messagingengine.com> <484F924F.2000609@UGent.be> Message-ID: <20080611114035.GA1105@brong.net> On Wed, Jun 11, 2008 at 10:52:31AM +0200, Rudy Gevaert wrote: > Bron Gondwana wrote: >> There you go. We've had the 64bit kernel approximately forever, but only >> just upgraded from 2.6.20 series to 2.6.25. >> >>> I can try with a 32bit kernel tomorrow. > > Unfortunate with the 32bit kernel 2.6.24-2 it sync_server still segfaults. Try a 2.6.20 kernel, just for an interesting datapoint. We changed back to 2.6.20 (64 bit still) and haven't seen a corrupted seen file since. >> Oh - can you tell me. Did the file checkpoint sometime not too long before it >> got corrupted? > > The cases I saw it did. Ditto here. Interesting. They also had quite long records, but I don't know how common that is. Lots of little bits of seen spread around the space. >> I've got a small set of theories, but I'm reading the skiplist source code >> (again!) to see if they make sense... >> >> Bron. > > I'm also wondering if what would happen if I brought up a master. Surely > the imap processes would also segfault. Right? If it was on those corrupted files, yes. On that machine - quite probably. If you can afford the hardware it may be worth testing. (hmm, I can possibly dedicate a 64 bit capable machine to testing this. If it's a kernel bug I'd love to reproduce it) > Here I can delete the mailbox on the replica and sync again. As a > reconstruct doesn't help. We find reconstructing helps now - but that's with the 2.6.20 kernel. There were multiple things going wrong before. We originally suspected the external drive unit was playing up, but I'm thinking kernel now. Bron. From Rudy.Gevaert at UGent.be Wed Jun 11 09:07:02 2008 From: Rudy.Gevaert at UGent.be (Rudy Gevaert) Date: Wed, 11 Jun 2008 15:07:02 +0200 Subject: seen db In-Reply-To: <20080611114035.GA1105@brong.net> References: <484E5144.5030901@UGent.be> <20080610130719.GB18259@brong.net> <484E819D.2040208@UGent.be> <1213105328.27592.1257699873@webmail.messagingengine.com> <484F924F.2000609@UGent.be> <20080611114035.GA1105@brong.net> Message-ID: <484FCDF6.7040101@UGent.be> Bron Gondwana wrote: > Try a 2.6.20 kernel, just for an interesting datapoint. We changed > back to 2.6.20 (64 bit still) and haven't seen a corrupted seen file > since. I hope to try that still today. I'm now running on 2.6.24-2, 32bit. I have cleaned up the users that were having a corrupted mailbox on replica. Surprisingly I can count them on both hands. So now I'm again running with rolling replication and I'm doing a sync_client session for each user. When that is finnished I'll try to downgrade the kernel. Btw, I tested my sarge-> etch upgrade in a xen virtual machine, 64bit kernel + 32 bit userspace. But this was 2.6.18. I'm still wondering if I should run 2.6.20 in 32bit or 64bit... >>> Oh - can you tell me. Did the file checkpoint sometime not too long before it >>> got corrupted? >> The cases I saw it did. > > Ditto here. Interesting. They also had quite long records, but > I don't know how common that is. Lots of little bits of seen > spread around the space. I'm not sure how I would see that? I'm not familiar with the internals of skiplist. >>> I've got a small set of theories, but I'm reading the skiplist source code >>> (again!) to see if they make sense... >>> >>> Bron. >> I'm also wondering if what would happen if I brought up a master. Surely >> the imap processes would also segfault. Right? > > If it was on those corrupted files, yes. On that machine - quite > probably. If you can afford the hardware it may be worth testing. > > (hmm, I can possibly dedicate a 64 bit capable machine to testing > this. If it's a kernel bug I'd love to reproduce it) > >> Here I can delete the mailbox on the replica and sync again. As a >> reconstruct doesn't help. > > We find reconstructing helps now - but that's with the 2.6.20 > kernel. There were multiple things going wrong before. We > originally suspected the external drive unit was playing up, > but I'm thinking kernel now. Thanks very much for you input! -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- Rudy Gevaert Rudy.Gevaert at UGent.be tel:+32 9 264 4734 Directie ICT, afd. Infrastructuur ICT Department, Infrastructure office Groep Systemen Systems group Universiteit Gent Ghent University Krijgslaan 281, gebouw S9, 9000 Gent, Belgie www.UGent.be -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- From brong at fastmail.fm Wed Jun 11 10:43:57 2008 From: brong at fastmail.fm (Bron Gondwana) Date: Thu, 12 Jun 2008 00:43:57 +1000 Subject: seen db In-Reply-To: <484FCDF6.7040101@UGent.be> References: <484E5144.5030901@UGent.be> <20080610130719.GB18259@brong.net> <484E819D.2040208@UGent.be> <1213105328.27592.1257699873@webmail.messagingengine.com> <484F924F.2000609@UGent.be> <20080611114035.GA1105@brong.net> <484FCDF6.7040101@UGent.be> Message-ID: <1213195437.12631.1257914125@webmail.messagingengine.com> On Wed, 11 Jun 2008 15:07:02 +0200, "Rudy Gevaert" said: > Bron Gondwana wrote: > > > Try a 2.6.20 kernel, just for an interesting datapoint. We changed > > back to 2.6.20 (64 bit still) and haven't seen a corrupted seen file > > since. > > I hope to try that still today. > > I'm now running on 2.6.24-2, 32bit. I have cleaned up the users that > were having a corrupted mailbox on replica. Surprisingly I can count > them on both hands. > > So now I'm again running with rolling replication and I'm doing a > sync_client session for each user. When that is finnished I'll try to > downgrade the kernel. > > Btw, I tested my sarge-> etch upgrade in a xen virtual machine, 64bit > kernel + 32 bit userspace. But this was 2.6.18. > > I'm still wondering if I should run 2.6.20 in 32bit or 64bit... It's been fine for us as 64bit for a while now. Though note - 64bit will allow lots more process space, which allows broken cache files to REALLY SCREW WITH YOU. Bah. We have 4Gb core dumps being written into our cores directory - and let me tell you, while something is dumping core it uses some trick which totally nukes all other IO on the same device. It gets ioniced up there really happy. Ouch. The cause - mailbox_cache_size hits a bogus "length" field and returns like 1.7Gb as the size of the record. This then causes an xrealloc to "size * 2", or 3.4Gb. At least in the case of one mailbox that's been causing us fun. In a second I'll gdb that awfully large core and figure out which mailbox is the culprit. One reconstruct later.... > >>> Oh - can you tell me. Did the file checkpoint sometime not too long before it > >>> got corrupted? > >> The cases I saw it did. > > > > Ditto here. Interesting. They also had quite long records, but > > I don't know how common that is. Lots of little bits of seen > > spread around the space. > > I'm not sure how I would see that? I'm not familiar with the internals > of skiplist. I find they show up pretty well as ^@^@^@^@^@^@ in less. The skiplist format doesn't have many all zero blocks otherwise. Lots of other special characters show up for binary bits. Sadly, I can pretty much read a hexdump of a skiplist. Sad because that's a lot of braincells that could be doing something useful like absorbing alcohol. I've written a little patch for the mailbox_cache_size issue that returns 0 if the result ever looks like it's going negative or more than 100 million bytes. Then sync_support is patched to treat a zero cache size as "say we failed to reserve this message". It will do for now... Bron ( also found a theoretical bug in the skiplist code and patched it today, but I might fix the whole function before I submit it upstream. I say theoretical because I don't see that the codepath gets exercised unless you already have a corrupt file, so meh ) -- Bron Gondwana brong at fastmail.fm From cyrus at sylconia.nl Thu Jun 12 10:43:12 2008 From: cyrus at sylconia.nl (cyrus @ Sylconia) Date: Thu, 12 Jun 2008 16:43:12 +0200 Subject: murder authentication frontend -> backend problem Message-ID: <48513600.1030901@sylconia.nl> Hello, currently i am setting up a loadbalanced frontend -> backend cyrus imap solution (murder). Currently we are running 2 frontends (1 mupdate master on frontend) en 1 backend server. software Cyrus POP3 Murder v2.2.12-Invoca-RPM-2.2.12-8.1.RHEL4 on Centos 4.4 backend imapd.conf: configdirectory: /var/lib/imap partition-default: /var/spool/imap admins: cyrus sievedir: /var/lib/imap/sieve sendmail: /usr/sbin/sendmail hashimapspool: true sasl_pwcheck_method: saslauthd sasl_mech_list: PLAIN allowplaintext: yes virtdomains: userid defaultdomain: localhost.localdomain unixhierarchysep: yes allowusermoves: yes tls_cert_file: /usr/share/ssl/certs/cyrus-imapd.pem tls_key_file: /usr/share/ssl/certs/cyrus-imapd.pem tls_ca_file: /usr/share/ssl/certs/ca-bundle.crt tls_require_cert: 0 mupdate_server: server01 mupdate_port: 3905 mupdate_authname: cyrus mupdate_username: cyrus mupdate_password: cyrus proxyservers: murder frontend imapd.conf: configdirectory: /var/lib/imap partition-default: /var/spool/imap admins: cyrus sasl_pwcheck_method: saslauthd sasl_mech_list: PLAIN sasl_minimum_layer: 0 allowplaintext: yes virtdomains: userid defaultdomain: localhost.localdomain unixhierarchysep: yes allowusermoves: yes tls_cert_file: /usr/share/ssl/certs/cyrus-imapd.pem tls_key_file: /usr/share/ssl/certs/cyrus-imapd.pem tls_ca_file: /usr/share/ssl/certs/ca-bundle.crt mupdate_server: server01 mupdate_port: 3905 mupdate_authname: cyrus mupdate_username: cyrus mupdate_password: cyrus # How to get to backends server05_sylconia_nl_authname: murder server05_sylconia_nl_password: murder proxy_authname: murder I am using LDAP to authenticate users which is working fine. When i login with Thunderbird for example to the backend their is nog problem but when i try to login via the frontend. I receive the following error Jun 12 16:31:46 server02 imap[7181]: login: [192.168.1.100] email at domain.nl plaintext Jun 12 16:31:46 server02 imap[7181]: Doing a peer verify Jun 12 16:31:46 server02 imap[7181]: verify error:num=18:self signed certificate Jun 12 16:31:46 server02 imap[7181]: received server certificate Jun 12 16:31:46 server02 imap[7181]: starttls: TLSv1 with cipher AES256-SHA (256/256 bits new) no authentication Jun 12 16:31:46 server02 imap[7181]: couldn't authenticate to backend server: no mechanism available any suggestions or tips? Regards Constan From morgan at orst.edu Thu Jun 12 12:51:40 2008 From: morgan at orst.edu (Andrew Morgan) Date: Thu, 12 Jun 2008 09:51:40 -0700 (PDT) Subject: murder authentication frontend -> backend problem In-Reply-To: <48513600.1030901@sylconia.nl> References: <48513600.1030901@sylconia.nl> Message-ID: On Thu, 12 Jun 2008, cyrus @ Sylconia wrote: > Hello, > > currently i am setting up a loadbalanced frontend -> backend cyrus imap > solution (murder). > Currently we are running 2 frontends (1 mupdate master on frontend) en 1 > backend server. > > software Cyrus POP3 Murder v2.2.12-Invoca-RPM-2.2.12-8.1.RHEL4 on > Centos 4.4 > > backend imapd.conf: > admins: cyrus > sasl_pwcheck_method: saslauthd > sasl_mech_list: PLAIN > allowplaintext: yes > virtdomains: userid > defaultdomain: localhost.localdomain > mupdate_server: server01 > mupdate_port: 3905 > mupdate_authname: cyrus > mupdate_username: cyrus > mupdate_password: cyrus > proxyservers: murder Try adding "murder" to your admins: parameter. You may also need to use the lmtp_admins: parameter to get mail delivery between the frontend and backend working. Andy From cyrus at sylconia.nl Fri Jun 13 03:27:43 2008 From: cyrus at sylconia.nl (cyrus @ Sylconia) Date: Fri, 13 Jun 2008 09:27:43 +0200 Subject: murder authentication frontend -> backend problem Message-ID: <4852216F.3020603@sylconia.nl> hello Andrew, thanks again, both frontend and backend have the following modules pwd /usr/lib/sasl2 libanonymous.la libdigestmd5.so.2 libplain.la libanonymous.so libdigestmd5.so.2.0.19 libplain.so libanonymous.so.2 libgssapiv2.la libplain.so.2 libanonymous.so.2.0.19 libgssapiv2.so libplain.so.2.0.19 libcrammd5.la libgssapiv2.so.2 libsasldb.la libcrammd5.so libgssapiv2.so.2.0.19 libsasldb.so libcrammd5.so.2 liblogin.la libsasldb.so.2 libcrammd5.so.2.0.19 liblogin.so libsasldb.so.2.0.19 libdigestmd5.la liblogin.so.2 Sendmail.conf libdigestmd5.so liblogin.so.2.0.19 I tried adding more mechanics at sasl_mech_list: in imapd.conf on the backend with no changed results. Regards Constan Andrew Morgan schreef: > On Thu, 12 Jun 2008, Cyrus @ Sylconia wrote: > >> Hello Andrew, >> >> thanks for your suggestion unfortunatly still the same error message >> >> Jun 12 19:04:40 server02 imap[10514]: login: [192.168.1.101] email at domain.nl plaintext >> Jun 12 19:04:41 server02 imap[10514]: Doing a peer verify >> Jun 12 19:04:41 server02 imap[10514]: verify error:num=18:self signed certificate >> Jun 12 19:04:41 server02 imap[10514]: received server certificate >> Jun 12 19:04:41 server02 imap[10514]: starttls: TLSv1 with cipher AES256-SHA (256/256 bits new) no authentication >> Jun 12 19:04:41 server02 imap[10514]: couldn't authenticate to backend server: no mechanism available > > Argh, this seems familiar but I can't remember the details... > > I'm running Cyrus on Debian, so I don't know if you have similar packages on Redhat. Do you have a package named libsasl2-modules? On Debian, this contains files stored in /usr/lib/sasl2/ that provide various mechanisms, including libplain.so. > > Hopefully I'm steering you in the right direction at least! > > Andy From simon.matter at invoca.ch Fri Jun 13 06:58:17 2008 From: simon.matter at invoca.ch (Simon Matter) Date: Fri, 13 Jun 2008 12:58:17 +0200 (CEST) Subject: bug in the proxy module ... In-Reply-To: References: Message-ID: <3d52bf02f18c42e7570dbb0d9eec081d.squirrel@webmail.bi.corp.invoca.ch> > Hi, > > I am using cyrus 2.3.11 in a murder setup... from time to time have got an > hang from the pop3 proxyd ... > > I nail it donw to the following portion of code : > in imap/proxy.c near line 266 : > > if (pout) { > const char *err; > char buf[4096]; > int c; > > do { > c = prot_read(pin, buf, sizeof(buf)); > > if (c == 0 || c < 0) break; > prot_write(pout, buf, c); > } while (c == sizeof(buf)); > > if ((err = prot_error(pin)) != NULL) { > > from time to time, the prot_read return exactly 4096 bytes, but it's the > end of the message... > so backend seat and wait for next command, and proxy seat and wait for the > next buffer ... > forever ! > > for me it's seems that the condition " c == sizeof(buf)" is not enough in > that case. > Did anybody look at this in the mean time? Simon From wes at umich.edu Fri Jun 13 10:02:57 2008 From: wes at umich.edu (Wesley Craig) Date: Fri, 13 Jun 2008 10:02:57 -0400 Subject: bug in the proxy module ... In-Reply-To: <3d52bf02f18c42e7570dbb0d9eec081d.squirrel@webmail.bi.corp.invoca.ch> References: <3d52bf02f18c42e7570dbb0d9eec081d.squirrel@webmail.bi.corp.invoca.ch> Message-ID: <9B2C4088-4225-44C5-9430-2A7F2EDDB476@umich.edu> On 13 Jun 2008, at 06:58, Simon Matter wrote: > Did anybody look at this in the mean time? We're discussing option in on the devel list. Please feel free to chime in! :wes From shwaltz at cabm.rutgers.edu Fri Jun 13 12:48:09 2008 From: shwaltz at cabm.rutgers.edu (Shelley Waltz) Date: Fri, 13 Jun 2008 12:48:09 -0400 (EDT) Subject: Migrate seen Message-ID: <36309.192.76.178.13.1213375689.squirrel@webmail.cabm.rutgers.edu> I am migrating my users from cyrus-imapd-2.2.3-4 to cyrus-imapd-2.3.7-2 Moving the /var/spool/imap directories, and /var/lib/user/{}.seen files to the new server and reconstructing works fine except that all the mail shows up as "not read" on the new sever. The username.seen on both servers is skiplist. What do I need to do to have the seen preserved in the migration? thanks,S From satimis at yahoo.com Sat Jun 14 22:04:53 2008 From: satimis at yahoo.com (Stephen Liu) Date: Sun, 15 Jun 2008 10:04:53 +0800 (CST) Subject: Problem on mail boxe Message-ID: <46095.75417.qm@web35202.mail.mud.yahoo.com> Hi folks, Ubuntu LTS 6.06 amd64 I have problem on satimiscyrus' mail boxes (This is the only user account which I can create). Emails can be received by this user on SquirrelMail. But they can't be deleted. On deleting following warning popup. ERROR: Could not complete request. Query: COPY 13 "INBOX.Trash" Reason Given: Permission denied * end * Equally emails can be sent on SquirrelMail and received at destination. But the emails sent can't be saved on the "Inbox.sent" mailbox with the same warning popup. $ sudo ls -al /var/spool/cyrus/mail/s/user/satimiscyrus total 24 drwx------ 2 cyrus mail 4096 2008-06-15 09:39 . drwx------ 3 cyrus mail 4096 2008-06-09 16:35 .. -rw------- 1 cyrus mail 1503 2008-06-15 08:50 13. -rw------- 1 cyrus mail 1116 2008-06-15 09:39 cyrus.cache -rw------- 1 cyrus mail 158 2008-06-09 16:35 cyrus.header -rw------- 1 cyrus mail 136 2008-06-15 09:39 cyrus.index * end * $ sudo ls -ld /var/spool/cyrus/mail/s/user/ drwx------ 3 cyrus mail 4096 2008-06-09 16:35 /var/spool/cyrus/mail/s/user/ $ sudo ls -ld /var/spool/cyrus/mail/s/ drwxr-xr-x 3 cyrus mail 4096 2008-06-09 16:35 /var/spool/cyrus/mail/s/ Whether I have to run; $ sudo chmod -r 665 /var/spool/cyrus/mail/s/user/ Please help. TIA B.R. Stephen L Send instant messages to your online friends http://uk.messenger.yahoo.com From brennan at columbia.edu Sat Jun 14 23:03:57 2008 From: brennan at columbia.edu (Joseph Brennan) Date: Sat, 14 Jun 2008 23:03:57 -0400 Subject: Problem on mail boxe In-Reply-To: <46095.75417.qm@web35202.mail.mud.yahoo.com> References: <46095.75417.qm@web35202.mail.mud.yahoo.com> Message-ID: Stephen Liu wrote: > > Emails can be received by this user on SquirrelMail. But they can't be > deleted. On deleting following warning popup. > > ERROR: Could not complete request. > Query: COPY 13 "INBOX.Trash" > Reason Given: Permission denied > * end * > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html First of all, the error was not about marking 13 deleted, but about copying 13 to Trash. Since the copy failed, Squirrelmail did not send the delete command, and you don't know whether it would have worked. It would be simpler to debug if you configure Squirrelmail to just mark deleted when you tell it to delete-- no Trash. Second, stop doing ls on the filesystem. What you need to know about is Cyrus mailboxes and permissions-- not what's on the unix filesystem. Use cyradm to find out whether there is a mailbox called user.satimiscyrus.Trash, and if not, find out whether the ACL on user.satimiscyrus allows the user to create subfolders (the "c" permission). It would be weird for a user not to have permission to create subfolders of his own folders. That's probably not it. But you've been mucking around, so check. More likely COPY failed because Trash does not exist. Have the user create Trash with imap and see if that fixes it. Or use cyradm to create user.satimiscyrus.Trash. I assume that when Squirrelmail refers to INBOX.Trash it actually means a mailbox called Trash under user.satimiscyrus. If Squirrelmail wants to use Trash and it is not there, I don't know why it does not just create it instead of reporting an error, but I have seen other clients that dumb. Joseph Brennan Lead Email Systems Engineer Columbia University Information Technology From satimis at yahoo.com Sat Jun 14 23:08:38 2008 From: satimis at yahoo.com (Stephen Liu) Date: Sun, 15 Jun 2008 11:08:38 +0800 (CST) Subject: Problem on creating users account and their mail boxes Message-ID: <750939.19032.qm@web35202.mail.mud.yahoo.com> Hi folks, Ubuntu LTS 6.06 amd64 Hi folks, Having tried a day unable to figure out how to add users' accounts. Steps performed as follows; $ su cyrus Password: xyz sh-3.1$ cyradm localhost IMAP Password: xyz localhost> cm user.aaa localhost> cm user.bbb localhost> cm user.ccc etc. localhost> quit sh-3.1$ all went through without complaint Change to root sh-3.1$ su Password: # saslpasswd2 aaa Password: Again (for verification): # saslpasswd2 bbb Password: Again (for verification): # saslpasswd2 bbb Password: Again (for verification) etc. All also went through without complaint. However on SquirrelMail I can't login to their accounts. $ tail /var/log/mail.log Jun 15 10:13:11 lampserver cyrus/ctl_cyrusdb[4589]: archiving database file: /var/lib/cyrus/annotations.db Jun 15 10:13:11 lampserver cyrus/ctl_cyrusdb[4589]: archiving log file: /var/lib/cyrus/db/log.0000000001 Jun 15 10:13:11 lampserver cyrus/ctl_cyrusdb[4589]: archiving database file: /var/lib/cyrus/mailboxes.db Jun 15 10:13:11 lampserver cyrus/ctl_cyrusdb[4589]: archiving log file: /var/lib/cyrus/db/log.0000000001 Jun 15 10:13:11 lampserver cyrus/ctl_cyrusdb[4589]: done checkpointing cyrus databases Jun 15 10:13:11 lampserver cyrus/master[3869]: process 4589 exited, status 0 Jun 15 10:31:55 lampserver cyrus/master[4593]: about to exec /usr/lib/cyrus/bin/imapd Jun 15 10:31:55 lampserver cyrus/imap[4593]: executed Jun 15 10:31:55 lampserver cyrus/imap[4593]: accepted connection Jun 15 10:31:57 lampserver cyrus/imap[4593]: badlogin: localhost [127.0.0.1] plaintext aaa SASL(-13): authentication failure: checkpass failed * end * $ su cyrus Password: sh-3.1$ cyradm localhost IMAP Password: localhost> lm INBOX.Drafts (\NonExistent \HasNoChildren) INBOX.Sent (\NonExistent \HasNoChildren) INBOX.Trash (\NonExistent \HasNoChildren) user.aaa (\HasNoChildren) user.bbb (\HasNoChildren) user.groupware (\HasNoChildren) user.ccc (\HasNoChildren) user.satimiscyrus (\HasNoChildren) user.ddd (\HasNoChildren) user/satimiscyrus (\HasNoChildren) etc. They are there. satimiscyrus appears there twice, as "user/satimiscyrus" and "user.satimiscyrus". I don't know why? Emails sent to them are rejected. Example email sent to user.aaa $ tail /var/log/mail.log Jun 15 10:46:15 lampserver cyrus/lmtpunix[4625]: accepted connection Jun 15 10:46:15 lampserver cyrus/lmtpunix[4625]: lmtp connection preauth'd as postman Jun 15 10:46:15 lampserver cyrus/lmtpunix[4625]: verify_user(user.aaa) failed: Mailbox does not exist Jun 15 10:46:15 lampserver postfix/lmtp[4624]: EF07387812F: to=, relay=/var/run/cyrus/socket/lmtp[/var/run/cyrus/socket/lmtp], delay=1, status=bounced (host /var/run/cyrus/socket/lmtp[/var/run/cyrus/socket/lmtp] said: 550-Mailbox unknown. Either there is no mailbox associated with this 550-name or you do not have authorization to see it. 550 5.1.1 User unknown (in reply to RCPT TO command)) Jun 15 10:46:15 lampserver postfix/cleanup[4622]: 37E88878132: message-id=<20080615024615.37E88878132 at lampserver> Jun 15 10:46:15 lampserver postfix/qmgr[4167]: 37E88878132: from=<>, size=3894, nrcpt=1 (queue active) Jun 15 10:46:15 lampserver postfix/qmgr[4167]: EF07387812F: removed Jun 15 10:46:18 lampserver postfix/smtp[4627]: 37E88878132: to=, relay=gmail-smtp-in.l.google.com[209.85.201.27], delay=3, status=sent (250 2.0.0 OK 1213497961 20si9089638wfi.11) Jun 15 10:46:18 lampserver postfix/qmgr[4167]: 37E88878132: removed Jun 15 10:46:45 lampserver postfix/smtpd[4618]: disconnect from ti-out-0910.google.com[209.85.142.189] * end * $ su aaa Unknown id: aaa $ su bbb Unknown id: bbb etc. Searching the notes taken down during installing this box. I ran; # cyradm -u cyrus localhost Password: localhost> cm user.satimiscyrus creating this acount "satimiscyrus" which is the only working account disregarding the problem re unable deleting the emails received and the sent_emails can't be saved on "INBOX.sent" Please help. TIA B.R. Stephen L Send instant messages to your online friends http://uk.messenger.yahoo.com From simon.matter at invoca.ch Sun Jun 15 06:07:44 2008 From: simon.matter at invoca.ch (Simon Matter) Date: Sun, 15 Jun 2008 12:07:44 +0200 (CEST) Subject: Problem on creating users account and their mail boxes In-Reply-To: <750939.19032.qm@web35202.mail.mud.yahoo.com> References: <750939.19032.qm@web35202.mail.mud.yahoo.com> Message-ID: <6ef8711b8b47602eb481a512fd5b8993.squirrel@webmail.bi.corp.invoca.ch> > Hi folks, > > > Ubuntu LTS 6.06 amd64 > > > Hi folks, > > > Having tried a day unable to figure out how to add users' accounts. > > > Steps performed as follows; > > > $ su cyrus > Password: xyz > > sh-3.1$ cyradm localhost > IMAP Password: xyz > localhost> cm user.aaa > localhost> cm user.bbb > localhost> cm user.ccc > etc. > localhost> quit > sh-3.1$ > > all went through without complaint > > > Change to root > > sh-3.1$ su > Password: > > # saslpasswd2 aaa > Password: > Again (for verification): > > > # saslpasswd2 bbb > Password: > Again (for verification): > > > # saslpasswd2 bbb > Password: > Again (for verification) > > etc. All also went through without complaint. > > > However on SquirrelMail I can't login to their accounts. > > > $ tail /var/log/mail.log > Jun 15 10:13:11 lampserver cyrus/ctl_cyrusdb[4589]: archiving database > file: /var/lib/cyrus/annotations.db > Jun 15 10:13:11 lampserver cyrus/ctl_cyrusdb[4589]: archiving log file: > /var/lib/cyrus/db/log.0000000001 > Jun 15 10:13:11 lampserver cyrus/ctl_cyrusdb[4589]: archiving database > file: /var/lib/cyrus/mailboxes.db > Jun 15 10:13:11 lampserver cyrus/ctl_cyrusdb[4589]: archiving log file: > /var/lib/cyrus/db/log.0000000001 > Jun 15 10:13:11 lampserver cyrus/ctl_cyrusdb[4589]: done checkpointing > cyrus databases > Jun 15 10:13:11 lampserver cyrus/master[3869]: process 4589 exited, > status 0 > Jun 15 10:31:55 lampserver cyrus/master[4593]: about to exec > /usr/lib/cyrus/bin/imapd > Jun 15 10:31:55 lampserver cyrus/imap[4593]: executed > Jun 15 10:31:55 lampserver cyrus/imap[4593]: accepted connection > Jun 15 10:31:57 lampserver cyrus/imap[4593]: badlogin: localhost > [127.0.0.1] plaintext aaa SASL(-13): authentication failure: checkpass > failed > * end * > > > > $ su cyrus > Password: > sh-3.1$ cyradm localhost > IMAP Password: > localhost> lm > INBOX.Drafts (\NonExistent \HasNoChildren) > INBOX.Sent (\NonExistent \HasNoChildren) > INBOX.Trash (\NonExistent \HasNoChildren) > user.aaa (\HasNoChildren) > user.bbb (\HasNoChildren) > user.groupware (\HasNoChildren) > user.ccc (\HasNoChildren) > user.satimiscyrus (\HasNoChildren) > user.ddd (\HasNoChildren) > user/satimiscyrus (\HasNoChildren) > etc. > > > They are there. satimiscyrus appears there twice, as > "user/satimiscyrus" and "user.satimiscyrus". I don't know why? > > > > Emails sent to them are rejected. Example email sent to user.aaa > > > $ tail /var/log/mail.log > Jun 15 10:46:15 lampserver cyrus/lmtpunix[4625]: accepted connection > Jun 15 10:46:15 lampserver cyrus/lmtpunix[4625]: lmtp connection > preauth'd as postman > Jun 15 10:46:15 lampserver cyrus/lmtpunix[4625]: verify_user(user.aaa) > failed: Mailbox does not exist > Jun 15 10:46:15 lampserver postfix/lmtp[4624]: EF07387812F: > to=, > relay=/var/run/cyrus/socket/lmtp[/var/run/cyrus/socket/lmtp], delay=1, > status=bounced (host > /var/run/cyrus/socket/lmtp[/var/run/cyrus/socket/lmtp] said: > 550-Mailbox unknown. Either there is no mailbox associated with this > 550-name or you do not have authorization to see it. 550 5.1.1 User > unknown (in reply to RCPT TO command)) > Jun 15 10:46:15 lampserver postfix/cleanup[4622]: 37E88878132: > message-id=<20080615024615.37E88878132 at lampserver> > Jun 15 10:46:15 lampserver postfix/qmgr[4167]: 37E88878132: from=<>, > size=3894, nrcpt=1 (queue active) > Jun 15 10:46:15 lampserver postfix/qmgr[4167]: EF07387812F: removed > Jun 15 10:46:18 lampserver postfix/smtp[4627]: 37E88878132: > to=, > relay=gmail-smtp-in.l.google.com[209.85.201.27], delay=3, status=sent > (250 2.0.0 OK 1213497961 20si9089638wfi.11) > Jun 15 10:46:18 lampserver postfix/qmgr[4167]: 37E88878132: removed > Jun 15 10:46:45 lampserver postfix/smtpd[4618]: disconnect from > ti-out-0910.google.com[209.85.142.189] > * end * > > > $ su aaa > Unknown id: aaa > > $ su bbb > Unknown id: bbb > > etc. > > > Searching the notes taken down during installing this box. > > > I ran; > # cyradm -u cyrus localhost > Password: > localhost> cm user.satimiscyrus > > > creating this acount "satimiscyrus" which is the only working account > disregarding the problem re unable deleting the emails received and the > sent_emails can't be saved on "INBOX.sent" You really have to understand what you are doing and how your system you configured works. Or how you want it to work. 1) didn't you use "unixhierarchysep: 1" in your config. My personal impression is that it's just more confusing than using the default "." as separator. I can't help you with it because I never use unixhierarchysep but from what I see you already messed up, just look at your mailboxes list: user.satimiscyrus (\HasNoChildren) user.ddd (\HasNoChildren) user/satimiscyrus (\HasNoChildren) Do you see? 2) How did you configure authentication? IIRC you were using cyrus -> saslauthd -> PAM. That means your Cyrus users need Unix accounts (but just for authentication). If so, then forget about saslpasswd, it does nothing for you. 3) You have created a mailbox for user aaa and expected it to become a Unix user, I see it because you tried "su aaa". Cyrus mailboxes have nothing to do with Unix account so creating a Cyrus mailbox never creates a Unix account. What that all means is, if you really use cyrus -> saslauthd -> PAM for authentication, then to create a mailbox, to this: With cyradm, create a mailbox: cm user.someuser The create a Unix account for it (the command can be different for distributions): useradd someuser And now give it a password: passwd someuser Now, when you login to the IMAP server as "someuser", the user is authenticated to the Unix user "someuser" but that's it, there is no other relation between the Cyrus user and the Unix user. Simon From satimis at yahoo.com Sun Jun 15 07:07:14 2008 From: satimis at yahoo.com (Stephen Liu) Date: Sun, 15 Jun 2008 19:07:14 +0800 (CST) Subject: Problem on creating users account and their mail boxes In-Reply-To: <6ef8711b8b47602eb481a512fd5b8993.squirrel@webmail.bi.corp.invoca.ch> Message-ID: <577190.2231.qm@web35208.mail.mud.yahoo.com> Hi Simon, - snip - > You really have to understand what you are doing and how your system > you > configured works. Or how you want it to work. > 1) didn't you use "unixhierarchysep: 1" in your config. My personal > impression is that it's just more confusing than using the default > "." as > separator. I can't help you with it because I never use > unixhierarchysep Yes I use "unixhierarchysep: 1" $ cat /etc/imapd.conf | grep unixhierarchysep unixhierarchysep: yes > but from what I see you already messed up, just look at your > mailboxes > list: > > user.satimiscyrus (\HasNoChildren) > user.ddd (\HasNoChildren) > user/satimiscyrus (\HasNoChildren) > > Do you see? I found this funny discovery. Running "cm user.satimiscyrus" it creates "user.satimiscyrus (\HasNoChildren)", with no mailbox for this user created. # locate satimiscyru # find / -name satimiscyrus both having no printout. Neither can I login SquirrelMail nor emails can be received, all rejected. Running "cm user/satimiscyrus" it creates "user/satimiscyrus (\HasNoChildren)", with mailboxes for this user created. # find / -name satimiscyrus /var/spool/cyrus/mail/s/user/satimiscyrus # ls -l /var/spool/cyrus/mail/s/user/satimiscyrus total 16 -rw------- 1 cyrus mail 1503 2008-06-15 08:50 13. -rw------- 1 cyrus mail 1116 2008-06-15 14:38 cyrus.cache -rw------- 1 cyrus mail 158 2008-06-09 16:35 cyrus.header -rw------- 1 cyrus mail 136 2008-06-15 14:38 cyrus.index # ls -ld /var/spool/cyrus/mail/s/user/satimiscyrus drwx------ 2 cyrus mail 4096 2008-06-15 14:38 /var/spool/cyrus/mail/s/user/satimiscyrus I can login SquirrelMail sending and receiving emails. But the email sent can't be saved on Inbox.sent. Nor incoming emails received can be deleted on Inbox. It took me half day to find it out. > 2) How did you configure authentication? > IIRC you were using cyrus -> saslauthd -> PAM. That means your Cyrus > users > need Unix accounts (but just for authentication). If so, then forget > about > saslpasswd, it does nothing for you. I already solved the authentication problem by adding a line "sasl_saslauthd_path: /var/spool/postfix/var/run/saslauthd/mux" on /etc/imapd.conf I don't know why it was missed. > 3) You have created a mailbox for user aaa and expected it to become > a > Unix user, I see it because you tried "su aaa". Cyrus mailboxes have > nothing to do with Unix account so creating a Cyrus mailbox never > creates > a Unix account. > > What that all means is, if you really use cyrus -> saslauthd -> PAM > for > authentication, then to create a mailbox, to this: > > With cyradm, create a mailbox: > cm user.someuser Login cyrus then ran; cyradm localhost cm user/aaa to create mail boxes for user "aaa". If running "cm user.aaa", no mail box will be created. # find / -name aaa can't find it. > The create a Unix account for it (the command can be different for > distributions): > > useradd someuser > > And now give it a password: > > passwd someuser > > Now, when you login to the IMAP server as "someuser", the user is > authenticated to the Unix user "someuser" but that's it, there is no > other > relation between the Cyrus user and the Unix user. I did the same only adding the option "-m" on running; # useradd -m aaa to create aaa's home directory. Now mail boxes are created but the user has no previlage using them. B.R. Stephen Send instant messages to your online friends http://uk.messenger.yahoo.com From simon.matter at invoca.ch Sun Jun 15 08:40:19 2008 From: simon.matter at invoca.ch (Simon Matter) Date: Sun, 15 Jun 2008 14:40:19 +0200 (CEST) Subject: Problem on creating users account and their mail boxes In-Reply-To: <577190.2231.qm@web35208.mail.mud.yahoo.com> References: <577190.2231.qm@web35208.mail.mud.yahoo.com> Message-ID: <988bbdac6f7bad5eb629e0c4ef78302f.squirrel@webmail.bi.corp.invoca.ch> > Hi Simon, > > > - snip - > >> You really have to understand what you are doing and how your system >> you >> configured works. Or how you want it to work. >> 1) didn't you use "unixhierarchysep: 1" in your config. My personal >> impression is that it's just more confusing than using the default >> "." as >> separator. I can't help you with it because I never use >> unixhierarchysep > > > Yes I use "unixhierarchysep: 1" > > > $ cat /etc/imapd.conf | grep unixhierarchysep > unixhierarchysep: yes I know that you are using it. I only wanted to tell you that it makes things more complicated than using the default. All examples you find in the docs are for the default, that's why using unixhierarchysep is more confusing. > > >> but from what I see you already messed up, just look at your >> mailboxes >> list: >> >> user.satimiscyrus (\HasNoChildren) >> user.ddd (\HasNoChildren) >> user/satimiscyrus (\HasNoChildren) >> >> Do you see? > > > I found this funny discovery. > > > Running "cm user.satimiscyrus" it creates "user.satimiscyrus > (\HasNoChildren)", with no mailbox for this user created. The example is for users without unixhierarchysep, which is the default for Cyrus. > > > # locate satimiscyru > # find / -name satimiscyrus > both having no printout. Well as someone else already told you, stop looking around on the filesystem, look around with cyradm only. But if you really want, try find / -name "*satimiscyrus*" > > > Neither can I login SquirrelMail nor emails can be received, all > rejected. > > > Running "cm user/satimiscyrus" it creates "user/satimiscyrus > (\HasNoChildren)", with mailboxes for this user created. > > > # find / -name satimiscyrus > /var/spool/cyrus/mail/s/user/satimiscyrus > > > # ls -l /var/spool/cyrus/mail/s/user/satimiscyrus > total 16 > -rw------- 1 cyrus mail 1503 2008-06-15 08:50 13. > -rw------- 1 cyrus mail 1116 2008-06-15 14:38 cyrus.cache > -rw------- 1 cyrus mail 158 2008-06-09 16:35 cyrus.header > -rw------- 1 cyrus mail 136 2008-06-15 14:38 cyrus.index > > > # ls -ld /var/spool/cyrus/mail/s/user/satimiscyrus > drwx------ 2 cyrus mail 4096 2008-06-15 14:38 > /var/spool/cyrus/mail/s/user/satimiscyrus > > > I can login SquirrelMail sending and receiving emails. But the email > sent can't be saved on Inbox.sent. Nor incoming emails received can be > deleted on Inbox. Maybe your Cyrus works but you have misconfigured Squirrelmail. > > > It took me half day to find it out. > > >> 2) How did you configure authentication? >> IIRC you were using cyrus -> saslauthd -> PAM. That means your Cyrus >> users >> need Unix accounts (but just for authentication). If so, then forget >> about >> saslpasswd, it does nothing for you. > > > I already solved the authentication problem by adding a line > "sasl_saslauthd_path: /var/spool/postfix/var/run/saslauthd/mux" on > /etc/imapd.conf > > > I don't know why it was missed. I'm not talking about that. Somewhere you told us that you were using saslpasswd to add passwords. I only told you that saslpasswd is not used at all in your setup. > > >> 3) You have created a mailbox for user aaa and expected it to become >> a >> Unix user, I see it because you tried "su aaa". Cyrus mailboxes have >> nothing to do with Unix account so creating a Cyrus mailbox never >> creates >> a Unix account. >> >> What that all means is, if you really use cyrus -> saslauthd -> PAM >> for >> authentication, then to create a mailbox, to this: >> >> With cyradm, create a mailbox: >> cm user.someuser > > > Login cyrus > then ran; > cyradm localhost > cm user/aaa > > to create mail boxes for user "aaa". > > > If running "cm user.aaa", no mail box will be created. My examples are alywas for the default "unixhierarchysep: 0". > > # find / -name aaa > can't find it. Yes, because I guess the "/" is translated to another char with "unixhierarchysep: 1. Simon > > > >> The create a Unix account for it (the command can be different for >> distributions): >> >> useradd someuser >> >> And now give it a password: >> >> passwd someuser >> >> Now, when you login to the IMAP server as "someuser", the user is >> authenticated to the Unix user "someuser" but that's it, there is no >> other >> relation between the Cyrus user and the Unix user. > > > I did the same only adding the option "-m" on running; > > # useradd -m aaa > to create aaa's home directory. > > > Now mail boxes are created but the user has no previlage using them. > > > > B.R. > Stephen > > Send instant messages to your online friends http://uk.messenger.yahoo.com > ---- > Cyrus Home Page: http://cyrusimap.web.cmu.edu/ > Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html > From brennan at columbia.edu Sun Jun 15 09:43:08 2008 From: brennan at columbia.edu (Joseph Brennan) Date: Sun, 15 Jun 2008 09:43:08 -0400 Subject: Problem on mail boxe In-Reply-To: References: <46095.75417.qm@web35202.mail.mud.yahoo.com> Message-ID: I wrote, > I assume that when Squirrelmail refers to INBOX.Trash it actually > means a mailbox called Trash under user.satimiscyrus. But now that I have seen this, > localhost> lm > INBOX.Drafts (\NonExistent \HasNoChildren) > INBOX.Sent (\NonExistent \HasNoChildren) > INBOX.Trash (\NonExistent \HasNoChildren) > user.aaa (\HasNoChildren) > user.bbb (\HasNoChildren) > user.groupware (\HasNoChildren) > user.ccc (\HasNoChildren) > user.satimiscyrus (\HasNoChildren) > user.ddd (\HasNoChildren) > user/satimiscyrus (\HasNoChildren) I take it back. This is really at the point where I think I would wipe everything out and start over. Use the dot separator next time, to clarify the distinction between Cyrus mailboxes and unix files. Joseph Brennan Columbia University Information Technology From satimis at yahoo.com Sun Jun 15 12:04:33 2008 From: satimis at yahoo.com (Stephen Liu) Date: Mon, 16 Jun 2008 00:04:33 +0800 (CST) Subject: Problem on creating users account and their mail boxes In-Reply-To: <988bbdac6f7bad5eb629e0c4ef78302f.squirrel@webmail.bi.corp.invoca.ch> Message-ID: <274558.55890.qm@web35207.mail.mud.yahoo.com> Hi Simon, OK I'll start again using cyrus.conf defualt and imapd.conf default. If I make a wrong step please inform me. Thanks. $ sudo cp -p /etc/cyrus.conf /etc/cyrus.conf.bak_20080615 $ sudo cp /etc/cyrus.conf.origin.20080606 /etc/cyrus.conf $ sudo cp -p /etc/imapd.conf /etc/imapd.conf.bak_20080615 $ sudo cp -p /etc/imapd.conf.origin.20080526 /etc/imapd.conf $ cat /etc/imapd.conf | grep unixhierarchysep unixhierarchysep: no $ sudo nano /etc/cyrus.conf Making following changes; SERVICES { # --- Normal cyrus spool, or Murder backends --- # add or remove based on preferences imap cmd="imapd -U 30" listen="imap" prefork=0 maxchild=100 imaps cmd="imapd -s -U 30" listen="imaps" prefork=0 maxchild=100 #pop3 cmd="pop3d -U 30" listen="pop3" prefork=0 maxchild=50 #pop3s cmd="pop3d -s -U 30" listen="pop3s" prefork=0 maxchild=50 Adding following lines at the end of the file; admins: cyrus unixhierarchysep: 0 $ sudo nano /etc/imapd.conf Making following changes 8<---------------------------------------- # Uncomment the following and add the space-separated users who # have admin rights for all services. admins: cyrus 8<---------------------------------------- 8<---------------------------------------- # Do note that, since sasl will be run as user cyrus, you may have a lot of # trouble to set this up right. sasl_pwcheck_method: saslauthd 8<---------------------------------------- Adding following lines at the end of the file; # path to mux sasl_saslauthd_path: /var/spool/postfix/var/run/saslauthd/mux $ sudo /etc/init.d/cyrus2.2 restart Stopping Cyrus IMAPd: cyrmaster. Waiting for complete shutdown.... Starting Cyrus IMAPd: cyrmaster. $ sudo /etc/init.d/saslauthd restart Stopping SASL Authentication Daemon: saslauthd. Starting SASL Authentication Daemon: saslauthd. $ su cyrus Password: abc sh-3.1$ cyradm localhost Password: xyz localhost> lm INBOX^Drafts (\NonExistent \HasNoChildren) INBOX^Sent (\NonExistent \HasNoChildren) INBOX^Trash (\NonExistent \HasNoChildren) user.aaa (\HasNoChildren) user.satimiscyrus (\HasNoChildren) user.bbb (\HasChildren) user.bbb.bbb (\HasNoChildren) user^groupware (\HasNoChildren) user^satimiscyrus (\HasNoChildren) It is working now. On SquirrelMail emails on INBOX/Trash can be deleted. Accounts aaa, satimiscyrus and bbb are working. What shall I do with account user.bbb.bbb, user^groupware and user^satimiscyrus? Shall I run "dm user.bbb.bbb" etc. to delele them while running on 'cyradm'? If permission denied whether I can run "sam user.aaa cyrus all" first? Please advise. TIA. B.R. Stephen --- Simon Matter wrote: > > Hi Simon, > > > > > > - snip - > > > >> You really have to understand what you are doing and how your > system > >> you > >> configured works. Or how you want it to work. > >> 1) didn't you use "unixhierarchysep: 1" in your config. My > personal > >> impression is that it's just more confusing than using the default > >> "." as > >> separator. I can't help you with it because I never use > >> unixhierarchysep > > > > > > Yes I use "unixhierarchysep: 1" > > > > > > $ cat /etc/imapd.conf | grep unixhierarchysep > > unixhierarchysep: yes > > I know that you are using it. I only wanted to tell you that it makes > things more complicated than using the default. All examples you find > in > the docs are for the default, that's why using unixhierarchysep is > more > confusing. > > > > > > >> but from what I see you already messed up, just look at your > >> mailboxes > >> list: > >> > >> user.satimiscyrus (\HasNoChildren) > >> user.ddd (\HasNoChildren) > >> user/satimiscyrus (\HasNoChildren) > >> > >> Do you see? > > > > > > I found this funny discovery. > > > > > > Running "cm user.satimiscyrus" it creates "user.satimiscyrus > > (\HasNoChildren)", with no mailbox for this user created. > > The example is for users without unixhierarchysep, which is the > default > for Cyrus. > > > > > > > # locate satimiscyru > > # find / -name satimiscyrus > > both having no printout. > > Well as someone else already told you, stop looking around on the > filesystem, look around with cyradm only. But if you really want, try > > find / -name "*satimiscyrus*" > > > > > > > > Neither can I login SquirrelMail nor emails can be received, all > > rejected. > > > > > > Running "cm user/satimiscyrus" it creates "user/satimiscyrus > > (\HasNoChildren)", with mailboxes for this user created. > > > > > > # find / -name satimiscyrus > > /var/spool/cyrus/mail/s/user/satimiscyrus > > > > > > # ls -l /var/spool/cyrus/mail/s/user/satimiscyrus > > total 16 > > -rw------- 1 cyrus mail 1503 2008-06-15 08:50 13. > > -rw------- 1 cyrus mail 1116 2008-06-15 14:38 cyrus.cache > > -rw------- 1 cyrus mail 158 2008-06-09 16:35 cyrus.header > > -rw------- 1 cyrus mail 136 2008-06-15 14:38 cyrus.index > > > > > > # ls -ld /var/spool/cyrus/mail/s/user/satimiscyrus > > drwx------ 2 cyrus mail 4096 2008-06-15 14:38 > > /var/spool/cyrus/mail/s/user/satimiscyrus > > > > > > I can login SquirrelMail sending and receiving emails. But the > email > > sent can't be saved on Inbox.sent. Nor incoming emails received > can be > > deleted on Inbox. > > Maybe your Cyrus works but you have misconfigured Squirrelmail. > > > > > > > It took me half day to find it out. > > > > > >> 2) How did you configure authentication? > >> IIRC you were using cyrus -> saslauthd -> PAM. That means your > Cyrus > >> users > >> need Unix accounts (but just for authentication). If so, then > forget > >> about > >> saslpasswd, it does nothing for you. > > > > > > I already solved the authentication problem by adding a line > > "sasl_saslauthd_path: /var/spool/postfix/var/run/saslauthd/mux" on > > /etc/imapd.conf > > > > > > I don't know why it was missed. > > I'm not talking about that. Somewhere you told us that you were using > saslpasswd to add passwords. I only told you that saslpasswd is not > used > at all in your setup. > > > > > > >> 3) You have created a mailbox for user aaa and expected it to > become > >> a > >> Unix user, I see it because you tried "su aaa". Cyrus mailboxes > have > >> nothing to do with Unix account so creating a Cyrus mailbox never > >> creates > >> a Unix account. > >> > >> What that all means is, if you really use cyrus -> saslauthd -> > PAM > >> for > >> authentication, then to create a mailbox, to this: > >> > >> With cyradm, create a mailbox: > >> cm user.someuser > > > > > > Login cyrus > > then ran; > > cyradm localhost > > cm user/aaa > > > > to create mail boxes for user "aaa". > > > > > > If running "cm user.aaa", no mail box will be created. > > My examples are alywas for the default "unixhierarchysep: 0". > > > > > # find / -name aaa > > can't find it. > > Yes, because I guess the "/" is translated to another char with > "unixhierarchysep: 1. > > Simon > > > > > > > > >> The create a Unix account for it (the command can be different for > >> distributions): > >> > >> useradd someuser > >> > >> And now give it a password: > >> > >> passwd someuser > >> > >> Now, when you login to the IMAP server as "someuser", the user is > >> authenticated to the Unix user "someuser" but that's it, there is > no > >> other > >> relation between the Cyrus user and the Unix user. > > > > > > I did the same only adding the option "-m" on running; > > > > # useradd -m aaa > > to create aaa's home directory. > > > > > > Now mail boxes are created but the user has no previlage using > them. > > > > > > > > B.R. > > Stephen > > > > Send instant messages to your online friends > http://uk.messenger.yahoo.com > > ---- > > Cyrus Home Page: http://cyrusimap.web.cmu.edu/ > > Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki > > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html > > > > > Send instant messages to your online friends http://uk.messenger.yahoo.com From simon.matter at invoca.ch Sun Jun 15 13:22:24 2008 From: simon.matter at invoca.ch (Simon Matter) Date: Sun, 15 Jun 2008 19:22:24 +0200 (CEST) Subject: Problem on creating users account and their mail boxes In-Reply-To: <274558.55890.qm@web35207.mail.mud.yahoo.com> References: <274558.55890.qm@web35207.mail.mud.yahoo.com> Message-ID: <714469aa898c7d55c1649e99ae8bd806.squirrel@webmail.bi.corp.invoca.ch> > Hi Simon, > > > OK I'll start again using cyrus.conf defualt and imapd.conf default. OK, that seems to be the best thing you can do. Just one note: Be aware that you are using a distribution which heavily modifies configs and sometimes causes much trouble to some users. As an example take postfix, Debian/Ubuntu seems to use it chrooted whenever possible beside the fact that the postfix creator doesn't recommend it. That may not be a problem if you only rely on the documentation delivered with Debian/Ubunutu, but be aware that alot of howto's on the net are not for Debian/Ubuntu. The same applies more or less to other distros as well but they usually do less modifications. > If I make a wrong step please inform me. Thanks. > > > $ sudo cp -p /etc/cyrus.conf /etc/cyrus.conf.bak_20080615 > $ sudo cp /etc/cyrus.conf.origin.20080606 /etc/cyrus.conf > > $ sudo cp -p /etc/imapd.conf /etc/imapd.conf.bak_20080615 > $ sudo cp -p /etc/imapd.conf.origin.20080526 /etc/imapd.conf > > > $ cat /etc/imapd.conf | grep unixhierarchysep > unixhierarchysep: no > > > $ sudo nano /etc/cyrus.conf > > Making following changes; > SERVICES { > # --- Normal cyrus spool, or Murder backends --- > # add or remove based on preferences > imap cmd="imapd -U 30" listen="imap" prefork=0 > maxchild=100 > imaps cmd="imapd -s -U 30" listen="imaps" prefork=0 > maxchild=100 > #pop3 cmd="pop3d -U 30" listen="pop3" prefork=0 > maxchild=50 > #pop3s cmd="pop3d -s -U 30" listen="pop3s" prefork=0 > maxchild=50 > > > Adding following lines at the end of the file; > > admins: cyrus > unixhierarchysep: 0 > > > > $ sudo nano /etc/imapd.conf > > Making following changes > 8<---------------------------------------- > # Uncomment the following and add the space-separated users who > # have admin rights for all services. > admins: cyrus > 8<---------------------------------------- > > > 8<---------------------------------------- > # Do note that, since sasl will be run as user cyrus, you may have a > lot of > # trouble to set this up right. > sasl_pwcheck_method: saslauthd > 8<---------------------------------------- > > > Adding following lines at the end of the file; > # path to mux > sasl_saslauthd_path: /var/spool/postfix/var/run/saslauthd/mux > > > > $ sudo /etc/init.d/cyrus2.2 restart > Stopping Cyrus IMAPd: cyrmaster. > Waiting for complete shutdown.... > Starting Cyrus IMAPd: cyrmaster. > > > $ sudo /etc/init.d/saslauthd restart > Stopping SASL Authentication Daemon: saslauthd. > Starting SASL Authentication Daemon: saslauthd. > > > $ su cyrus > Password: abc > sh-3.1$ cyradm localhost > Password: xyz > localhost> lm > INBOX^Drafts (\NonExistent \HasNoChildren) > INBOX^Sent (\NonExistent \HasNoChildren) > INBOX^Trash (\NonExistent \HasNoChildren) > user.aaa (\HasNoChildren) > user.satimiscyrus (\HasNoChildren) > user.bbb (\HasChildren) > user.bbb.bbb (\HasNoChildren) > user^groupware (\HasNoChildren) > user^satimiscyrus (\HasNoChildren) > > > It is working now. On SquirrelMail emails on INBOX/Trash can be OK, it seems now SquirrelMail got the config right. > deleted. Accounts aaa, satimiscyrus and bbb are working. > > What shall I do with account user.bbb.bbb, user^groupware and > user^satimiscyrus? > > Shall I run "dm user.bbb.bbb" etc. to delele them while running on > 'cyradm'? > > If permission denied whether I can run "sam user.aaa cyrus all" first? Exactly, I suggest you remove all mailboxes and then start creating the correct new ones. Looks like you are almost there. If you really want unixhierarchysep then you may try to activate it after you have everything up and runnning and the configs in a safe place. But I don't think there is a very good reason to do so. Simon > > > Please advise. TIA. > > > B.R. > Stephen > > > > --- Simon Matter wrote: > >> > Hi Simon, >> > >> > >> > - snip - >> > >> >> You really have to understand what you are doing and how your >> system >> >> you >> >> configured works. Or how you want it to work. >> >> 1) didn't you use "unixhierarchysep: 1" in your config. My >> personal >> >> impression is that it's just more confusing than using the default >> >> "." as >> >> separator. I can't help you with it because I never use >> >> unixhierarchysep >> > >> > >> > Yes I use "unixhierarchysep: 1" >> > >> > >> > $ cat /etc/imapd.conf | grep unixhierarchysep >> > unixhierarchysep: yes >> >> I know that you are using it. I only wanted to tell you that it makes >> things more complicated than using the default. All examples you find >> in >> the docs are for the default, that's why using unixhierarchysep is >> more >> confusing. >> >> > >> > >> >> but from what I see you already messed up, just look at your >> >> mailboxes >> >> list: >> >> >> >> user.satimiscyrus (\HasNoChildren) >> >> user.ddd (\HasNoChildren) >> >> user/satimiscyrus (\HasNoChildren) >> >> >> >> Do you see? >> > >> > >> > I found this funny discovery. >> > >> > >> > Running "cm user.satimiscyrus" it creates "user.satimiscyrus >> > (\HasNoChildren)", with no mailbox for this user created. >> >> The example is for users without unixhierarchysep, which is the >> default >> for Cyrus. >> >> > >> > >> > # locate satimiscyru >> > # find / -name satimiscyrus >> > both having no printout. >> >> Well as someone else already told you, stop looking around on the >> filesystem, look around with cyradm only. But if you really want, try >> >> find / -name "*satimiscyrus*" >> >> >> > >> > >> > Neither can I login SquirrelMail nor emails can be received, all >> > rejected. >> > >> > >> > Running "cm user/satimiscyrus" it creates "user/satimiscyrus >> > (\HasNoChildren)", with mailboxes for this user created. >> > >> > >> > # find / -name satimiscyrus >> > /var/spool/cyrus/mail/s/user/satimiscyrus >> > >> > >> > # ls -l /var/spool/cyrus/mail/s/user/satimiscyrus >> > total 16 >> > -rw------- 1 cyrus mail 1503 2008-06-15 08:50 13. >> > -rw------- 1 cyrus mail 1116 2008-06-15 14:38 cyrus.cache >> > -rw------- 1 cyrus mail 158 2008-06-09 16:35 cyrus.header >> > -rw------- 1 cyrus mail 136 2008-06-15 14:38 cyrus.index >> > >> > >> > # ls -ld /var/spool/cyrus/mail/s/user/satimiscyrus >> > drwx------ 2 cyrus mail 4096 2008-06-15 14:38 >> > /var/spool/cyrus/mail/s/user/satimiscyrus >> > >> > >> > I can login SquirrelMail sending and receiving emails. But the >> email >> > sent can't be saved on Inbox.sent. Nor incoming emails received >> can be >> > deleted on Inbox. >> >> Maybe your Cyrus works but you have misconfigured Squirrelmail. >> >> > >> > >> > It took me half day to find it out. >> > >> > >> >> 2) How did you configure authentication? >> >> IIRC you were using cyrus -> saslauthd -> PAM. That means your >> Cyrus >> >> users >> >> need Unix accounts (but just for authentication). If so, then >> forget >> >> about >> >> saslpasswd, it does nothing for you. >> > >> > >> > I already solved the authentication problem by adding a line >> > "sasl_saslauthd_path: /var/spool/postfix/var/run/saslauthd/mux" on >> > /etc/imapd.conf >> > >> > >> > I don't know why it was missed. >> >> I'm not talking about that. Somewhere you told us that you were using >> saslpasswd to add passwords. I only told you that saslpasswd is not >> used >> at all in your setup. >> >> > >> > >> >> 3) You have created a mailbox for user aaa and expected it to >> become >> >> a >> >> Unix user, I see it because you tried "su aaa". Cyrus mailboxes >> have >> >> nothing to do with Unix account so creating a Cyrus mailbox never >> >> creates >> >> a Unix account. >> >> >> >> What that all means is, if you really use cyrus -> saslauthd -> >> PAM >> >> for >> >> authentication, then to create a mailbox, to this: >> >> >> >> With cyradm, create a mailbox: >> >> cm user.someuser >> > >> > >> > Login cyrus >> > then ran; >> > cyradm localhost >> > cm user/aaa >> > >> > to create mail boxes for user "aaa". >> > >> > >> > If running "cm user.aaa", no mail box will be created. >> >> My examples are alywas for the default "unixhierarchysep: 0". >> >> > >> > # find / -name aaa >> > can't find it. >> >> Yes, because I guess the "/" is translated to another char with >> "unixhierarchysep: 1. >> >> Simon >> >> > >> > >> > >> >> The create a Unix account for it (the command can be different for >> >> distributions): >> >> >> >> useradd someuser >> >> >> >> And now give it a password: >> >> >> >> passwd someuser >> >> >> >> Now, when you login to the IMAP server as "someuser", the user is >> >> authenticated to the Unix user "someuser" but that's it, there is >> no >> >> other >> >> relation between the Cyrus user and the Unix user. >> > >> > >> > I did the same only adding the option "-m" on running; >> > >> > # useradd -m aaa >> > to create aaa's home directory. >> > >> > >> > Now mail boxes are created but the user has no previlage using >> them. >> > >> > >> > >> > B.R. >> > Stephen >> > >> > Send instant messages to your online friends >> http://uk.messenger.yahoo.com >> > ---- >> > Cyrus Home Page: http://cyrusimap.web.cmu.edu/ >> > Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki >> > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html >> > >> >> >> > > > Send instant messages to your online friends http://uk.messenger.yahoo.com > ---- > Cyrus Home Page: http://cyrusimap.web.cmu.edu/ > Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html > From niko at petole.dyndns.org Sun Jun 15 14:01:00 2008 From: niko at petole.dyndns.org (Nicolas KOWALSKI) Date: Sun, 15 Jun 2008 20:01:00 +0200 Subject: Problem on creating users account and their mail boxes In-Reply-To: <714469aa898c7d55c1649e99ae8bd806.squirrel@webmail.bi.corp.invoca.ch> References: <274558.55890.qm@web35207.mail.mud.yahoo.com> <714469aa898c7d55c1649e99ae8bd806.squirrel@webmail.bi.corp.invoca.ch> Message-ID: <20080615180100.GJ10860@petole.dyndns.org> On Sun, Jun 15, 2008 at 07:22:24PM +0200, Simon Matter wrote: > Just one note: Be aware that you are using a distribution which > heavily modifies configs and sometimes causes much trouble to some > users. As an example take postfix, Debian/Ubuntu seems to use it > chrooted whenever possible beside the fact that the postfix creator > doesn't recommend it. This is OT, but I second this. Debian is a really good distribution - I use it almost exclusively since 8 years, but its developers often modify upstream configurations and/or code too much; the exim (configuration done by a gazillions of others Debian-specific files) and more recently openssl (entropy broken) examples come to my mind. Back to Cyrus-imapd, I tried to use the Debian version, but after considering the Debian-specifics docs and scripts, I ended up compiling my own version, and use a really simple configuration, provided by the sources. > If you really want unixhierarchysep then you may try to activate it > after you have everything up and runnning and the configs in a safe > place. But I don't think there is a very good reason to do so. Well, I always found the '.' separator confusing for e-mail, but this is probably because I used uw-imap a lot before. IMHO, using the '/' hierarchy separator is easier for me, because I immediatly know that it is 'talking' about sub/folder. '.' is used for many other things, such as file extensions for example... -- Nicolas From torlasz at xenia.sote.hu Sun Jun 15 14:43:19 2008 From: torlasz at xenia.sote.hu (Tornoci Laszlo) Date: Sun, 15 Jun 2008 20:43:19 +0200 Subject: FUD client with virtual domains In-Reply-To: <483816BE.7080701@xenia.sote.hu> References: <483816BE.7080701@xenia.sote.hu> Message-ID: <485562C7.803@xenia.sote.hu> Tornoci Laszlo wrote: > I have been using the FUD client/server for local users for some time > successfully. I am planning to introduce virtual domains, and did some > testing. > > ACL's are ok for local user torlasz and virtual user > valaki at net-test3.sote.hu: > localhost.localdomain> lam user.torlasz > torlasz lrswipcda > anonymous 0 > localhost.localdomain> lam user.valaki at net-test3.sote.hu > valaki at net-test3.sote.hu lrswipkxtecda > anonymous 0 > > FUD works fine for local user torlasz: > $ ./fud-client localhost torlasz user.torlasz > user: torlasz > mbox: user.torlasz > Number of Recent 5 > Last read: Mon May 19 20:55:00 2008 > Last arrived: Wed May 21 04:10:10 2008 > > However, fud times out for the virtual user (line may be wrapped): > $ ./fud-client localhost valaki at net-test3.sote.hu > user.valaki at net-test3.sote.hu > fud-client: request timed out. > > FUD responds to local users about virtual mailboxes: > $ ./fud-client localhost foobar user.valaki at net-test3.sote.hu > user: foobar > mbox: user.valaki at net-test3.sote.hu > Number of Recent 9 > Last read: Thu Jan 1 01:00:00 1970 > Last arrived: Wed May 21 13:44:41 2008 In the meantime I did more tests. The user requesting the FUD info does not have to be local to get a response, it just has to have a login name which is shorter than 20 chars (including local part, '@' and the domain name). If the login name is 20 chars or longer, the request times out. This is reproducible and definitely looks like a bug, or at least an inappropriate limitation. However, I am not much of a programmer to delve into the code to find it. Can anyone help? Yours: Laszlo From mills at cc.umanitoba.ca Sun Jun 15 21:38:47 2008 From: mills at cc.umanitoba.ca (Gary Mills) Date: Sun, 15 Jun 2008 20:38:47 -0500 Subject: Is skiplist dependant on byte order? Message-ID: <20080616013847.GA2714@cc.umanitoba.ca> I recently upgraded a murder front end server from Solaris 9 SPARC to Solaris 10 x86 by copying the /imap directory. I did dump the mailboxes database before the copy. It's a skiplist database. I'm running cyrus-imapd-2.3.8 on both systems. As a test, I first checked on the mailboxes database like this: # su cyrus -c ksh # /usr/local/cyrus/bin/ctl_mboxlist -d | wc -l 0 This message appeared in the log: Jun 11 16:24:43 setup01 ctl_mboxlist[14082]: [ID 864961 local6.crit] DBERROR: critical database situation After I reloaded it, I got the correct output: # /usr/local/cyrus/bin/ctl_mboxlist -u < mailboxes.txt # /usr/local/cyrus/bin/ctl_mboxlist -d | wc -l 77 This is a test server with only a few mailboxes. I'll upgrade the production server later. I'm assuming that skiplist is dependant on the machine's byte order, and that a dump and reload is necessary in this case. Are there any other databases that I should also dump and reload? As far as I can tell, the annotation_db, duplicate_db, and tlscache_db are empty and can simply be removed. Are there any others on a murder front end that I've missed? Where do they reside? -- -Gary Mills- -Unix Support- -U of M Academic Computing and Networking- From satimis at yahoo.com Mon Jun 16 03:29:26 2008 From: satimis at yahoo.com (Stephen Liu) Date: Mon, 16 Jun 2008 15:29:26 +0800 (CST) Subject: (SOLVED) Re: Problem on creating users account and their mail boxes In-Reply-To: <714469aa898c7d55c1649e99ae8bd806.squirrel@webmail.bi.corp.invoca.ch> Message-ID: <199637.59651.qm@web35202.mail.mud.yahoo.com> --- Simon Matter wrote: - snip - > Exactly, I suggest you remove all mailboxes and then start creating > the > correct new ones. Hi Simon, I take your advice deleting all mailboxes while running cyradm and recreate them afterwards. SquirrelMail is now running nicely sending/receiving emails w/o problem. Emails on SM can be deleted and transferred btw mailboxes. > Looks like you are almost there. > If you really want unixhierarchysep then you may try to activate it > after > you have everything up and runnning and the configs in a safe place. > But I > don't think there is a very good reason to do so. I don't think I need unixhierarchysep. Neither I have a full understanding of its function. Others noted with thanks. Hi folks, lot of thanks for your assistance. B.R. Stephen Send instant messages to your online friends http://uk.messenger.yahoo.com From satimis at yahoo.com Mon Jun 16 03:48:55 2008 From: satimis at yahoo.com (Stephen Liu) Date: Mon, 16 Jun 2008 15:48:55 +0800 (CST) Subject: Problem on creating users account and their mail boxes In-Reply-To: <20080615180100.GJ10860@petole.dyndns.org> Message-ID: <120455.44457.qm@web35208.mail.mud.yahoo.com> Hi Nicolas, - snip - > Back to Cyrus-imapd, I tried to use the Debian version, but after > considering the Debian-specifics docs and scripts, I ended up > compiling > my own version, and use a really simple configuration, provided by > the > sources. The only reason for me installing packages on repo is easy to update/upgrade. I also prefer download/install packages on their official sites selecting the directory on the OS where I prefer installing them, at my own control. I seldomly do it now after ceasing building my own Linux/Unix OS, LFS, couple years ago. The advantage on building my own version OS is avoiding installing the packages which I never use. The OS is quick to boot. Others noted with thanks B.R. Stephen Send instant messages to your online friends http://uk.messenger.yahoo.com From cyrus at sylconia.nl Mon Jun 16 03:57:42 2008 From: cyrus at sylconia.nl (cyrus @ Sylconia) Date: Mon, 16 Jun 2008 09:57:42 +0200 Subject: murder authentication frontend -> backend problem In-Reply-To: References: <48513600.1030901@sylconia.nl> <485159B1.9090904@sylconia.nl> <485220CE.2080803@sylconia.nl> <4853868D.6040900@sylconia.nl> <48538CF1.60401@sylconia.nl> Message-ID: <48561CF6.8040105@sylconia.nl> Hello Andrew, thank you for your suggestions and time. Does anyone else have tips on this e-mail list. In the meantime installed version 2.3.7 still the same problem Regards Constan Andrew Morgan schreef: > On Sat, 14 Jun 2008, Constan @ Sylconia.nl wrote: > >> hello Andrew, >> >> does this thread help me >> http://www.irbs.net/internet/info-cyrus/0401/0578.html because i >> assume the proxyd and pop3d are the problem here >> >> although i am running version 2.2 > > That shouldn't be a problem in v2.2, but I'm out of ideas at this point. > Maybe you should send another message to the mailing list? > > Andy From aspineux at gmail.com Mon Jun 16 05:33:54 2008 From: aspineux at gmail.com (Alain Spineux) Date: Mon, 16 Jun 2008 11:33:54 +0200 Subject: Is skiplist dependant on byte order? In-Reply-To: <20080616013847.GA2714@cc.umanitoba.ca> References: <20080616013847.GA2714@cc.umanitoba.ca> Message-ID: <71fe4e760806160233t511a3b2bm9c0b64b929fad5df@mail.gmail.com> Another interesting question is : IS skiplist 32 vs 64 bit dependant ? Then how to transfers annotation.db between incompatible platform ? "flat" format is excluded because annotation could contain binary data, and flat is not a "permitted" format in imapd.conf. Then should I convert into berkeley DB and then make a BDB dump ? Then restore the BDB on the target and convert it back to skiplist ? Or does it exist something simpler ? Regards On Mon, Jun 16, 2008 at 3:38 AM, Gary Mills wrote: > I recently upgraded a murder front end server from Solaris 9 SPARC to > Solaris 10 x86 by copying the /imap directory. I did dump the > mailboxes database before the copy. It's a skiplist database. I'm > running cyrus-imapd-2.3.8 on both systems. As a test, I first checked > on the mailboxes database like this: > > # su cyrus -c ksh > # /usr/local/cyrus/bin/ctl_mboxlist -d | wc -l > 0 > > This message appeared in the log: > > Jun 11 16:24:43 setup01 ctl_mboxlist[14082]: [ID 864961 local6.crit] DBERROR: critical database situation > > After I reloaded it, I got the correct output: > > # /usr/local/cyrus/bin/ctl_mboxlist -u < mailboxes.txt > # /usr/local/cyrus/bin/ctl_mboxlist -d | wc -l > 77 > > This is a test server with only a few mailboxes. I'll upgrade the > production server later. > > I'm assuming that skiplist is dependant on the machine's byte order, > and that a dump and reload is necessary in this case. > > Are there any other databases that I should also dump and reload? As > far as I can tell, the annotation_db, duplicate_db, and tlscache_db > are empty and can simply be removed. Are there any others on a murder > front end that I've missed? Where do they reside? > > -- > -Gary Mills- -Unix Support- -U of M Academic Computing and Networking- > ---- > Cyrus Home Page: http://cyrusimap.web.cmu.edu/ > Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html > -- Alain Spineux aspineux gmail com May the sources be with you From aspineux at gmail.com Mon Jun 16 05:36:53 2008 From: aspineux at gmail.com (Alain Spineux) Date: Mon, 16 Jun 2008 11:36:53 +0200 Subject: (SOLVED) Re: Problem on creating users account and their mail boxes In-Reply-To: <199637.59651.qm@web35202.mail.mud.yahoo.com> References: <714469aa898c7d55c1649e99ae8bd806.squirrel@webmail.bi.corp.invoca.ch> <199637.59651.qm@web35202.mail.mud.yahoo.com> Message-ID: <71fe4e760806160236r110eaa41xbaadd19a1cecd7f0@mail.gmail.com> On Mon, Jun 16, 2008 at 9:29 AM, Stephen Liu wrote: > --- Simon Matter wrote: > > - snip - > >> Exactly, I suggest you remove all mailboxes and then start creating >> the >> correct new ones. > > > Hi Simon, > > > I take your advice deleting all mailboxes while running cyradm and > recreate them afterwards. > > > SquirrelMail is now running nicely sending/receiving emails w/o > problem. Emails on SM can be deleted and transferred btw mailboxes. > > > >> Looks like you are almost there. >> If you really want unixhierarchysep then you may try to activate it >> after >> you have everything up and runnning and the configs in a safe place. >> But I >> don't think there is a very good reason to do so. > > > I don't think I need unixhierarchysep. Neither I have a full > understanding of its function. > "unixhierarchysep" is usefull to have allow dot into mailbox name. If you are not using "unixhierarchysep" and want dot, you need to do some mapping at SMTP level. > > Others noted with thanks. > > > > Hi folks, lot of thanks for your assistance. > > > > B.R. > Stephen > > Send instant messages to your online friends http://uk.messenger.yahoo.com > ---- > Cyrus Home Page: http://cyrusimap.web.cmu.edu/ > Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html > -- Alain Spineux aspineux gmail com May the sources be with you From damm at yazzy.org Mon Jun 16 06:29:25 2008 From: damm at yazzy.org (Scott Likens) Date: Mon, 16 Jun 2008 03:29:25 -0700 Subject: Is skiplist dependant on byte order? In-Reply-To: <20080616013847.GA2714@cc.umanitoba.ca> References: <20080616013847.GA2714@cc.umanitoba.ca> Message-ID: <257B89E1-EF7D-43E0-A081-CF85DDE78E87@yazzy.org> I'm going to take a shot in the dark, BIG Endian vs. Little Endian? Unfortunately I do believe bdb databases do care if it was big or little... and going from Sparc (BIG) to x86 (little)... Would not work very well :( I am going to guess that a reconstruct may not be a bad idea, your seen databases may or may not work, and pretty much guess that any and all databases related to Cyrus will need to be re-worked... I'm sure someone like Bron (fastmail.fm) might have something already whipped up for this. ... Seen should be in /var/imap/user ... I would check on sieve (it is compiled also) ... (/var/imap/sieve?) as well as /var/imap/db/* then the /var/spool/imap/a/user/.. and you can more then likely just do a reconstruct -rf and be fine... This is at least what I would do, I might have overstated how much "fun" it will be, or under. On Jun 15, 2008, at 6:38 PM, Gary Mills wrote: > I recently upgraded a murder front end server from Solaris 9 SPARC to > Solaris 10 x86 by copying the /imap directory. I did dump the > mailboxes database before the copy. It's a skiplist database. I'm > running cyrus-imapd-2.3.8 on both systems. As a test, I first checked > on the mailboxes database like this: > > # su cyrus -c ksh > # /usr/local/cyrus/bin/ctl_mboxlist -d | wc -l > 0 > > This message appeared in the log: > > Jun 11 16:24:43 setup01 ctl_mboxlist[14082]: [ID 864961 > local6.crit] DBERROR: critical database situation > > After I reloaded it, I got the correct output: > > # /usr/local/cyrus/bin/ctl_mboxlist -u < mailboxes.txt > # /usr/local/cyrus/bin/ctl_mboxlist -d | wc -l > 77 > > This is a test server with only a few mailboxes. I'll upgrade the > production server later. > > I'm assuming that skiplist is dependant on the machine's byte order, > and that a dump and reload is necessary in this case. > > Are there any other databases that I should also dump and reload? As > far as I can tell, the annotation_db, duplicate_db, and tlscache_db > are empty and can simply be removed. Are there any others on a murder > front end that I've missed? Where do they reside? > > -- > -Gary Mills- -Unix Support- -U of M Academic Computing and > Networking- > ---- > Cyrus Home Page: http://cyrusimap.web.cmu.edu/ > Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html > > > !DSPAM:4855c85a167801880617195! > > From brong at fastmail.fm Mon Jun 16 08:18:47 2008 From: brong at fastmail.fm (Bron Gondwana) Date: Mon, 16 Jun 2008 22:18:47 +1000 Subject: Is skiplist dependant on byte order? In-Reply-To: <257B89E1-EF7D-43E0-A081-CF85DDE78E87@yazzy.org> References: <20080616013847.GA2714@cc.umanitoba.ca> <257B89E1-EF7D-43E0-A081-CF85DDE78E87@yazzy.org> Message-ID: <1213618727.32408.1258676297@webmail.messagingengine.com> On Mon, 16 Jun 2008 03:29:25 -0700, "Scott Likens" said: > I'm going to take a shot in the dark, > > BIG Endian vs. Little Endian? Skiplist has had quite a lot of care taken to use network order for all values. I don't _believe_ there are any issues. > Unfortunately I do believe bdb databases do care if it was big or > little... and going from Sparc (BIG) to x86 (little)... > > Would not work very well :( Yeah - they are pretty version and system specific. I would always dump BDB databases for a transfer. Certainly crossing architectures. > I am going to guess that a reconstruct may not be a bad idea, your > seen databases may or may not work, and pretty much guess that any and > all databases related to Cyrus will need to be re-worked... I'm sure > someone like Bron (fastmail.fm) might have something already whipped > up for this. Seen databases are probably skiplists too. You'll be hearing something else exciting about skiplists from me in the very near future I suspect. I've been spending the last few days examining them in great detail again. Woot. Appears to be Linux specific though, so you don't need to worry about this one! No, I'm afraid I don't have a script already written for this situation, it's something we've never had to do. I would use cyr_dbtool for all the dump and restores, because - well - I wrote it ;) I know all the corners. I'm happy to have a look at any script you write and see if you've missed anything. Probably don't have the time to write one from scratch. > Seen should be in /var/imap/user > ... I would check on sieve (it is compiled also) ... (/var/imap/sieve?) Yeah, recompiling your sieve files doesn't sound like a bad idea at all. > as well as /var/imap/db/* Ouch. We don't keep any BDB stuff across reboots thankfully, so we tend to just ditch that on startup. > then the /var/spool/imap/a/user/.. and you can more then likely just > do a reconstruct -rf and be fine... That's a serious amount of IO. All the index and cache files are supposed to be endian-clean as well. It's all htonl and ntohl everywhere. > This is at least what I would do, I might have overstated how much > "fun" it will be, or under. I really hope it's not that bad. I've never done an endian transition, but I have read the code an awful lot (points at the slashdot thing about open source code not being understandable - at least it's _available_ - and I understand the skiplist code pretty well now... *sigh*) > On Jun 15, 2008, at 6:38 PM, Gary Mills wrote: (there's more below) > > I recently upgraded a murder front end server from Solaris 9 SPARC to > > Solaris 10 x86 by copying the /imap directory. I did dump the > > mailboxes database before the copy. It's a skiplist database. I'm > > running cyrus-imapd-2.3.8 on both systems. As a test, I first checked > > on the mailboxes database like this: > > > > # su cyrus -c ksh > > # /usr/local/cyrus/bin/ctl_mboxlist -d | wc -l > > 0 Do you have cyr_dbtool in that version? I can't remember when it got take upstream. dbtool is nice because it dumps all the cyrus databases, not just the mailboxes.db. > > This message appeared in the log: > > > > Jun 11 16:24:43 setup01 ctl_mboxlist[14082]: [ID 864961 > > local6.crit] DBERROR: critical database situation That sounds like BDB to me. Are you running BDB mailboxes.db? That would certainly explain it. > > After I reloaded it, I got the correct output: > > > > # /usr/local/cyrus/bin/ctl_mboxlist -u < mailboxes.txt > > # /usr/local/cyrus/bin/ctl_mboxlist -d | wc -l > > 77 Wow, tiny. Actually, the hurt won't be so bad then even if you do have to dump and reload every file. Of course, it costs about the same amount of time to write a script no matter how many values you have to process (aside: I told a story at lunch the other day of the time I spent about a month writing a really nice OCR and FAX system for my previous job, and we got a grand total of 2 pages of data faxed in for that project. Scripts are sometimes overkill) > > This is a test server with only a few mailboxes. I'll upgrade the > > production server later. Ahh, so here comes the pain then. Script time! > > I'm assuming that skiplist is dependant on the machine's byte order, > > and that a dump and reload is necessary in this case. No, it really shouldn't matter. One of the good things about the skiplist design. There are other bits that aren't so good - but the byte order part is nice. > > Are there any other databases that I should also dump and reload? As > > far as I can tell, the annotation_db, duplicate_db, and tlscache_db > > are empty and can simply be removed. Are there any others on a murder > > front end that I've missed? Where do they reside? Yeah, we nuke all those on restart. duplicate_db is the most interesting of that lot - but not a giant concern. It will cause vacation messages to be repeated, and duplicate messageids to be delivered if it's gone - that's about all. For a once-off I wouldn't be at all concerned. mailboxes.db really is the big one. Anything else with berkeley named in it that's either in your imapd.conf or defaulted that way in lib/imapoptions. Bron. -- Bron Gondwana brong at fastmail.fm From chitnis.ashay at gmail.com Mon Jun 16 13:19:11 2008 From: chitnis.ashay at gmail.com (Ashay Chitnis) Date: Mon, 16 Jun 2008 22:49:11 +0530 Subject: pam pop issue Message-ID: Dear All, I need to access pop and imap on user based IP level restrictions. I found pam to be best suited for this service level restriction. The restriction will be as below. User pqr should be allowed POP from IPADDR-1 User B should be allowed IMAP from IPADDR-2 User C should be allowed POP and IMAP from IPADDR-3 and so on. To achieve this below settings are done in /etc/pam.d/pop cat /etc/pam.d/pop auth required /lib/security/pam_ldap.so account required /lib/security/pam_access.so debug accessfile=/usr/local/etc/popaccess.conf account required /lib/security/pam_ldap.so cat /usr/local/etc/popaccess.conf +:pqr:192.168.2.66/32 OR -:pqr:ALL EXCEPT 192.168.2.66/32 But this does not see to be working as it is not yielding desired effect even after restarting saslauthd and cyrus.. Kindly guide me through.. regards Ashay -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20080616/61cdc892/attachment.html From mills at cc.umanitoba.ca Mon Jun 16 14:39:21 2008 From: mills at cc.umanitoba.ca (Gary Mills) Date: Mon, 16 Jun 2008 13:39:21 -0500 Subject: pam pop issue In-Reply-To: References: Message-ID: <20080616183921.GA15084@cc.umanitoba.ca> On Mon, Jun 16, 2008 at 10:49:11PM +0530, Ashay Chitnis wrote: > > I need to access pop and imap on user based IP level restrictions. I > found pam to be best suited for this service level restriction. The > restriction will be as below. > User pqr should be allowed POP from IPADDR-1 > User B should be allowed IMAP from IPADDR-2 > User C should be allowed POP and IMAP from IPADDR-3 > and so on. > To achieve this below settings are done in /etc/pam.d/pop > cat /etc/pam.d/pop > auth required /lib/security/pam_ldap.so > account required /lib/security/pam_access.so debug > accessfile=/usr/local/etc/popaccess.conf > account required /lib/security/pam_ldap.so > cat /usr/local/etc/popaccess.conf > +:pqr:[1]192.168.2.66/32 > OR > -:pqr:ALL EXCEPT [2]192.168.2.66/32 > But this does not see to be working as it is not yielding desired > effect even after restarting saslauthd and cyrus.. We use a similar restriction in the account management section of PAM, except that the checks are for account status and service class. To make this work properly, it's necessary to modify SASL. Specifically, the pam_acct_mgmt() call must be removed from saslauthd/auth_pam.c and added to lib/server.c instead. -- -Gary Mills- -Unix Support- -U of M Academic Computing and Networking- From michael.menge at zdv.uni-tuebingen.de Mon Jun 16 15:16:33 2008 From: michael.menge at zdv.uni-tuebingen.de (Michael Menge) Date: Mon, 16 Jun 2008 21:16:33 +0200 Subject: pam pop issue In-Reply-To: References: Message-ID: <20080616211633.6ru0br6k2s0gco0g@webmail.uni-tuebingen.de> Hi, sasl does not pass the IP-Address to pam. Quoting Ashay Chitnis : > Dear All, > > I need to access pop and imap on user based IP level restrictions. I found > pam to be best suited for this service level restriction. The restriction > will be as below. > > User pqr should be allowed POP from IPADDR-1 > User B should be allowed IMAP from IPADDR-2 > User C should be allowed POP and IMAP from IPADDR-3 > > and so on. > > To achieve this below settings are done in /etc/pam.d/pop > > > cat /etc/pam.d/pop > auth required /lib/security/pam_ldap.so > account required /lib/security/pam_access.so debug > accessfile=/usr/local/etc/popaccess.conf > account required /lib/security/pam_ldap.so > > > cat /usr/local/etc/popaccess.conf > > +:pqr:192.168.2.66/32 > > OR > > -:pqr:ALL EXCEPT 192.168.2.66/32 > > > But this does not see to be working as it is not yielding desired effect > even after restarting saslauthd and cyrus.. > > > Kindly guide me through.. > > regards > Ashay > -------------------------------------------------------------------------------- M.Menge Tel.: (49) 7071/29-70316 Universitaet Tuebingen Fax.: (49) 7071/29-5912 Zentrum fuer Datenverarbeitung mail: michael.menge at zdv.uni-tuebingen.de Waechterstrasse 76 72074 Tuebingen From chitnis.ashay at gmail.com Mon Jun 16 15:33:01 2008 From: chitnis.ashay at gmail.com (Ashay Chitnis) Date: Tue, 17 Jun 2008 01:03:01 +0530 Subject: pam pop issue In-Reply-To: <20080616211633.6ru0br6k2s0gco0g@webmail.uni-tuebingen.de> References: <20080616211633.6ru0br6k2s0gco0g@webmail.uni-tuebingen.de> Message-ID: On Tue, Jun 17, 2008 at 12:46 AM, Michael Menge < michael.menge at zdv.uni-tuebingen.de> wrote: > Hi, > > sasl does not pass the IP-Address to pam. > Exactly!!!!! This is what is happening i guess... coz it takes "ALL" as the token but doesnt react on IP addresses.. any guess how i can MAKE it work?? Any link on this?? regards, Ashay. > > > > Quoting Ashay Chitnis : > > > Dear All, > > > > I need to access pop and imap on user based IP level restrictions. I > found > > pam to be best suited for this service level restriction. The restriction > > will be as below. > > > > User pqr should be allowed POP from IPADDR-1 > > User B should be allowed IMAP from IPADDR-2 > > User C should be allowed POP and IMAP from IPADDR-3 > > > > and so on. > > > > To achieve this below settings are done in /etc/pam.d/pop > > > > > > cat /etc/pam.d/pop > > auth required /lib/security/pam_ldap.so > > account required /lib/security/pam_access.so debug > > accessfile=/usr/local/etc/popaccess.conf > > account required /lib/security/pam_ldap.so > > > > > > cat /usr/local/etc/popaccess.conf > > > > +:pqr:192.168.2.66/32 > > > > OR > > > > -:pqr:ALL EXCEPT 192.168.2.66/32 > > > > > > But this does not see to be working as it is not yielding desired effect > > even after restarting saslauthd and cyrus.. > > > > > > Kindly guide me through.. > > > > regards > > Ashay > > > > > > > -------------------------------------------------------------------------------- > M.Menge Tel.: (49) 7071/29-70316 > Universitaet Tuebingen Fax.: (49) 7071/29-5912 > Zentrum fuer Datenverarbeitung mail: > michael.menge at zdv.uni-tuebingen.de > Waechterstrasse 76 > 72074 Tuebingen > > ---- > Cyrus Home Page: http://cyrusimap.web.cmu.edu/ > Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20080617/80e12a8a/attachment.html From kae at midnighthax.com Mon Jun 16 17:32:05 2008 From: kae at midnighthax.com (Keith Edmunds) Date: Mon, 16 Jun 2008 22:32:05 +0100 Subject: Not all mailboxes listed when migrating to new server In-Reply-To: <20080527183213.5c7b9a19@ws.in.tiger-computing.com> References: <20080527183213.5c7b9a19@ws.in.tiger-computing.com> Message-ID: <20080616223205.5e896206@ws.in.tiger-computing.com> Thanks for all the suggestions. In the end, I took a scratch server, installed Cyrus on it and was able to import the mailbox dump file without any problem. On the server I was having the problems with, I reinstalled Linux and Cyrus, and imported the mailboxes just fine. I've no idea what was going wrong before(!). Keith From aspineux at gmail.com Mon Jun 16 18:50:55 2008 From: aspineux at gmail.com (Alain Spineux) Date: Tue, 17 Jun 2008 00:50:55 +0200 Subject: pam pop issue In-Reply-To: References: Message-ID: <71fe4e760806161550n3f540af9g5b1d8be2f285f3f1@mail.gmail.com> On Mon, Jun 16, 2008 at 7:19 PM, Ashay Chitnis wrote: > Dear All, > > I need to access pop and imap on user based IP level restrictions. I found > pam to be best suited for this service level restriction. The restriction > will be as below. > > User pqr should be allowed POP from IPADDR-1 > User B should be allowed IMAP from IPADDR-2 > User C should be allowed POP and IMAP from IPADDR-3 > > and so on. > > To achieve this below settings are done in /etc/pam.d/pop If you dont find the solution with pam, look a this http://wiki.codemongers.com/NginxImapCoreModule install nginx and wrote a peace of code to handle your need. > > > cat /etc/pam.d/pop > auth required /lib/security/pam_ldap.so > account required /lib/security/pam_access.so debug > accessfile=/usr/local/etc/popaccess.conf > account required /lib/security/pam_ldap.so > > > cat /usr/local/etc/popaccess.conf > > +:pqr:192.168.2.66/32 > > OR > > -:pqr:ALL EXCEPT 192.168.2.66/32 > > > But this does not see to be working as it is not yielding desired effect > even after restarting saslauthd and cyrus.. > > > Kindly guide me through.. > > regards > Ashay > > > > > > > > > > > > > ---- > Cyrus Home Page: http://cyrusimap.web.cmu.edu/ > Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html > -- Alain Spineux aspineux gmail com May the sources be with you From morgan at orst.edu Mon Jun 16 19:07:52 2008 From: morgan at orst.edu (Andrew Morgan) Date: Mon, 16 Jun 2008 16:07:52 -0700 (PDT) Subject: mupdate TLS Message-ID: Does the mupdate process in a Cyrus murder actually use TLS? The 'mupdatetest' binary doesn't seem to support it. The --help doesn't list TLS as an option, and if I use "-t ''", it just hangs during TLS negotiation. It seems like it should work because mupdated lists STARTTLS in the capability string, but none of the hosts in my Cyrus murder try to use TLS as far as I can tell. Andy From wes at umich.edu Mon Jun 16 20:50:18 2008 From: wes at umich.edu (Wesley Craig) Date: Mon, 16 Jun 2008 20:50:18 -0400 Subject: mupdate TLS In-Reply-To: References: Message-ID: On 16 Jun 2008, at 19:07, Andrew Morgan wrote: > Does the mupdate process in a Cyrus murder actually use TLS? Almost certainly. mupdate_connect devolves to backend_connect, the same routine that cyrus routinely uses throughout for proxy connections. Also, the mupdate server pays attention to the "allowplaintext" configuration, so if you're not using TLS and aren't permitting plaintest, passwords don't work. Are you using GSSAPI? > The 'mupdatetest' binary doesn't seem to support it. The --help > doesn't > list TLS as an option, and if I use "-t ''", it just hangs during TLS > negotiation. I see that imtest / mupdatetest specifically doesn't mention -t wrt mupdate. But imtest's TLS support is pretty broken, AFAIK. In particular, there's not way at all to set a CA location. In any case, mupdatetest -t "" does in fact work for me, tho it gives errors about self-signed certificates. With no CA, self-signed certs are kind of a given. > It seems like it should work because mupdated lists STARTTLS in the > capability string, but none of the hosts in my Cyrus murder try to > use TLS > as far as I can tell. If you don't want them to, don't configure certificates for your mupdate master. Personally, I'm using GSSAPI everywhere, so I prefer not to have certificates configured where they aren't going to provide me with much (if any) benefit. If you do configure them, they are used. :wes From satimis at yahoo.com Mon Jun 16 20:51:29 2008 From: satimis at yahoo.com (Stephen Liu) Date: Tue, 17 Jun 2008 08:51:29 +0800 (CST) Subject: (SOLVED) Re: Problem on creating users account and their mail boxes In-Reply-To: <71fe4e760806160236r110eaa41xbaadd19a1cecd7f0@mail.gmail.com> Message-ID: <875437.18699.qm@web35202.mail.mud.yahoo.com> --- Alain Spineux wrote: > > I don't think I need unixhierarchysep. Neither I have a full > > understanding of its function. > > > > "unixhierarchysep" is usefull to have allow dot into mailbox name. Hi Alain, Whether you meant; INBOX INBOX.Drafts "INBOX.Sent Items" INBOX.friends INBOX.work INBOX.work.aaa user.aaa user.aaa.stuff etc. ??? Thanks B.R. Stephen Send instant messages to your online friends http://uk.messenger.yahoo.com From aspineux at gmail.com Mon Jun 16 20:57:46 2008 From: aspineux at gmail.com (Alain Spineux) Date: Tue, 17 Jun 2008 02:57:46 +0200 Subject: (SOLVED) Re: Problem on creating users account and their mail boxes In-Reply-To: <875437.18699.qm@web35202.mail.mud.yahoo.com> References: <71fe4e760806160236r110eaa41xbaadd19a1cecd7f0@mail.gmail.com> <875437.18699.qm@web35202.mail.mud.yahoo.com> Message-ID: <71fe4e760806161757y3466e977va22e89508639260c@mail.gmail.com> On Tue, Jun 17, 2008 at 2:51 AM, Stephen Liu wrote: > > --- Alain Spineux wrote: > > >> > I don't think I need unixhierarchysep. Neither I have a full >> > understanding of its function. >> > >> >> "unixhierarchysep" is usefull to have allow dot into mailbox name. > > > Hi Alain, > > > Whether you meant; > > > INBOX > INBOX.Drafts > "INBOX.Sent Items" > INBOX.friends > INBOX.work > INBOX.work.aaa > user.aaa > user.aaa.stuff > etc. > > ??? rather user/stephen.liu user/stephen.liu/Drafts user/stephen.liu/Sent Items .... user/someone.else .... > > > Thanks > > > B.R. > Stephen > > > Send instant messages to your online friends http://uk.messenger.yahoo.com > ---- > Cyrus Home Page: http://cyrusimap.web.cmu.edu/ > Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html > -- Alain Spineux aspineux gmail com May the sources be with you From mills at cc.umanitoba.ca Mon Jun 16 21:39:05 2008 From: mills at cc.umanitoba.ca (Gary Mills) Date: Mon, 16 Jun 2008 20:39:05 -0500 Subject: Is skiplist dependant on byte order? In-Reply-To: <1213618727.32408.1258676297@webmail.messagingengine.com> References: <20080616013847.GA2714@cc.umanitoba.ca> <257B89E1-EF7D-43E0-A081-CF85DDE78E87@yazzy.org> <1213618727.32408.1258676297@webmail.messagingengine.com> Message-ID: <20080617013905.GA1284@cc.umanitoba.ca> On Mon, Jun 16, 2008 at 10:18:47PM +1000, Bron Gondwana wrote: > > On Mon, 16 Jun 2008 03:29:25 -0700, "Scott Likens" said: > > I'm going to take a shot in the dark, > > > > BIG Endian vs. Little Endian? > > Skiplist has had quite a lot of care taken to use network order for > all values. I don't _believe_ there are any issues. Perhaps I had an older version, or I didn't do it quite correctly. > > Unfortunately I do believe bdb databases do care if it was big or > > little... and going from Sparc (BIG) to x86 (little)... > > > > Would not work very well :( > > Yeah - they are pretty version and system specific. I would always > dump BDB databases for a transfer. Certainly crossing architectures. Yes, I omitted those from my original message because I also did a version upgrade on BDB; I expected problems there. Fortunately, they were all empty on my murder front end, so I just deleted them after my test on mailboxes.db. > > I am going to guess that a reconstruct may not be a bad idea, your > > seen databases may or may not work, and pretty much guess that any and > > all databases related to Cyrus will need to be re-worked... I'm sure > > someone like Bron (fastmail.fm) might have something already whipped > > up for this. > > Seen should be in /var/imap/user > > ... I would check on sieve (it is compiled also) ... (/var/imap/sieve?) > > Yeah, recompiling your sieve files doesn't sound like a bad idea at all. There are no mailboxes on my murder front end, so these shouldn't exist either. I'm not upgrading the back end this time around. > > then the /var/spool/imap/a/user/.. and you can more then likely just > > do a reconstruct -rf and be fine... > > That's a serious amount of IO. All the index and cache files are > supposed to be endian-clean as well. It's all htonl and ntohl everywhere. Again, these shouldn't exist on the front end. > > On Jun 15, 2008, at 6:38 PM, Gary Mills wrote: > > (there's more below) > > > > I recently upgraded a murder front end server from Solaris 9 SPARC to > > > Solaris 10 x86 by copying the /imap directory. I did dump the > > > mailboxes database before the copy. It's a skiplist database. I'm > > > running cyrus-imapd-2.3.8 on both systems. As a test, I first checked > > > on the mailboxes database like this: > > > > > > # su cyrus -c ksh > > > # /usr/local/cyrus/bin/ctl_mboxlist -d | wc -l > > > 0 > > Do you have cyr_dbtool in that version? I can't remember when it got > take upstream. dbtool is nice because it dumps all the cyrus databases, > not just the mailboxes.db. I don't believe so. > > > This message appeared in the log: > > > > > > Jun 11 16:24:43 setup01 ctl_mboxlist[14082]: [ID 864961 > > > local6.crit] DBERROR: critical database situation > > That sounds like BDB to me. Are you running BDB mailboxes.db? That would > certainly explain it. The mailboxes database certainly is skiplist, but perhaps there was some other involved as well. I actually got two messages. They do sound like BDB errors: Jun 11 16:24:43 setup01 ctl_mboxlist[14082]: [ID 866726 local6.warning] DBERROR db4: PANIC: fatal region error detected; run recovery Jun 11 16:24:43 setup01 ctl_mboxlist[14082]: [ID 864961 local6.crit] DBERROR: critical database situation > > > After I reloaded it, I got the correct output: > > > > > > # /usr/local/cyrus/bin/ctl_mboxlist -u < mailboxes.txt > > > # /usr/local/cyrus/bin/ctl_mboxlist -d | wc -l > > > 77 These commands generated four log messages. I renamed and recreated the `db' directory before running them, and of course renamed `mailboxes.db'. Jun 11 16:29:34 setup01 ctl_mboxlist[14091]: [ID 143423 local6.error] DBERROR: reading /imap/conf/db/skipstamp, assuming the worst: No such file or directory Jun 11 16:29:35 setup01 ctl_mboxlist[14091]: [ID 275131 local6.notice] skiplist: recovered /imap/conf/mailboxes.db (0 records, 144 bytes) in 0 seconds Jun 11 16:29:57 setup01 ctl_mboxlist[14093]: [ID 143423 local6.error] DBERROR: reading /imap/conf/db/skipstamp, assuming the worst: No such file or directory Jun 11 16:29:57 setup01 ctl_mboxlist[14093]: [ID 275131 local6.notice] skiplist: recovered /imap/conf/mailboxes.db (77 records, 8460 bytes) in 0 seconds > > > I'm assuming that skiplist is dependant on the machine's byte order, > > > and that a dump and reload is necessary in this case. > > No, it really shouldn't matter. One of the good things about the skiplist > design. There are other bits that aren't so good - but the byte order > part is nice. I'm not clear which parts of the `db' directory are associated with skiplist databases and which with BDB databases. > > > Are there any other databases that I should also dump and reload? As > > > far as I can tell, the annotation_db, duplicate_db, and tlscache_db > > > are empty and can simply be removed. Are there any others on a murder > > > front end that I've missed? Where do they reside? > > Yeah, we nuke all those on restart. duplicate_db is the most interesting > of that lot - but not a giant concern. It will cause vacation messages to > be repeated, and duplicate messageids to be delivered if it's gone - that's > about all. For a once-off I wouldn't be at all concerned. > > mailboxes.db really is the big one. Anything else with berkeley named in it > that's either in your imapd.conf or defaulted that way in lib/imapoptions. Thanks. Upgrade of the production front end is looking easier. -- -Gary Mills- -Unix Support- -U of M Academic Computing and Networking- From mills at cc.umanitoba.ca Tue Jun 17 08:44:53 2008 From: mills at cc.umanitoba.ca (Gary Mills) Date: Tue, 17 Jun 2008 07:44:53 -0500 Subject: pam pop issue In-Reply-To: References: <20080616183921.GA15084@cc.umanitoba.ca> Message-ID: <20080617124453.GA3768@cc.umanitoba.ca> On Tue, Jun 17, 2008 at 02:32:46PM +0530, Ashay Chitnis wrote: > > On Tue, Jun 17, 2008 at 12:09 AM, Gary Mills > <[1]mills at cc.umanitoba.ca> wrote: > > Gary, thanks for your help. > I have had one sleepless night trying to read out the sasl manuals > from SUN :). > > the pam_acct_mgmt() call must be removed from saslauthd/auth_pam.c > and > added to lib/server.c instead. > > can you elaborate more on how you have acheived it? By modifying the SASL source and recompiling it. I can post my patches if anyone else is interested. > first the item > passed by sasl is the service name (pop) and not the remote network ip > and this is compared with the actual IP address. > pam_get_item should be getting the IP address and passing it to pam > NOT the service name.. As others have mentioned, the information stored in the PAM handle depends on the application. Many different types are possible, but the application has to store the data to make it available to the PAM module. PAM_RHOST, the remote host name, would be the one that interests you. That information is not always present. For cyrus and sasl, it appears not to be present. I haven't confirmed this. > I have checked its works beautifully in sshd. Now i need to find a way > to work it in sasl for pop imap service. -- -Gary Mills- -Unix Support- -U of M Academic Computing and Networking- From shwaltz at cabm.rutgers.edu Tue Jun 17 09:25:33 2008 From: shwaltz at cabm.rutgers.edu (Shelley Waltz) Date: Tue, 17 Jun 2008 09:25:33 -0400 (EDT) Subject: Seen database issue Message-ID: <42144.192.76.178.13.1213709133.squirrel@webmail.cabm.rutgers.edu> I am migrating my users from cyrus-imapd-2.2.3-4 to cyrus-imapd-2.3.7-2 Moving the /var/spool/imap directories, and /var/lib/user/{}.seen files to the new server and reconstructing works fine except that all the mail shows up as "not read" on the new sever. The username.seen on both servers is skiplist. What do I need to do to have the seen preserved in the migration? No issues were mentioned in the upgrade documentation regarding a migration from 2.2 to 2.3 and skiplist. Any help is appreciated. thanks S From chitnis.ashay at gmail.com Tue Jun 17 09:27:03 2008 From: chitnis.ashay at gmail.com (Ashay Chitnis) Date: Tue, 17 Jun 2008 18:57:03 +0530 Subject: pam pop issue In-Reply-To: <20080617124453.GA3768@cc.umanitoba.ca> References: <20080616183921.GA15084@cc.umanitoba.ca> <20080617124453.GA3768@cc.umanitoba.ca> Message-ID: On Tue, Jun 17, 2008 at 6:14 PM, Gary Mills wrote: > On Tue, Jun 17, 2008 at 02:32:46PM +0530, Ashay Chitnis wrote: > > > > On Tue, Jun 17, 2008 at 12:09 AM, Gary Mills > > <[1]mills at cc.umanitoba.ca> wrote: > > > > Gary, thanks for your help. > > I have had one sleepless night trying to read out the sasl manuals > > from SUN :). > > > > the pam_acct_mgmt() call must be removed from saslauthd/auth_pam.c > > and > > added to lib/server.c instead. > > > > can you elaborate more on how you have acheived it? > > By modifying the SASL source and recompiling it. I can post my patches > if anyone else is interested. Can you paste you code if poss?? > > > > first the item > > passed by sasl is the service name (pop) and not the remote network ip > > and this is compared with the actual IP address. > > pam_get_item should be getting the IP address and passing it to pam > > NOT the service name.. > > As others have mentioned, the information stored in the PAM handle > depends on the application. Many different types are possible, but > the application has to store the data to make it available to the > PAM module. PAM_RHOST, the remote host name, would be the one that > interests you. That information is not always present. For cyrus > and sasl, it appears not to be present. I haven't confirmed this. > There is a variable defined for ipremoteport in server.c but result = _sasl_conn_init(*pconn, service, flags, SASL_CONN_SERVER, &server_idle, serverFQDN, iplocalport, *ipremoteport,* callbacks, &global_callbacks); But this is unused i guess. > > I have checked its works beautifully in sshd. Now i need to find a way > > to work it in sasl for pop imap service. > > -- > -Gary Mills- -Unix Support- -U of M Academic Computing and > Networking- > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20080617/42a03ee3/attachment-0001.html From cyrus at sylconia.nl Tue Jun 17 09:30:10 2008 From: cyrus at sylconia.nl (cyrus @ Sylconia) Date: Tue, 17 Jun 2008 15:30:10 +0200 Subject: murder authentication frontend -> backend problem In-Reply-To: <48561CF6.8040105@sylconia.nl> References: <48513600.1030901@sylconia.nl> <485159B1.9090904@sylconia.nl> <485220CE.2080803@sylconia.nl> <4853868D.6040900@sylconia.nl> <48538CF1.60401@sylconia.nl> <48561CF6.8040105@sylconia.nl> Message-ID: <4857BC62.8070701@sylconia.nl> Hello Andrew, i solved my problem added mupdate_admins: murder cyrus to the imapd.conf on the update server and frontends and now the frontend -> backend connection is workin fine. Regards Constan cyrus @ Sylconia schreef: > Hello Andrew, > > thank you for your suggestions and time. > Does anyone else have tips on this e-mail list. In the meantime > installed version 2.3.7 still the same problem > > Regards > Constan > > > Andrew Morgan schreef: >> On Sat, 14 Jun 2008, Constan @ Sylconia.nl wrote: >> >>> hello Andrew, >>> >>> does this thread help me >>> http://www.irbs.net/internet/info-cyrus/0401/0578.html because i >>> assume the proxyd and pop3d are the problem here >>> >>> although i am running version 2.2 >> >> That shouldn't be a problem in v2.2, but I'm out of ideas at this >> point. Maybe you should send another message to the mailing list? >> >> Andy > From shwaltz at cabm.rutgers.edu Tue Jun 17 12:00:54 2008 From: shwaltz at cabm.rutgers.edu (Shelley Waltz) Date: Tue, 17 Jun 2008 12:00:54 -0400 (EDT) Subject: Seen database issue In-Reply-To: <42144.192.76.178.13.1213709133.squirrel@webmail.cabm.rutgers.edu> References: <42144.192.76.178.13.1213709133.squirrel@webmail.cabm.rutgers.edu> Message-ID: <51731.192.76.178.13.1213718454.squirrel@webmail.cabm.rutgers.edu> The architecture of the old server is intel 32bit RHEL3 and the new server is intel 32bit RHEL5. Any suggestions on what may be wrong is appreciated as this is the only issue I have in the transition and I need to move a large number of users to the new server without losing the seen information. I tried converting the skiplist db on the old server to various formats - berkeley flat and then back to skiplist on the new server, but the messages on the new server still all come up as not seen. thanks much S Shelley Waltz said: > I am migrating my users from cyrus-imapd-2.2.3-4 to cyrus-imapd-2.3.7-2 > > Moving the /var/spool/imap directories, and /var/lib/user/{}.seen > files to the new server and reconstructing works fine except that all the > mail shows up as "not read" on the new sever. > > The username.seen on both servers is skiplist. What do I need to do to > have the seen preserved in the migration? > > No issues were mentioned in the upgrade documentation regarding a > migration > from 2.2 to 2.3 and skiplist. Any help is appreciated. > thanks S > ---- > Cyrus Home Page: http://cyrusimap.web.cmu.edu/ > Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html > { Shelley Waltz Center for Advanced Biotechnology and Medicine Rutgers University / UMDNJ 679 Hoes Lane Piscataway, NJ 08854-5638 732 235 3346 }; From morgan at orst.edu Tue Jun 17 12:20:20 2008 From: morgan at orst.edu (Andrew Morgan) Date: Tue, 17 Jun 2008 09:20:20 -0700 (PDT) Subject: mupdate TLS In-Reply-To: References: Message-ID: On Mon, 16 Jun 2008, Wesley Craig wrote: > On 16 Jun 2008, at 19:07, Andrew Morgan wrote: >> Does the mupdate process in a Cyrus murder actually use TLS? > > Almost certainly. mupdate_connect devolves to backend_connect, the same > routine that cyrus routinely uses throughout for proxy connections. Also, > the mupdate server pays attention to the "allowplaintext" configuration, so > if you're not using TLS and aren't permitting plaintest, passwords don't > work. Are you using GSSAPI? > >> The 'mupdatetest' binary doesn't seem to support it. The --help doesn't >> list TLS as an option, and if I use "-t ''", it just hangs during TLS >> negotiation. > > I see that imtest / mupdatetest specifically doesn't mention -t wrt mupdate. > But imtest's TLS support is pretty broken, AFAIK. In particular, there's not > way at all to set a CA location. In any case, mupdatetest -t "" does in fact > work for me, tho it gives errors about self-signed certificates. With no CA, > self-signed certs are kind of a given. > >> It seems like it should work because mupdated lists STARTTLS in the >> capability string, but none of the hosts in my Cyrus murder try to use TLS >> as far as I can tell. > > If you don't want them to, don't configure certificates for your mupdate > master. Personally, I'm using GSSAPI everywhere, so I prefer not to have > certificates configured where they aren't going to provide me with much (if > any) benefit. If you do configure them, they are used. Thanks Wes. It seems that I had the permissions wrong on my private key so mupdate was unable to use TLS. Now I think I need to restart mupdate to get it working properly... Andy From aspineux at gmail.com Tue Jun 17 12:22:49 2008 From: aspineux at gmail.com (Alain Spineux) Date: Tue, 17 Jun 2008 18:22:49 +0200 Subject: Seen database issue In-Reply-To: <51731.192.76.178.13.1213718454.squirrel@webmail.cabm.rutgers.edu> References: <42144.192.76.178.13.1213709133.squirrel@webmail.cabm.rutgers.edu> <51731.192.76.178.13.1213718454.squirrel@webmail.cabm.rutgers.edu> Message-ID: <71fe4e760806170922t69d4daadhc327ce37f8d64328@mail.gmail.com> On Tue, Jun 17, 2008 at 6:00 PM, Shelley Waltz wrote: > The architecture of the old server is intel 32bit RHEL3 and the new server > is intel 32bit RHEL5. Any suggestions on what may be wrong is appreciated > as this is the only issue I have in the transition and I need to move a > large number of users to the new server without losing the seen > information. > > I tried converting the skiplist db on the old server to various formats - > berkeley flat and then back to skiplist on the new server, but the > messages on the new server still all come up as not seen. > thanks much S > > Shelley Waltz said: >> I am migrating my users from cyrus-imapd-2.2.3-4 to cyrus-imapd-2.3.7-2 >> >> Moving the /var/spool/imap directories, and /var/lib/user/{}.seen >> files to the new server and reconstructing works fine except that all the >> mail shows up as "not read" on the new sever. >> >> The username.seen on both servers is skiplist. What do I need to do to >> have the seen preserved in the migration? >> >> No issues were mentioned in the upgrade documentation regarding a >> migration >> from 2.2 to 2.3 and skiplist. Any help is appreciated. >> thanks S Do you have any error message ? Are you sure you have restored your seen file in the good place ? If you you create a completely new user, is the seen working then ? >> ---- >> Cyrus Home Page: http://cyrusimap.web.cmu.edu/ >> Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki >> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html >> > > > { Shelley Waltz > Center for Advanced Biotechnology and Medicine > Rutgers University / UMDNJ > 679 Hoes Lane > Piscataway, NJ 08854-5638 > 732 235 3346 }; > ---- > Cyrus Home Page: http://cyrusimap.web.cmu.edu/ > Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html > -- Alain Spineux aspineux gmail com May the sources be with you From shwaltz at cabm.rutgers.edu Tue Jun 17 18:40:26 2008 From: shwaltz at cabm.rutgers.edu (Shelley Waltz) Date: Tue, 17 Jun 2008 18:40:26 -0400 (EDT) Subject: Seen database issue In-Reply-To: <71fe4e760806170922t69d4daadhc327ce37f8d64328@mail.gmail.com> References: <42144.192.76.178.13.1213709133.squirrel@webmail.cabm.rutgers.edu> <51731.192.76.178.13.1213718454.squirrel@webmail.cabm.rutgers.edu> <71fe4e760806170922t69d4daadhc327ce37f8d64328@mail.gmail.com> Message-ID: <57135.98.221.136.138.1213742426.squirrel@webmail.cabm.rutgers.edu> Alain Spineux said: > On Tue, Jun 17, 2008 at 6:00 PM, Shelley Waltz > wrote: >> The architecture of the old server is intel 32bit RHEL3 and the new >> server >> is intel 32bit RHEL5. Any suggestions on what may be wrong is >> appreciated >> as this is the only issue I have in the transition and I need to move a >> large number of users to the new server without losing the seen >> information. >> >> I tried converting the skiplist db on the old server to various formats >> - >> berkeley flat and then back to skiplist on the new server, but the >> messages on the new server still all come up as not seen. >> thanks much S >> >> Shelley Waltz said: >>> I am migrating my users from cyrus-imapd-2.2.3-4 to cyrus-imapd-2.3.7-2 >>> >>> Moving the /var/spool/imap directories, and /var/lib/user/{}.seen >>> files to the new server and reconstructing works fine except that all >>> the >>> mail shows up as "not read" on the new sever. >>> >>> The username.seen on both servers is skiplist. What do I need to do to >>> have the seen preserved in the migration? >>> >>> No issues were mentioned in the upgrade documentation regarding a >>> migration >>> from 2.2 to 2.3 and skiplist. Any help is appreciated. >>> thanks S > > Do you have any error message ? > Are you sure you have restored your seen file in the good place ? > If you you create a completely new user, is the seen working then ? There are no error messages, just the usual messages at start-up regarding rebuilding the seen database - this is normal, yes? A new user seen database does work and I have restored the username.seen files to /var/lib/imap/user/{a-z}/ . If I change read a message, the seen database does change and does work. It is only that upon migrating the database from one host to the other that all the messages appear as not seen. ??????? what may cause the information to get lost? Is it the rebuild which happens when cyrus-imapd starts? Why does it rebuild? thanks S From robm at fastmail.fm Tue Jun 17 19:14:10 2008 From: robm at fastmail.fm (Rob Mueller) Date: Wed, 18 Jun 2008 09:14:10 +1000 Subject: Seen database issue References: <42144.192.76.178.13.1213709133.squirrel@webmail.cabm.rutgers.edu> Message-ID: <265601c8d0cf$dc6085a0$8700a8c0@robmhp> > Moving the /var/spool/imap directories, and /var/lib/user/{}.seen > files to the new server and reconstructing works fine except that all the > mail shows up as "not read" on the new sever. The seen state is keyed on the mailbox "uniqueid", so if that changes, the seen state becomes invalid. The mailbox uniqueid is based on the mailbox name + the uidvalidity value, which is itself based on the time the mailbox is created, or recreated due to a reconstruct. Now I thought reconstruct should preserve the mailbox uniqueid in most cases, but it's possible it's not if you're not copying all the data correctly. 1. Why are you reconstructing the mailboxes. If you copy all the right data, it should be fine without a reconstruct 2. How are you copying the data? Recommend using rsync -az which will preserve all the attributes + timestamps 3. Are you using split data/meta data? If so, are you copying the metadata as well? 4. What flags are you passing to reconstruct? Rob From brong at fastmail.fm Wed Jun 18 00:00:15 2008 From: brong at fastmail.fm (Bron Gondwana) Date: Wed, 18 Jun 2008 14:00:15 +1000 Subject: Linux kernel bug AMD64 - affects skiplists Message-ID: <20080618040015.GA6017@brong.net> I promised I'd have something to say about skiplists soon! (hi Rudy - hope you had a good time off, leaving me here to figure this out _all_by_myself_ ;) ) There's a bug in the linux kernel for amd64 builds only that breaks some skiplist files. Specifically, checkpointing a seen file with a long (greater than page size) list of seen data will cause corruption where it crosses the page break. The last 16-24 bytes will of the page will be NULLed out. You can read more about it in all its gory detail here: http://lkml.org/lkml/2008/6/17/9 Thanks Linus for the prompt (at least partial) fix. If you are running one of those kernels now, I recommend you either change the kernel version, or apply the patch Linus posted. I was going to suggest a little "magic" patch, but I've been unable to actually make it work in testing, so I won't do it! Bron. From simon.matter at invoca.ch Wed Jun 18 02:23:00 2008 From: simon.matter at invoca.ch (Simon Matter) Date: Wed, 18 Jun 2008 08:23:00 +0200 (CEST) Subject: Seen database issue In-Reply-To: <265601c8d0cf$dc6085a0$8700a8c0@robmhp> References: <42144.192.76.178.13.1213709133.squirrel@webmail.cabm.rutgers.edu> <265601c8d0cf$dc6085a0$8700a8c0@robmhp> Message-ID: <872ad9b82a7bc2c0bb2b7c1cc6a69e74.squirrel@webmail.bi.corp.invoca.ch> > >> Moving the /var/spool/imap directories, and /var/lib/user/{}.seen >> files to the new server and reconstructing works fine except that all >> the >> mail shows up as "not read" on the new sever. > > The seen state is keyed on the mailbox "uniqueid", so if that changes, the > seen state becomes invalid. > > The mailbox uniqueid is based on the mailbox name + the uidvalidity value, > which is itself based on the time the mailbox is created, or recreated due > to a reconstruct. > > Now I thought reconstruct should preserve the mailbox uniqueid in most > cases, but it's possible it's not if you're not copying all the data > correctly. > > 1. Why are you reconstructing the mailboxes. If you copy all the right > data, > it should be fine without a reconstruct > 2. How are you copying the data? Recommend using rsync -az which will > preserve all the attributes + timestamps I recommend adding -H here when using single instance store. > 3. Are you using split data/meta data? If so, are you copying the metadata > as well? > 4. What flags are you passing to reconstruct? I can only second what Rob says. I have migrated several servers ranging from RedHat 7.2 to RHEL5 and doing constant Cyrus-IMAPd updates on them since the 2.1 days and never lost seen. Looks like copying only part of metadata is going to get you in trouble. A word about database rebuilds the Cyrus-IMAPd starts. There are two things: 1) Skiplist DB's are recovered whenever a DB is opened the first time after Cyrus-IMAPd was started. 2) My RPM's (Invoca) care to convert all DB's to the correct version on startup and also convert all BDB's to Skiplist on shutdown to prevent problems when migrating to a server with other BDB version. You seem to use the cyrus-imapd RPMs shipped with RHEL5 which are based on a old version of the Invoca RPMs. Simon From marcus at better.se Wed Jun 18 05:46:54 2008 From: marcus at better.se (Marcus Better) Date: Wed, 18 Jun 2008 11:46:54 +0200 Subject: SASL authentication problem with virtdomain Message-ID: <200806181146.58563.marcus@better.se> Hi, I noticed a strange effect when authenticating to Cyrus IMAP with DIGEST-MD5 in a virtdomain scenario. The mail client tried to log in with "marcus at better.se", but this resulted in: Jun 18 09:06:25 imapper cyrus/imap[1656]: accepted connection Jun 18 09:06:25 imapper cyrus/imap[1656]: badlogin: [80.169.182.16] DIGEST-MD5 [SASL(-13):user not found: no secret in database] My imap.conf had defaultdomain: better.se loginrealms: better.se The "defaultdomain" turned out to be the problem. I changed it to something else, and suddely it starts working. The user is listed in the sasldb with the domain part. Is this intened behaviour? I am running Debian's cyrus-imapd-2.2 (2.2.13-10). Cheers, Marcus -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part. Url : http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20080618/abc0b3b4/attachment.bin From graylion at sm-wg.net Wed Jun 18 10:25:49 2008 From: graylion at sm-wg.net (Bernhard D Rohrer) Date: Wed, 18 Jun 2008 15:25:49 +0100 Subject: signalled to death by 7 Message-ID: <48591AED.90106@sm-wg.net> Hi guys i have one user who loops on login and the log looks like this: Jun 18 14:30:23 collab cyrus/master[10337]: about to exec /usr/lib/cyrus/bin/imapd Jun 18 14:30:23 collab cyrus/imap[10337]: executed Jun 18 14:30:23 collab cyrus/imap[10337]: accepted connection Jun 18 14:30:28 collab cyrus/imap[10337]: login: [208.50.83.133] klaus User logged in Jun 18 14:30:28 collab cyrus/master[5353]: process 10337 exited, signaled to death by 7 Jun 18 14:30:28 collab cyrus/master[5353]: service imap pid 10337 in BUSY state: terminated abnormally I have run reconstruct -r user.klaus but the problem persists :( any ideas? thanks Bernhard -- Graylion's Fetish & Fashion Store Goth and Kinky Boots, Clothing and Jewellery http://www.graylion.net From shwaltz at cabm.rutgers.edu Wed Jun 18 10:37:17 2008 From: shwaltz at cabm.rutgers.edu (Shelley Waltz) Date: Wed, 18 Jun 2008 10:37:17 -0400 (EDT) Subject: Seen database issue In-Reply-To: <265601c8d0cf$dc6085a0$8700a8c0@robmhp> References: <42144.192.76.178.13.1213709133.squirrel@webmail.cabm.rutgers.edu> <265601c8d0cf$dc6085a0$8700a8c0@robmhp> Message-ID: <60013.192.76.178.13.1213799837.squirrel@webmail.cabm.rutgers.edu> Rob Mueller said: > >> Moving the /var/spool/imap directories, and /var/lib/user/{}.seen >> files to the new server and reconstructing works fine except that all >> the >> mail shows up as "not read" on the new sever. > > The seen state is keyed on the mailbox "uniqueid", so if that changes, the > seen state becomes invalid. > > The mailbox uniqueid is based on the mailbox name + the uidvalidity value, > which is itself based on the time the mailbox is created, or recreated due > to a reconstruct. > > Now I thought reconstruct should preserve the mailbox uniqueid in most > cases, but it's possible it's not if you're not copying all the data > correctly. > > 1. Why are you reconstructing the mailboxes. If you copy all the right > data, > it should be fine without a reconstruct > 2. How are you copying the data? Recommend using rsync -az which will > preserve all the attributes + timestamps > 3. Are you using split data/meta data? If so, are you copying the metadata > as well? > 4. What flags are you passing to reconstruct? OK, thanks for the good information. I was using tar and scp to copy the /var/spool/imap/letter/user/username and /var/lib/imap/user/letter/username.seen from the old server to the new. I shutdown cyrus-imapd on the new server and used rsync -av to copy both the above and started cyrus-imapd and there were no messages regarding reconstruction of seen and the information was preserved. The messages now appear with the correct seen state. thanks much for everyone's help! S From shwaltz at cabm.rutgers.edu Wed Jun 18 10:40:06 2008 From: shwaltz at cabm.rutgers.edu (Shelley Waltz) Date: Wed, 18 Jun 2008 10:40:06 -0400 (EDT) Subject: Seen database issue In-Reply-To: <872ad9b82a7bc2c0bb2b7c1cc6a69e74.squirrel@webmail.bi.corp.invoca.ch> References: <42144.192.76.178.13.1213709133.squirrel@webmail.cabm.rutgers.edu> <265601c8d0cf$dc6085a0$8700a8c0@robmhp> <872ad9b82a7bc2c0bb2b7c1cc6a69e74.squirrel@webmail.bi.corp.invoca.ch> Message-ID: <41738.192.76.178.13.1213800006.squirrel@webmail.cabm.rutgers.edu> Simon Matter said: >> >>> Moving the /var/spool/imap directories, and /var/lib/user/{}.seen >>> files to the new server and reconstructing works fine except that all >>> the >>> mail shows up as "not read" on the new sever. >> >> The seen state is keyed on the mailbox "uniqueid", so if that changes, >> the >> seen state becomes invalid. >> >> The mailbox uniqueid is based on the mailbox name + the uidvalidity >> value, >> which is itself based on the time the mailbox is created, or recreated >> due >> to a reconstruct. >> >> Now I thought reconstruct should preserve the mailbox uniqueid in most >> cases, but it's possible it's not if you're not copying all the data >> correctly. >> >> 1. Why are you reconstructing the mailboxes. If you copy all the right >> data, >> it should be fine without a reconstruct >> 2. How are you copying the data? Recommend using rsync -az which will >> preserve all the attributes + timestamps > > I recommend adding -H here when using single instance store. > >> 3. Are you using split data/meta data? If so, are you copying the >> metadata >> as well? >> 4. What flags are you passing to reconstruct? > > I can only second what Rob says. I have migrated several servers ranging > from RedHat 7.2 to RHEL5 and doing constant Cyrus-IMAPd updates on them > since the 2.1 days and never lost seen. Looks like copying only part of > metadata is going to get you in trouble. > > A word about database rebuilds the Cyrus-IMAPd starts. There are two > things: > 1) Skiplist DB's are recovered whenever a DB is opened the first time > after Cyrus-IMAPd was started. > 2) My RPM's (Invoca) care to convert all DB's to the correct version on > startup and also convert all BDB's to Skiplist on shutdown to prevent > problems when migrating to a server with other BDB version. You seem to > use the cyrus-imapd RPMs shipped with RHEL5 which are based on a old > version of the Invoca RPMs. > > Simon Simon, is there a newer RHEL5 rpm available which I can use to upgrade from the standard RHEL5 distribution? Or must I remove and build/install from source? thanks S From simon.matter at invoca.ch Wed Jun 18 11:54:39 2008 From: simon.matter at invoca.ch (Simon Matter) Date: Wed, 18 Jun 2008 17:54:39 +0200 (CEST) Subject: Seen database issue In-Reply-To: <41738.192.76.178.13.1213800006.squirrel@webmail.cabm.rutgers.edu> References: <42144.192.76.178.13.1213709133.squirrel@webmail.cabm.rutgers.edu> <265601c8d0cf$dc6085a0$8700a8c0@robmhp> <872ad9b82a7bc2c0bb2b7c1cc6a69e74.squirrel@webmail.bi.corp.invoca.ch> <41738.192.76.178.13.1213800006.squirrel@webmail.cabm.rutgers.edu> Message-ID: > > Simon Matter said: >>> >>>> Moving the /var/spool/imap directories, and /var/lib/user/{}.seen >>>> files to the new server and reconstructing works fine except that all >>>> the >>>> mail shows up as "not read" on the new sever. >>> >>> The seen state is keyed on the mailbox "uniqueid", so if that changes, >>> the >>> seen state becomes invalid. >>> >>> The mailbox uniqueid is based on the mailbox name + the uidvalidity >>> value, >>> which is itself based on the time the mailbox is created, or recreated >>> due >>> to a reconstruct. >>> >>> Now I thought reconstruct should preserve the mailbox uniqueid in most >>> cases, but it's possible it's not if you're not copying all the data >>> correctly. >>> >>> 1. Why are you reconstructing the mailboxes. If you copy all the right >>> data, >>> it should be fine without a reconstruct >>> 2. How are you copying the data? Recommend using rsync -az which will >>> preserve all the attributes + timestamps >> >> I recommend adding -H here when using single instance store. >> >>> 3. Are you using split data/meta data? If so, are you copying the >>> metadata >>> as well? >>> 4. What flags are you passing to reconstruct? >> >> I can only second what Rob says. I have migrated several servers ranging >> from RedHat 7.2 to RHEL5 and doing constant Cyrus-IMAPd updates on them >> since the 2.1 days and never lost seen. Looks like copying only part of >> metadata is going to get you in trouble. >> >> A word about database rebuilds the Cyrus-IMAPd starts. There are two >> things: >> 1) Skiplist DB's are recovered whenever a DB is opened the first time >> after Cyrus-IMAPd was started. >> 2) My RPM's (Invoca) care to convert all DB's to the correct version on >> startup and also convert all BDB's to Skiplist on shutdown to prevent >> problems when migrating to a server with other BDB version. You seem to >> use the cyrus-imapd RPMs shipped with RHEL5 which are based on a old >> version of the Invoca RPMs. >> >> Simon > > Simon, is there a newer RHEL5 rpm available which I can use to upgrade > from the standard RHEL5 distribution? Or must I remove and build/install > from source? There is no newer version in the standard RHEL5 distribution so you have to rebuild from the source rpm yourself. The source rpm is here: http://www.invoca.ch/pub/packages/cyrus-imapd/ We do have binary rpms in our yum repositories for almost all RedHat distributions for i386 and x86_64 but they are not publicly available. Simon From morgan at orst.edu Wed Jun 18 12:39:58 2008 From: morgan at orst.edu (Andrew Morgan) Date: Wed, 18 Jun 2008 09:39:58 -0700 (PDT) Subject: signalled to death by 7 In-Reply-To: <48591AED.90106@sm-wg.net> References: <48591AED.90106@sm-wg.net> Message-ID: On Wed, 18 Jun 2008, Bernhard D Rohrer wrote: > Hi guys > > i have one user who loops on login and the log looks like this: > > Jun 18 14:30:23 collab cyrus/master[10337]: about to exec > /usr/lib/cyrus/bin/imapd > Jun 18 14:30:23 collab cyrus/imap[10337]: executed > Jun 18 14:30:23 collab cyrus/imap[10337]: accepted connection > Jun 18 14:30:28 collab cyrus/imap[10337]: login: [208.50.83.133] klaus > User logged in > Jun 18 14:30:28 collab cyrus/master[5353]: process 10337 exited, > signaled to death by 7 > Jun 18 14:30:28 collab cyrus/master[5353]: service imap pid 10337 in > BUSY state: terminated abnormally > > I have run reconstruct -r user.klaus but the problem persists :( Sometimes a corrupted seen file can trigger this behavior. Try removing the user's seen file to find out. Andy From niko at petole.dyndns.org Wed Jun 18 13:18:13 2008 From: niko at petole.dyndns.org (Nicolas KOWALSKI) Date: Wed, 18 Jun 2008 19:18:13 +0200 Subject: Seen database issue In-Reply-To: <265601c8d0cf$dc6085a0$8700a8c0@robmhp> References: <42144.192.76.178.13.1213709133.squirrel@webmail.cabm.rutgers.edu> <265601c8d0cf$dc6085a0$8700a8c0@robmhp> Message-ID: <20080618171813.GG2801@petole.dyndns.org> On Wed, Jun 18, 2008 at 09:14:10AM +1000, Rob Mueller wrote: > > 2. How are you copying the data? Recommend using rsync -az which will > preserve all the attributes + timestamps I would also recommend using the -H option to rsync: -H, --hard-links preserve hard links If a lot of messages are linked together, this will save space. -- Nicolas From brong at fastmail.fm Wed Jun 18 18:15:00 2008 From: brong at fastmail.fm (Bron Gondwana) Date: Thu, 19 Jun 2008 08:15:00 +1000 Subject: Linux kernel bug AMD64 - affects skiplists In-Reply-To: <1213823089.19628.1.camel@xtower.fri> References: <20080618040015.GA6017@brong.net> <1213823089.19628.1.camel@xtower.fri> Message-ID: <1213827300.30413.1259199221@webmail.messagingengine.com> On Wed, 18 Jun 2008 23:04:49 +0200, "<::Teresa_II::>" said: > У ср, 2008-06-18 у 14:00 +1000, Bron Gondwana пише: > > I promised I'd have something to say about skiplists soon! > > My cyrus runs on amd64 too, so does > http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=42a886af728c089df8da1b0017b0e7e6c81b5335 > > fix the problem ? Yes, it does. I haven't rolled it out to any production machines yet (just reverted back to the 2.6.20 series kernel that we were using before) - but I built a test kernel with it and confirmed the fix. Bron. -- Bron Gondwana brong at fastmail.fm From dkrawchuk at mts.net Wed Jun 18 22:23:22 2008 From: dkrawchuk at mts.net (Daniel Krawchuk) Date: Wed, 18 Jun 2008 21:23:22 -0500 Subject: Authentication problem In-Reply-To: <323027.79613.qm@web35207.mail.mud.yahoo.com> References: <323027.79613.qm@web35207.mail.mud.yahoo.com> Message-ID: <4859C31A.3080304@402a.garlies.ca> Stephen Liu wrote: > Hi Michael, > > >>> I have the feeling you should add this to your imapd.conf: >>> >>> sasl_mech_list: PLAIN >>> >> I miss AUTH=LOGIN and AUTH=PLAIN >> so "sasl_mech_list: PLAIN" will only cause that no auth mech >> will be available. > > > Performed following test; > > > $ sudo nano /etc/imapd.conf > adding; > AUTH=LOGIN > AUTH=PLAIN > > at the bottom. > > > $ imtest -m login -p imap -u satimiscyrus localhost > just hanging there. > > > Also tried uncomment the line; > sasl_mech_list: PLAIN > > > $ imtest -m login -p imap -u satimiscyrus localhost > S: * OK lampserver Cyrus IMAP4 v2.2.12-Debian-2.2.12-4ubuntu1 server > ready > C: C01 CAPABILITY > S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS > NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND > BINARY SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE > S: C01 OK Completed > Please enter your password: > C: L01 LOGIN satimis {12} > S: + go ahead > C: > S: L01 NO Login failed: generic failure > Authentication failed. generic failure > Security strength factor: 0 > > > Still the same result. > > > >> Maybe a sasl package is not installed/found >> ll /usr/lib/sasl2/ show for me >> >> lrwxrwxrwx 1 root root 22 2006-09-04 16:18 libanonymous.so -> >> libanonymous.so.2.0.21* >> lrwxrwxrwx 1 root root 22 2006-09-04 16:18 libanonymous.so.2 -> >> libanonymous.so.2.0.21* >> -rwxr-xr-x 1 root root 13216 2006-06-16 16:40 >> libanonymous.so.2.0.21* >> lrwxrwxrwx 1 root root 18 2006-09-04 16:18 liblogin.so -> >> liblogin.so.2.0.21* >> lrwxrwxrwx 1 root root 18 2006-09-04 16:18 liblogin.so.2 -> >> liblogin.so.2.0.21* >> -rwxr-xr-x 1 root root 13724 2006-06-16 16:41 liblogin.so.2.0.21* >> lrwxrwxrwx 1 root root 18 2006-09-04 16:21 libplain.so -> >> libplain.so.2.0.21* >> lrwxrwxrwx 1 root root 18 2006-09-04 16:21 libplain.so.2 -> >> libplain.so.2.0.21* >> -rwxr-xr-x 1 root root 14268 2006-06-16 16:40 libplain.so.2.0.21* >> lrwxrwxrwx 1 root root 19 2006-09-04 16:18 libsasldb.so -> >> libsasldb.so.2.0.21* >> lrwxrwxrwx 1 root root 19 2006-09-04 16:18 libsasldb.so.2 -> >> libsasldb.so.2.0.21* >> -rwxr-xr-x 1 root root 18316 2006-06-16 16:40 libsasldb.so.2.0.21* > > > $ ls -l /usr/lib/sasl2/ > total 500 > -rw-r--r-- 1 root root 19036 2006-04-24 19:38 libanonymous.a > -rw-r--r-- 1 root root 855 2006-04-24 19:38 libanonymous.la > lrwxrwxrwx 1 root root 22 2008-04-18 07:24 libanonymous.so -> > libanonymous.so.2.0.19 > lrwxrwxrwx 1 root root 22 2008-04-18 07:24 libanonymous.so.2 -> > libanonymous.so.2.0.19 > -rw-r--r-- 1 root root 15712 2006-04-24 19:38 libanonymous.so.2.0.19 > -rw-r--r-- 1 root root 21802 2006-04-24 19:38 libcrammd5.a > -rw-r--r-- 1 root root 841 2006-04-24 19:38 libcrammd5.la > lrwxrwxrwx 1 root root 20 2008-04-18 07:24 libcrammd5.so -> > libcrammd5.so.2.0.19 > lrwxrwxrwx 1 root root 20 2008-04-18 07:24 libcrammd5.so.2 -> > libcrammd5.so.2.0.19 > -rw-r--r-- 1 root root 19104 2006-04-24 19:38 libcrammd5.so.2.0.19 > -rw-r--r-- 1 root root 59792 2006-04-24 19:38 libdigestmd5.a > -rw-r--r-- 1 root root 864 2006-04-24 19:38 libdigestmd5.la > lrwxrwxrwx 1 root root 22 2008-04-18 07:24 libdigestmd5.so -> > libdigestmd5.so.2.0.19 > lrwxrwxrwx 1 root root 22 2008-04-18 07:24 libdigestmd5.so.2 -> > libdigestmd5.so.2.0.19 > -rw-r--r-- 1 root root 46336 2006-04-24 19:38 libdigestmd5.so.2.0.19 > -rw-r--r-- 1 root root 19262 2006-04-24 19:38 liblogin.a > -rw-r--r-- 1 root root 835 2006-04-24 19:38 liblogin.la > lrwxrwxrwx 1 root root 18 2008-04-18 07:24 liblogin.so -> > liblogin.so.2.0.19 > lrwxrwxrwx 1 root root 18 2008-04-18 07:24 liblogin.so.2 -> > liblogin.so.2.0.19 > -rw-r--r-- 1 root root 16352 2006-04-24 19:38 liblogin.so.2.0.19 > -rw-r--r-- 1 root root 38724 2006-04-24 19:38 libntlm.a > -rw-r--r-- 1 root root 829 2006-04-24 19:38 libntlm.la > lrwxrwxrwx 1 root root 17 2008-04-18 07:24 libntlm.so -> > libntlm.so.2.0.19 > lrwxrwxrwx 1 root root 17 2008-04-18 07:24 libntlm.so.2 -> > libntlm.so.2.0.19 > -rw-r--r-- 1 root root 32264 2006-04-24 19:38 libntlm.so.2.0.19 > -rw-r--r-- 1 root root 27142 2006-04-24 19:38 libotp.a > -rw-r--r-- 1 root root 829 2006-04-24 19:38 libotp.la > lrwxrwxrwx 1 root root 16 2008-04-18 07:24 libotp.so -> > libotp.so.2.0.19 > lrwxrwxrwx 1 root root 16 2008-04-18 07:24 libotp.so.2 -> > libotp.so.2.0.19 > -rw-r--r-- 1 root root 48856 2006-04-24 19:38 libotp.so.2.0.19 > -rw-r--r-- 1 root root 19342 2006-04-24 19:38 libplain.a > -rw-r--r-- 1 root root 835 2006-04-24 19:38 libplain.la > lrwxrwxrwx 1 root root 18 2008-04-18 07:24 libplain.so -> > libplain.so.2.0.19 > lrwxrwxrwx 1 root root 18 2008-04-18 07:24 libplain.so.2 -> > libplain.so.2.0.19 > -rw-r--r-- 1 root root 16384 2006-04-24 19:38 libplain.so.2.0.19 > -rw-r--r-- 1 root root 29164 2006-04-24 19:38 libsasldb.a > -rw-r--r-- 1 root root 856 2006-04-24 19:38 libsasldb.la > lrwxrwxrwx 1 root root 19 2008-04-18 07:24 libsasldb.so -> > libsasldb.so.2.0.19 > lrwxrwxrwx 1 root root 19 2008-04-18 07:24 libsasldb.so.2 -> > libsasldb.so.2.0.19 > -rw-r--r-- 1 root root 21288 2006-04-24 19:38 libsasldb.so.2.0.19 > * end * > > > B.R. > Stephen > > > Send instant messages to your online friends http://uk.messenger.yahoo.com > ---- > Cyrus Home Page: http://cyrusimap.web.cmu.edu/ > Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html If sasl_mech_list only has PLAIN in it then you can only use imtest -m plain because plain is the only mechanism that you are offering. Dan Krawchuk From l.schimmer at cgv.tugraz.at Sun Jun 22 15:42:38 2008 From: l.schimmer at cgv.tugraz.at (Lars Schimmer) Date: Sun, 22 Jun 2008 21:42:38 +0200 Subject: Quota >4GB, in which version? Message-ID: <485EAB2E.2020207@cgv.tugraz.at> Hi! Just a quick question: from which version on does cyrus support more than 4 GB quota? Thank you Lars Schimmer From chitnis.ashay at gmail.com Mon Jun 23 12:42:47 2008 From: chitnis.ashay at gmail.com (Ashay Chitnis) Date: Mon, 23 Jun 2008 22:12:47 +0530 Subject: second instance of cyrus imapd should obey /etc/pam.d/imapnew Message-ID: Hi guys, Here is my query. I have cyrus-imapd (with cyrus-sasl)which runs on 143 and 110. I want to have user level restrictions on my 143 port.. I have generated two instances on imapd one on 143 and other on 5122 ports. SERVICES { # add or remove based on preferences imap cmd="imapd" listen="imap" prefork=5 #imaps cmd="imapd -s" listen="imaps" prefork=1 pop3 cmd="pop3d" listen="pop3" prefork=3 #pop3s cmd="pop3d -s" listen="pop3s" prefork=1 sieve cmd="timsieved" listen="sieve" prefork=0 #Added by Ashay * imapnew cmd="imapd" listen="imapnew" prefork=5* etc...... } now i want one imap on 143 to obey /etc/pam.d/imap and other imapnew (5122) instance to obey /etc/pam.d/imapnew can anyone tell me how this is possible? my /etc/pam.d/imap file: * cat /etc/pam.d/imap auth required /lib/security/pam_ldap.so auth required /lib/security/pam_listfile.so item=user sense=allow file=/usr/local/etc/imapallow onerr=fail account required /lib/security/pam_ldap.so* my /etc/pam.d/imapnew file: * cat /etc/pam.d/imapnew auth sufficient /lib/security/pam_ldap.so account sufficient /lib/security/pam_ldap.so* can anyone suggest how to achieve this? is there any PAM_SERVICE=imapnew parameter i can pass?? regards, Ashay -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20080623/c3c2ac6f/attachment.html From blake at ispn.net Mon Jun 23 12:46:09 2008 From: blake at ispn.net (Blake Hudson) Date: Mon, 23 Jun 2008 11:46:09 -0500 Subject: Quota >4GB, in which version? In-Reply-To: <485EAB2E.2020207@cgv.tugraz.at> References: <485EAB2E.2020207@cgv.tugraz.at> Message-ID: <485FD351.3060100@ispn.net> I believe you'll need 2.3.x for that. --Blake -------- Original Message -------- Subject: Quota >4GB, in which version? From: Lars Schimmer To: info-cyrus at lists.andrew.cmu.edu Date: Sunday, June 22, 2008 2:42:38 PM > Hi! > > Just a quick question: from which version on does cyrus support more > than 4 GB quota? > > Thank you > Lars Schimmer > ---- > Cyrus Home Page: http://cyrusimap.web.cmu.edu/ > Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html > From shwaltz at cabm.rutgers.edu Mon Jun 23 13:08:51 2008 From: shwaltz at cabm.rutgers.edu (Shelley Waltz) Date: Mon, 23 Jun 2008 13:08:51 -0400 (EDT) Subject: DBERROR - how do I recover? Message-ID: <43374.192.76.178.13.1214240931.squirrel@webmailnew.cabm.rutgers.edu> I just restarted my cyrus-imapd 2.2 and got a DBERROR. I removed the duplicate db since the error persisted and this has worked in the past. I am still in trouble on my production system - help Jun 23 12:57:34 chipmunk lmtpunix[4948]: DBERROR db4: fatal region error detected; run recovery Jun 23 12:57:34 chipmunk lmtpunix[4948]: DBERROR: dbenv->open '/var/lib/imap/db' failed: DB_RUNRECOVERY: Fatal error, run database recovery Jun 23 12:57:34 chipmunk lmtpunix[4948]: DBERROR: init() on berkeley Jun 23 12:57:34 chipmunk lmtpunix[4948]: executed Jun 23 12:57:34 chipmunk lmtpunix[4948]: DBERROR db4: environment not yet opened Jun 23 12:57:34 chipmunk lmtpunix[4948]: DBERROR: opening /var/lib/imap/deliver.db: Invalid argument Jun 23 12:57:34 chipmunk lmtpunix[4948]: DBERROR: opening /var/lib/imap/deliver.db: cyrusdb error Jun 23 12:57:34 chipmunk lmtpunix[4948]: FATAL: lmtpd: unable to init duplicate delivery database Jun 23 12:57:34 chipmunk master[1691]: process 4948 exited, status 75 Jun 23 12:57:34 chipmunk master[1691]: service lmtpunix pid 4948 in READY state: terminated abnormally Jun 23 12:57:34 chipmunk master[4949]: about to exec /usr/lib/cyrus-imapd/lmtpd what can i do to recover from this problem - no mail is going through. thanks S From blake at ispn.net Mon Jun 23 13:28:39 2008 From: blake at ispn.net (Blake Hudson) Date: Mon, 23 Jun 2008 12:28:39 -0500 Subject: DBERROR - how do I recover? In-Reply-To: <43374.192.76.178.13.1214240931.squirrel@webmailnew.cabm.rutgers.edu> References: <43374.192.76.178.13.1214240931.squirrel@webmailnew.cabm.rutgers.edu> Message-ID: <485FDD47.50803@ispn.net> You should be able to delete the deliver, annotations, and tls_sessions db files along with the files in /var/lib/imap/db and restart without any loss of data. If this does not fix the problem you likely have issue with the mailboxes db file. In that case, you will likely have to replace it with a file from /var/lib/imap/db.backup1 You will lose any new folders/mailboxes created since the backup was created. You can use reconstruct -rf to find these though.... --Blake -------- Original Message -------- Subject: DBERROR - how do I recover? From: Shelley Waltz To: info-cyrus at lists.andrew.cmu.edu Date: Monday, June 23, 2008 12:08:51 PM > I just restarted my cyrus-imapd 2.2 and got a DBERROR. I removed the > duplicate db since the error persisted and this has worked in the past. > > I am still in trouble on my production system - help > > Jun 23 12:57:34 chipmunk lmtpunix[4948]: DBERROR db4: fatal region error > detected; run recovery > Jun 23 12:57:34 chipmunk lmtpunix[4948]: DBERROR: dbenv->open > '/var/lib/imap/db' failed: DB_RUNRECOVERY: Fatal error, run database > recovery > Jun 23 12:57:34 chipmunk lmtpunix[4948]: DBERROR: init() on berkeley > Jun 23 12:57:34 chipmunk lmtpunix[4948]: executed > Jun 23 12:57:34 chipmunk lmtpunix[4948]: DBERROR db4: environment not yet > opened > Jun 23 12:57:34 chipmunk lmtpunix[4948]: DBERROR: opening > /var/lib/imap/deliver.db: Invalid argument > Jun 23 12:57:34 chipmunk lmtpunix[4948]: DBERROR: opening > /var/lib/imap/deliver.db: cyrusdb error > Jun 23 12:57:34 chipmunk lmtpunix[4948]: FATAL: lmtpd: unable to init > duplicate delivery database > Jun 23 12:57:34 chipmunk master[1691]: process 4948 exited, status 75 > Jun 23 12:57:34 chipmunk master[1691]: service lmtpunix pid 4948 in READY > state: terminated abnormally > Jun 23 12:57:34 chipmunk master[4949]: about to exec > /usr/lib/cyrus-imapd/lmtpd > > what can i do to recover from this problem - no mail is going through. > > thanks S > > ---- > Cyrus Home Page: http://cyrusimap.web.cmu.edu/ > Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html > From boutilpj at ednet.ns.ca Mon Jun 23 21:03:18 2008 From: boutilpj at ednet.ns.ca (Patrick Boutilier) Date: Mon, 23 Jun 2008 22:03:18 -0300 Subject: second instance of cyrus imapd should obey /etc/pam.d/imapnew In-Reply-To: References: Message-ID: <486047D6.5060605@ednet.ns.ca> Ashay Chitnis wrote: > Hi guys, > > Here is my query. I have cyrus-imapd (with cyrus-sasl)which runs on 143 > and 110. I want to have user level restrictions on my 143 port.. I have > generated two instances on imapd one on 143 and other on 5122 ports. > > SERVICES { > # add or remove based on preferences > imap cmd="imapd" listen="imap" prefork=5 > #imaps cmd="imapd -s" listen="imaps" prefork=1 > pop3 cmd="pop3d" listen="pop3" prefork=3 > #pop3s cmd="pop3d -s" listen="pop3s" prefork=1 > sieve cmd="timsieved" listen="sieve" prefork=0 > #Added by Ashay > * imapnew cmd="imapd" listen="imapnew" prefork=5* > etc...... > } > > now i want one imap on 143 to obey /etc/pam.d/imap and other imapnew > (5122) instance to obey /etc/pam.d/imapnew > > can anyone tell me how this is possible? > > my /etc/pam.d/imap file: > */ > cat /etc/pam.d/imap > auth required /lib/security/pam_ldap.so > auth required /lib/security/pam_listfile.so item=user sense=allow > file=/usr/local/etc/imapallow onerr=fail > account required /lib/security/pam_ldap.so/* > > > my /etc/pam.d/imapnew file: > */ > cat /etc/pam.d/imapnew > auth sufficient /lib/security/pam_ldap.so > account sufficient /lib/security/pam_ldap.so/* > > can anyone suggest how to achieve this? is there any PAM_SERVICE=imapnew > parameter i can pass?? Do you compile from source? If so you can change the 2 lines in imapd.c that read: sasl_server_new("imap"... to sasl_server_new("imapnew"... Compile imapd again and copy the resulting binary to imapdnew. Then use this line in cyrus.conf: imapnew cmd="imapdnew" listen="imapnew" prefork=5* > > regards, > Ashay > > > ------------------------------------------------------------------------ > > ---- > Cyrus Home Page: http://cyrusimap.web.cmu.edu/ > Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html From aspineux at gmail.com Tue Jun 24 01:51:32 2008 From: aspineux at gmail.com (Alain Spineux) Date: Tue, 24 Jun 2008 07:51:32 +0200 Subject: DBERROR - how do I recover? In-Reply-To: <43374.192.76.178.13.1214240931.squirrel@webmailnew.cabm.rutgers.edu> References: <43374.192.76.178.13.1214240931.squirrel@webmailnew.cabm.rutgers.edu> Message-ID: <71fe4e760806232251t132ec69ajba3de8c5e27277df@mail.gmail.com> On Mon, Jun 23, 2008 at 7:08 PM, Shelley Waltz wrote: > I just restarted my cyrus-imapd 2.2 and got a DBERROR. I removed the > duplicate db since the error persisted and this has worked in the past. > > I am still in trouble on my production system - help > > Jun 23 12:57:34 chipmunk lmtpunix[4948]: DBERROR db4: fatal region error > detected; run recovery > Jun 23 12:57:34 chipmunk lmtpunix[4948]: DBERROR: dbenv->open > '/var/lib/imap/db' failed: DB_RUNRECOVERY: Fatal error, run database > recovery > Jun 23 12:57:34 chipmunk lmtpunix[4948]: DBERROR: init() on berkeley > Jun 23 12:57:34 chipmunk lmtpunix[4948]: executed > Jun 23 12:57:34 chipmunk lmtpunix[4948]: DBERROR db4: environment not yet > opened > Jun 23 12:57:34 chipmunk lmtpunix[4948]: DBERROR: opening > /var/lib/imap/deliver.db: Invalid argument Do the dliver.db file exists ? What are the unix right ? What are the unix right for the directory ? > Jun 23 12:57:34 chipmunk lmtpunix[4948]: DBERROR: opening > /var/lib/imap/deliver.db: cyrusdb error > Jun 23 12:57:34 chipmunk lmtpunix[4948]: FATAL: lmtpd: unable to init > duplicate delivery database > Jun 23 12:57:34 chipmunk master[1691]: process 4948 exited, status 75 > Jun 23 12:57:34 chipmunk master[1691]: service lmtpunix pid 4948 in READY > state: terminated abnormally > Jun 23 12:57:34 chipmunk master[4949]: about to exec > /usr/lib/cyrus-imapd/lmtpd > > what can i do to recover from this problem - no mail is going through. > > thanks S > > ---- > Cyrus Home Page: http://cyrusimap.web.cmu.edu/ > Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html > -- Alain Spineux aspineux gmail com May the sources be with you From chitnis.ashay at gmail.com Tue Jun 24 15:23:48 2008 From: chitnis.ashay at gmail.com (Ashay Chitnis) Date: Wed, 25 Jun 2008 00:53:48 +0530 Subject: second instance of cyrus imapd should obey /etc/pam.d/imapnew In-Reply-To: References: Message-ID: Hi Partric, I should Thank You for the help First. So Thanks.. :). It worked just fine. I did it just as you said. Now one instance obeys imap and second one imapnew in the /etc/pam.d/ regards, Ashay. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20080625/87490991/attachment.html From asterope at cox.net Wed Jun 25 21:06:36 2008 From: asterope at cox.net (Judy Northrop) Date: Wed, 25 Jun 2008 18:06:36 -0700 Subject: Mime Parsing Message-ID: <1214442396.1859.13.camel@blade1000> I just joined this list with the hope of correcting a problem with my mail. I configured my Solaris 10/postfix system about 18 months ago and recently started getting corrupt pdf files. I began searching the list archives but have not located and common thread. My Imap configuration is, localhost> ver name : Cyrus IMAPD version : v2.2.12 2005/02/14 16:43:51 vendor : Project Cyrus support-url: http://asg.web.cmu.edu/cyrus os : SunOS os-version : 5.10 environment: Built w/Cyrus SASL 2.1.22 Running w/Cyrus SASL 2.1.22 Built w/Sleepycat Software: Berkeley DB 4.4.20: (January 10, 2006) Running w/Sleepycat Software: Berkeley DB 4.4.20: (January 10, 2006) Built w/OpenSSL 0.9.8d 28 Sep 2006 Running w/OpenSSL 0.9.8d 28 Sep 2006 CMU Sieve 2.2 mmap = shared lock = fcntl nonblock = fcntl auth = unix idle = poll I am including a portion of received email, you can see something is not parsing correctly. Anyway if someone could point me in to some type of resolution it would be appreciated. Thanks - Judy ------=_Part_23627_8483441.1214401029804 Content-Type: multipart/alternative; boundary="----=_Part_23628_23828759.1214401029804" ------=_Part_23628_23828759.1214401029804 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline stolt ------=_Part_23628_23828759.1214401029804 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline stolt
------=_Part_23628_23828759.1214401029804-- ------=_Part_23627_8483441.1214401029804 Content-Type: application/pdf; name=stolt.pdf Content-Transfer-Encoding: base64 X-Attachment-Id: f_fhvysr5d0 Content-Disposition: attachment; filename=stolt.pdf JVBERi0xLjMKJcX+69cKMzEgMCBvYmoKPDwgL0xpbmVhcml6ZWQgMSAvTCAzNDU3NjQgL0ggWyAx MTQ0IDIxNCBdIC9PIDMzIC9FIDE0MzQyOCAvTiAzIC9UIDM0NTAyNSA+PgplbmRvYmoKICAgICAg From octavian at corp.earthlink.net Wed Jun 25 22:30:50 2008 From: octavian at corp.earthlink.net (Peter A. Friend) Date: Wed, 25 Jun 2008 19:30:50 -0700 Subject: Mime Parsing In-Reply-To: <1214442396.1859.13.camel@blade1000> References: <1214442396.1859.13.camel@blade1000> Message-ID: <4862FF5A.7070808@corp.earthlink.net> Judy Northrop wrote: > I just joined this list with the hope of correcting a problem with my > mail. I configured my Solaris 10/postfix system about 18 months ago and > recently started getting corrupt pdf files. I began searching the list > archives but have not located and common thread. My Imap configuration > is, > Judy, A few questions. First, that base64 data at the end of your example, was it really that truncated, or did you just include a few lines? I ask because several crucial bits of information are missing. I would need to see the main header of the message to see what the Content-Type and MIME boundary strings are set to. From your example, it would appear that the top level boundary string is "------=_Part_23627_8483441.1214401029804". One MIME section with that boundary is a standard multipart with one plain text and one html portion. Those parts have their own boundary which is "----=_Part_23628_23828759.1214401029804". That boundary is properly terminated. What I don't see is the closing marker for the first boundary string (the one that ends with --). Have you looked at the raw message file delivered by Postfix, and is that truncated? Peter > > localhost> ver > name : Cyrus IMAPD > version : v2.2.12 2005/02/14 16:43:51 > vendor : Project Cyrus > support-url: http://asg.web.cmu.edu/cyrus > os : SunOS > os-version : 5.10 > environment: Built w/Cyrus SASL 2.1.22 > Running w/Cyrus SASL 2.1.22 > Built w/Sleepycat Software: Berkeley DB 4.4.20: (January > 10, 2006) > Running w/Sleepycat Software: Berkeley DB 4.4.20: (January > 10, 2006) > Built w/OpenSSL 0.9.8d 28 Sep 2006 > Running w/OpenSSL 0.9.8d 28 Sep 2006 > CMU Sieve 2.2 > mmap = shared > lock = fcntl > nonblock = fcntl > auth = unix > idle = poll > > I am including a portion of received email, you can see something is not > parsing correctly. Anyway if someone could point me in to some type of > resolution it would be appreciated. > > Thanks - Judy > > > > > ------=_Part_23627_8483441.1214401029804 > Content-Type: multipart/alternative; > boundary="----=_Part_23628_23828759.1214401029804" > > ------=_Part_23628_23828759.1214401029804 > Content-Type: text/plain; charset=ISO-8859-1 > Content-Transfer-Encoding: 7bit > Content-Disposition: inline > > stolt > > ------=_Part_23628_23828759.1214401029804 > Content-Type: text/html; charset=ISO-8859-1 > Content-Transfer-Encoding: 7bit > Content-Disposition: inline > > stolt
> > ------=_Part_23628_23828759.1214401029804-- > > ------=_Part_23627_8483441.1214401029804 > Content-Type: application/pdf; name=stolt.pdf > Content-Transfer-Encoding: base64 > X-Attachment-Id: f_fhvysr5d0 > Content-Disposition: attachment; filename=stolt.pdf > > JVBERi0xLjMKJcX+69cKMzEgMCBvYmoKPDwgL0xpbmVhcml6ZWQgMSAvTCAzNDU3NjQgL0ggWyAx > MTQ0IDIxNCBdIC9PIDMzIC9FIDE0MzQyOCAvTiAzIC9UIDM0NTAyNSA+PgplbmRvYmoKICAgICAg > > > ---- > Cyrus Home Page: http://cyrusimap.web.cmu.edu/ > Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html > > From asterope at cox.net Wed Jun 25 23:26:16 2008 From: asterope at cox.net (Judy Northrop) Date: Wed, 25 Jun 2008 20:26:16 -0700 Subject: Mime Parsing Message-ID: <1214450776.1859.34.camel@blade1000> Peter, Thanks for helping. Yes I did truncate the message. I just looked at the delivered message, it appears to be properly terminated. Here is the complete header and i will include the ending terminator. Also, word documents (filename.doc) seem to work ok, to date I am only having problems with pdf files. Judy Return-Path: Received: from blade1000.jathome.net ([unix socket]) by e4500.jathome.net (Cyrus v2.2.12) with LMTPA; Wed, 25 Jun 2008 06:34:40 -0700 X-Sieve: CMU Sieve 2.2 Received: from blade1000 (localhost [127.0.0.1]) by blade1000.jathome.net (Postfix) with ESMTP id 86B2168CF for ; Wed, 25 Jun 2008 06:34:18 -0700 (MST) Received: from pop.west.cox.net [68.6.19.2] by blade1000 with POP3 (fetchmail-6.3.6) for (single-drop); Wed, 25 Jun 2008 06:34:18 -0700 (MST) Received: from fed1rmimpi06.cox.net ([70.169.32.78]) by fed1rmmtai102.cox.net (InterMail vM.7.08.02.01 201-2186-121-102-20070209) with ESMTP id <20080625133659.LVMX28169.fed1rmmtai102.cox.net at fed1rmimpi06.cox.net> for ; Wed, 25 Jun 2008 09:36:59 -0400 Received: from yx-out-1718.google.com ([74.125.44.152]) by fed1rmimpi06.cox.net with IMP id iDdB1Z03r3GzhEq05DdDsk; Wed, 25 Jun 2008 09:37:14 -0400 X-VR-Score: NA MIME-Version: 1.0 X-jathome-MailScanner-Information: Please contact the ISP for more information X-jathome-MailScanner: Found to be clean X-jathome-MailScanner-SpamCheck: spam, SpamAssassin (not cached, score=4.168, required 4, MISSING_HB_SEP 2.50, MISSING_HEADERS 0.19, MISSING_SUBJECT 1.34, TO_CC_NONE 0.13) X-jathome-MailScanner-SpamScore: ssss X-jathome-MailScanner-From: goodyear.judy at gmail.com Subject: {Spam?} X-Spam-Status: Yes Message-ID: Date: Wed, 25 Jun 2008 06:34:40 -0700 ------=_Part_23627_8483441.1214401029804 Content-Type: multipart/alternative; boundary="----=_Part_23628_23828759.1214401029804" ------=_Part_23628_23828759.1214401029804 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline stolt ------=_Part_23628_23828759.1214401029804 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline stolt
------=_Part_23628_23828759.1214401029804-- ------=_Part_23627_8483441.1214401029804 Content-Type: application/pdf; name=stolt.pdf Content-Transfer-Encoding: base64 X-Attachment-Id: f_fhvysr5d0 Content-Disposition: attachment; filename=stolt.pdf JVBERi0xLjMKJcX+69cKMzEgMCBvYmoKPDwgL0xpbmVhcml6ZWQgMSAvTCAzNDU3NjQgL0ggWyAx MTQ0IDIxNCBdIC9PIDMzIC9FIDE0MzQyOCAvTiAzIC9UIDM0NTAyNSA+PgplbmRvYmoKICAgICAg ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCnhyZWYK " " " " BYWlsZXIgPDwgL1NpemUgMzEgL0lEIFs8ODhiMjA1YTZhMjVhOGZiZTYxMDIyODQ3MzY5ZDM1Yzk+ PDgyZDFiNzFhZWVkYTFkYWNkM2NkNjBiMmFjMDgwM2U0Pl0gPj4Kc3RhcnR4cmVmCjE2NgolJUVP Rgo= ------=_Part_23627_8483441.1214401029804-- Judy Northrop wrote: > I just joined this list with the hope of correcting a problem with my > mail. I configured my Solaris 10/postfix system about 18 months ago and > recently started getting corrupt pdf files. I began searching the list > archives but have not located and common thread. My Imap configuration> is, > Judy, A few questions. First, that base64 data at the end of your example, was it really that truncated, or did you just include a few lines? I ask because several crucial bits of information are missing. I would need to see the main header of the message to see what the Content-Type and MIME boundary strings are set to. From your example, it would appear that the top level boundary string is "------=_Part_23627_8483441.1214401029804". One MIME section with that boundary is a standard multipart with one plain text and one html portion. Those parts have their own boundary which is "----=_Part_23628_23828759.1214401029804". That boundary is properly terminated. What I don't see is the closing marker for the first boundary string (the one that ends with --). Have you looked at the raw message file delivered by Postfix, and is that truncated? Peter >> localhost> ver > name : Cyrus IMAPD > version : v2.2.12 2005/02/14 16:43:51 > vendor : Project Cyrus > support-url: http://asg.web.cmu.edu/cyrus > os : SunOS> os-version : 5.10 > environment: Built w/Cyrus SASL 2.1.22 > Running w/Cyrus SASL 2.1.22 > Built w/Sleepycat Software: Berkeley DB 4.4.20: (January> 10, 2006) > Running w/Sleepycat Software: Berkeley DB 4.4.20: (January> 10, 2006) > Built w/OpenSSL 0.9.8d 28 Sep 2006 > Running w/OpenSSL 0.9.8d 28 Sep 2006 > CMU Sieve 2.2> mmap = shared > lock = fcntl> nonblock = fcntl > auth = unix> idle = poll > > I am including a portion of received email, you can see something is not > parsing correctly. Anyway if someone could point me in to some type of > resolution it would be appreciated. > > Thanks - Judy > > > > > ------=_Part_23627_8483441.1214401029804> Content-Type: multipart/alternative; > boundary="----=_Part_23628_23828759.1214401029804" > > ------=_Part_23628_23828759.1214401029804 > Content-Type: text/plain; charset=ISO-8859-1 > Content-Transfer-Encoding: 7bit > Content-Disposition: inline > > stolt > > ------=_Part_23628_23828759.1214401029804 > Content-Type: text/html; charset=ISO-8859-1 > Content-Transfer-Encoding: 7bit > Content-Disposition: inline > > stolt
> > ------=_Part_23628_23828759.1214401029804-- > > ------=_Part_23627_8483441.1214401029804 > Content-Type: application/pdf; name=stolt.pdf > Content-Transfer-Encoding: base64 > X-Attachment-Id: f_fhvysr5d0 > Content-Disposition: attachment; filename=stolt.pdf > > JVBERi0xLjMKJcX+69cKMzEgMCBvYmoKPDwgL0xpbmVhcml6ZWQgMSAvTCAzNDU3NjQgL0ggWyAx > MTQ0IDIxNCBdIC9PIDMzIC9FIDE0MzQyOCAvTiAzIC9UIDM0NTAyNSA+PgplbmRvYmoKICAgICAg > From octavian at corp.earthlink.net Thu Jun 26 01:20:36 2008 From: octavian at corp.earthlink.net (Peter A. Friend) Date: Wed, 25 Jun 2008 22:20:36 -0700 Subject: Mime Parsing In-Reply-To: <1214450776.1859.34.camel@blade1000> References: <1214450776.1859.34.camel@blade1000> Message-ID: <48632724.9030101@corp.earthlink.net> Judy Northrop wrote: > Peter, > > Thanks for helping. > > Yes I did truncate the message. I just looked at the delivered message, > it appears to be properly terminated. Here is the complete header and i > will include the ending terminator. Also, word documents (filename.doc) > seem to work ok, to date I am only having problems with pdf files. > Well, at a glance my guess would be that the attachment is perfectly fine, but no mail app can see it because the main message header is malformed. For example, the main message header specifies a MIME version but has no Content-Type header. Then after the header separator there is a MIME boundary string that hasn't even been declared. From my recollection, this is a violation of the MIME RFCs. There is one header in there that is rather informative: X-jathome-MailScanner-SpamCheck: spam, SpamAssassin (not cached, score=4.168, required 4, MISSING_HB_SEP 2.50, MISSING_HEADERS 0.19, MISSING_SUBJECT 1.34, TO_CC_NONE 0.13) So it would seem that the spam check service found problems with the message as well. The MISSING_HB_SEP is particularly disturbing. If I had to guess what was going on I would say there is a poorly written client or script sending these, or some filtering layer is altering the message content due to bugs or bad choice of rules. Peter > Judy > > > > Return-Path: > Received: from blade1000.jathome.net ([unix socket]) > by e4500.jathome.net (Cyrus v2.2.12) with LMTPA; > Wed, 25 Jun 2008 06:34:40 -0700 > X-Sieve: CMU Sieve 2.2 > Received: from blade1000 (localhost [127.0.0.1]) > by blade1000.jathome.net (Postfix) with ESMTP id 86B2168CF > for ; Wed, 25 Jun 2008 06:34:18 -0700 (MST) > Received: from pop.west.cox.net [68.6.19.2] > by blade1000 with POP3 (fetchmail-6.3.6) > for (single-drop); Wed, 25 Jun 2008 06:34:18 > -0700 (MST) > Received: from fed1rmimpi06.cox.net ([70.169.32.78]) > by fed1rmmtai102.cox.net > (InterMail vM.7.08.02.01 201-2186-121-102-20070209) with ESMTP > id > <20080625133659.LVMX28169.fed1rmmtai102.cox.net at fed1rmimpi06.cox.net> > for ; Wed, 25 Jun 2008 09:36:59 -0400 > Received: from yx-out-1718.google.com ([74.125.44.152]) > by fed1rmimpi06.cox.net with IMP > id iDdB1Z03r3GzhEq05DdDsk; Wed, 25 Jun 2008 09:37:14 -0400 > X-VR-Score: NA > MIME-Version: 1.0 > X-jathome-MailScanner-Information: Please contact the ISP for more > information > X-jathome-MailScanner: Found to be clean > X-jathome-MailScanner-SpamCheck: spam, SpamAssassin (not cached, > score=4.168, > required 4, MISSING_HB_SEP 2.50, MISSING_HEADERS 0.19, > MISSING_SUBJECT 1.34, TO_CC_NONE 0.13) > X-jathome-MailScanner-SpamScore: ssss > X-jathome-MailScanner-From: goodyear.judy at gmail.com > Subject: {Spam?} > X-Spam-Status: Yes > Message-ID: > Date: Wed, 25 Jun 2008 06:34:40 -0700 > > ------=_Part_23627_8483441.1214401029804 > Content-Type: multipart/alternative; > boundary="----=_Part_23628_23828759.1214401029804" > > ------=_Part_23628_23828759.1214401029804 > Content-Type: text/plain; charset=ISO-8859-1 > Content-Transfer-Encoding: 7bit > Content-Disposition: inline > > stolt > > ------=_Part_23628_23828759.1214401029804 > Content-Type: text/html; charset=ISO-8859-1 > Content-Transfer-Encoding: 7bit > Content-Disposition: inline > > stolt
> > ------=_Part_23628_23828759.1214401029804-- > > ------=_Part_23627_8483441.1214401029804 > Content-Type: application/pdf; name=stolt.pdf > Content-Transfer-Encoding: base64 > X-Attachment-Id: f_fhvysr5d0 > Content-Disposition: attachment; filename=stolt.pdf > > JVBERi0xLjMKJcX+69cKMzEgMCBvYmoKPDwgL0xpbmVhcml6ZWQgMSAvTCAzNDU3NjQgL0ggWyAx > MTQ0IDIxNCBdIC9PIDMzIC9FIDE0MzQyOCAvTiAzIC9UIDM0NTAyNSA+PgplbmRvYmoKICAgICAg > ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCnhyZWYK > > " " > " " > BYWlsZXIgPDwgL1NpemUgMzEgL0lEIFs8ODhiMjA1YTZhMjVhOGZiZTYxMDIyODQ3MzY5ZDM1Yzk+ > PDgyZDFiNzFhZWVkYTFkYWNkM2NkNjBiMmFjMDgwM2U0Pl0gPj4Kc3RhcnR4cmVmCjE2NgolJUVP > Rgo= > ------=_Part_23627_8483441.1214401029804-- > > > > > > Judy Northrop wrote: > >> I just joined this list with the hope of correcting a problem with my >> mail. I configured my Solaris 10/postfix system about 18 months ago and >> recently started getting corrupt pdf files. I began searching the list >> archives but have not located and common thread. My Imap configuration> is, >> >> > Judy, > > A few questions. First, that base64 data at the end of your example, was > it really that truncated, or did you just include a few lines? I ask > because several crucial bits of information are missing. I would need to > see the main header of the message to see what the Content-Type and MIME > boundary strings are set to. From your example, it would appear that the > top level boundary string is "------=_Part_23627_8483441.1214401029804". > One MIME section with that boundary is a standard multipart with one > plain text and one html portion. Those parts have their own boundary > which is "----=_Part_23628_23828759.1214401029804". That boundary is > properly terminated. What I don't see is the closing marker for the > first boundary string (the one that ends with --). Have you looked at > the raw message file delivered by Postfix, and is that truncated? > > Peter > > >>> localhost> ver >>> >> name : Cyrus IMAPD >> version : v2.2.12 2005/02/14 16:43:51 >> vendor : Project Cyrus >> support-url: http://asg.web.cmu.edu/cyrus >> os : SunOS> os-version : 5.10 >> environment: Built w/Cyrus SASL 2.1.22 >> Running w/Cyrus SASL 2.1.22 >> Built w/Sleepycat Software: Berkeley DB 4.4.20: (January> 10, 2006) >> Running w/Sleepycat Software: Berkeley DB 4.4.20: (January> 10, 2006) >> Built w/OpenSSL 0.9.8d 28 Sep 2006 >> Running w/OpenSSL 0.9.8d 28 Sep 2006 >> CMU Sieve 2.2> mmap = shared >> lock = fcntl> nonblock = fcntl >> auth = unix> idle = poll >> >> I am including a portion of received email, you can see something is not >> parsing correctly. Anyway if someone could point me in to some type of >> resolution it would be appreciated. >> >> Thanks - Judy >> >> >> >> >> ------=_Part_23627_8483441.1214401029804> Content-Type: multipart/alternative; >> boundary="----=_Part_23628_23828759.1214401029804" >> >> ------=_Part_23628_23828759.1214401029804 >> Content-Type: text/plain; charset=ISO-8859-1 >> Content-Transfer-Encoding: 7bit >> Content-Disposition: inline >> >> stolt >> >> ------=_Part_23628_23828759.1214401029804 >> Content-Type: text/html; charset=ISO-8859-1 >> Content-Transfer-Encoding: 7bit >> Content-Disposition: inline >> >> stolt
>> >> ------=_Part_23628_23828759.1214401029804-- >> >> ------=_Part_23627_8483441.1214401029804 >> Content-Type: application/pdf; name=stolt.pdf >> Content-Transfer-Encoding: base64 >> X-Attachment-Id: f_fhvysr5d0 >> Content-Disposition: attachment; filename=stolt.pdf >> >> JVBERi0xLjMKJcX+69cKMzEgMCBvYmoKPDwgL0xpbmVhcml6ZWQgMSAvTCAzNDU3NjQgL0ggWyAx >> MTQ0IDIxNCBdIC9PIDMzIC9FIDE0MzQyOCAvTiAzIC9UIDM0NTAyNSA+PgplbmRvYmoKICAgICAg >> >> > > ---- > Cyrus Home Page: http://cyrusimap.web.cmu.edu/ > Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html > > From asterope at cox.net Thu Jun 26 08:06:40 2008 From: asterope at cox.net (Judy Northrop) Date: Thu, 26 Jun 2008 05:06:40 -0700 Subject: Mime Parsing Message-ID: <1214482000.3991.7.camel@blade1000> I wasn't sure if the malformed header was a result of the pdf file being attached or a result of the filter. I just disabled MailScanner/SpamAssassin and that seems to have corrected things. My filter rule-set is updated with a cron, so I will have to debug that. Thanks again. Judy Judy Northrop wrote: > Peter, > > Thanks for helping. > > Yes I did truncate the message. I just looked at the delivered message, > it appears to be properly terminated. Here is the complete header and i > will include the ending terminator. Also, word documents (filename.doc) > seem to work ok, to date I am only having problems with pdf files. > Well, at a glance my guess would be that the attachment is perfectly fine, but no mail app can see it because the main message header is malformed. For example, the main message header specifies a MIME version but has no Content-Type header. Then after the header separator there is a MIME boundary string that hasn't even been declared. From my recollection, this is a violation of the MIME RFCs. There is one header in there that is rather informative: X-jathome-MailScanner-SpamCheck: spam, SpamAssassin (not cached, score=4.168, required 4, MISSING_HB_SEP 2.50, MISSING_HEADERS 0.19, MISSING_SUBJECT 1.34, TO_CC_NONE 0.13) So it would seem that the spam check service found problems with the message as well. The MISSING_HB_SEP is particularly disturbing. If I had to guess what was going on I would say there is a poorly written client or script sending these, or some filtering layer is altering the message content due to bugs or bad choice of rules. Peter From shwaltz at cabm.rutgers.edu Thu Jun 26 10:50:17 2008 From: shwaltz at cabm.rutgers.edu (Shelley Waltz) Date: Thu, 26 Jun 2008 10:50:17 -0400 (EDT) Subject: DBERROR - how do I recover? In-Reply-To: <485FDD47.50803@ispn.net> References: <43374.192.76.178.13.1214240931.squirrel@webmailnew.cabm.rutgers.edu> <485FDD47.50803@ispn.net> Message-ID: <44070.192.76.178.13.1214491817.squirrel@webmailnew.cabm.rutgers.edu> Blake Hudson wrote: > You should be able to delete the deliver, annotations, and tls_sessions > db files along with the files in /var/lib/imap/db and restart without > any loss of data. > > If this does not fix the problem you likely have issue with the > mailboxes db file. In that case, you will likely have to replace it with > a file from /var/lib/imap/db.backup1 You will lose any new > folders/mailboxes created since the backup was created. You can use > reconstruct -rf to find these though.... > > --Blake > > -------- Original Message -------- >> I am still in trouble on my production system - help >> >> Jun 23 12:57:34 chipmunk lmtpunix[4948]: DBERROR db4: fatal region error >> detected; run recovery >> Jun 23 12:57:34 chipmunk lmtpunix[4948]: DBERROR: dbenv->open >> '/var/lib/imap/db' failed: DB_RUNRECOVERY: Fatal error, run database >> recovery >> Jun 23 12:57:34 chipmunk lmtpunix[4948]: DBERROR: init() on berkeley >> Jun 23 12:57:34 chipmunk lmtpunix[4948]: executed >> Jun 23 12:57:34 chipmunk lmtpunix[4948]: DBERROR db4: environment not >> yet >> opened >> Jun 23 12:57:34 chipmunk lmtpunix[4948]: DBERROR: opening >> /var/lib/imap/deliver.db: Invalid argument >> Jun 23 12:57:34 chipmunk lmtpunix[4948]: DBERROR: opening >> /var/lib/imap/deliver.db: cyrusdb error >> Jun 23 12:57:34 chipmunk lmtpunix[4948]: FATAL: lmtpd: unable to init >> duplicate delivery database >> Jun 23 12:57:34 chipmunk master[1691]: process 4948 exited, status 75 >> Jun 23 12:57:34 chipmunk master[1691]: service lmtpunix pid 4948 in >> READY >> state: terminated abnormally >> Jun 23 12:57:34 chipmunk master[4949]: about to exec >> /usr/lib/cyrus-imapd/lmtpd >> >> what can i do to recover from this problem - no mail is going through. >> >> thanks S >> >> ---- >> Cyrus Home Page: http://cyrusimap.web.cmu.edu/ >> Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki >> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html >> > > ---- > Cyrus Home Page: http://cyrusimap.web.cmu.edu/ > Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html > Thanks for this concise information, I am keeping it on file for next time(hopefully never). What I did and what did repair the problem was db_recover -v -h /var/lib/imap/db From lehmann at cnm.de Thu Jun 26 12:11:08 2008 From: lehmann at cnm.de (Marten Lehmann) Date: Thu, 26 Jun 2008 18:11:08 +0200 Subject: Cyrus and PHP imap_mail_move Message-ID: <4863BF9C.6000100@cnm.de> Hello, I noticed, that imap_mail_move() does not move the message(s) on our cyrus-imapd-2.2.12-8.1.RHEL4, while imap_mail_copy() works fine. When I'm requesting the capabilities, then cyrusd announces NO_ATOMIC_RENAME. Does this mean, that it is not possible to move a message from one folder to another directly? Of course one could copy and delete+expunge later, but thats annoying and error-prone. Regards Marten From vladimir at urtext.ru Thu Jun 26 12:14:50 2008 From: vladimir at urtext.ru (Vladimir Zorin) Date: Thu, 26 Jun 2008 20:14:50 +0400 Subject: cyrus mupdate master and frontend synchronization problem Message-ID: <1214496890.8990.45.camel@localhost> Hi, folks! I have some strange problem with cyrus-mupdate. I have three servers, all running cyrus-imapd v2.3.12p2 on FreeBSD 7.0 (though I've tested the same configuration with cyrus ?v2.2.13 and got the same behaviour): The first one, 192.168.7.1, which is configured to be the mupdate master, the second one, 192.168.7.2 - configured to be a backend, and the third one, 192.168.7.3 - a frontend Everything works quite fine except for the one very annoying thing - mupdate frontend does not synchronize it's mailboxes database with mupdate master in real-time. It does synchronize it on start, but when somebody creates a folders in their mailbox, frontend's mailboxes database does not reflect this change, until cyrus restarted. E.g. on the frontend machine: ----------? #telnet 192.168.7.3 143 Connected to cyr3.poligon.pht. a01 login vlad vlad a01 OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID MUPDATE=mupdate://192.168.7.1/ LOGINDISABLED ACL RIGHTS=kxte QUOTA MAILBOX-REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT SORT=MODSEQ THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE CATENATE CONDSTORE SCAN IDLE URLAUTH] User logged in a02 list "" "*" * LIST (\HasChildren) "." "INBOX" * LIST (\HasNoChildren) "." "INBOX.Mail" * LIST (\HasNoChildren) "." "INBOX.Sent" * LIST (\HasNoChildren) "." "INBOX.Trash" a02 OK Completed (0.000 secs 5 calls) a03 create INBOX.Foo a03 OK Completed a04 list "" "*" * LIST (\HasChildren) "." "INBOX" * LIST (\HasNoChildren) "." "INBOX.Mail" * LIST (\HasNoChildren) "." "INBOX.Sent" * LIST (\HasNoChildren) "." "INBOX.Trash" a04 OK Completed (0.000 secs 5 calls) a05 logout ------------- but the folder was actually created and does exist, I can see it on the backend: --------------------------- #telnet 192.168.7.2 143 Trying 192.168.7.2... Connected to cyr2.poligon.pht. Escape character is '^]'. * OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID MUPDATE=mupdate://192.168.7.1/ AUTH=PLAIN AUTH=DIGEST-MD5 AUTH=CRAM-MD5 SASL-IR] cyr2.poligon.pht Cyrus IMAP Murder v2.3.12p2 server ready a01 login vlad vlad a01 OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID MUPDATE=mupdate://192.168.7.1/ LOGINDISABLED ACL RIGHTS=kxte QUOTA MAILBOX-REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT SORT=MODSEQ THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE CATENATE CONDSTORE SCAN IDLE URLAUTH] User logged in a02 list "" "*" * LIST (\HasChildren) "." "INBOX" * LIST (\HasNoChildren) "." "INBOX.Foo" * LIST (\HasNoChildren) "." "INBOX.Mail" * LIST (\HasNoChildren) "." "INBOX.Sent" * LIST (\HasNoChildren) "." "INBOX.Trash" a02 OK Completed (0.000 secs 6 calls) ------------------------ Only after restarting cyrus on the frontend I get the same response from LIST "" "*" on the frontend, as on the backend. I've done a lot of googling but only managed to find that some folks have faced the same problem in the past and wrote about it, but, alas, there was no reply nor any solution. I guess it must be me being extremely silly and missing something very simple, but I can't find the answer. Anyone, any clues? I'm posting my cyrus configs below: MUPDATE MASTER server config, 192.168.7.1 --------------------------cyrus.conf-------------------- START { recover cmd="ctl_cyrusdb -r" } SERVICES { mupdate cmd="mupdate -m" listen="192.168.7.1:3905" prefork=5 } EVENTS { checkpoint cmd="ctl_cyrusdb -c" period=40 delprune cmd="cyr_expire -E 3" at=0400 tlsprune cmd="tls_prune" at=0400 } -------------------------------END-------------------- ----------------------------imapd.conf------------------ configdirectory: /var/imap defaultpartition: fictive partition-fictive: /var/imap/spool admins: cyrus frontend1 backend1 backend2 murder allowusermoves: 1 allowplaintext: 1 reject8bit: no tlscache_db: skiplist sasl_pwcheck_method: auxprop sasl_mech_list: cram-md5 digest-md5 plain starttls ---------------------------END-------------------------- MUPDATE BACKEND server config, 192.168.7.2 -----------------------cyrus.conf------------------------ START { recover cmd="ctl_cyrusdb -r" mupdatepush cmd="ctl_mboxlist -m" } SERVICES { imap cmd="imapd" listen="192.168.7.2:imap" prefork=2 pop3 cmd="pop3d" listen="192.168.7.2:pop3" prefork=2 lmtp cmd="lmtpd" listen="192.168.7.2:lmtp" prefork=2 lmtpunix cmd="lmtpd" listen="/var/imap/socket/lmtp" prefork=2 } EVENTS { checkpoint cmd="ctl_cyrusdb -c" period=40 delprune cmd="ctl_deliver -E 3" at=0400 } ------------------------------END------------------------- -------------------------imapd.conf---------------------------- configdirectory: /var/imap defaultpartition: default partition-default: /var/imap/spool allowplaintext: yes allowusermoves: 1 admins: cyrus murder proxyservers: murder reject8bit: no sasl_pwcheck_method: auxprop sasl_auto_transition: no sasl_mech_list: cram-md5 digest-md5 plain starttls mupdate_server: 192.168.7.1 mupdate_port: 3905 mupdate_username: backend1 mupdate_authname: backend1 mupdate_password: backend1pass proxy_authname: murder proxy_password: murderpass -----------------------------END-------------------------- MUPDATE FRONTEND server config, 192.168.7.3 ---------------------cyrus.conf--------------------------- START { recover cmd="ctl_cyrusdb -r" } SERVICES { mupdate cmd="/usr/local/cyrus/bin/mupdate" listen=3905 prefork=2 imap cmd="proxyd" listen="imap" prefork=1 pop3 cmd="pop3d" listen="pop3" prefork=1 } EVENTS { checkpoint cmd="ctl_cyrusdb -c" period=40 delprune cmd="cyr_expire -E 3" at=0400 tlsprune cmd="tls_prune" at=0400 } ----------------------------END-------------------------- -----------------------imapd.conf-------------------- configdirectory: /var/imap defaultpartition: default partition-default: /var/imap/spool admins: cyrus backend1 murder mupdate_server: 192.168.7.1 mupdate_port: 3905 mupdate_retry_delay: 5 mupdate_authname: frontend1 mupdate_password: frontend1pass proxy_authname: murder proxy_password: murderpass allowplaintext: 1 allowusermoves: 1 reject8bit: no sasl_auto_transition: no sasl_pwcheck_method: auxprop sasl_mech_list: cram-md5 digest-md5 plain starttls -------------------------END--------------------------- ----- Best regards, Vladimir Zorin From morgan at orst.edu Thu Jun 26 12:58:08 2008 From: morgan at orst.edu (Andrew Morgan) Date: Thu, 26 Jun 2008 09:58:08 -0700 (PDT) Subject: cyrus mupdate master and frontend synchronization problem In-Reply-To: <1214496890.8990.45.camel@localhost> References: <1214496890.8990.45.camel@localhost> Message-ID: On Thu, 26 Jun 2008, Vladimir Zorin wrote: > Hi, folks! > > I have some strange problem with cyrus-mupdate. > I have three servers, all running cyrus-imapd v2.3.12p2 on FreeBSD 7.0 > (though I've tested the same configuration with cyrus ?v2.2.13 and got > the same behaviour): > > The first one, 192.168.7.1, which is configured to be the mupdate > master, > the second one, 192.168.7.2 - configured to be a backend, > and the third one, 192.168.7.3 - a frontend > > Everything works quite fine except for the one very annoying thing - > mupdate frontend does not synchronize it's mailboxes database with > mupdate master in real-time. It does synchronize it on start, but when > somebody creates a folders in their mailbox, frontend's mailboxes > database does not reflect this change, until cyrus restarted. > > MUPDATE FRONTEND server config, 192.168.7.3 > ---------------------cyrus.conf--------------------------- > START { > recover cmd="ctl_cyrusdb -r" > } > > SERVICES { > mupdate cmd="/usr/local/cyrus/bin/mupdate" listen=3905 prefork=2 Have you tried with with prefork=1? It sounds to me like the frontend config must be mostly correct because it is able to pull the mailboxes database during startup. Andy From aspineux at gmail.com Thu Jun 26 13:06:47 2008 From: aspineux at gmail.com (Alain Spineux) Date: Thu, 26 Jun 2008 19:06:47 +0200 Subject: Cyrus and PHP imap_mail_move In-Reply-To: <4863BF9C.6000100@cnm.de> References: <4863BF9C.6000100@cnm.de> Message-ID: <71fe4e760806261006w24b6e90bm7aa5cad09621c841@mail.gmail.com> On Thu, Jun 26, 2008 at 6:11 PM, Marten Lehmann wrote: > Hello, > > I noticed, that imap_mail_move() does not move the message(s) on our > cyrus-imapd-2.2.12-8.1.RHEL4, while imap_mail_copy() works fine. When > I'm requesting the capabilities, then cyrusd announces NO_ATOMIC_RENAME. > Does this mean, that it is not possible to move a message from one > folder to another directly? Of course one could copy and delete+expunge > later, but thats annoying and error-prone. You can rename a mailbox (or a folder) and can copy (aka duplicate) an email. But to move an email, you have to copy and delete it. This the way imap works. > > Regards > Marten > ---- > Cyrus Home Page: http://cyrusimap.web.cmu.edu/ > Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html > -- Alain Spineux aspineux gmail com May the sources be with you From kleo+cyrus at netbox.cz Fri Jun 27 02:17:59 2008 From: kleo+cyrus at netbox.cz (Vladimir Klejch) Date: Fri, 27 Jun 2008 08:17:59 +0200 (CEST) Subject: Replication verification Message-ID: Hi I have running two node back to back replication with 2.3.11 . The replication is running in both directions and with my small checks i didn't found any problem, the replication is runnig great. Now is the second server used only as replica of first server (hot-standby) and i'm searching for best practice , how to verify the replication, in best case continuously. I searchig for a posibility to use both server's in production as master-master. There are tools like nake_md5 and make_sha1, but the manpages document only howto config them, but not how to realy use them for replication check. Are there some scripts or methods, how to use them. Or are there other scenario how to efficiently verify replicated imap spool, quotas, annotations, acl's etc. ?? Kleo -- _____________________________________________________________ | You have moved the mouse. # | Windows must be restarted for the changes to take effect. # | # ##############################################################/ ~~ ~~ ~~ ~~ ~~ ~~ ~~ Vladimir `KLEO' Klejch Kleo'at'netbox.cz ... ... ... ... From dpc22 at cam.ac.uk Fri Jun 27 05:18:30 2008 From: dpc22 at cam.ac.uk (David Carter) Date: Fri, 27 Jun 2008 10:18:30 +0100 (BST) Subject: Replication verification In-Reply-To: References: Message-ID: On Fri, 27 Jun 2008, Vladimir Klejch wrote: > I searchig for a posibility to use both server's in production as > master-master. Afraid that replication in Cyrus doesn't support full master-master, only master/slave. UIDs in IMAP make full master-master rather involved. It is possible to run a mix of master and replica mailstores on a single system. > There are tools like nake_md5 and make_sha1, but the manpages document > only howto config them, but not how to realy use them for replication > check. I download the md5 files to a single location and run a 50 line Perl script to spot mismatches. You are welcome to a copy of that script. To make sure that the replica is up to date I run sync_client in an extra verbose mode (-v -v) and check for unexpected updates. Unfortunately that code didn't make it it into the vanilla Cyrus tree because of the reorganisation required to run sync_server from master using prot streams for communication. It wouldn't take a huge amount of effort to add "-v -v" into standard Cyrus. I believe that Fastmail have an external test suite which does spot checks on the master and replica versions of each account. This is the opposite approach, and makes sense if you have a convenient IMAP client library. -- David Carter Email: David.Carter at ucs.cam.ac.uk University Computing Service, Phone: (01223) 334502 New Museums Site, Pembroke Street, Fax: (01223) 334679 Cambridge UK. CB2 3QH. From kleo+cyrus at netbox.cz Fri Jun 27 08:05:58 2008 From: kleo+cyrus at netbox.cz (Vladimir Klejch) Date: Fri, 27 Jun 2008 14:05:58 +0200 (CEST) Subject: Replication verification In-Reply-To: References: Message-ID: On Fri, 27 Jun 2008, David Carter wrote: > On Fri, 27 Jun 2008, Vladimir Klejch wrote: > >> I searchig for a posibility to use both server's in production as >> master-master. > > Afraid that replication in Cyrus doesn't support full master-master, only > master/slave. UIDs in IMAP make full master-master rather involved. It is > possible to run a mix of master and replica mailstores on a single system. It's not really full master-master. I configured both servers as master/slave in cross, with different sync_machineid ( for UID computation ) and guid_mode: sha1. I tested this scenario, and it's working great. Changes on one server are replicated to the other one, and this in both directions. > >> There are tools like nake_md5 and make_sha1, but the manpages document >> only howto config them, but not how to realy use them for replication >> check. > > I download the md5 files to a single location and run a 50 line Perl > script to spot mismatches. You are welcome to a copy of that script. Yeah ... cann you mail me a copy for inspiration ?? Thanks. > > To make sure that the replica is up to date I run sync_client in an extra > verbose mode (-v -v) and check for unexpected updates. Unfortunately that > code didn't make it it into the vanilla Cyrus tree because of the > reorganisation required to run sync_server from master using prot streams > for communication. It wouldn't take a huge amount of effort to add "-v -v" > into standard Cyrus. it would by nice to have methods to check replication in the mainstream. :-)) > > I believe that Fastmail have an external test suite which does spot checks > on the master and replica versions of each account. This is the opposite > approach, and makes sense if you have a convenient IMAP client library. > I think, that only spot check are good for quick replication test, but not for verification of replication status. -- _____________________________________________________________ | You have moved the mouse. # | Windows must be restarted for the changes to take effect. # | # ##############################################################/ ~~ ~~ ~~ ~~ ~~ ~~ ~~ Vladimir `KLEO' Klejch Kleo'at'netbox.cz ... ... ... ... From listas at runsolutions.com Sat Jun 28 11:33:43 2008 From: listas at runsolutions.com (Jaume Sabater) Date: Sat, 28 Jun 2008 17:33:43 +0200 Subject: Linux kernel bug AMD64 - affects skiplists In-Reply-To: <1213827300.30413.1259199221@webmail.messagingengine.com> References: <20080618040015.GA6017@brong.net> <1213823089.19628.1.camel@xtower.fri> <1213827300.30413.1259199221@webmail.messagingengine.com> Message-ID: <486659D7.8090900@runsolutions.com> Bron Gondwana wrote: > Yes, it does. I haven't rolled it out to any production machines yet (just reverted > back to the 2.6.20 series kernel that we were using before) - but I built a test > kernel with it and confirmed the fix. After reading the whole thread, though, it seems that Linus considers this a temporary solution, as it's not the place where the fix should happen. What is your opinion on the fix, Bron? -- Jaume Sabater http://runsolutions.com/ "Ubi sapientas ibi libertas" From pmurray at open2view.com Sun Jun 29 21:44:38 2008 From: pmurray at open2view.com (Philip Murray) Date: Mon, 30 Jun 2008 13:44:38 +1200 Subject: Crazy quota usage with Cyrus Message-ID: Hi, I'm trying to enable quotas on various mailboxes, but have hit a problem. Quota reports ridiculous usage numbers for various mailboxes (which bare no resemblence to actual disk usage at all, I wish I did have 18 petabytes of storage!). Some are as large as 18 petabytes and some are just in the terabyte range (the majority of them are fine however): % quota | grep foo 18014398501542131 user/foo at bar.com I've tried using `reconstruct` on the mailboxes and multiple `quota - f`s... and also removed and recreated quotas to no avail. Any ideas what could be going wrong ? I'm using Cyrus IMAPd 2.3.12 on FreeBSD 7 (32bit) with Postfix. Cheers Phil From michael.menge at zdv.uni-tuebingen.de Mon Jun 30 02:46:27 2008 From: michael.menge at zdv.uni-tuebingen.de (Michael Menge) Date: Mon, 30 Jun 2008 08:46:27 +0200 Subject: Crazy quota usage with Cyrus In-Reply-To: References: Message-ID: <20080630084627.0edjt24s9w0k8wgk@webmail.uni-tuebingen.de> Hi, try quota -f Regards Michael Quoting Philip Murray : > Hi, > > I'm trying to enable quotas on various mailboxes, but have hit a > problem. Quota reports ridiculous usage numbers for various mailboxes > (which bare no resemblence to actual disk usage at all, I wish I did > have 18 petabytes of storage!). > > Some are as large as 18 petabytes and some are just in the terabyte > range (the majority of them are fine however): > > % quota | grep foo > 18014398501542131 user/foo at bar.com > > I've tried using `reconstruct` on the mailboxes and multiple `quota - > f`s... and also removed and recreated quotas to no avail. > > Any ideas what could be going wrong ? > > I'm using Cyrus IMAPd 2.3.12 on FreeBSD 7 (32bit) with Postfix. > > Cheers > > Phil > > > ---- > Cyrus Home Page: http://cyrusimap.web.cmu.edu/ > Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html > -------------------------------------------------------------------------------- M.Menge Tel.: (49) 7071/29-70316 Universitaet Tuebingen Fax.: (49) 7071/29-5912 Zentrum fuer Datenverarbeitung mail: michael.menge at zdv.uni-tuebingen.de Waechterstrasse 76 72074 Tuebingen -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 5339 bytes Desc: S/MIME krytographische Unterschrift Url : http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20080630/6834b75c/attachment.bin From dick at nagual.nl Mon Jun 30 07:51:33 2008 From: dick at nagual.nl (dick hoogendijk) Date: Mon, 30 Jun 2008 13:51:33 +0200 Subject: sieve filter rules Message-ID: <20080630135133.36ac8e4a.dick@nagual.nl> Because avelsieve (a squirrelmail plugin) and the thunderbird sieve plugin do not work since cyrus imapd version 2.3.11 and up I have no simple way of writing / compiling my sieve filter rules. I miss that very badly! I guess I have to write my old/new sieve filter rules by hand. Therefore I'm deperately searching for some -GOOD- and -CLEAR- information on how to do that. Google gives lots of hits. Does anybody here have some -solid- advice on what to read? -- Dick Hoogendijk -- PGP/GnuPG key: 01D2433D ++ http://nagual.nl/ + SunOS sxce snv91 ++ From dick at nagual.nl Mon Jun 30 08:45:01 2008 From: dick at nagual.nl (dick hoogendijk) Date: Mon, 30 Jun 2008 14:45:01 +0200 Subject: sieve filter rules Message-ID: <20080630144501.8b480429.dick@nagual.nl> Because avelsieve (a squirrelmail plugin) and the thunderbird sieve plugin do not work since cyrus imapd version 2.3.11 and up I have no simple way of writing / compiling my sieve filter rules. I miss that very badly! I guess I have to write my old/new sieve filter rules by hand. Therefore I'm deperately searching for some -GOOD- and -CLEAR- information on how to do that. Google gives lots of hits. Does anybody here have some -solid- advice on what to read? -- Dick Hoogendijk -- PGP/GnuPG key: 01D2433D ++ http://nagual.nl/ + SunOS sxce snv91 ++ From simon.matter at invoca.ch Mon Jun 30 08:45:58 2008 From: simon.matter at invoca.ch (Simon Matter) Date: Mon, 30 Jun 2008 14:45:58 +0200 (CEST) Subject: sieve filter rules In-Reply-To: <20080630135133.36ac8e4a.dick@nagual.nl> References: <20080630135133.36ac8e4a.dick@nagual.nl> Message-ID: <20ed59664fee0bfe60e968eb42163d12.squirrel@webmail.bi.corp.invoca.ch> > Because avelsieve (a squirrelmail plugin) and the thunderbird sieve > plugin do not work since cyrus imapd version 2.3.11 and up I have no > simple way of writing / compiling my sieve filter rules. What exactly doesn't work? I'm using avelsieve-1.9.7 with cyrus imapd version 2.3.12p2 and I think I updated some rules lately and it worked. So I'm wondering whether some things work and some don't? Simon From dick at nagual.nl Mon Jun 30 08:49:07 2008 From: dick at nagual.nl (dick hoogendijk) Date: Mon, 30 Jun 2008 14:49:07 +0200 Subject: sieve filter rules In-Reply-To: <20ed59664fee0bfe60e968eb42163d12.squirrel@webmail.bi.corp.invoca.ch> References: <20080630135133.36ac8e4a.dick@nagual.nl> <20ed59664fee0bfe60e968eb42163d12.squirrel@webmail.bi.corp.invoca.ch> Message-ID: <20080630144907.4861162d.dick@nagual.nl> On Mon, 30 Jun 2008 14:45:58 +0200 (CEST) "Simon Matter" wrote: > > Because avelsieve (a squirrelmail plugin) and the thunderbird sieve > > plugin do not work since cyrus imapd version 2.3.11 and up I have no > > simple way of writing / compiling my sieve filter rules. > > What exactly doesn't work? > I'm using avelsieve-1.9.7 with cyrus imapd version 2.3.12p2 and I > think I updated some rules lately and it worked. So I'm wondering > whether some things work and some don't? I used to be able to click on "filters" from within my Squirrelmail account. all I get since the upgrade is: ERROR: Could not log on to timsieved daemon on your IMAP server yanta:2000. Please contact your administrator. Of course the timsieved daemon still runs on yanta:2000 It seems something has changed. Don't know what. If you need info on my config files, say so. -- Dick Hoogendijk -- PGP/GnuPG key: 01D2433D ++ http://nagual.nl/ + SunOS sxce snv91 ++ From simon.matter at invoca.ch Mon Jun 30 08:52:19 2008 From: simon.matter at invoca.ch (Simon Matter) Date: Mon, 30 Jun 2008 14:52:19 +0200 (CEST) Subject: sieve filter rules In-Reply-To: <20080630144907.4861162d.dick@nagual.nl> References: <20080630135133.36ac8e4a.dick@nagual.nl> <20ed59664fee0bfe60e968eb42163d12.squirrel@webmail.bi.corp.invoca.ch> <20080630144907.4861162d.dick@nagual.nl> Message-ID: <8d5940c51af12ba1443f71dcce42dc39.squirrel@webmail.bi.corp.invoca.ch> > On Mon, 30 Jun 2008 14:45:58 +0200 (CEST) > "Simon Matter" wrote: > >> > Because avelsieve (a squirrelmail plugin) and the thunderbird sieve >> > plugin do not work since cyrus imapd version 2.3.11 and up I have no >> > simple way of writing / compiling my sieve filter rules. >> >> What exactly doesn't work? >> I'm using avelsieve-1.9.7 with cyrus imapd version 2.3.12p2 and I >> think I updated some rules lately and it worked. So I'm wondering >> whether some things work and some don't? > > I used to be able to click on "filters" from within my Squirrelmail > account. all I get since the upgrade is: > > ERROR: > Could not log on to timsieved daemon on your IMAP server yanta:2000. > Please contact your administrator. > > Of course the timsieved daemon still runs on yanta:2000 > It seems something has changed. Don't know what. > If you need info on my config files, say so. So, what does it say when you 'telnet yanta 2000' from the Squirrelmail host? Simon From dick at nagual.nl Mon Jun 30 08:58:51 2008 From: dick at nagual.nl (dick hoogendijk) Date: Mon, 30 Jun 2008 14:58:51 +0200 Subject: sieve filter rules In-Reply-To: <8d5940c51af12ba1443f71dcce42dc39.squirrel@webmail.bi.corp.invoca.ch> References: <20080630135133.36ac8e4a.dick@nagual.nl> <20ed59664fee0bfe60e968eb42163d12.squirrel@webmail.bi.corp.invoca.ch> <20080630144907.4861162d.dick@nagual.nl> <8d5940c51af12ba1443f71dcce42dc39.squirrel@webmail.bi.corp.invoca.ch> Message-ID: <20080630145851.0963e896.dick@nagual.nl> On Mon, 30 Jun 2008 14:52:19 +0200 (CEST) "Simon Matter" wrote: > > On Mon, 30 Jun 2008 14:45:58 +0200 (CEST) > > "Simon Matter" wrote: > > > >> > Because avelsieve (a squirrelmail plugin) and the thunderbird > >> > sieve plugin do not work since cyrus imapd version 2.3.11 and up > >> > I have no simple way of writing / compiling my sieve filter > >> > rules. > >> > >> What exactly doesn't work? > >> I'm using avelsieve-1.9.7 with cyrus imapd version 2.3.12p2 and I > >> think I updated some rules lately and it worked. So I'm wondering > >> whether some things work and some don't? > > > > I used to be able to click on "filters" from within my Squirrelmail > > account. all I get since the upgrade is: > > > > ERROR: > > Could not log on to timsieved daemon on your IMAP server yanta:2000. > > Please contact your administrator. > > > > Of course the timsieved daemon still runs on yanta:2000 > > It seems something has changed. Don't know what. > > If you need info on my config files, say so. > > So, what does it say when you 'telnet yanta 2000' from the > Squirrelmail host? midgard# telnet yanta 2000 Trying 192.168.11.35... Connected to yanta.nagual.nl. Escape character is '^]'. "IMPLEMENTATION" "Cyrus timsieved v2.3.11" "SASL" "PLAIN OTP LOGIN DIGEST-MD5 CRAM-MD5" "SIEVE" "comparator-i;ascii-numeric fileinto reject vacation imapflags notify envelope relational regex subaddress copy" "STARTTLS" OK -- Dick Hoogendijk -- PGP/GnuPG key: 01D2433D ++ http://nagual.nl/ + SunOS sxce snv91 ++ From dick at nagual.nl Mon Jun 30 09:10:44 2008 From: dick at nagual.nl (dick hoogendijk) Date: Mon, 30 Jun 2008 15:10:44 +0200 Subject: sieve filter rules In-Reply-To: <8d5940c51af12ba1443f71dcce42dc39.squirrel@webmail.bi.corp.invoca.ch> References: <20080630135133.36ac8e4a.dick@nagual.nl> <20ed59664fee0bfe60e968eb42163d12.squirrel@webmail.bi.corp.invoca.ch> <20080630144907.4861162d.dick@nagual.nl> <8d5940c51af12ba1443f71dcce42dc39.squirrel@webmail.bi.corp.invoca.ch> Message-ID: <20080630151044.9c2bf900.dick@nagual.nl> On Mon, 30 Jun 2008 14:52:19 +0200 (CEST) "Simon Matter" wrote: > > On Mon, 30 Jun 2008 14:45:58 +0200 (CEST) > > "Simon Matter" wrote: > > > >> > Because avelsieve (a squirrelmail plugin) and the thunderbird > >> > sieve plugin do not work since cyrus imapd version 2.3.11 and up > >> > I have no simple way of writing / compiling my sieve filter > >> > rules. > >> > >> What exactly doesn't work? > >> I'm using avelsieve-1.9.7 with cyrus imapd version 2.3.12p2 and I > >> think I updated some rules lately and it worked. So I'm wondering > >> whether some things work and some don't? > > > > I used to be able to click on "filters" from within my Squirrelmail > > account. all I get since the upgrade is: > > > > ERROR: > > Could not log on to timsieved daemon on your IMAP server yanta:2000. > > Please contact your administrator. > > > > Of course the timsieved daemon still runs on yanta:2000 > > It seems something has changed. Don't know what. > > If you need info on my config files, say so. > > So, what does it say when you 'telnet yanta 2000' from the > Squirrelmail host? midgard# telnet yanta 2000 Trying 192.168.11.35... Connected to yanta.nagual.nl. Escape character is '^]'. "IMPLEMENTATION" "Cyrus timsieved v2.3.11" "SASL" "PLAIN OTP LOGIN DIGEST-MD5 CRAM-MD5" "SIEVE" "comparator-i;ascii-numeric fileinto reject vacation imapflags notify envelope relational regex subaddress copy" "STARTTLS" OK -- Dick Hoogendijk -- PGP/GnuPG key: 01D2433D ++ http://nagual.nl/ + SunOS sxce snv91 ++ From michael.menge at zdv.uni-tuebingen.de Mon Jun 30 09:14:59 2008 From: michael.menge at zdv.uni-tuebingen.de (Michael Menge) Date: Mon, 30 Jun 2008 15:14:59 +0200 Subject: sieve filter rules In-Reply-To: <20080630144907.4861162d.dick@nagual.nl> References: <20080630135133.36ac8e4a.dick@nagual.nl> <20ed59664fee0bfe60e968eb42163d12.squirrel@webmail.bi.corp.invoca.ch> <20080630144907.4861162d.dick@nagual.nl> Message-ID: <20080630151459.ljspvc9utcwkc4k4@webmail.uni-tuebingen.de> Hi, in Cyrus 2.3.9 there was the following change: * Changed the default value of the allowplaintext option to disabled (0). You can use allowplaintext: 1 or sieve_allowplaintext: 1 to allow plaintextlogin for all or only for sieve Regards Michael Menge Quoting dick hoogendijk : > On Mon, 30 Jun 2008 14:45:58 +0200 (CEST) > "Simon Matter" wrote: > >> > Because avelsieve (a squirrelmail plugin) and the thunderbird sieve >> > plugin do not work since cyrus imapd version 2.3.11 and up I have no >> > simple way of writing / compiling my sieve filter rules. >> >> What exactly doesn't work? >> I'm using avelsieve-1.9.7 with cyrus imapd version 2.3.12p2 and I >> think I updated some rules lately and it worked. So I'm wondering >> whether some things work and some don't? > > I used to be able to click on "filters" from within my Squirrelmail > account. all I get since the upgrade is: > > ERROR: > Could not log on to timsieved daemon on your IMAP server yanta:2000. > Please contact your administrator. > > Of course the timsieved daemon still runs on yanta:2000 > It seems something has changed. Don't know what. > If you need info on my config files, say so. > > -- > Dick Hoogendijk -- PGP/GnuPG key: 01D2433D > ++ http://nagual.nl/ + SunOS sxce snv91 ++ > ---- > Cyrus Home Page: http://cyrusimap.web.cmu.edu/ > Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html > -------------------------------------------------------------------------------- M.Menge Tel.: (49) 7071/29-70316 Universitaet Tuebingen Fax.: (49) 7071/29-5912 Zentrum fuer Datenverarbeitung mail: michael.menge at zdv.uni-tuebingen.de Waechterstrasse 76 72074 Tuebingen -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 5339 bytes Desc: S/MIME krytographische Unterschrift Url : http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20080630/6a1c7f1e/attachment.bin From dick at nagual.nl Mon Jun 30 10:06:06 2008 From: dick at nagual.nl (dick hoogendijk) Date: Mon, 30 Jun 2008 16:06:06 +0200 (CEST) Subject: sieve filter rules In-Reply-To: <20080630151044.9c2bf900.dick@nagual.nl> References: <20080630135133.36ac8e4a.dick@nagual.nl> <20ed59664fee0bfe60e968eb42163d12.squirrel@webmail.bi.corp.invoca.ch> <20080630144907.4861162d.dick@nagual.nl> <8d5940c51af12ba1443f71dcce42dc39.squirrel@webmail.bi.corp.invoca.ch> <20080630151044.9c2bf900.dick@nagual.nl> Message-ID: <10c1d47a3bb6e34faed55d3370bd406c.squirrel@nagual.nl> dick hoogendijk wrote: > midgard# telnet yanta 2000 > Trying 192.168.11.35... > Connected to yanta.nagual.nl. > Escape character is '^]'. > "IMPLEMENTATION" "Cyrus timsieved v2.3.11" > "SASL" "PLAIN OTP LOGIN DIGEST-MD5 CRAM-MD5" > "SIEVE" "comparator-i;ascii-numeric fileinto reject vacation imapflags > notify envelope relational regex subaddress copy" > "STARTTLS" > OK And I'm sure it's the latter rule: "STARTTLS" that's causing the failure. Older versions of cyrus imap did not send this and then avelsieve + squirrelmail worked fine. What can I do except retun to the older stable release? -- Dick Hoogendijk -- PGP/GnuPG key: F86289CE ++ http://nagual.nl/ | SunOS 10u5 05/08 ++ From simon.matter at invoca.ch Mon Jun 30 10:06:52 2008 From: simon.matter at invoca.ch (Simon Matter) Date: Mon, 30 Jun 2008 16:06:52 +0200 (CEST) Subject: sieve filter rules In-Reply-To: <10c1d47a3bb6e34faed55d3370bd406c.squirrel@nagual.nl> References: <20080630135133.36ac8e4a.dick@nagual.nl> <20ed59664fee0bfe60e968eb42163d12.squirrel@webmail.bi.corp.invoca.ch> <20080630144907.4861162d.dick@nagual.nl> <8d5940c51af12ba1443f71dcce42dc39.squirrel@webmail.bi.corp.invoca.ch> <20080630151044.9c2bf900.dick@nagual.nl> <10c1d47a3bb6e34faed55d3370bd406c.squirrel@nagual.nl> Message-ID: <981bd3da203f1268b4cf649ec3f5b234.squirrel@webmail.bi.corp.invoca.ch> > > dick hoogendijk wrote: > >> midgard# telnet yanta 2000 >> Trying 192.168.11.35... >> Connected to yanta.nagual.nl. >> Escape character is '^]'. >> "IMPLEMENTATION" "Cyrus timsieved v2.3.11" >> "SASL" "PLAIN OTP LOGIN DIGEST-MD5 CRAM-MD5" >> "SIEVE" "comparator-i;ascii-numeric fileinto reject vacation imapflags >> notify envelope relational regex subaddress copy" >> "STARTTLS" >> OK > > And I'm sure it's the latter rule: "STARTTLS" that's causing the failure. > Older versions of cyrus imap did not send this and then avelsieve + > squirrelmail worked fine. What can I do except retun to the older stable > release? I also have "STARTTLS" and it works for me, so I don't think that's the problem. Simon From dick at nagual.nl Mon Jun 30 12:04:46 2008 From: dick at nagual.nl (dick hoogendijk) Date: Mon, 30 Jun 2008 18:04:46 +0200 Subject: sieve filter rules *SOLVED* In-Reply-To: <981bd3da203f1268b4cf649ec3f5b234.squirrel@webmail.bi.corp.invoca.ch> References: <20080630135133.36ac8e4a.dick@nagual.nl> <20ed59664fee0bfe60e968eb42163d12.squirrel@webmail.bi.corp.invoca.ch> <20080630144907.4861162d.dick@nagual.nl> <8d5940c51af12ba1443f71dcce42dc39.squirrel@webmail.bi.corp.invoca.ch> <20080630151044.9c2bf900.dick@nagual.nl> <10c1d47a3bb6e34faed55d3370bd406c.squirrel@nagual.nl> <981bd3da203f1268b4cf649ec3f5b234.squirrel@webmail.bi.corp.invoca.ch> Message-ID: <20080630180446.e1066319.dick@nagual.nl> On Mon, 30 Jun 2008 16:06:52 +0200 (CEST) "Simon Matter" wrote: > > dick hoogendijk wrote: > > And I'm sure it's the latter rule: "STARTTLS" that's causing the > > failure. Older versions of cyrus imap did not send this and then > > avelsieve + squirrelmail worked fine. What can I do except retun to > > the older stable release? > > I also have "STARTTLS" and it works for me, so I don't think that's > the problem. I found the problem! It's in plugins/avelsieve/include/managesieve.lib.php The default file contains this piece of code: elseif(strcmp($this->item[0], "STARTTLS") == 0) { $this->capabilities['starttls'] = true; } This worked OK because the -OLDER- timsieved did NOT respond with "STARTTLS" and so the capabilities starttls was true. The -NEW- timsieved simply needs ONE change: 0 -> 1 The new code then becomes: elseif(strcmp($this->item[0], "STARTTLS") == 0) { $this->capabilities['starttls'] = true; } After this very simple change, avelsieve starts working again with Squirrelmail and timsieved v2.3.11 and up. -- Dick Hoogendijk -- PGP/GnuPG key: 01D2433D ++ http://nagual.nl/ + SunOS sxce snv91 ++ From aspineux at gmail.com Mon Jun 30 14:04:30 2008 From: aspineux at gmail.com (Alain Spineux) Date: Mon, 30 Jun 2008 20:04:30 +0200 Subject: sieve filter rules In-Reply-To: <10c1d47a3bb6e34faed55d3370bd406c.squirrel@nagual.nl> References: <20080630135133.36ac8e4a.dick@nagual.nl> <20ed59664fee0bfe60e968eb42163d12.squirrel@webmail.bi.corp.invoca.ch> <20080630144907.4861162d.dick@nagual.nl> <8d5940c51af12ba1443f71dcce42dc39.squirrel@webmail.bi.corp.invoca.ch> <20080630151044.9c2bf900.dick@nagual.nl> <10c1d47a3bb6e34faed55d3370bd406c.squirrel@nagual.nl> Message-ID: <71fe4e760806301104pda030b5h4f3315af52c70d2d@mail.gmail.com> On Mon, Jun 30, 2008 at 4:06 PM, dick hoogendijk wrote: > > dick hoogendijk wrote: > >> midgard# telnet yanta 2000 >> Trying 192.168.11.35... >> Connected to yanta.nagual.nl. >> Escape character is '^]'. >> "IMPLEMENTATION" "Cyrus timsieved v2.3.11" >> "SASL" "PLAIN OTP LOGIN DIGEST-MD5 CRAM-MD5" >> "SIEVE" "comparator-i;ascii-numeric fileinto reject vacation imapflags >> notify envelope relational regex subaddress copy" >> "STARTTLS" >> OK > > And I'm sure it's the latter rule: "STARTTLS" that's causing the failure. > Older versions of cyrus imap did not send this and then avelsieve + > squirrelmail worked fine. What can I do except retun to the older stable > release? Cyrus was not conforming to the standard, now it does ! Other clients used cyrus as a reference in the past, and then are not compatible with it anymore, until they are conforming to the standard too. > > -- > Dick Hoogendijk -- PGP/GnuPG key: F86289CE > ++ http://nagual.nl/ | SunOS 10u5 05/08 ++ > > ---- > Cyrus Home Page: http://cyrusimap.web.cmu.edu/ > Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html > -- Alain Spineux aspineux gmail com May the sources be with you From dick at nagual.nl Mon Jun 30 14:34:25 2008 From: dick at nagual.nl (dick hoogendijk) Date: Mon, 30 Jun 2008 20:34:25 +0200 Subject: sieve filter rules *SOLVED* In-Reply-To: <20080630180446.e1066319.dick@nagual.nl> References: <20080630135133.36ac8e4a.dick@nagual.nl> <20ed59664fee0bfe60e968eb42163d12.squirrel@webmail.bi.corp.invoca.ch> <20080630144907.4861162d.dick@nagual.nl> <8d5940c51af12ba1443f71dcce42dc39.squirrel@webmail.bi.corp.invoca.ch> <20080630151044.9c2bf900.dick@nagual.nl> <10c1d47a3bb6e34faed55d3370bd406c.squirrel@nagual.nl> <981bd3da203f1268b4cf649ec3f5b234.squirrel@webmail.bi.corp.invoca.ch> <20080630180446.e1066319.dick@nagual.nl> Message-ID: <20080630203425.da3ed8cb.dick@nagual.nl> On Mon, 30 Jun 2008 18:04:46 +0200 dick hoogendijk wrote: > The -NEW- timsieved simply needs ONE change: 0 -> 1 > The new code then becomes: elseif(strcmp($this->item[0], "STARTTLS") == 1) { $this->capabilities['starttls'] = true; -- Dick Hoogendijk -- PGP/GnuPG key: 01D2433D ++ http://nagual.nl/ + SunOS sxce snv91 ++ From michael at rach.org Mon Jun 30 14:22:27 2008 From: michael at rach.org (Michael M. Rach) Date: Mon, 30 Jun 2008 14:22:27 -0400 Subject: sieve filter rules *SOLVED* In-Reply-To: <20080630180446.e1066319.dick@nagual.nl> References: <20080630135133.36ac8e4a.dick@nagual.nl> <20ed59664fee0bfe60e968eb42163d12.squirrel@webmail.bi.corp.invoca.ch> <20080630144907.4861162d.dick@nagual.nl> <8d5940c51af12ba1443f71dcce42dc39.squirrel@webmail.bi.corp.invoca.ch> <20080630151044.9c2bf900.dick@nagual.nl> <10c1d47a3bb6e34faed55d3370bd406c.squirrel@nagual.nl> <981bd3da203f1268b4cf649ec3f5b234.squirrel@webmail.bi.corp.invoca.ch> <20080630180446.e1066319.dick@nagual.nl> Message-ID: <48692463.50704@rach.org> I had a very similar problem. I utilize Smartsieve for script management, it also began failing login after cyrus-imap version 2.3.10. I traced the change to a return statement in timsieved/parser.c. The attached diff reverts parser to it pre 2.3.11 behavior. Interestingly, the return type of capabilities(...) is still int. I have no clue what this change may break elsewhere, but now 2.3.12p2 works with Smartsieve as before. 899,901c899 < /* return capabilities(sieved_out, sieved_saslconn, starttls_done, authenticated); < */ < return result; --- > return capabilities(sieved_out, sieved_saslconn, starttls_done, authenticated); dick hoogendijk wrote: > On Mon, 30 Jun 2008 16:06:52 +0200 (CEST) > "Simon Matter" wrote: > > >>> dick hoogendijk wrote: >>> And I'm sure it's the latter rule: "STARTTLS" that's causing the >>> failure. Older versions of cyrus imap did not send this and then >>> avelsieve + squirrelmail worked fine. What can I do except retun to >>> the older stable release? >>> >> I also have "STARTTLS" and it works for me, so I don't think that's >> the problem. >> > > I found the problem! > > It's in plugins/avelsieve/include/managesieve.lib.php > > The default file contains this piece of code: > > elseif(strcmp($this->item[0], "STARTTLS") == 0) { > $this->capabilities['starttls'] = true; > } > > This worked OK because the -OLDER- timsieved did NOT respond with > "STARTTLS" and so the capabilities starttls was true. > > The -NEW- timsieved simply needs ONE change: 0 -> 1 > The new code then becomes: > > elseif(strcmp($this->item[0], "STARTTLS") == 0) { > $this->capabilities['starttls'] = true; > } > > After this very simple change, avelsieve starts working again with > Squirrelmail and timsieved v2.3.11 and up. > >