From Rudy.Gevaert at UGent.be Thu May 1 05:00:32 2008 From: Rudy.Gevaert at UGent.be (Rudy Gevaert) Date: Thu, 01 May 2008 11:00:32 +0200 Subject: APOP No Longer Working after Upgrade to IMAPd 2.3.12p2 In-Reply-To: References: <48189192.6070408@joreybump.com> <4A7F1ED1-5926-429C-AEDE-37D482BE2403@umich.edu> <4818C9FA.4090802@joreybump.com> <7E71E0C3-E5B2-4B3E-9D11-0C48BE95EC63@umich.edu> <4818DA53.6020509@joreybump.com> Message-ID: <481986B0.40301@UGent.be> Andrew Morgan wrote: > On Wed, 30 Apr 2008, Jorey Bump wrote: > >> Wesley Craig wrote, at 04/30/2008 04:26 PM: >>> Two options: some motherboards have an entropy generator hardware >>> device; or, use the random device that doesn't block when entropy is low. >> I think Cyrus IMAPd uses /dev/urandom by default, but I'm not sure how I >> can confirm this. I didn't specify anything during compilation, and I >> can't find a runtime setting to explicitly select the random device, >> either. >> >> In any case, I can now faithfully trigger the problem by making multiple >> webmail requests until the browser hangs, then hold down the spacebar of >> the server's keyboard to build up entropy until the request is served >> and performance returns to normal. I haven't had a chance to check if >> this restores APOP, though. >> >> Maybe an IMAP proxy would help prevent the webmail from depleting the >> entropy, but I'm still wondering why this is a problem on this server >> running Linux kernel 2.6 and not my other IMAP servers running Linux >> kernel 2.4. I have an identical Linux 2.6 server that isn't having this >> problem, and the only difference is that it doesn't have Cyrus IMAPd on it. > > Cyrus IMAP calls out to the sasl libraries to generate the APOP challenge. > On my Debian Etch system, libsasl2.so uses /dev/random. That is strange! sasl in Debian Etch is compiled against /dev/urandom. And so my system confirms: cyrus:/usr/lib# strings libsasl2.* | grep random /dev/urandom /dev/urandom /dev/urandom /dev/urandom Rudy -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- Rudy Gevaert Rudy.Gevaert at UGent.be tel:+32 9 264 4734 Directie ICT, afd. Infrastructuur Direction ICT, Infrastructure dept. Groep Systemen Systems group Universiteit Gent Ghent University Krijgslaan 281, gebouw S9, 9000 Gent, Belgie www.UGent.be -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- From dick at nagual.nl Thu May 1 07:22:34 2008 From: dick at nagual.nl (Dick Hoogendijk) Date: Thu, 1 May 2008 13:22:34 +0200 Subject: timsieved logon problem Message-ID: <20080501132234.0000488c@westmark> I use SquirrelMail version 1.4.13 an Cyrus-2.3.11 from Blastwave Stable on solaris 10. I never experienced problems before, but today I wanted to add a filter from within SquirrelMail and got this warning: Could not log on to timsieved daemon on your IMAP server yanta:2000. Please contact your administrator. What does this :2000 mean? What could have happened/changed? Many thanks for tips. -- Dick Hoogendijk -- PGP/GnuPG key: 01D2433D ++ http://nagual.nl/ + SunOS sxde 01/08 ++ From dick at nagual.nl Thu May 1 07:38:41 2008 From: dick at nagual.nl (Dick Hoogendijk) Date: Thu, 1 May 2008 13:38:41 +0200 Subject: timsieved logon problem Message-ID: <20080501133841.00003fe2@westmark> I use SquirrelMail version 1.4.13 an Cyrus-2.3.11 from Blastwave Stable on solaris 10. I never experienced problems before, but today I wanted to add a filter from within SquirrelMail and got this warning: Could not log on to timsieved daemon on your IMAP server yanta:2000. Please contact your administrator. What does this :2000 mean? What could have happened/changed? Many thanks for tips. -- Dick Hoogendijk -- PGP/GnuPG key: 01D2433D ++ http://nagual.nl/ + SunOS sxde 01/08 ++ From aspineux at gmail.com Thu May 1 07:47:03 2008 From: aspineux at gmail.com (Alain Spineux) Date: Thu, 1 May 2008 13:47:03 +0200 Subject: timsieved logon problem In-Reply-To: <20080501132234.0000488c@westmark> References: <20080501132234.0000488c@westmark> Message-ID: <71fe4e760805010447l34cac4b2y77d9754ed157d5fa@mail.gmail.com> On Thu, May 1, 2008 at 1:22 PM, Dick Hoogendijk wrote: > I use SquirrelMail version 1.4.13 an Cyrus-2.3.11 from Blastwave Stable > on solaris 10. I never experienced problems before, but today I wanted > to add a filter from within SquirrelMail and got this warning: > > Could not log on to timsieved daemon on your IMAP server yanta:2000. > Please contact your administrator. > > What does this :2000 mean? > What could have happened/changed? > Many thanks for tips. Are you sure timsieved is running ? # netstat -anp | grep 2000 tcp 0 0 127.0.0.1:2000 0.0.0.0:* LISTEN 12912/cyrmaster ATTN: netstat can use different parameters on solaris ! Cant you show us you cyrus.conf ? > > -- > Dick Hoogendijk -- PGP/GnuPG key: 01D2433D > ++ http://nagual.nl/ + SunOS sxde 01/08 ++ > ---- > Cyrus Home Page: http://cyrusimap.web.cmu.edu/ > Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html > -- Alain Spineux aspineux gmail com May the sources be with you From nik at bu.edu Thu May 1 08:22:58 2008 From: nik at bu.edu (Nik Conwell) Date: Thu, 1 May 2008 08:22:58 -0400 (EDT) Subject: quota bug involving nested quota roots? Message-ID: I'm running 2.3.8 (Invoca) and see strange quota behavior. I checked the changelog for 2.3.12p1 and no mention of quota fixes (32-bit). Unfortunately I don't have a 2.3.12p1 system to check this out. Do people see similar things on the current version? Am I doing something wrong having nested quotas this way? My mailbox has quota and usage: quota -f |grep -E "user/nik|Quota" Quota % Used Used Root 10485760 15 1640288 user/nik If I set a quota on user/nik/restore (empty mailbox) and do quota -f, my recorded usage changes: sq user/nik/restore 1 quota -f|grep -E "user/nik|Quota" Quota % Used Used Root 10485760 13 1442491 user/nik 1 0 0 user/nik/restore I did finds on the filesystem and added up file sizes: full=`find /cyrus/master07/spool/n/user/nik -type f -ls|grep -v "cyrus\."|awk '{print $7}'|add`;echo "full=$full" restore=`find /cyrus/master07/spool/n/user/nik/restore -type f -ls|grep -v "cyrus\."|awk '{print $7}'|add`;echo "restore=$restore" full=1679655197 restore=0 The full / 1024 matches the original 1640288 used so the problem seems to be quota -f not correctly traversing when there is another lower quota root. If I remove the user/nik/restore quota and do quota -f, the value matches the original again: sq user/nik/restore remove 1 quota -f|grep -E "user/nik|Quota" Quota % Used Used Root 10485760 15 1640288 user/nik -nik Nik Conwell Office of Information Technology nik at bu.edu From aspineux at gmail.com Thu May 1 10:49:24 2008 From: aspineux at gmail.com (Alain Spineux) Date: Thu, 1 May 2008 16:49:24 +0200 Subject: Fwd: timsieved logon problem In-Reply-To: <71fe4e760805010748v23974e37r920bb31f30fd5e70@mail.gmail.com> References: <20080501132234.0000488c@westmark> <71fe4e760805010447l34cac4b2y77d9754ed157d5fa@mail.gmail.com> <20080501162929.0000361c@westmark> <71fe4e760805010748v23974e37r920bb31f30fd5e70@mail.gmail.com> Message-ID: <71fe4e760805010749p15b4c431mf2093489bbf6ec12@mail.gmail.com> ops ---------- Forwarded message ---------- From: Alain Spineux Date: Thu, May 1, 2008 at 4:48 PM Subject: Re: timsieved logon problem To: Dick Hoogendijk On Thu, May 1, 2008 at 4:29 PM, Dick Hoogendijk wrote: > On Thu, 1 May 2008 13:47:03 +0200 > "Alain Spineux" wrote: > > > On Thu, May 1, 2008 at 1:22 PM, Dick Hoogendijk > > wrote: > > > > Could not log on to timsieved daemon on your IMAP server > > > yanta:2000. Please contact your administrator. > > > Are you sure timsieved is running ? > > > > # netstat -anp | grep 2000 > > tcp 0 0 127.0.0.1:2000 0.0.0.0:* > > LISTEN 12912/cyrmaster > > Cyr-master does not show up. So I guess it's not running. Here is your problem! > > > > Cant you show us you cyrus.conf ? > > [cyrus.conf] > > START { > recover cmd="/opt/csw/sbin/ctl_cyrusdb -r" > # this is only necessary if using idled for IMAP IDLE > # idled cmd="idled" > } > > # UNIX sockets start with a slash and are put into /var/imap/sockets > SERVICES { > # add or remove based on preferences > imap cmd="imapd" listen="imap" prefork=5 > # imaps cmd="imapd -s" listen="imaps" prefork=1 > pop3 cmd="pop3d" listen="pop3" prefork=3 > # pop3s cmd="pop3d -s" listen="pop3s" prefork=1 > sieve cmd="timsieved" listen="sieve" prefork=0 You should see some error in your log file when trying to connect to the sieve daemon or when restarting cyrus ! Look at it. Regards > > # these are only necessary if receiving/exporting usenet via NNTP > # nntp cmd="nntpd" listen="nntp" prefork=3 > # nntps cmd="nntpd -s" listen="nntps" prefork=1 > > # at least one LMTP is required for delivery > # lmtp cmd="lmtpd" listen="lmtp" prefork=0 > lmtpunix cmd="lmtpd" listen="/opt/csw/var/cyrus/config/socket/lmtp" prefork=1 > > # this is only necessary if using notifications > # notify cmd="notifyd" listen="/opt/csw/var/cyrus/config/socket/notify" proto="udp" prefork=1 > } > > EVENTS { > # this is required > checkpoint cmd="/opt/csw/sbin/ctl_cyrusdb -c" period=30 > > # this is only necessary if using duplicate delivery suppression, > # Sieve or NNTP > delprune cmd="/opt/csw/sbin/cyr_expire -E 3" at=0400 > > # this is only necessary if caching TLS sessions > tlsprune cmd="/opt/csw/sbin/tls_prune" at=0400 > } > [/cyrus.conf] > > Nothing changed in this file recently. > Hope to get some help. It used to work quite nicely. > > -- > > > Dick Hoogendijk -- PGP/GnuPG key: 01D2433D > ++ http://nagual.nl/ + SunOS sxde 01/08 ++ > -- Alain Spineux aspineux gmail com May the sources be with you -- Alain Spineux aspineux gmail com May the sources be with you From dick at nagual.nl Thu May 1 11:02:06 2008 From: dick at nagual.nl (Dick Hoogendijk) Date: Thu, 1 May 2008 17:02:06 +0200 Subject: timsieved logon problem In-Reply-To: <71fe4e760805010748v23974e37r920bb31f30fd5e70@mail.gmail.com> References: <20080501132234.0000488c@westmark> <71fe4e760805010447l34cac4b2y77d9754ed157d5fa@mail.gmail.com> <20080501162929.0000361c@westmark> <71fe4e760805010748v23974e37r920bb31f30fd5e70@mail.gmail.com> Message-ID: <20080501170206.00002990@westmark> On Thu, 1 May 2008 16:48:49 +0200 "Alain Spineux" wrote: > On Thu, May 1, 2008 at 4:29 PM, Dick Hoogendijk > wrote: > > Cyr-master does not show up. So I guess it's not running. > Here is your problem! Yes, I know, > You should see some error in your log file when trying to connect to > the sieve daemon or when restarting cyrus ! > Look at it. Strange, but I can't find the cyrus log file. I looked at all the logfile places I can think of. Can I set a special place for this in the cyrus.conf file? -- Dick Hoogendijk -- PGP/GnuPG key: 01D2433D ++ http://nagual.nl/ + SunOS sxde 01/08 ++ From aspineux at gmail.com Thu May 1 11:03:25 2008 From: aspineux at gmail.com (Alain Spineux) Date: Thu, 1 May 2008 17:03:25 +0200 Subject: quota bug involving nested quota roots? In-Reply-To: References: Message-ID: <71fe4e760805010803x87992d6jeba95897c228ebfa@mail.gmail.com> On Thu, May 1, 2008 at 2:22 PM, Nik Conwell wrote: > > I'm running 2.3.8 (Invoca) and see strange quota behavior. I checked the > changelog for 2.3.12p1 and no mention of quota fixes (32-bit). Unfortunately I > don't have a 2.3.12p1 system to check this out. Do people see similar things on > the current version? Am I doing something wrong having nested quotas this way? > > > My mailbox has quota and usage: > > quota -f |grep -E "user/nik|Quota" > > Quota % Used Used Root > 10485760 15 1640288 user/nik > > > If I set a quota on user/nik/restore (empty mailbox) and do quota -f, my > recorded usage changes: > > sq user/nik/restore 1 > > quota -f|grep -E "user/nik|Quota" > > Quota % Used Used Root > 10485760 13 1442491 user/nik > 1 0 0 user/nik/restore > > > I did finds on the filesystem and added up file sizes: > > > full=`find /cyrus/master07/spool/n/user/nik -type f -ls|grep -v "cyrus\."|awk '{print $7}'|add`;echo "full=$full" > > restore=`find /cyrus/master07/spool/n/user/nik/restore -type f -ls|grep -v "cyrus\."|awk '{print $7}'|add`;echo "restore=$restore" > > > full=1679655197 > restore=0 > > > The full / 1024 matches the original 1640288 used so the problem seems to be > quota -f not correctly traversing when there is another lower quota root. traversing ? Hum. Is it possible that cyrus stop counting as soon as it find another quota root ? What appends if you call your "restore" folder, "aaaa" or "zzzzz". Is it possible you have some hardlink in your mailbox, created by the imap option singleinstancestore ? An some times hardlinks could be counted only once like with the "du -l". > > If I remove the user/nik/restore quota and do quota -f, the value matches the > original again: > > sq user/nik/restore remove 1 > > quota -f|grep -E "user/nik|Quota" > Quota % Used Used Root > 10485760 15 1640288 user/nik > > > -nik > Nik Conwell > Office of Information Technology > nik at bu.edu > > ---- > Cyrus Home Page: http://cyrusimap.web.cmu.edu/ > Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html > -- Alain Spineux aspineux gmail com May the sources be with you From nik at bu.edu Thu May 1 11:20:31 2008 From: nik at bu.edu (Nik Conwell) Date: Thu, 1 May 2008 11:20:31 -0400 (EDT) Subject: quota bug involving nested quota roots? In-Reply-To: <71fe4e760805010803x87992d6jeba95897c228ebfa@mail.gmail.com> References: <71fe4e760805010803x87992d6jeba95897c228ebfa@mail.gmail.com> Message-ID: On Thu, 1 May 2008, Alain Spineux wrote: >> The full / 1024 matches the original 1640288 used so the problem seems to be >> quota -f not correctly traversing when there is another lower quota root. > > traversing ? Hum. Is it possible that cyrus stop counting as soon as > it find another quota root ? > What appends if you call your "restore" folder, "aaaa" or "zzzzz". Looks like it quits when it hits the nested quota root. Unfortunately I don't have a 2.3.12p1 system to check this out. Do people see similar things on the current version? Am I doing something wrong having nested quotas this way? quota -f|grep -E "user/nik|Quota" Quota % Used Used Root 10485760 15 1640491 user/nik setquota user/nik aaaa 1 quota -f|grep -E "user/nik|Quota" Quota % Used Used Root 10485760 0 241 user/nik 1 0 0 user/nik/aaaa setquota user/nik/zzzz 1 quota -f|grep -E "user/nik|Quota" Quota % Used Used Root 10485760 15 1640491 user/nik 1 0 0 user/nik/zzzz From dick at nagual.nl Thu May 1 12:36:46 2008 From: dick at nagual.nl (Dick Hoogendijk) Date: Thu, 1 May 2008 18:36:46 +0200 Subject: timsieved logon problem In-Reply-To: <20080501132234.0000488c@westmark> References: <20080501132234.0000488c@westmark> Message-ID: <20080501183646.00005a30@westmark> On Thu, 1 May 2008 13:22:34 +0200 Dick Hoogendijk wrote: > I use SquirrelMail version 1.4.13 an Cyrus-2.3.11 from Blastwave > Stable on solaris 10. I never experienced problems before, but today > I wanted to add a filter from within SquirrelMail and got this > warning: > > Could not log on to timsieved daemon on your IMAP server yanta:2000. > Please contact your administrator. Cyrus-master is running. Cyrus works as it should. Clients are served the way it used to be. The *only* thing different is that I can no longer access the sieve mailfilters from squirrelmail. I "could not log on to timsieved" This service should run, according to my cyrus.conf [cyrus.conf] # standard standalone server implementation START { # do not delete this entry! recover cmd="/opt/csw/sbin/ctl_cyrusdb -r" # this is only necessary if using idled for IMAP IDLE # idled cmd="idled" } # UNIX sockets start with a slash and are put into /var/imap/sockets SERVICES { # add or remove based on preferences imap cmd="imapd" listen="imap" prefork=5 # imaps cmd="imapd -s" listen="imaps" prefork=1 pop3 cmd="pop3d" listen="pop3" prefork=3 # pop3s cmd="pop3d -s" listen="pop3s" prefork=1 sieve cmd="timsieved" listen="sieve" prefork=0 # these are only necessary if receiving/exporting usenet via NNTP # nntp cmd="nntpd" listen="nntp" prefork=3 # nntps cmd="nntpd -s" listen="nntps" prefork=1 # at least one LMTP is required for delivery # lmtp cmd="lmtpd" listen="lmtp" prefork=0 lmtpunix cmd="lmtpd" listen="/opt/csw/var/cyrus/config/socket/lmtp" prefork=1 # this is only necessary if using notifications # notify cmd="notifyd" listen="/opt/csw/var/cyrus/config/socket/notify" proto="udp" prefork=1 } EVENTS { # this is required checkpoint cmd="/opt/csw/sbin/ctl_cyrusdb -c" period=30 # this is only necessary if using duplicate delivery suppression, # Sieve or NNTP delprune cmd="/opt/csw/sbin/cyr_expire -E 3" at=0400 # this is only necessary if caching TLS sessions tlsprune cmd="/opt/csw/sbin/tls_prune" at=0400 } [/cyrus.conf I can see no weird things. Cyrus worked with this config for quite some time? I don't compile from source. I use the blastwave package. Any idas? Is there another good utility to access the sieve rules? -- Dick Hoogendijk -- PGP/GnuPG key: 01D2433D ++ http://nagual.nl/ + SunOS sxde 01/08 ++ From morgan at orst.edu Thu May 1 12:41:58 2008 From: morgan at orst.edu (Andrew Morgan) Date: Thu, 1 May 2008 09:41:58 -0700 (PDT) Subject: APOP No Longer Working after Upgrade to IMAPd 2.3.12p2 In-Reply-To: <481986B0.40301@UGent.be> References: <48189192.6070408@joreybump.com> <4A7F1ED1-5926-429C-AEDE-37D482BE2403@umich.edu> <4818C9FA.4090802@joreybump.com> <7E71E0C3-E5B2-4B3E-9D11-0C48BE95EC63@umich.edu> <4818DA53.6020509@joreybump.com> <481986B0.40301@UGent.be> Message-ID: On Thu, 1 May 2008, Rudy Gevaert wrote: > Andrew Morgan wrote: >> >> Cyrus IMAP calls out to the sasl libraries to generate the APOP challenge. >> On my Debian Etch system, libsasl2.so uses /dev/random. > > That is strange! sasl in Debian Etch is compiled against /dev/urandom. And > so my system confirms: > > cyrus:/usr/lib# strings libsasl2.* | grep random > /dev/urandom > /dev/urandom > /dev/urandom > /dev/urandom Ooops! And that would be true if I had ran that command on my Debian Etch system instead of my old Debian Sarge system... :) For the record: Debian Sarge sasl uses /dev/random Debian Etch sasl uses /dev/urandom Andy From marc at interak.com Thu May 1 12:57:47 2008 From: marc at interak.com (Marc Grober) Date: Thu, 01 May 2008 08:57:47 -0800 Subject: Thunderbird sieve extensions Message-ID: <4819F68B.9070304@interak.com> I am trying to use the thunderbird sieve extensions and need some help I have cyrus-imap running with ldap and postfix on SLES 10 I have sieve running and can use sieveshell I can set the extensions to not use TLS and the server logs show that the connectin was accepted, but the extension never returns the active script or the inactive script. Is it looking in the wrong place? Does the extension require additional software? Are configuration options available? What am I missing? I tried to write to the author with no response and then finally found a mailing list to which I subscribed and never received confirmation of subscription.... -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3331 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20080501/97aa3222/attachment.bin From lm at zork.pl Thu May 1 14:16:10 2008 From: lm at zork.pl (Lukasz Michalski) Date: Thu, 01 May 2008 20:16:10 +0200 Subject: Thunderbird sieve extensions In-Reply-To: <4819F68B.9070304@interak.com> References: <4819F68B.9070304@interak.com> Message-ID: <481A08EA.5040904@zork.pl> Marc Grober pisze: > I am trying to use the thunderbird sieve extensions and need some help > > I have cyrus-imap running with ldap and postfix on SLES 10 > I have sieve running and can use sieveshell > I can set the extensions to not use TLS and the server logs show that > the connectin was accepted, but the extension never returns the active > script or the inactive script. > Is it looking in the wrong place? Does the extension require additional > software? Are configuration options available? What am I missing? I > tried to write to the author with no response and then finally found a > mailing list to which I subscribed and never received confirmation of > subscription.... > TH extension works for me. I have setup that uses TLS. I had problems with communication on port 2000 and I had to setup additional port 2002 (I am using portfwd for this). Broken communication is *probably* caused by cisco routers, which uses port 2000 for their own purpose. For more information and description of symptoms see my older messages on this list. Regards, -- Lukasz Michalski pgp key: http://www.zork.pl/lm.asc -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature Url : http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20080501/a94eb516/attachment.bin From simon.matter at invoca.ch Thu May 1 16:21:05 2008 From: simon.matter at invoca.ch (Simon Matter) Date: Thu, 1 May 2008 22:21:05 +0200 (CEST) Subject: timsieved logon problem In-Reply-To: <20080501183646.00005a30@westmark> References: <20080501132234.0000488c@westmark> <20080501183646.00005a30@westmark> Message-ID: <33060.192.168.10.25.1209673265.squirrel@webmail.bi.corp.invoca.ch> > On Thu, 1 May 2008 13:22:34 +0200 > Dick Hoogendijk wrote: > >> I use SquirrelMail version 1.4.13 an Cyrus-2.3.11 from Blastwave >> Stable on solaris 10. I never experienced problems before, but today >> I wanted to add a filter from within SquirrelMail and got this >> warning: >> >> Could not log on to timsieved daemon on your IMAP server yanta:2000. >> Please contact your administrator. > > Cyrus-master is running. Cyrus works as it should. Clients are served > the way it used to be. The *only* thing different is that I can no > longer access the sieve mailfilters from squirrelmail. I "could not log > on to timsieved" If I got it right your sieve service listens on 127.0.0.1:2000 and your squirrelmail tries to access it as yanta:2000. I don't expect 'yanta' resolve to 127.0.0.1 so I don't think this could ever work. Simon > This service should run, according to my cyrus.conf > > [cyrus.conf] > # standard standalone server implementation > > START { > # do not delete this entry! > recover cmd="/opt/csw/sbin/ctl_cyrusdb -r" > > # this is only necessary if using idled for IMAP IDLE > # idled cmd="idled" > } > > # UNIX sockets start with a slash and are put into /var/imap/sockets > SERVICES { > # add or remove based on preferences > imap cmd="imapd" listen="imap" prefork=5 > # imaps cmd="imapd -s" listen="imaps" prefork=1 > pop3 cmd="pop3d" listen="pop3" prefork=3 > # pop3s cmd="pop3d -s" listen="pop3s" prefork=1 > sieve cmd="timsieved" listen="sieve" prefork=0 > > # these are only necessary if receiving/exporting usenet via NNTP > # nntp cmd="nntpd" listen="nntp" prefork=3 > # nntps cmd="nntpd -s" listen="nntps" prefork=1 > > # at least one LMTP is required for delivery > # lmtp cmd="lmtpd" listen="lmtp" prefork=0 > lmtpunix cmd="lmtpd" listen="/opt/csw/var/cyrus/config/socket/lmtp" > prefork=1 > > # this is only necessary if using notifications > # notify cmd="notifyd" listen="/opt/csw/var/cyrus/config/socket/notify" > proto="udp" prefork=1 > } > > EVENTS { > # this is required > checkpoint cmd="/opt/csw/sbin/ctl_cyrusdb -c" period=30 > > # this is only necessary if using duplicate delivery suppression, > # Sieve or NNTP > delprune cmd="/opt/csw/sbin/cyr_expire -E 3" at=0400 > > # this is only necessary if caching TLS sessions > tlsprune cmd="/opt/csw/sbin/tls_prune" at=0400 > } > [/cyrus.conf > > I can see no weird things. Cyrus worked with this config for quite some > time? I don't compile from source. I use the blastwave package. > > Any idas? > Is there another good utility to access the sieve rules? > > -- > Dick Hoogendijk -- PGP/GnuPG key: 01D2433D > ++ http://nagual.nl/ + SunOS sxde 01/08 ++ > ---- > Cyrus Home Page: http://cyrusimap.web.cmu.edu/ > Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html > From kajtzu at basen.net Thu May 1 16:52:36 2008 From: kajtzu at basen.net (Kaj Niemi) Date: Thu, 1 May 2008 23:52:36 +0300 Subject: Thunderbird sieve extensions In-Reply-To: <481A08EA.5040904@zork.pl> References: <4819F68B.9070304@interak.com> <481A08EA.5040904@zork.pl> Message-ID: <75F133E9-DD8A-4DEA-B032-16798CCF866B@basen.net> Hi, On May 1, 2008, at 21:16, Lukasz Michalski wrote: > I had problems with communication on port 2000 and I had to setup > additional port 2002 (I am using portfwd for this). > Broken communication is *probably* caused by cisco routers, which > uses port 2000 for their own purpose. A cisco router does not typically intercept traffic being forwarded through it. If you disagree you should probably open a TAC case. HTH Kaj -- Kaj J. Niemi +358 45 63 12000 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 3811 bytes Desc: not available Url : http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20080501/c330ca4e/attachment-0001.bin From morgan at orst.edu Thu May 1 17:20:04 2008 From: morgan at orst.edu (Andrew Morgan) Date: Thu, 1 May 2008 14:20:04 -0700 (PDT) Subject: Thunderbird sieve extensions In-Reply-To: <75F133E9-DD8A-4DEA-B032-16798CCF866B@basen.net> References: <4819F68B.9070304@interak.com> <481A08EA.5040904@zork.pl> <75F133E9-DD8A-4DEA-B032-16798CCF866B@basen.net> Message-ID: On Thu, 1 May 2008, Kaj Niemi wrote: > Hi, > > On May 1, 2008, at 21:16, Lukasz Michalski wrote: > >> I had problems with communication on port 2000 and I had to setup >> additional port 2002 (I am using portfwd for this). >> Broken communication is *probably* caused by cisco routers, which uses port >> 2000 for their own purpose. > > > A cisco router does not typically intercept traffic being forwarded through > it. If you disagree you should probably open a TAC case. If you use a Cisco firewall, then the firewall "fix-up" for the SCCP ("skinny") protocol can interfere with Sieve running on port 2000. We had to disable that fix-up here because it broke sieve on firewalled hosts. Andy From marc at interak.com Thu May 1 18:55:53 2008 From: marc at interak.com (Marc Grober) Date: Thu, 01 May 2008 14:55:53 -0800 Subject: Thunderbird sieve extensions In-Reply-To: References: <4819F68B.9070304@interak.com> <481A08EA.5040904@zork.pl> <75F133E9-DD8A-4DEA-B032-16798CCF866B@basen.net> Message-ID: <481A4A79.1010300@interak.com> Client and server inside firewall. If I telnet into port 2000 I get this: "IMPLEMENTATION" "Cyrus timsieved v2.2.12" "SASL" "LOGIN PLAIN" "SIEVE" "fileinto reject envelope vacation imapflags notify subaddress relationa l comparator-i;ascii-numeric regex" "STARTTLS" OK However, if I set the extensions to use TLS if available I get "Error establishing an encrypted connection to host. Error Code : -12195" Andrew Morgan wrote: > On Thu, 1 May 2008, Kaj Niemi wrote: > >> Hi, >> >> On May 1, 2008, at 21:16, Lukasz Michalski wrote: >> >>> I had problems with communication on port 2000 and I had to setup >>> additional port 2002 (I am using portfwd for this). >>> Broken communication is *probably* caused by cisco routers, which >>> uses port 2000 for their own purpose. >> >> >> A cisco router does not typically intercept traffic being forwarded >> through it. If you disagree you should probably open a TAC case. > > If you use a Cisco firewall, then the firewall "fix-up" for the SCCP > ("skinny") protocol can interfere with Sieve running on port 2000. We > had to disable that fix-up here because it broke sieve on firewalled hosts. > > Andy -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3331 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20080501/04a4de43/attachment.bin From Pascal.Gienger at uni-konstanz.de Fri May 2 01:43:56 2008 From: Pascal.Gienger at uni-konstanz.de (Pascal Gienger) Date: Fri, 02 May 2008 07:43:56 +0200 Subject: Any command to get rapidly ALL annotations? Message-ID: <47450D654C20679157C7885C@schnucki.djehoulou.com> Is there a way to get all annotations with one imap or cyrus command? We are using annotations here to be able to set an expiration time for spam mailboxes (messages older then x days are deleted automatically at night with cyr_expire). To get a tiny statistic we are going through all mailboxes and use GETANNOTATION to retrieve possible annotations, which is a time consuming progress. GETANNOTATION does not like wildcards like LIST. Berkeley DB db_dump is not a good idea either, because even with "-p" it gives database corruption in certain circumstances and it won't work any more when we move to skiplist for the annotation database. Pascal -- pascal at southbrain.com http://southbrain.com/ From lm at zork.pl Fri May 2 03:39:26 2008 From: lm at zork.pl (Lukasz Michalski) Date: Fri, 02 May 2008 09:39:26 +0200 Subject: Thunderbird sieve extensions In-Reply-To: <481A4A79.1010300@interak.com> References: <4819F68B.9070304@interak.com> <481A08EA.5040904@zork.pl> <75F133E9-DD8A-4DEA-B032-16798CCF866B@basen.net> <481A4A79.1010300@interak.com> Message-ID: <481AC52E.5040303@zork.pl> Marc Grober pisze: > Client and server inside firewall. > If I telnet into port 2000 I get this: > > "IMPLEMENTATION" "Cyrus timsieved v2.2.12" > "SASL" "LOGIN PLAIN" > "SIEVE" "fileinto reject envelope vacation imapflags notify subaddress > relationa > l comparator-i;ascii-numeric regex" > "STARTTLS" > OK > > However, if I set the extensions to use TLS if available I get "Error > establishing an encrypted connection to host. Error Code : -12195" > Works for me. "IMPLEMENTATION" "Cyrus timsieved v2.2.12" "SASL" "GSSAPI OTP CRAM-MD5 DIGEST-MD5" "SIEVE" "fileinto reject envelope vacation imapflags notify subaddress relationa l comparator-i;ascii-numeric regex" "STARTTLS" OK I have sieve 0.1.4 extension for thunderbird configured this way: Authentication: Use login from IMAP account Secure connection: true Regards, -- Lukasz Michalski pgp key: http://www.zork.pl/lm.asc -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 250 bytes Desc: OpenPGP digital signature Url : http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20080502/6c598cbc/attachment.bin From dick at nagual.nl Fri May 2 05:33:22 2008 From: dick at nagual.nl (dick hoogendijk) Date: Fri, 2 May 2008 11:33:22 +0200 (CEST) Subject: timsieved logon problem In-Reply-To: <33060.192.168.10.25.1209673265.squirrel@webmail.bi.corp.invoca.ch> References: <20080501132234.0000488c@westmark> <20080501183646.00005a30@westmark> <33060.192.168.10.25.1209673265.squirrel@webmail.bi.corp.invoca.ch> Message-ID: <56760.192.168.11.31.1209720802.squirrel@nagual.nl> Simon Matter wrote: >> On Thu, 1 May 2008 13:22:34 +0200 >> Dick Hoogendijk wrote: >> >>> I use SquirrelMail version 1.4.13 an Cyrus-2.3.11 from Blastwave >>> Stable on solaris 10. I never experienced problems before, but today >>> I wanted to add a filter from within SquirrelMail and got this >>> warning: >>> >>> Could not log on to timsieved daemon on your IMAP server yanta:2000. >>> Please contact your administrator. >> >> Cyrus-master is running. Cyrus works as it should. Clients are served >> the way it used to be. The *only* thing different is that I can no >> longer access the sieve mailfilters from squirrelmail. I "could not log >> on to timsieved" > > If I got it right your sieve service listens on 127.0.0.1:2000 and your > squirrelmail tries to access it as yanta:2000. I don't expect 'yanta' > resolve to 127.0.0.1 so I don't think this could ever work. If that were true, how could it have ever worked? Yanta is the cyrus mailer machine and known through internal dns for years. Can I make the sieve service listen on a specific IP? Sieveshell on yanta does work btw. From the sieve extension for thunderbird I get the impression that something has changed in the authorization procedure. All email connections are with CRAM-MD5. No tls/ssl, no plain logins. So all connections must be secure? Has something changed from cyrus-2.3.9 to 2.3.11 in this matters? Because it all started after this CSWpackage upgrade from xx.9 to xx.11 I'll post my cyrus.conf here too, because I really would like this matter solved if it can be ;-) [cyrus.conf] configdirectory: /opt/csw/var/cyrus/config partition-default: /opt/csw/var/cyrus/mail sievedir: /opt/csw/var/cyrus/sieve admins: cyrus unixhierarchysep: no altnamespace: no munge8bit: yes sasl_pwcheck_method: saslauthd # sasl_mech_list: PLAIN LOGIN # autocreatequota: -1 # createonpost: yes tls_ca_file: /opt/csw/ssl/private/imap/server.pem tls_cert_file: /opt/csw/ssl/private/imap/server.pem tls_key_file: /opt/csw/ssl/private/imap/server.pem [/cyrus.conf] Any ideas, tips are most welcome and appreciated. -- Dick Hoogendijk -- PGP/GnuPG key: F86289CE ++ http://lossehandjes.nl/ | SunOS 10u3 ++ From dick at nagual.nl Fri May 2 05:45:15 2008 From: dick at nagual.nl (dick hoogendijk) Date: Fri, 2 May 2008 11:45:15 +0200 (CEST) Subject: timsieved logon problem In-Reply-To: <20080501183646.00005a30@westmark> References: <20080501132234.0000488c@westmark> <20080501183646.00005a30@westmark> Message-ID: <56826.192.168.11.31.1209721515.squirrel@nagual.nl> Reading another message about the thunderbird sieve extension I too did a telnet request (normally telnet does not listen ;-) $ telnet yanta.nagual.nl 2000 Trying 192.168.11.35... Connected to yanta.nagual.nl. Escape character is '^]'. "IMPLEMENTATION" "Cyrus timsieved v2.3.11" "SASL" "PLAIN OTP LOGIN DIGEST-MD5 CRAM-MD5" "SIEVE" "comparator-i;ascii-numeric fileinto reject vacation imapflags notify envelope relational regex subaddress copy" "STARTTLS" OK So, timsieve IS there. Why on earth does it not listen anymore to a request from my Squirrelmail? Is it an authorization matter after all? Has something changed from xx.9 to version xx.11? From dick at nagual.nl Fri May 2 05:51:35 2008 From: dick at nagual.nl (dick hoogendijk) Date: Fri, 2 May 2008 11:51:35 +0200 (CEST) Subject: timsieved logon problem Message-ID: <56891.192.168.11.31.1209721895.squirrel@nagual.nl> Simon Matter wrote: >> On Thu, 1 May 2008 13:22:34 +0200 >> Dick Hoogendijk wrote: >> >>> I use SquirrelMail version 1.4.13 an Cyrus-2.3.11 from Blastwave Stable on solaris 10. I never experienced problems before, but today I wanted to add a filter from within SquirrelMail and got this warning: >>> >>> Could not log on to timsieved daemon on your IMAP server yanta:2000. Please contact your administrator. >> >> Cyrus-master is running. Cyrus works as it should. Clients are served the way it used to be. The *only* thing different is that I can no longer access the sieve mailfilters from squirrelmail. I "could not log on to timsieved" > > If I got it right your sieve service listens on 127.0.0.1:2000 and your squirrelmail tries to access it as yanta:2000. I don't expect 'yanta' resolve to 127.0.0.1 so I don't think this could ever work. If that were true, how could it have ever worked? Yanta is the cyrus mailer machine and known through internal dns for years. Can I make the sieve service listen on a specific IP? Sieveshell on yanta does work btw. From the sieve extension for thunderbird I get the impression that something has changed in the authorization procedure. All email connections are with CRAM-MD5. No tls/ssl, no plain logins. So all connections must be secure? Has something changed from cyrus-2.3.9 to 2.3.11 in this matters? Because it all started after this CSWpackage upgrade from xx.9 to xx.11 I'll post my cyrus.conf here too, because I really would like this matter solved if it can be ;-) [cyrus.conf] configdirectory: /opt/csw/var/cyrus/config partition-default: /opt/csw/var/cyrus/mail sievedir: /opt/csw/var/cyrus/sieve admins: cyrus unixhierarchysep: no altnamespace: no munge8bit: yes sasl_pwcheck_method: saslauthd # sasl_mech_list: PLAIN LOGIN # autocreatequota: -1 # createonpost: yes tls_ca_file: /opt/csw/ssl/private/imap/server.pem tls_cert_file: /opt/csw/ssl/private/imap/server.pem tls_key_file: /opt/csw/ssl/private/imap/server.pem [/cyrus.conf] Any ideas, tips are most welcome and appreciated. -- Dick Hoogendijk -- PGP/GnuPG key: F86289CE ++ http://lossehandjes.nl/ | SunOS 10u3 ++ From dick at nagual.nl Fri May 2 05:52:05 2008 From: dick at nagual.nl (dick hoogendijk) Date: Fri, 2 May 2008 11:52:05 +0200 (CEST) Subject: timsieved logon problem Message-ID: <56902.192.168.11.31.1209721925.squirrel@nagual.nl> Reading another message about the thunderbird sieve extension I too did a telnet request (normally telnet does not listen ;-) $ telnet yanta.nagual.nl 2000 Trying 192.168.11.35... Connected to yanta.nagual.nl. Escape character is '^]'. "IMPLEMENTATION" "Cyrus timsieved v2.3.11" "SASL" "PLAIN OTP LOGIN DIGEST-MD5 CRAM-MD5" "SIEVE" "comparator-i;ascii-numeric fileinto reject vacation imapflags notify envelope relational regex subaddress copy" "STARTTLS" OK So, timsieve IS there. Why on earth does it not listen anymore to a request from my Squirrelmail? Is it an authorization matter after all? Has something changed from xx.9 to version xx.11? -- Dick Hoogendijk -- PGP/GnuPG key: F86289CE ++ http://lossehandjes.nl/ | SunOS 10u3 ++ From robm at fastmail.fm Fri May 2 09:07:29 2008 From: robm at fastmail.fm (Rob Mueller) Date: Fri, 2 May 2008 23:07:29 +1000 Subject: Any command to get rapidly ALL annotations? References: <47450D654C20679157C7885C@schnucki.djehoulou.com> Message-ID: <069701c8ac55$7c0e2ac0$0a01a8c0@robmhp> > To get a tiny statistic we are going through all mailboxes and use > GETANNOTATION to retrieve possible annotations, which is a time consuming > progress. GETANNOTATION does not like wildcards like LIST. Yes it does. Bah, seems the draft is up to -13 now, and they've actually changed the IMAP command to GETMETADATA. Anyway, the cyrus implementation still uses GETANNOTATION and seems to implement somewhere around -05 draft. http://ietfreport.isoc.org/all-ids/draft-daboo-imap-annotatemore-05.txt Both "*" and "%" list wildcard characters MAY be used in the mailbox name argument to commands to match all possible occurrences of a mailbox name pattern. However, "*" or "%" by themselves MUST NOT match the empty string (server) entries. Server entries can only be accessed by explicitly using the empty string as the mailbox name. I'm pretty sure this works from my memory and testing. Rob From marc at interak.com Fri May 2 21:08:24 2008 From: marc at interak.com (Marc Grober) Date: Fri, 02 May 2008 17:08:24 -0800 Subject: Thunderbird sieve extensions In-Reply-To: <481AC52E.5040303@zork.pl> References: <4819F68B.9070304@interak.com> <481A08EA.5040904@zork.pl> <75F133E9-DD8A-4DEA-B032-16798CCF866B@basen.net> <481A4A79.1010300@interak.com> <481AC52E.5040303@zork.pl> Message-ID: <481BBB08.6040901@interak.com> You are looking at a different interface than I am maybe?? Three panels in the dialog... On left authentication, on right check box for ignore IMAP and only by checking can you click or unclick Use TLS below, general settings I have Use IMAP and have tried with ignore clicked and w/o Use TLS and with ignore unclicked. Lukasz Michalski wrote: > Marc Grober pisze: >> Client and server inside firewall. >> If I telnet into port 2000 I get this: >> >> "IMPLEMENTATION" "Cyrus timsieved v2.2.12" >> "SASL" "LOGIN PLAIN" >> "SIEVE" "fileinto reject envelope vacation imapflags notify subaddress >> relationa >> l comparator-i;ascii-numeric regex" >> "STARTTLS" >> OK >> >> However, if I set the extensions to use TLS if available I get "Error >> establishing an encrypted connection to host. Error Code : -12195" >> > > Works for me. > "IMPLEMENTATION" "Cyrus timsieved v2.2.12" > "SASL" "GSSAPI OTP CRAM-MD5 DIGEST-MD5" > "SIEVE" "fileinto reject envelope vacation imapflags notify subaddress > relationa > l comparator-i;ascii-numeric regex" > "STARTTLS" > OK > > I have sieve 0.1.4 extension for thunderbird configured this way: > Authentication: Use login from IMAP account > Secure connection: true > > Regards, -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3331 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20080502/d9ceb020/attachment.bin From marc at interak.com Fri May 2 23:44:26 2008 From: marc at interak.com (Marc Grober) Date: Fri, 02 May 2008 19:44:26 -0800 Subject: Thunderbird sieve extensions - making progress In-Reply-To: <481AC52E.5040303@zork.pl> References: <4819F68B.9070304@interak.com> <481A08EA.5040904@zork.pl> <75F133E9-DD8A-4DEA-B032-16798CCF866B@basen.net> <481A4A79.1010300@interak.com> <481AC52E.5040303@zork.pl> Message-ID: <481BDF9A.4070703@interak.com> It looks like weither today's upgrade or turning off the folderpane add-on did the trick.... at least at this point the host is asking for a certificate..... but of course won't accept any of the existing certs. I do recall having created a key for TLS, but I am not sure about translating that into a cert.... I have half a dozen thawye certs, but am not sure how the server would want to use those.... Lukasz Michalski wrote: > Marc Grober pisze: >> Client and server inside firewall. >> If I telnet into port 2000 I get this: >> >> "IMPLEMENTATION" "Cyrus timsieved v2.2.12" >> "SASL" "LOGIN PLAIN" >> "SIEVE" "fileinto reject envelope vacation imapflags notify subaddress >> relationa >> l comparator-i;ascii-numeric regex" >> "STARTTLS" >> OK >> >> However, if I set the extensions to use TLS if available I get "Error >> establishing an encrypted connection to host. Error Code : -12195" >> > > Works for me. > "IMPLEMENTATION" "Cyrus timsieved v2.2.12" > "SASL" "GSSAPI OTP CRAM-MD5 DIGEST-MD5" > "SIEVE" "fileinto reject envelope vacation imapflags notify subaddress > relationa > l comparator-i;ascii-numeric regex" > "STARTTLS" > OK > > I have sieve 0.1.4 extension for thunderbird configured this way: > Authentication: Use login from IMAP account > Secure connection: true > > Regards, -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3331 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20080502/e56b0fff/attachment.bin From lm at zork.pl Sat May 3 13:09:44 2008 From: lm at zork.pl (Lukasz Michalski) Date: Sat, 3 May 2008 19:09:44 +0200 Subject: Thunderbird sieve extensions In-Reply-To: <481BBB08.6040901@interak.com> References: <4819F68B.9070304@interak.com> <481AC52E.5040303@zork.pl> <481BBB08.6040901@interak.com> Message-ID: <200805031909.48528.lm@zork.pl> On Saturday 03 May 2008, you wrote: > You are looking at a different interface than I am maybe?? > Three panels in the dialog... > On left authentication, on right check box for ignore IMAP I use IMAP authentication, have "ignore imap settings" checked and "use TLS, if available" checked too. Regards, ?ukasz From niko at petole.dyndns.org Sun May 4 05:45:37 2008 From: niko at petole.dyndns.org (Nicolas KOWALSKI) Date: Sun, 4 May 2008 11:45:37 +0200 Subject: mailbox name incomplete in syslog when deleted Message-ID: Hello, I am using cyrus-imapd-2.3.12p2, with the cyrus-receivedtime patch from fastmail. With previous versions, when I deleted a mailbox, its name was indicated in syslog. Now, only the user main mailbox name is shown: May 4 11:38:49 petole imap[3751]: Deleted mailbox user.niko This is harmless, but I just wanted to know if somebody also see this behaviour, or if it is specific to my installation? Thanks, -- Nicolas From descombes at sb-roscoff.fr Sat May 3 16:18:57 2008 From: descombes at sb-roscoff.fr (DESCOMBES Thierry) Date: Sat, 03 May 2008 22:18:57 +0200 Subject: Migration issues Message-ID: <481CC8B1.3040009@sb-roscoff.fr> Hello, I'm the system administrator of a french research unit (CNRS), and we are using cyrus and postfix, on a server, for 2 years now, without troubles. Now, we have bought a DAS (Direct Attached Storage) attached to a dedicated server (with tape backup system...) and we'd like to use the DAS to store mailboxes. My idea was to uninstall the IMAP service on our old mailserver, change its postfix configuration to SMTP relay mails to the new server (attached to the DAS), and install new versions of postfix and cyrus on the new server (where the DAS filesystem are mounted locally). Do you think this is the best way to do that ? (I have already tested unsuccesfully, exporting files (with NFS) or partition (with open-iSCSI)... but in case of crash, it seems that data integrity is often broken) I have tried to configure this setup. On the old server, we are using cyrus 2.2.12 (on Linux), and in the new one, I have installed cyrus 2.3.8 (on Linux). So, I have tried to follow the "Upgrading from 2.2.x or earlier" part of cyrus documentation. I have copied the spool directory (rsync of the /var/spool/imap directory), and the db directory (a tar of /var/lib/imap after a cyrus shutdown) from the old server to the new one, created a metapartition directory, launched "tools/migrate-metadata" script... but now, when I start cyrus , it freezes and writes messages in system log files: kernel: ctl_cyrusdb[26239]: segfault at 00002b7e51a60efc rip 00002b5652b30f96 rsp 00007fff59062d60 error 4 cyrus-master[26233]: process 26239 exited, signaled to death by 11 What's wrong ? The new server is running a 64 bits linux distribution (the old a 32 bits). Should I try with a version of cyrus build for 32bits architecture ? Thanks a lot in advance. Cheers, -- DESCOMBES Thierry Station Biologique de Roscoff Service Informatique - FR2424 Place George Teissier BP 74 29682 Roscoff Cedex Tel: (00 33)2 98 29 23 14 Port: (00 33)6 63 03 04 74 From aspineux at gmail.com Mon May 5 07:24:22 2008 From: aspineux at gmail.com (Alain Spineux) Date: Mon, 5 May 2008 13:24:22 +0200 Subject: Migration issues In-Reply-To: <481CC8B1.3040009@sb-roscoff.fr> References: <481CC8B1.3040009@sb-roscoff.fr> Message-ID: <71fe4e760805050424t6f8defc2t1eb45d6a629ebf7@mail.gmail.com> On Sat, May 3, 2008 at 10:18 PM, DESCOMBES Thierry wrote: > Hello, > > I'm the system administrator of a french research unit (CNRS), and we > are using cyrus and postfix, on a server, for 2 years now, without > troubles. > > Now, we have bought a DAS (Direct Attached Storage) attached to a > dedicated server (with tape backup system...) and we'd like to use the > DAS to store mailboxes. > > My idea was to uninstall the IMAP service on our old mailserver, change > its postfix configuration to SMTP relay mails to the new server > (attached to the DAS), and install new versions of postfix and cyrus on > the new server (where the DAS filesystem are mounted locally). Yes fine, just configure a "transport" for your domain to your new server. You can avoid the second postfix configuration by delivering directly your email trough LMTP by adding something like lmtp cmd="lmtpd -a" listen="your.ip.address.here:2003" to your cyrus.conf. If you use -a be careful to secure your lmtpd port with some iptables rules. > Do you > think this is the best way to do that ? (I have already tested > unsuccesfully, exporting files (with NFS) or partition (with > open-iSCSI)... but in case of crash, it seems that data integrity is > often broken) > > I have tried to configure this setup. On the old server, we are using > cyrus 2.2.12 (on Linux), and in the new one, I have installed cyrus > 2.3.8 (on Linux). So, I have tried to follow the "Upgrading from 2.2.x > or earlier" part of cyrus documentation. I have copied the spool > directory (rsync of the /var/spool/imap directory), and the db directory > (a tar of /var/lib/imap after a cyrus shutdown) from the old server to > the new one, created a metapartition directory, launched > "tools/migrate-metadata" script... but now, when I start cyrus , it > freezes and writes messages in system log files: imapsync is a nice tool for migration. For now it can sync everything except annotation and quota. It works like rsync but on top of imap protocol, you dont need to bother about format conversion. > > kernel: ctl_cyrusdb[26239]: segfault at 00002b7e51a60efc rip > 00002b5652b30f96 rsp 00007fff59062d60 error 4 You missed something. You have to dump bdb data file on your old system and restore it on your new system to use the correct library version on each of them. You can try to guess what wrong by running something like # su cyrus -c "strace ctl_cyrusdb -r" and look in the strace log for the last file opened by ctl_cyrusdb. > > cyrus-master[26233]: process 26239 exited, signaled to death by 11 > > What's wrong ? The new server is running a 64 bits linux distribution > (the old a 32 bits). Should I try with a version of cyrus build for > 32bits architecture ? 32bits are still less problematic yet, up to 2Go of RAM 32bits is probably the best choice, up to 4Go you can have little benefit using a 64bit system, above 4Go You have to consider a 64bit system. > > Thanks a lot in advance. > Cheers, > > -- > > DESCOMBES Thierry > Station Biologique de Roscoff > Service Informatique - FR2424 > Place George Teissier > BP 74 > 29682 Roscoff Cedex > > Tel: (00 33)2 98 29 23 14 > Port: (00 33)6 63 03 04 74 > ---- > Cyrus Home Page: http://cyrusimap.web.cmu.edu/ > Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html > -- Alain Spineux aspineux gmail com May the sources be with you From shwaltz at cabm.rutgers.edu Mon May 5 11:30:29 2008 From: shwaltz at cabm.rutgers.edu (Shelley Waltz) Date: Mon, 5 May 2008 11:30:29 -0400 (EDT) Subject: Migrate Sieve Scripts Message-ID: <42394.192.76.178.13.1210001429.squirrel@webmail.cabm.rutgers.edu> A bit of confusion over moving my users' sieve scripts to the new server. Old server, 2.2.3 duplicate_db=berkeley New server, 2.3.7 duplicate_db=skiplist Documentation indicates the duplicate_db determines both duplicate delivery db as well as sieve. My old sieve scripts(uncompiled and compiled) are in /var/lib/imap/sieve/"a-z"/username To migrate the scripts, do I need to recompile? If so, what is the best way to do this? SWaltz { Shelley Waltz Center for Advanced Biotechnology and Medicine Rutgers University / UMDNJ 679 Hoes Lane Piscataway, NJ 08854-5638 732 235 3346 }; From morgan at orst.edu Mon May 5 13:21:58 2008 From: morgan at orst.edu (Andrew Morgan) Date: Mon, 5 May 2008 10:21:58 -0700 (PDT) Subject: Migrate Sieve Scripts In-Reply-To: <42394.192.76.178.13.1210001429.squirrel@webmail.cabm.rutgers.edu> References: <42394.192.76.178.13.1210001429.squirrel@webmail.cabm.rutgers.edu> Message-ID: On Mon, 5 May 2008, Shelley Waltz wrote: > A bit of confusion over moving my users' sieve scripts to the new server. > > Old server, 2.2.3 duplicate_db=berkeley > New server, 2.3.7 duplicate_db=skiplist > > Documentation indicates the duplicate_db determines both duplicate > delivery db as well as sieve. > > My old sieve scripts(uncompiled and compiled) are in > /var/lib/imap/sieve/"a-z"/username > > To migrate the scripts, do I need to recompile? If so, what is the best > way to do this? Have a look at the tools/masssievec script that comes with Cyrus. Andy From glad at daimi.au.dk Mon May 5 15:52:35 2008 From: glad at daimi.au.dk (Michael Glad) Date: Mon, 5 May 2008 21:52:35 +0200 Subject: Slow Outlook Connector Message-ID: <20080505195235.GA23175@estella.daimi.au.dk> We run Cyrus 2.3.11 + Fastmail patches as of January 2 on a 64 bit RHEL 5.1 Opteron server. We have some 1000 users and up til 300 simultaneous imap processes. The system works nicely with MUAs like Thunderbird and various flavors of Outlook and shows no signs of any significant load. We do, however, have users using the Oracle Outlook connector who complain about bad performance. I've set up a testaccount with a 16k messages folder. Using Thunderbird, messages are shown w/o any noticeable delay when I click them. Using Outlook+outlook connector, the message 'getting complete message' are shown for at couple of seconds before the message is actually displayed. This may be what annoys the users. Are there other Cyrus sites out there with similar problems? -- Michael From michael.menge at zdv.uni-tuebingen.de Tue May 6 02:37:24 2008 From: michael.menge at zdv.uni-tuebingen.de (Michael Menge) Date: Tue, 6 May 2008 08:37:24 +0200 Subject: Migrate Sieve Scripts In-Reply-To: <42394.192.76.178.13.1210001429.squirrel@webmail.cabm.rutgers.edu> References: <42394.192.76.178.13.1210001429.squirrel@webmail.cabm.rutgers.edu> Message-ID: <20080506083724.kc8l6707eos8gskc@webmail.uni-tuebingen.de> Quoting Shelley Waltz : > A bit of confusion over moving my users' sieve scripts to the new server. > > Old server, 2.2.3 duplicate_db=berkeley > New server, 2.3.7 duplicate_db=skiplist > > Documentation indicates the duplicate_db determines both duplicate > delivery db as well as sieve. sieve uses the duplicate_db only for vacation and forward-loop detection. Deleting/not migration duplicate_db will only result in vacation beeing send out in reaction to an email even if the sender has recieved a vacation message recently. And in case of a forward-loop that am email will be forwarded. But you can dump the duplicate_db on the old system and import them on the new. Have a look at cvt_cyrusdb. > > My old sieve scripts(uncompiled and compiled) are in > /var/lib/imap/sieve/"a-z"/username > > To migrate the scripts, do I need to recompile? If so, what is the best > way to do this? IMHO you should recompile the scripts. Use tools/masssievec > > SWaltz > > > > { Shelley Waltz > Center for Advanced Biotechnology and Medicine > Rutgers University / UMDNJ > 679 Hoes Lane > Piscataway, NJ 08854-5638 > 732 235 3346 }; > ---- > Cyrus Home Page: http://cyrusimap.web.cmu.edu/ > Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html > -------------------------------------------------------------------------------- M.Menge Tel.: (49) 7071/29-70316 Universitaet Tuebingen Fax.: (49) 7071/29-5912 Zentrum fuer Datenverarbeitung mail: michael.menge at zdv.uni-tuebingen.de Waechterstrasse 76 72074 Tuebingen From Klaus.Steinberger at physik.uni-muenchen.de Tue May 6 08:35:44 2008 From: Klaus.Steinberger at physik.uni-muenchen.de (Klaus Steinberger) Date: Tue, 6 May 2008 14:35:44 +0200 Subject: Problem with ptloader and Novell Edirectory Message-ID: <200805061435.49270.Klaus.Steinberger@physik.uni-muenchen.de> Hello, I try to setup ptloader, but run into trouble with the way Novell handles groups. Novell edirectory does the following: the groupMembership Attribute inside the person object is multivalued, and contains the full DN's of the groups. Vice versa, the group Object contains a multivalued Attribut "member" containing the Full DN's of the Members. ptloader seems to work, but returns full dn's and of course the groups are not working: [root at test-imap etc]# /usr/lib/cyrus-imapd/ptdump user: guinea.pig time: 1210077241 groups: 10 group:cn=cipphysik,ou=berechtigungsgruppen,o=physik group:cn=mitarbeiter,ou=berechtigungsgruppen,o=physik group:cn=mll-ldap,ou=exportgruppen,o=physik group:cn=email,ou=berechtigungsgruppen,o=physik group:cn=campususer,ou=gruppen,o=physik group:cn=bl-group,ou=berechtigungsgruppen,o=physik group:cn=verwaltung,ou=berechtigungsgruppen,o=physik group:cn=test,ou=gruppen,ou=subversion,ou=anwendungen,o=physik group:cn=otrs,ou=otrs,ou=anwendungen,o=physik group:cn=webmaster-tssp,ou=otrs,ou=anwendungen,o=physik Here is the relevant part of imapd.conf: ldap_sasl: 0 ldap_base: ou=Personen,o=physik ldap_filter: (uid=%u) ldap_group_base: ou=Gruppen,o=physik ldap_group_filter: (member=%D) ldap_uri: ldap://edir11.physik.uni-muenchen.de ldap_member_method: attribute ldap_member_attribute: groupMemberShip ldap_member_base: ou=Gruppen,o=physik ldap_tls_cacert_file: /etc/pki/tls/certs/ca-bundle.crt pts_module: ldap ptscache_timeout: 10 ptloader_sock: /var/lib/imap/ptclient/ptsock Any idea what I have to change in the imapd.conf to get it working? Sincerly, Klaus -- Klaus Steinberger Beschleunigerlaboratorium Phone: (+49 89)289 14287 Am Coulombwall 6, D-85748 Garching, Germany FAX: (+49 89)289 14280 EMail: Klaus.Steinberger at Physik.Uni-Muenchen.DE URL: http://www.physik.uni-muenchen.de/~Klaus.Steinberger/ -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 2002 bytes Desc: not available Url : http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20080506/1e02dc5d/attachment.bin From wes at umich.edu Tue May 6 15:08:41 2008 From: wes at umich.edu (Wesley Craig) Date: Tue, 6 May 2008 15:08:41 -0400 Subject: Problem with ptloader and Novell Edirectory In-Reply-To: <200805061435.49270.Klaus.Steinberger@physik.uni-muenchen.de> References: <200805061435.49270.Klaus.Steinberger@physik.uni-muenchen.de> Message-ID: <22E47522-5940-48C9-BB00-F2463624A934@umich.edu> On 06 May 2008, at 08:35, Klaus Steinberger wrote: > ldap_group_base: ou=Gruppen,o=physik > ldap_group_filter: (member=%D) The above is fine. > ldap_member_method: attribute > ldap_member_attribute: groupMemberShip > ldap_member_base: ou=Gruppen,o=physik The above should be: ldap_member_method: filter ldap_member_filter: (member=%D) ldap_member_attribute: cn ldap_member_base: ou=Gruppen,o=physik This assumes you'd like the groups to be know by their cn. :wes From Klaus.Steinberger at physik.uni-muenchen.de Tue May 6 15:51:47 2008 From: Klaus.Steinberger at physik.uni-muenchen.de (Klaus Steinberger) Date: Tue, 6 May 2008 21:51:47 +0200 Subject: Problem with ptloader and Novell Edirectory In-Reply-To: <22E47522-5940-48C9-BB00-F2463624A934@umich.edu> References: <200805061435.49270.Klaus.Steinberger@physik.uni-muenchen.de> <22E47522-5940-48C9-BB00-F2463624A934@umich.edu> Message-ID: <200805062151.51275.Klaus.Steinberger@physik.uni-muenchen.de> Hi Wes, > > ldap_member_method: attribute > > ldap_member_attribute: groupMemberShip > > ldap_member_base: ou=Gruppen,o=physik > > The above should be: > > ldap_member_method: filter > ldap_member_filter: (member=%D) > ldap_member_attribute: cn > ldap_member_base: ou=Gruppen,o=physik > > This assumes you'd like the groups to be know by their cn. Yep, but I already tried that, and it doesn't work. The Search gave back "Size limit exceeded". A user could be in more than one group, it works only with users just in one group. "ldap_member_method: filter" sets a size limit of 1 for the search. I'm using cyrus-imapd-2.3.7-1.1.el5 (Scientific Linux). Sincerly, Klaus -- Klaus Steinberger Beschleunigerlaboratorium Phone: (+49 89)289 14287 Am Coulombwall 6, D-85748 Garching, Germany FAX: (+49 89)289 14280 EMail: Klaus.Steinberger at Physik.Uni-Muenchen.DE URL: http://www.physik.uni-muenchen.de/~Klaus.Steinberger/ -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 2002 bytes Desc: not available Url : http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20080506/50d53202/attachment.bin From Klaus.Steinberger at physik.uni-muenchen.de Tue May 6 16:51:13 2008 From: Klaus.Steinberger at physik.uni-muenchen.de (Klaus Steinberger) Date: Tue, 6 May 2008 22:51:13 +0200 Subject: Problem with ptloader and Novell Edirectory Message-ID: <200805062251.17056.Klaus.Steinberger@physik.uni-muenchen.de> Hi Wes, > The above should be: > > ldap_member_method: filter > ldap_member_filter: (member=%D) > ldap_member_attribute: cn > ldap_member_base: ou=Gruppen,o=physik > > This assumes you'd like the groups to be know by their cn. One more point, I found out that its possible to set "ldap_size_limit", then ptloader get's back the correct answer from the server (as i can see with wireshark), but then ptloader seems to crash: May 6 22:39:08 test-imap imap[9568]: starttls: TLSv1 with cipher AES256-SHA (256/256 bits new) no authentication May 6 22:39:18 test-imap imap[9568]: ptload(): pinging ptloader May 6 22:39:18 test-imap imap[9568]: connected with no delay May 6 22:39:18 test-imap imap[9568]: ptload(): connected May 6 22:39:18 test-imap imap[9568]: timeout_select: sock = 17, rp = 0x0, wp = 0xbf96efd4, sec = 30 May 6 22:39:18 test-imap imap[9568]: timeout_select exiting. r = 1; errno = 0 May 6 22:39:18 test-imap imap[9568]: ptload sent data May 6 22:39:18 test-imap imap[9568]: timeout_select: sock = 17, rp = 0xbf96f054, wp = 0x0, sec = 30 May 6 22:39:18 test-imap ptloader[9567]: accepted connection May 6 22:39:18 test-imap imap[9568]: timeout_select exiting. r = 1; errno = 0 May 6 22:39:18 test-imap imap[9568]: ptload read data back May 6 22:39:18 test-imap imap[9568]: ptload(): empty response from ptloader server May 6 22:39:18 test-imap imap[9568]: No data available at all from ptload() May 6 22:39:18 test-imap imap[9568]: ptload completely failed: unable to canonify identifier: klaus.steinberger May 6 22:39:18 test-imap imap[9568]: badlogin: pb-d-128-141-130-171.cern.ch [128.141.130.171] plaintext klaus.steinberger invalid user May 6 22:39:18 test-imap master[9556]: process 9567 exited, signaled to death by 11 May 6 22:39:18 test-imap master[9556]: service ptloader pid 9567 in READY state: terminated abnormally May 6 22:39:18 test-imap master[9614]: about to exec /usr/lib/cyrus-imapd/ptloader May 6 22:39:18 test-imap ptloader[9614]: executed May 6 22:39:18 test-imap ptloader[9614]: starting: $Id: ptloader.c,v 1.32.2.9 2005/02/25 07:19:06 shadow Exp $ Sincerly, Klaus -- Klaus Steinberger Beschleunigerlaboratorium Phone: (+49 89)289 14287 Am Coulombwall 6, D-85748 Garching, Germany FAX: (+49 89)289 14280 EMail: Klaus.Steinberger at Physik.Uni-Muenchen.DE URL: http://www.physik.uni-muenchen.de/~Klaus.Steinberger/ -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 2002 bytes Desc: not available Url : http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20080506/b1674e49/attachment.bin From wes at umich.edu Tue May 6 17:56:52 2008 From: wes at umich.edu (Wesley Craig) Date: Tue, 6 May 2008 17:56:52 -0400 Subject: Problem with ptloader and Novell Edirectory In-Reply-To: <200805062151.51275.Klaus.Steinberger@physik.uni-muenchen.de> References: <200805061435.49270.Klaus.Steinberger@physik.uni-muenchen.de> <22E47522-5940-48C9-BB00-F2463624A934@umich.edu> <200805062151.51275.Klaus.Steinberger@physik.uni-muenchen.de> Message-ID: On 06 May 2008, at 15:51, Klaus Steinberger wrote: > I'm using cyrus-imapd-2.3.7-1.1.el5 (Scientific Linux). That's pretty old, there have been a lot of fixes to the pt & ldap code in the intervening 5 or so releases. :wes From Klaus.Steinberger at physik.uni-muenchen.de Wed May 7 06:23:19 2008 From: Klaus.Steinberger at physik.uni-muenchen.de (Klaus Steinberger) Date: Wed, 7 May 2008 12:23:19 +0200 Subject: Problem with ptloader and Novell Edirectory In-Reply-To: References: <200805061435.49270.Klaus.Steinberger@physik.uni-muenchen.de> <200805062151.51275.Klaus.Steinberger@physik.uni-muenchen.de> Message-ID: <200805071223.23129.Klaus.Steinberger@physik.uni-muenchen.de> Hi Wes. > On 06 May 2008, at 15:51, Klaus Steinberger wrote: > > I'm using cyrus-imapd-2.3.7-1.1.el5 (Scientific Linux). > > That's pretty old, there have been a lot of fixes to the pt & ldap > code in the intervening 5 or so releases. Thanks! That solved my problem, i built the SRPM from Fedora 8 now for SL5 (2.3.11-1). Groups are working now. I had to change the ldap_group_filter from my original question, so now the ldap parameters are the following: ldap_sasl: 0 ldap_base: ou=Personen,o=physik ldap_filter: (uid=%u) ldap_group_base: ou=Gruppen,o=physik ldap_group_filter: (cn=%u) ldap_uri: ldap://edir11.physik.uni-muenchen.de ldap_size_limit: 20 ldap_member_method: filter ldap_member_filter: (member=%D) ldap_member_attribute: cn ldap_member_base: ou=Gruppen,o=physik ldap_tls_cacert_file: /etc/pki/tls/certs/ca-bundle.crt pts_module: ldap ptscache_timeout: 10 ptloader_sock: /var/lib/imap/ptclient/ptsock This should work as long as no user is member of more than 20 groups. (should not be the case here, some special groups are outside "ou=Gruppen,o=physik" and are not counted). ptdump now shows: [root at test-imap etc]# /usr/lib/cyrus-imapd/ptdump user: guinea.pig time: 1210155445 groups: 1 group:campususer user: klaus.steinberger time: 1210155332 groups: 4 group:pr-adm-verw group:cipwheel group:etpgrid group:rechner [root at test-imap etc]# Setting ACL's on groups now works as expected. Sincerly, Klaus -- Klaus Steinberger Beschleunigerlaboratorium Phone: (+49 89)289 14287 Am Coulombwall 6, D-85748 Garching, Germany FAX: (+49 89)289 14280 EMail: Klaus.Steinberger at Physik.Uni-Muenchen.DE URL: http://www.physik.uni-muenchen.de/~Klaus.Steinberger/ -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 2002 bytes Desc: not available Url : http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20080507/7bf8f186/attachment.bin From janne.peltonen at helsinki.fi Wed May 7 10:11:30 2008 From: janne.peltonen at helsinki.fi (Janne Peltonen) Date: Wed, 7 May 2008 17:11:30 +0300 Subject: Sync fails: bad protocol? Message-ID: <20080507141130.GQ22670@helsinki.fi> Hi! After running 2.3.11 for almost half a year, a problem like this appeared today: May 7 17:03:47 pcn3 i07/sync_client[18029]: Processing sync log file /var/lib/imap/i07/sync/log-21280 failed: Bad protocol May 7 17:03:47 pcn3 i07/sync_client[20341]: Reprocessing sync log file /var/lib/imap/i07/sync/log-21280 and the sync_client child dies. The log file in question contains nothing but --clip-- MAILBOX user. MAILBOX user..Trash SEEN user..Trash MAILBOX user. --clip-- Now I wonder. What might be wrong with this? --Janne Peltonen Univ of Helsinki -- Janne Peltonen From janne.peltonen at helsinki.fi Wed May 7 10:59:16 2008 From: janne.peltonen at helsinki.fi (Janne Peltonen) Date: Wed, 7 May 2008 17:59:16 +0300 Subject: Sync fails: bad protocol? In-Reply-To: <20080507141130.GQ22670@helsinki.fi> References: <20080507141130.GQ22670@helsinki.fi> Message-ID: <20080507145916.GX22670@helsinki.fi> On Wed, May 07, 2008 at 05:11:30PM +0300, Janne Peltonen wrote: > Hi! > > After running 2.3.11 for almost half a year, a problem like this > appeared today: > > May 7 17:03:47 pcn3 i07/sync_client[18029]: Processing sync log file > /var/lib/imap/i07/sync/log-21280 failed: Bad protocol > May 7 17:03:47 pcn3 i07/sync_client[20341]: Reprocessing sync log file > /var/lib/imap/i07/sync/log-21280 > > and the sync_client child dies. > > The log file in question contains nothing but > > --clip-- > MAILBOX user. > MAILBOX user..Trash > SEEN user..Trash > MAILBOX user. > --clip-- > > Now I wonder. What might be wrong with this? ...looking at the sync server, there were things like May 7 17:03:47 scn3 i07/syncserver[29753]: IOERROR: opening /var/spool/imap/iaji/i/user/ireijone/3396.: No such file or directory in the log; when I did touch /var/spool/imap/iaji/i/user//3396. chown cyrus:mail /var/spool/imap/iaji/i/user//3396. chmod 600 /var/spool/imap/iaji/i/user//3396. on then sync server, the problem disappeared and my user got synched OK. I've explicitely set expunge_mode: immediate on the sync server, because I think I read somewhere (on this list?) that setting it to delayed wouldn't work. Everything else uses the default values of Simon's RPM, that is, on sync_client both expunge_mode: delayed and delete_mode: delayed; on sync_server side just delete_mode: delayed. Cyrus version 2.3.11, rpm release 5. Perhaps I should let the expunge_mode: delayed be on the sync_server, too? --Janne Peltonen Univ of Helsinki -- Janne Peltonen From simon.matter at invoca.ch Wed May 7 13:25:52 2008 From: simon.matter at invoca.ch (Simon Matter) Date: Wed, 7 May 2008 19:25:52 +0200 (CEST) Subject: Sync fails: bad protocol? In-Reply-To: <20080507145916.GX22670@helsinki.fi> References: <20080507141130.GQ22670@helsinki.fi> <20080507145916.GX22670@helsinki.fi> Message-ID: <39489.192.168.10.25.1210181152.squirrel@webmail.bi.corp.invoca.ch> > On Wed, May 07, 2008 at 05:11:30PM +0300, Janne Peltonen wrote: >> Hi! >> >> After running 2.3.11 for almost half a year, a problem like this >> appeared today: >> >> May 7 17:03:47 pcn3 i07/sync_client[18029]: Processing sync log file >> /var/lib/imap/i07/sync/log-21280 failed: Bad protocol >> May 7 17:03:47 pcn3 i07/sync_client[20341]: Reprocessing sync log file >> /var/lib/imap/i07/sync/log-21280 >> >> and the sync_client child dies. >> >> The log file in question contains nothing but >> >> --clip-- >> MAILBOX user. >> MAILBOX user..Trash >> SEEN user..Trash >> MAILBOX user. >> --clip-- >> >> Now I wonder. What might be wrong with this? > > ...looking at the sync server, there were things like > > May 7 17:03:47 scn3 i07/syncserver[29753]: IOERROR: opening > /var/spool/imap/iaji/i/user/ireijone/3396.: No such file or directory > > in the log; when I did > > touch /var/spool/imap/iaji/i/user//3396. > chown cyrus:mail /var/spool/imap/iaji/i/user//3396. > chmod 600 /var/spool/imap/iaji/i/user//3396. > > on then sync server, the problem disappeared and my user got synched OK. > > I've explicitely set expunge_mode: immediate on the sync server, > because I think I read somewhere (on this list?) that setting it to > delayed wouldn't work. Everything else uses the default values of > Simon's RPM, that is, on sync_client both expunge_mode: delayed and > delete_mode: delayed; on sync_server side just delete_mode: delayed. > Cyrus version 2.3.11, rpm release 5. Perhaps I should let the > expunge_mode: delayed be on the sync_server, too? Maybe you should give the 2.3.12p2 rpm a try. I think there were some issues fixed concerning sync_client and sync_server and maybe your problem was also fixed. Simon From marc at interak.com Thu May 8 15:03:51 2008 From: marc at interak.com (Marc Grober) Date: Thu, 08 May 2008 11:03:51 -0800 Subject: Backscatter solutions Message-ID: <48234E97.5000301@interak.com> I am getting pounded by backscatter as a result of one of my addresses being used by some major spammers. Are there any solutions available to address all the Delivery failure and bounce notices. I would at least like to be able to sort between such responses from mail I am actually sending and the backscatter. I have looked through headers and nothing seems an obvious candidate. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3331 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20080508/7e24a2e5/attachment.bin From marc at interak.com Thu May 8 15:25:52 2008 From: marc at interak.com (Marc Grober) Date: Thu, 08 May 2008 11:25:52 -0800 Subject: thunderbird sieve certificate issues Message-ID: <482353C0.7030503@interak.com> I have thunderbird sieve extension connecting to my mail server, but the extension then advises that the server is requiring a certificate. Though I have a number of Thawte email certs none of them will of course be accepted and the extensions say they are unable to establish an encrypted connection. What is causing this and what can I do about it? Is the server looking for a public key? Does anyone having this running also being asked for a cert? I looked and played with OCSP. And it seems I can get the server to quit asking for a cert but then it just hangs there saying "Connecting". Is the certificate just a red herring? -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3331 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20080508/b13c54e6/attachment.bin From michael.menge at zdv.uni-tuebingen.de Thu May 8 16:58:59 2008 From: michael.menge at zdv.uni-tuebingen.de (Michael Menge) Date: Thu, 8 May 2008 22:58:59 +0200 Subject: Backscatter solutions In-Reply-To: <48234E97.5000301@interak.com> References: <48234E97.5000301@interak.com> Message-ID: <20080508225859.kv98qb57kgg80osk@webmail.uni-tuebingen.de> Hi, as every MTA-Software uses other Templates for these kind of bounces, there is not "one" header you can use for this kind of filtering. We use the vbounce rule from spamassassin, which adds *BOUNCE_MESSAGE entries to the header X-Spam-Status to filter these kind of backscatter. http://wiki.apache.org/spamassassin/VBounceRuleset Quoting Marc Grober : > I am getting pounded by backscatter as a result of one of my addresses > being used by some major spammers. Are there any solutions available to > address all the Delivery failure and bounce notices. I would at least > like to be able to sort between such responses from mail I am actually > sending and the backscatter. I have looked through headers and nothing > seems an obvious candidate. -------------------------------------------------------------------------------- M.Menge Tel.: (49) 7071/29-70316 Universitaet Tuebingen Fax.: (49) 7071/29-5912 Zentrum fuer Datenverarbeitung mail: michael.menge at zdv.uni-tuebingen.de Waechterstrasse 76 72074 Tuebingen From julesa at pcf.com Thu May 8 19:55:25 2008 From: julesa at pcf.com (Jules Agee) Date: Thu, 08 May 2008 16:55:25 -0700 Subject: Backscatter solutions In-Reply-To: <48234E97.5000301@interak.com> References: <48234E97.5000301@interak.com> Message-ID: <482392ED.6090106@pcf.com> Marc Grober wrote: > I am getting pounded by backscatter as a result of one of my addresses > being used by some major spammers. Are there any solutions available to > address all the Delivery failure and bounce notices. I would at least > like to be able to sort between such responses from mail I am actually > sending and the backscatter. I have looked through headers and nothing > seems an obvious candidate. Setting up SPF for your domains will help. http://www.openspf.org/ -- Jules Agee System Administrator Pacific Coast Feather Co. julesa at pcf.com x284 From brennan at columbia.edu Thu May 8 20:11:46 2008 From: brennan at columbia.edu (Joseph Brennan) Date: Thu, 08 May 2008 20:11:46 -0400 Subject: Backscatter solutions In-Reply-To: <48234E97.5000301@interak.com> References: <48234E97.5000301@interak.com> Message-ID: <88758C1958B90272F5D0F46A@[192.168.2.14]> --On Thursday, May 8, 2008 11:03 AM -0800 Marc Grober wrote: > I am getting pounded by backscatter as a result of one of my addresses > being used by some major spammers. Are there any solutions available to > address all the Delivery failure and bounce notices. I would at least > like to be able to sort between such responses from mail I am actually > sending and the backscatter. I have looked through headers and nothing > seems an obvious candidate. You can sort all bounces to a separate folder (header From: should have mailer-daemon in it). Separating legit ones from fakes would require body filtering. A good target is the headers of the original message that appear in the body of the bounce. Check for example the exact style of the "From:" line of your real mail, or the "X-Mailer:" or "User-Agent:" header lines of your real mail. If a lot of the backscatter is from a few domains, and you don't send any mail to those domains, then you could reject based on headers alone for those at least. Joseph Brennan Lead Email Systems Engineer Columbia University Information Technology From damm at yazzy.org Thu May 8 20:38:18 2008 From: damm at yazzy.org (Scott Likens) Date: Thu, 8 May 2008 17:38:18 -0700 Subject: Backscatter solutions In-Reply-To: <482392ED.6090106@pcf.com> References: <48234E97.5000301@interak.com> <482392ED.6090106@pcf.com> Message-ID: <47CEDA0C-29F4-498F-8A2A-E9F2B962160C@yazzy.org> I wish that was really true, However having a spammer recently using my domain and email address to spam viagra. SPF etc don't really work unless the receiver is using SPF checking. The simple truth is, bots check mailing lists, spam as users like you or I. They find a new target, and start over and over again. They don't care about SPF, or anything related to that. Because if 5-10% of their spam gets filtered, that still means they were only shorted by 10,000 emails maybe. ... Truthfully the real solution is for ISPS to cancel those accounts when reported, and report them when you catch them. It's a cat and mouse game that until there is a OS that 90% of the World uses that isn't exploitable in under 30 Seconds... will never end. As there is always some vulnerability, there is always someone willing to use that vulnerability for purposes of making money. On May 8, 2008, at 4:55 PM, Jules Agee wrote: > Marc Grober wrote: >> I am getting pounded by backscatter as a result of one of my >> addresses >> being used by some major spammers. Are there any solutions >> available to >> address all the Delivery failure and bounce notices. I would at >> least >> like to be able to sort between such responses from mail I am >> actually >> sending and the backscatter. I have looked through headers and >> nothing >> seems an obvious candidate. > > Setting up SPF for your domains will help. > http://www.openspf.org/ > > -- > Jules Agee > System Administrator > Pacific Coast Feather Co. > julesa at pcf.com x284 > ---- > Cyrus Home Page: http://cyrusimap.web.cmu.edu/ > Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html > > > !DSPAM:48239ac333621804284693! > > From marcelo.maraboli at usm.cl Thu May 8 22:19:05 2008 From: marcelo.maraboli at usm.cl (Marcelo Maraboli) Date: Thu, 08 May 2008 22:19:05 -0400 Subject: Backscatter solutions In-Reply-To: <48234E97.5000301@interak.com> References: <48234E97.5000301@interak.com> Message-ID: <4823B499.1090809@usm.cl> Marc: Read this: http://spamlinks.net/prevent-secure-backscatter.htm then use what I use: http://elqui.dcsc.utfsm.cl/util/email/backscatter.html regards, Marc Grober wrote: > I am getting pounded by backscatter as a result of one of my addresses > being used by some major spammers. Are there any solutions available to > address all the Delivery failure and bounce notices. I would at least > like to be able to sort between such responses from mail I am actually > sending and the backscatter. I have looked through headers and nothing > seems an obvious candidate. > > > ------------------------------------------------------------------------ > > ---- > Cyrus Home Page: http://cyrusimap.web.cmu.edu/ > Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html -- MSc. Marcelo Maraboli Rosselott Jefe Area de Redes y Comunicaciones (Network & UNIX Systems Engineer) Ingeniero Civil Electronico, CISSP (MSc., Electronic Engineer, CISSP) Direccion Central de Servicios Computacionales (DCSC) Universidad Tecnica Federico Santa Maria phone: +56 32 2654071 Chile. http://www.usm.cl http://elqui.dcsc.utfsm.cl From jrhett at netconsonance.com Fri May 9 00:02:17 2008 From: jrhett at netconsonance.com (Jo Rhett) Date: Thu, 8 May 2008 21:02:17 -0700 Subject: Backscatter solutions In-Reply-To: <47CEDA0C-29F4-498F-8A2A-E9F2B962160C@yazzy.org> References: <48234E97.5000301@interak.com> <482392ED.6090106@pcf.com> <47CEDA0C-29F4-498F-8A2A-E9F2B962160C@yazzy.org> Message-ID: Scott, I appreciate your ethusiasm, but your logic is flawed and your percentages are off by greater than 88 percent. SPF is useful for what it does. It does limit backscatter (more places check SPF than don't). It's a piece of the puzzle, and fairly effective for what it does. On May 8, 2008, at 5:38 PM, Scott Likens wrote: > I wish that was really true, > > However having a spammer recently using my domain and email address to > spam viagra. SPF etc don't really work unless the receiver is using > SPF checking. > > The simple truth is, bots check mailing lists, spam as users like you > or I. They find a new target, and start over and over again. > > They don't care about SPF, or anything related to that. Because if > 5-10% of their spam gets filtered, that still means they were only > shorted by 10,000 emails maybe. > > ... Truthfully the real solution is for ISPS to cancel those accounts > when reported, and report them when you catch them. It's a cat and > mouse game that until there is a OS that 90% of the World uses that > isn't exploitable in under 30 Seconds... will never end. > > As there is always some vulnerability, there is always someone willing > to use that vulnerability for purposes of making money. > > > On May 8, 2008, at 4:55 PM, Jules Agee wrote: > >> Marc Grober wrote: >>> I am getting pounded by backscatter as a result of one of my >>> addresses >>> being used by some major spammers. Are there any solutions >>> available to >>> address all the Delivery failure and bounce notices. I would at >>> least >>> like to be able to sort between such responses from mail I am >>> actually >>> sending and the backscatter. I have looked through headers and >>> nothing >>> seems an obvious candidate. >> >> Setting up SPF for your domains will help. >> http://www.openspf.org/ >> >> -- >> Jules Agee >> System Administrator >> Pacific Coast Feather Co. >> julesa at pcf.com x284 >> ---- >> Cyrus Home Page: http://cyrusimap.web.cmu.edu/ >> Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki >> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html >> >> >> !DSPAM:48239ac333621804284693! >> >> > > ---- > Cyrus Home Page: http://cyrusimap.web.cmu.edu/ > Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html -- Jo Rhett Net Consonance : consonant endings by net philanthropy, open source and other randomness From cyrus at fiddaman.net Fri May 9 03:05:06 2008 From: cyrus at fiddaman.net (Andy Fiddaman) Date: Fri, 9 May 2008 07:05:06 +0000 (GMT) Subject: Backscatter solutions In-Reply-To: <482392ED.6090106@pcf.com> References: <48234E97.5000301@interak.com> <482392ED.6090106@pcf.com> Message-ID: ; Marc Grober wrote: ; > I am getting pounded by backscatter as a result of one of my addresses ; > being used by some major spammers. Are there any solutions available to ; > address all the Delivery failure and bounce notices. I would at least ; > like to be able to sort between such responses from mail I am actually ; > sending and the backscatter. I have looked through headers and nothing ; > seems an obvious candidate. Pretty much the only way to stop this is to use something like BATV to tweak your envelope sender address outbound. That still doesn't stop everything as out-of-office replies are usually sent from a real address. http://tools.ietf.org/html/draft-levine-mass-batv-02 http://sourceforge.net/projects/batv-milter/ A. From iane at sussex.ac.uk Fri May 9 05:54:06 2008 From: iane at sussex.ac.uk (Ian Eiloart) Date: Fri, 09 May 2008 10:54:06 +0100 Subject: Backscatter solutions In-Reply-To: <47CEDA0C-29F4-498F-8A2A-E9F2B962160C@yazzy.org> References: <48234E97.5000301@interak.com> <482392ED.6090106@pcf.com> <47CEDA0C-29F4-498F-8A2A-E9F2B962160C@yazzy.org> Message-ID: --On 8 May 2008 17:38:18 -0700 Scott Likens wrote: > I wish that was really true, > > However having a spammer recently using my domain and email address to > spam viagra. SPF etc don't really work unless the receiver is using > SPF checking. If you aren't using SPF, then you can't really complain about backscatter. If you deploy SPF, then you can expect a bit less backscatter, and you can encourage others to check your SPF records. -- Ian Eiloart IT Services, University of Sussex x3148 From D.H.Davis at bath.ac.uk Fri May 9 06:45:02 2008 From: D.H.Davis at bath.ac.uk (Dennis Davis) Date: Fri, 9 May 2008 11:45:02 +0100 (BST) Subject: Backscatter solutions In-Reply-To: References: <48234E97.5000301@interak.com> <482392ED.6090106@pcf.com> Message-ID: On Fri, 9 May 2008, Andy Fiddaman wrote: > From: Andy Fiddaman > Cc: info-cyrus at lists.andrew.cmu.edu > Date: Fri, 9 May 2008 07:05:06 +0000 (GMT) > Subject: Re: Backscatter solutions ... > Pretty much the only way to stop this is to use something like > BATV to tweak your envelope sender address outbound. That still > doesn't stop everything as out-of-office replies are usually sent > from a real address. > > http://tools.ietf.org/html/draft-levine-mass-batv-02 > http://sourceforge.net/projects/batv-milter/ See: http://www.exim.org/exim-html-current/doc/html/spec_html/ch40.html#SECTverifyPRVS for details of how to implement BATV using exim. -- Dennis Davis, BUCS, University of Bath, Bath, BA2 7AY, UK D.H.Davis at bath.ac.uk Phone: +44 1225 386101 From mpcathey at catt.com Fri May 9 07:47:50 2008 From: mpcathey at catt.com (Mike Cathey) Date: Fri, 9 May 2008 07:47:50 -0400 Subject: Backscatter solutions In-Reply-To: References: <48234E97.5000301@interak.com> <482392ED.6090106@pcf.com> Message-ID: <60518716-AD21-400D-9C53-D348BAEA1FDC@catt.com> On May 9, 2008, at 3:05 AM, Andy Fiddaman wrote: > Pretty much the only way to stop this is to use something like BATV to > tweak your envelope sender address outbound. That still doesn't stop > everything as out-of-office replies are usually sent from a real > address. BATV changes the from address of outbound messages. How well do mailing lists deal with users that send messages from a different address each time? Is there a nice workaround for this? Cheers, Mike From cyrus at fiddaman.net Fri May 9 08:27:28 2008 From: cyrus at fiddaman.net (Andy Fiddaman) Date: Fri, 9 May 2008 12:27:28 +0000 (GMT) Subject: Backscatter solutions In-Reply-To: <60518716-AD21-400D-9C53-D348BAEA1FDC@catt.com> References: <48234E97.5000301@interak.com> <482392ED.6090106@pcf.com> <60518716-AD21-400D-9C53-D348BAEA1FDC@catt.com> Message-ID: On Fri, 9 May 2008, Mike Cathey wrote: ; On May 9, 2008, at 3:05 AM, Andy Fiddaman wrote: ; > Pretty much the only way to stop this is to use something like BATV to ; > tweak your envelope sender address outbound. That still doesn't stop ; > everything as out-of-office replies are usually sent from a real address. ; ; BATV changes the from address of outbound messages. How well do mailing lists ; deal with users that send messages from a different address each time? Is ; there a nice workaround for this? It only changes the envelope address, leaving the From: message header intact. In my experience mailing lists validate the From: header not the return path so no problems. I haven't found any problems in the past year I've been using it. HTH. A. From brennan at columbia.edu Fri May 9 09:15:48 2008 From: brennan at columbia.edu (Joseph Brennan) Date: Fri, 09 May 2008 09:15:48 -0400 Subject: Backscatter solutions In-Reply-To: References: <48234E97.5000301@interak.com> <482392ED.6090106@pcf.com> <47CEDA0C-29F4-498F-8A2A-E9F2B962160C@yazzy.org> Message-ID: <3C59A6A747B14CF13BC2C17E@sodor.cc.columbia.edu> Ian Eiloart wrote: > If you aren't using SPF, then you can't really complain about backscatter. Forget SPF. Why should any system accept mail for an unknown recipient and then mail a bounce? That's the primary cause of backscatter. These systems are just as likely to accept the message, then check SPF, and mail a bounce :-) This is getting off topic for the Cyrus list though. The question relevant to Cyrus, I thought, was whether a sieve filter can catch backscatter. With header-only tests, not so much. Joseph Brennan Lead Email Systems Engineer Columbia University Information Technology From list at joreybump.com Fri May 9 09:49:56 2008 From: list at joreybump.com (Jorey Bump) Date: Fri, 09 May 2008 09:49:56 -0400 Subject: Backscatter solutions In-Reply-To: References: <48234E97.5000301@interak.com> <482392ED.6090106@pcf.com> <47CEDA0C-29F4-498F-8A2A-E9F2B962160C@yazzy.org> Message-ID: <48245684.8060505@joreybump.com> Ian Eiloart wrote, at 05/09/2008 05:54 AM: > If you aren't using SPF, then you can't really complain about backscatter. > If you deploy SPF, then you can expect a bit less backscatter, and you can > encourage others to check your SPF records. Backscatter is created when an MTA accepts a message that it can't relay or deliver, thus generating a bounce to the (alleged) sender. I fail to see how SPF (or just about any other check) can eliminate backscatter if it's not applied at the first MTA in the chain, rejecting the message during the SMTP transaction. After that, the game is mostly over, because the original connection has completed, and a bounce will be generated in the case of nondelivery. Ideally, MTAs shouldn't accept messages that can't be delivered, for whatever reason. How this is dealt with depends on the MTA's role in the process. Aside from the traditional sender's submission MTA and the recipient's destination MX, there may be intermediate MTAs that complicate the process (gateways, third party filtering services, poorly configured final mail stores, etc.). I suspect that it is the proliferation of these that are responsible for the sudden surge in backscatter, not any changes in behaviour on the part of spammers. Email administration is complicated, and the trend has been to outsource this headache to anyone who will take your money, regardless of whether or not they follow best practices. In any case, by the time it gets to your IMAP server, there isn't much you can do about it other than sort it into folders or delete it. From boyken at divms.uiowa.edu Fri May 9 09:57:34 2008 From: boyken at divms.uiowa.edu (Karl Boyken) Date: Fri, 09 May 2008 08:57:34 -0500 Subject: Backscatter solutions In-Reply-To: References: Message-ID: <4824584E.6010204@divms.uiowa.edu> We're looking at this as a solution: http://www.snertsoft.com/sendmail/milter-null/ Karl -- Karl Boyken, system administrator karl-boyken at uiowa.edu 303A MLH, Dept. of Comp. Sci. http://www.cs.uiowa.edu/~boyken/ The U. of Iowa, Iowa City, IA 52242 319-335-2730 (voice) 319-335-3668 (fax) -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3257 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20080509/dc4eb2a9/attachment-0001.bin From roland.felnhofer at chello.at Sat May 10 05:51:02 2008 From: roland.felnhofer at chello.at (Roland Felnhofer) Date: Sat, 10 May 2008 11:51:02 +0200 Subject: thunderbird sieve certificate issues In-Reply-To: <482353C0.7030503@interak.com> References: <482353C0.7030503@interak.com> Message-ID: <48257006.7030408@chello.at> Hi Marc, read this: http://forums.mozillazine.org/viewtopic.php?p=3359473 Best regards Roland Marc Grober wrote: > I have thunderbird sieve extension connecting to my mail server, but > the extension then advises that the server is requiring a certificate. > Though I have a number of Thawte email certs none of them will of > course be accepted and the extensions say they are unable to establish > an encrypted connection. What is causing this and what can I do about > it? Is the server looking for a public key? Does anyone having this > running also being asked for a cert? I looked and played with OCSP. > And it seems I can get the server to quit asking for a cert but then > it just hangs there saying "Connecting". Is the certificate just a > red herring? > ------------------------------------------------------------------------ > > ---- > Cyrus Home Page: http://cyrusimap.web.cmu.edu/ > Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html From roland.felnhofer at chello.at Sat May 10 06:05:42 2008 From: roland.felnhofer at chello.at (Roland Felnhofer) Date: Sat, 10 May 2008 12:05:42 +0200 Subject: thunderbird sieve certificate issues In-Reply-To: <482353C0.7030503@interak.com> References: <482353C0.7030503@interak.com> Message-ID: <48257376.3090209@chello.at> Hi Marc, again; here the essence to get rid of the dialog: user_pref("security.default_personal_cert", "Select Automatically"); The value is Case Sensitive!!! Best regards Roland Marc Grober wrote: > I have thunderbird sieve extension connecting to my mail server, but > the extension then advises that the server is requiring a certificate. > Though I have a number of Thawte email certs none of them will of > course be accepted and the extensions say they are unable to establish > an encrypted connection. What is causing this and what can I do about > it? Is the server looking for a public key? Does anyone having this > running also being asked for a cert? I looked and played with OCSP. > And it seems I can get the server to quit asking for a cert but then > it just hangs there saying "Connecting". Is the certificate just a > red herring? > ------------------------------------------------------------------------ > > ---- > Cyrus Home Page: http://cyrusimap.web.cmu.edu/ > Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html From marc at interak.com Sat May 10 17:36:19 2008 From: marc at interak.com (Marc Grober) Date: Sat, 10 May 2008 13:36:19 -0800 Subject: thunderbird sieve certificate issues In-Reply-To: <48257376.3090209@chello.at> References: <482353C0.7030503@interak.com> <48257376.3090209@chello.at> Message-ID: <48261553.7060609@interak.com> Yes, that got rid of the challenge, so now I am bacl to the same error and it sits there saying connecting..... I am missing something that has to be very simple in making the connection to sieve, where it is the TLS negotiation or something else I don;t know.... Roland Felnhofer wrote: > Hi Marc, > > again; here the essence to get rid of the dialog: > > user_pref("security.default_personal_cert", "Select Automatically"); -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3331 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20080510/e6b2baa5/attachment.bin From roland.felnhofer at chello.at Sun May 11 07:42:49 2008 From: roland.felnhofer at chello.at (Roland Felnhofer) Date: Sun, 11 May 2008 13:42:49 +0200 Subject: thunderbird sieve certificate issues In-Reply-To: <48261553.7060609@interak.com> References: <482353C0.7030503@interak.com> <48257376.3090209@chello.at> <48261553.7060609@interak.com> Message-ID: <4826DBB9.5040501@chello.at> Hi Marc, it's as Thunderbird Sieve problem, again. let me guess your Sieve supports 'LOGIN' and 'PLAIN' and maybe some other authentication protocols. 'Thunderbird Sieve' says it support 'LOGIN' and 'PLAIN' as well. Unfortunately the 'LOGIN' code in 1.4 of Thunderbird Sieve is full of bugs! You have to use 'PLAIN'! There are two possibilities (I don't think you want to change your Sieve daemon) to do so. 1) Load down the current Thunderbird Sieve CVS in the Settings tab you can set the protocol. 2) Go into the 'SieveFilterExplorer.js'-file and comment out the 'case'-statement beginning line 24 // case "login": // request = new SieveSaslLoginRequest(); // request.addSaslLoginListener(event); // break; I'm using now Sieve 1.4 CVS but currently facing a little issue. I think I'll fix it tonight (CET). If you want I can send you the 1.4 CVS xpi-file. Cheers Roland Marc Grober wrote: > Yes, that got rid of the challenge, so now I am bacl to the same > error and it sits there saying connecting..... > > I am missing something that has to be very simple in making the > connection to sieve, where it is the TLS negotiation or something > else I don;t know.... > > Roland Felnhofer wrote: >> Hi Marc, >> >> again; here the essence to get rid of the dialog: >> >> user_pref("security.default_personal_cert", "Select Automatically"); > > ------------------------------------------------------------------------ > > ---- > Cyrus Home Page: http://cyrusimap.web.cmu.edu/ > Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html From marc at interak.com Sun May 11 17:22:07 2008 From: marc at interak.com (Marc Grober) Date: Sun, 11 May 2008 13:22:07 -0800 Subject: thunderbird sieve certificate issues In-Reply-To: <4826DBB9.5040501@chello.at> References: <482353C0.7030503@interak.com> <48257376.3090209@chello.at> <48261553.7060609@interak.com> <4826DBB9.5040501@chello.at> Message-ID: <4827637F.8020702@interak.com> If it works, please do ;=} > I'm using now Sieve 1.4 CVS but currently facing a little issue. I > think I'll fix it tonight (CET). If you want I can send you the 1.4 CVS > xpi-file. > > Cheers > Roland -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3331 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20080511/56f365bc/attachment.bin From tim at umbc.edu Mon May 12 02:14:48 2008 From: tim at umbc.edu (Tim) Date: Sun, 11 May 2008 23:14:48 -0700 Subject: thunderbird sieve certificate issues Message-ID: <4827E058.8080104@umbc.edu> I'm new to the list, but I was directed here by a friend. I believe I have found the problem, and I have a "hack", using that term well beyond how it should be use. The hack is NOT a solution, but it does make it work. Please, no one use this though! It will most likely cause other problems! This is your first, last and only warning! :) What it DOES do is identify the problem. The problem is, that after the STARTTLS is sent, the response is being handle like any normal command, but it can't be. So, after doing a STARTTLS, it sends back the capabilities automatically, ending in an "OK" line. But the function that is checking the response is SieveAbstractResponse(parse). It does the code: if (parser.startsWith("OK")) But it doesn't, cause it looks like: "IMPLEMENTATION" "Cyrus...." "SASL" "GSSAPI PLAIN" "SIEVE" "...." OK (your results may vary ;) So, the "hack" is to change the default case of that to be "OK"(in SieveResponse.js): else { this.response = 0; parser.extract(2); return; // alert("Throwing exception for data: "+parser.getData()); // throw "NO, OK or BYE expected"; } (as you can see, I have some alerts() in there to figure out what was going on, so those are not necesary) The REAL fix, is to have the response handled by whatever handles the normal initial connection string. I'm hoping there is someone on this list who knows the code better than I do to fix this correctly. :) Meanwhile, I need to go through the code and remove all of my alerts now. ;) Hope this helps someone who has code access. :-D Tim > > Hi Marc, > > it's as Thunderbird Sieve problem, again. > let me guess your Sieve supports 'LOGIN' and 'PLAIN' and maybe some > other authentication protocols. > 'Thunderbird Sieve' says it support 'LOGIN' and 'PLAIN' as well. > Unfortunately the 'LOGIN' code in 1.4 of Thunderbird Sieve is full of > bugs! You have to use 'PLAIN'! > > There are two possibilities (I don't think you want to change your > Sieve > daemon) to do so. > > 1) Load down the current Thunderbird Sieve CVS in the Settings tab you > can set the protocol. > > 2) Go into the 'SieveFilterExplorer.js'-file and comment out the > 'case'-statement beginning line 24 > // case "login": > // request = new SieveSaslLoginRequest(); > // request.addSaslLoginListener(event); > // break; > > I'm using now Sieve 1.4 CVS but currently facing a little issue. I > think I'll fix it tonight (CET). If you want I can send you the 1.4 > CVS > xpi-file. > > Cheers > Roland > > > Marc Grober wrote: >> Yes, that got rid of the challenge, so now I am bacl to the same >> error and it sits there saying connecting..... >> >> I am missing something that has to be very simple in making the >> connection to sieve, where it is the TLS negotiation or something >> else I don;t know.... >> >> Roland Felnhofer wrote: >>> Hi Marc, >>> >>> again; here the essence to get rid of the dialog: >>> >>> user_pref("security.default_personal_cert", "Select Automatically"); >> >> ------------------------------------------------------------------------ >> >> ---- >> Cyrus Home Page: http://cyrusimap.web.cmu.edu/ >> Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki >> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html > ---- > Cyrus Home Page: http://cyrusimap.web.cmu.edu/ > Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html -- ----------------------------------------------------------------------- Tim Craig It's hard to be serious when you're tim at geekmeat.net naked. - Garfield ----------------------------------------------------------------------- From dick at nagual.nl Mon May 12 05:53:53 2008 From: dick at nagual.nl (Dick Hoogendijk) Date: Mon, 12 May 2008 11:53:53 +0200 Subject: sieve extension squirrelmail not working anymore Message-ID: <20080512115353.00002018@westmark> Some time ago I filed a "bug" for the CSWcyrus package. Using it I could no longer access my sieve scripts through my squirrelmail. (that use to work very well with cyrus-2.3.09 and stopped working w/ 2.3.11 Not only squirrelmail has problems; also the thunderbird extension does not work right (I read in this list). From the maintainer at CSW I got this reply: ----------------------------------------------------------------------- yann - 2008-05-11 20:47 EDT ----------------------------------------------------------------------- Ok I've had some time to work on your bug and I was able to reproduce it with Thunderbird Sieve extension. This problem seems related to TLS. Can you confirm that you only reproduce it with TLS enabled in Thunderbird sieve extension or with the squirrelmail plugin ? Unfortunately, it's not sure the bug is on the cyrus side as I can connect without problem with TLS with sieve-connect: http://people.spodhuis.org/~pdp/software/ Can you also try to connect with sieve-connect ? Sniffing the traffic and looking at the log, it seems tls is negociated, thunderbird authenticate successfully but is blocked before any sieve command is sent. Did you also try to report the bug to the thunderbird sieve extension author ? Unfortunately sieve-connect does not compile on my S10 box. So I can't check it. I did not sent a report to the thunderbird ext owner eithe, because the problems are already known ;-) But what strikes me is that it is NOT only thunderbird sieve that chokes; squirrelmail chokes too. And that was not the case with older versions of cyrus. -- Dick Hoogendijk -- PGP/GnuPG key: 01D2433D ++ http://nagual.nl/ + SunOS sxde 01/08 ++ From aspineux at gmail.com Mon May 12 13:55:25 2008 From: aspineux at gmail.com (Alain Spineux) Date: Mon, 12 May 2008 19:55:25 +0200 Subject: sieve extension squirrelmail not working anymore In-Reply-To: <20080512115353.00002018@westmark> References: <20080512115353.00002018@westmark> Message-ID: <71fe4e760805121055g1f509634ya63cb7d6d710189c@mail.gmail.com> On Mon, May 12, 2008 at 11:53 AM, Dick Hoogendijk wrote: > Some time ago I filed a "bug" for the CSWcyrus package. Using it I > could no longer access my sieve scripts through my squirrelmail. (that > use to work very well with cyrus-2.3.09 and stopped working w/ 2.3.11 Did you read this post from Ken Murchison on cyrus-devel ? Subject: [POLL] timsieved STARTTLS implementation Folks, I have recently been informed that Cyrus timsieved has had an incompatible MANAGESIEVE STARTTLS implementation since v2.1.10. The problem is that the server is supposed to automatically issue a CAPABILITY response at the completion of STARTTLS, but this functionality was removed in v2.1.10 (see bug #1338 for details). My question is this: If I fix timsieved to be compliant with the MANAGESIEVE text (which has always been consistent), will this break any client implementations? Now, You know why ! Regards > > Not only squirrelmail has problems; also the thunderbird extension does > not work right (I read in this list). > > >From the maintainer at CSW I got this reply: > > ----------------------------------------------------------------------- > yann - 2008-05-11 20:47 EDT > ----------------------------------------------------------------------- > Ok I've had some time to work on your bug and I was able to reproduce it > with Thunderbird Sieve extension. > > This problem seems related to TLS. Can you confirm that you only > reproduce it with TLS enabled in Thunderbird sieve extension or with > the squirrelmail plugin ? > > Unfortunately, it's not sure the bug is on the cyrus side as I can > connect without problem with TLS with sieve-connect: > http://people.spodhuis.org/~pdp/software/ > Can you also try to connect with sieve-connect ? > > Sniffing the traffic and looking at the log, it seems tls is negociated, > thunderbird authenticate successfully but is blocked before any sieve > command is sent. > > Did you also try to report the bug to the thunderbird sieve extension > author ? > > Unfortunately sieve-connect does not compile on my S10 box. So I can't > check it. I did not sent a report to the thunderbird ext owner eithe, > because the problems are already known ;-) > > But what strikes me is that it is NOT only thunderbird sieve that > chokes; squirrelmail chokes too. And that was not the case with older > versions of cyrus. > > -- > Dick Hoogendijk -- PGP/GnuPG key: 01D2433D > ++ http://nagual.nl/ + SunOS sxde 01/08 ++ > ---- > Cyrus Home Page: http://cyrusimap.web.cmu.edu/ > Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html > -- Alain Spineux aspineux gmail com May the sources be with you From dick at nagual.nl Mon May 12 15:10:08 2008 From: dick at nagual.nl (Dick Hoogendijk) Date: Mon, 12 May 2008 21:10:08 +0200 Subject: sieve extension squirrelmail not working anymore In-Reply-To: <71fe4e760805121055g1f509634ya63cb7d6d710189c@mail.gmail.com> References: <20080512115353.00002018@westmark> <71fe4e760805121055g1f509634ya63cb7d6d710189c@mail.gmail.com> Message-ID: <20080512211008.000017de@westmark> On Mon, 12 May 2008 19:55:25 +0200 "Alain Spineux" wrote: > Did you read this post from Ken Murchison on cyrus-devel ? No, I hadn't seen this message. > Subject: [POLL] timsieved STARTTLS implementation > I have recently been informed that Cyrus timsieved has had an > incompatible MANAGESIEVE STARTTLS implementation since v2.1.10. The > problem is that the server is supposed to automatically issue a > CAPABILITY response at the completion of STARTTLS, but this > functionality was removed in v2.1.10 (see bug #1338 for details). > > My question is this: If I fix timsieved to be compliant with the > MANAGESIEVE text (which has always been consistent), will this break > any client implementations? How do I read this? Will the issue be fixed? As I see it timsieve should not have to been fixed in teh first place. It always worked OK. It has been changed and should be made workable again imho. -- Dick Hoogendijk -- PGP/GnuPG key: 01D2433D ++ http://nagual.nl/ + SunOS sxde 01/08 ++ From marc at interak.com Mon May 12 15:35:35 2008 From: marc at interak.com (Marc Grober) Date: Mon, 12 May 2008 11:35:35 -0800 Subject: sieve hack Message-ID: <48289C07.8040600@interak.com> just for grins I tried the hack to confirm whether that would resolve the connection issue... No encryption error but the extension just sat there "connecting" with nothing happening..... I guess I don;t understand how some people have it working.... -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3331 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20080512/bcd84010/attachment.bin From tim at umbc.edu Tue May 13 03:50:05 2008 From: tim at umbc.edu (Tim) Date: Tue, 13 May 2008 00:50:05 -0700 Subject: thunderbird sieve certificate issues In-Reply-To: <4827E058.8080104@umbc.edu> References: <4827E058.8080104@umbc.edu> Message-ID: <4829482D.3080201@umbc.edu> Okay, no one else seems to have chimed up yet... From what I found below, and a few other emails, the "problem" is that the sieve daemon finally corrected itself to conform to specs, and clients were relying on it not conforming to specs. This is the fix for the "Connecting..." not going away. So, here is a solution that appears to work for me (I'm editing the 1.4 source code, not CVS). I still think that the better fix is to re-write SieveAbstractResponse to handle multi-lined responses, and check for the return string on the last line... but I'll leave that to someone who does better javascript than I do. ;) For now, here is a fix... Please let me know if it works or not. Edit libs/libManageSieve/SieveResponse.js Update these two functions. Commented out lines are the original. Make your functions look like the below. function SieveStartTLSResponse(data) { this.superior = new SieveInitResponse(data); // this.superior = new SieveAbstractResponse( // new SieveResponseParser(data)); } function SieveSaslPlainResponse(data) { this.superior = new SieveInitResponse(data); // this.superior = new SieveAbstractResponse( // new SieveResponseParser(data)); } This is definitely not guaranteed to work with SaslLogin, but I don't even have that setup to test. That one seems to be a little more... something. :) But if you apply the above, and find the other fix on this list that disabled the Login code, it should work. Also, I do have this applied: user_pref("security.default_personal_cert", "Select Automatically"); But that was not the error I was getting, so I don't know if its really effecting anything. But just incase if you need it. :) Hopefully someone can apply this, or something equally effective to the source code base? Tim Tim wrote: > I'm new to the list, but I was directed here by a friend. > > I believe I have found the problem, and I have a "hack", using that term > well beyond how it should be use. The hack is NOT a solution, but it > does make it work. Please, no one use this though! It will most likely > cause other problems! This is your first, last and only warning! :) > What it DOES do is identify the problem. > > The problem is, that after the STARTTLS is sent, the response is being > handle like any normal command, but it can't be. > > So, after doing a STARTTLS, it sends back the capabilities > automatically, ending in an "OK" line. But the function that is > checking the response is SieveAbstractResponse(parse). It does the code: > > if (parser.startsWith("OK")) > > But it doesn't, cause it looks like: > > "IMPLEMENTATION" "Cyrus...." > "SASL" "GSSAPI PLAIN" > "SIEVE" "...." > OK > > (your results may vary ;) > > So, the "hack" is to change the default case of that to be "OK"(in > SieveResponse.js): > > else { > this.response = 0; > parser.extract(2); > return; > // alert("Throwing exception for data: "+parser.getData()); > // throw "NO, OK or BYE expected"; > } > > (as you can see, I have some alerts() in there to figure out what was > going on, so those are not necesary) > > > The REAL fix, is to have the response handled by whatever handles the > normal initial connection string. I'm hoping there is someone on this > list who knows the code better than I do to fix this correctly. :) > Meanwhile, I need to go through the code and remove all of my alerts now. ;) > > Hope this helps someone who has code access. :-D > > Tim > > >> Hi Marc, >> >> it's as Thunderbird Sieve problem, again. >> let me guess your Sieve supports 'LOGIN' and 'PLAIN' and maybe some >> other authentication protocols. >> 'Thunderbird Sieve' says it support 'LOGIN' and 'PLAIN' as well. >> Unfortunately the 'LOGIN' code in 1.4 of Thunderbird Sieve is full of >> bugs! You have to use 'PLAIN'! >> >> There are two possibilities (I don't think you want to change your >> Sieve >> daemon) to do so. >> >> 1) Load down the current Thunderbird Sieve CVS in the Settings tab you >> can set the protocol. >> >> 2) Go into the 'SieveFilterExplorer.js'-file and comment out the >> 'case'-statement beginning line 24 >> // case "login": >> // request = new SieveSaslLoginRequest(); >> // request.addSaslLoginListener(event); >> // break; >> >> I'm using now Sieve 1.4 CVS but currently facing a little issue. I >> think I'll fix it tonight (CET). If you want I can send you the 1.4 >> CVS >> xpi-file. >> >> Cheers >> Roland >> >> >> Marc Grober wrote: >>> Yes, that got rid of the challenge, so now I am bacl to the same >>> error and it sits there saying connecting..... >>> >>> I am missing something that has to be very simple in making the >>> connection to sieve, where it is the TLS negotiation or something >>> else I don;t know.... >>> >>> Roland Felnhofer wrote: >>>> Hi Marc, >>>> >>>> again; here the essence to get rid of the dialog: >>>> >>>> user_pref("security.default_personal_cert", "Select Automatically"); >>> ------------------------------------------------------------------------ >>> >>> ---- >>> Cyrus Home Page: http://cyrusimap.web.cmu.edu/ >>> Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki >>> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html >> ---- >> Cyrus Home Page: http://cyrusimap.web.cmu.edu/ >> Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki >> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html > -- ----------------------------------------------------------------------- Tim Craig It's hard to be serious when you're tim at geekmeat.net naked. - Garfield ----------------------------------------------------------------------- From jrhett at netconsonance.com Tue May 13 12:56:21 2008 From: jrhett at netconsonance.com (Jo Rhett) Date: Tue, 13 May 2008 09:56:21 -0700 Subject: Backscatter solutions In-Reply-To: References: <48234E97.5000301@interak.com> <482392ED.6090106@pcf.com> Message-ID: <37C524E2-5401-45CC-97C5-AF35442C522B@netconsonance.com> On May 9, 2008, at 12:05 AM, Andy Fiddaman wrote: > Pretty much the only way to stop this is to use something like BATV to > tweak your envelope sender address outbound. That still doesn't stop I really wish people would avoid making statements like this. They are read by people who don't realize that you're either ignoring significant options, or not explaining why you don't think they work and they carry this misinformation onward with them. Please try to avoid these over-generalizations. If you want to make the claim that "only this one thing works" then back it up with details about why none of the dozen or so other choices don't work for you. And please add "for me/my environment" to your statements, because there's a lot of different options that work very well but have limitations that affect only a few environments. -- Jo Rhett Net Consonance : consonant endings by net philanthropy, open source and other randomness From jrhett at netconsonance.com Tue May 13 12:59:40 2008 From: jrhett at netconsonance.com (Jo Rhett) Date: Tue, 13 May 2008 09:59:40 -0700 Subject: Backscatter solutions In-Reply-To: <3C59A6A747B14CF13BC2C17E@sodor.cc.columbia.edu> References: <48234E97.5000301@interak.com> <482392ED.6090106@pcf.com> <47CEDA0C-29F4-498F-8A2A-E9F2B962160C@yazzy.org> <3C59A6A747B14CF13BC2C17E@sodor.cc.columbia.edu> Message-ID: <0E11034C-8942-414A-B9AE-4C24053EC713@netconsonance.com> On May 9, 2008, at 6:15 AM, Joseph Brennan wrote: > Forget SPF. Why should any system accept mail for an unknown > recipient > and then mail a bounce? That's the primary cause of backscatter. > These > systems are just as likely to accept the message, then check SPF, and > mail a bounce :-) There are a number of different systems that try to be smart about when to send back a bounce message. Pretty much every MLM besides Mailman includes logic attempting to return valid syntax errors to senders, but avoid backscattering people. SPF is obviously part of that equation. And it does help fairly significantly in practice. We have some wide open/non-filtered mailboxes that we are required to run. Implementing SPF on those mailboxes reduced our backscatter by about 24% instantly, which was just under 500 messages a day. -- Jo Rhett Net Consonance : consonant endings by net philanthropy, open source and other randomness From maurizio.lobosco at eng.it Wed May 14 04:59:33 2008 From: maurizio.lobosco at eng.it (Maurizio Lo Bosco) Date: Wed, 14 May 2008 10:59:33 +0200 Subject: Cyrus - GFS slow start and poor performace Message-ID: <200805141059.34066.maurizio.lobosco@eng.it> Hi all, I know that the usage of the GFS has been discussed for long time on this mailing list but I would like to know if it is normal to have a very slow start (15 minutes) with just 4300 users (the cyrus db is composed of 20940 lines). It happens only with the GFS and the skiplist database; using the flat it takes few seconds to start. The system is composed of 2 IBM x3550 with redhat enterprise linux 5.1 attached to a SAN IBM DS4700 with an dual fibre channel (4Gb/s multipath active-backup). The dump of the database takes 7 minutes but the disk usage is definitely low (less than 5%) RedHat is saying that there is no way to optimise the performance on the GFS locking architecture and they will now take a look to the cyrus code. Do you have any tips? Regards Maurizio From brong at fastmail.fm Wed May 14 06:24:05 2008 From: brong at fastmail.fm (Bron Gondwana) Date: Wed, 14 May 2008 20:24:05 +1000 Subject: Cyrus - GFS slow start and poor performace In-Reply-To: <200805141059.34066.maurizio.lobosco@eng.it> References: <200805141059.34066.maurizio.lobosco@eng.it> Message-ID: <1210760645.32084.1253081525@webmail.messagingengine.com> On Wed, 14 May 2008 10:59:33 +0200, "Maurizio Lo Bosco" said: > Hi all, > I know that the usage of the GFS has been discussed for long time on this > mailing list but I would like to know if it is normal to have a very slow > start (15 minutes) with just 4300 users (the cyrus db is composed of > 20940 > lines). > It happens only with the GFS and the skiplist database; using the flat it > takes few seconds to start. > The system is composed of 2 IBM x3550 with redhat enterprise linux 5.1 > attached to a SAN IBM DS4700 with an dual fibre channel (4Gb/s multipath > active-backup). > > The dump of the database takes 7 minutes but the disk usage is definitely > low > (less than 5%) > RedHat is saying that there is no way to optimise the performance on the > GFS > locking architecture and they will now take a look to the cyrus code. > > Do you have any tips? Skiplist mailboxes.db gets a "recovery" run on it at startup. The recovery visits all the records in the file. That said, it does it all in order. Can you post the syslog output of cyrus as it starts (slowly)? I wonder if it's also doing a checkpoint, which visits all the mailboxes.db records as well, but does them in... oh, indeed. Recovery also writes back pointers all over the place. It does LOTS of writes to random locations within the file. If GFS is doing something insane like writing back the entire file to the server for every single update (generally 4 bytes at a time) then this could be a big problem! That said, the file is locked with a fcntl (flock if fcntl isn't available) lock over the entire file +append space. This is an exclusive lock, and it's held for the entire recovery run. If GFS's locking can say "just do the updates and save copying back until the fsync at the end" then that should speed it up. Bron. -- Bron Gondwana brong at fastmail.fm From brong at fastmail.fm Wed May 14 06:30:44 2008 From: brong at fastmail.fm (Bron Gondwana) Date: Wed, 14 May 2008 20:30:44 +1000 Subject: Cyrus - GFS slow start and poor performace In-Reply-To: <200805141059.34066.maurizio.lobosco@eng.it> References: <200805141059.34066.maurizio.lobosco@eng.it> Message-ID: <1210761044.8585.1253082537@webmail.messagingengine.com> [reply number 2 - addressing bits I missed in the first reply...] On Wed, 14 May 2008 10:59:33 +0200, "Maurizio Lo Bosco" said: > The dump of the database takes 7 minutes but the disk usage is definitely > low > (less than 5%) A dump of the database visits all records in alphabetical order. This can result in somewhat random looking seeks around the file due to the layout of a skiplist, but it will happen within the mmap. > RedHat is saying that there is no way to optimise the performance on the > GFS > locking architecture and they will now take a look to the cyrus code. You may want to pass on the RedHat engineers that Cyrus uses an MMAP of the entire file to read all records, and uses seeks and direct writes the same fd (or a different fd depending on compilation settings) to write. Skiplist appends entire records to the file, but also seeks back and updates pointers (4 byte records) within the file with each update. That's writing. Reading - it reads each record, gets a pointer to the location of the next one, and reads from the memory location that corresponds to db->map_base + pointer_offset. Depending on your requirements, it may make sense to place your mailboxes.db on local disk (it's pretty small) and regularly copy/rsync it onto your GFS partition. Worst case you lose a couple of mailboxes.db records in a crash. Depends what you can afford to lose. You could probably stat the file every second and copy it on any change pretty cheaply and risk losing at most the last second's changes (it doesn't change often) Regards, Bron. -- Bron Gondwana brong at fastmail.fm From zhangweiwu at realss.com Wed May 14 07:57:23 2008 From: zhangweiwu at realss.com (Zhang Weiwu) Date: Wed, 14 May 2008 19:57:23 +0800 Subject: can sieve file emails to corresponding folder by subaddress? Message-ID: <482AD3A3.2030304@realss.com> The question is pretty simple: I wish sieve to file new emails to sub-folders of Projects folder by using sub-address. e.g. zhangweiwu+eecz at realss.com goes to INBOX.Projects.EECZ zhangweiwu+gtz.pado at realss.com goes to INBOX.Projects.GTZ.PADO zhangweiwu+web.yuliansu at realss.com goes to INBOX.Projects.web.yuliansu I have been doing it with the following statements: if envelope :detail "to" "web.realss" { fileinto "INBOX.Projects.Web.RealSS";} .... [a dozen similar statements] The problem is I maintain a list of a dozen projects, and they update and changes. Everytime I had a different project I had to maintain sieve. I am looking for is it possible to write only one statement? -- Real Softservice Huateng Tower, Unit 1788 Jia 302 3rd area of Jinsong, Chao Yang Tel: +86 (10) 8773 0650 ext 603 Mobile: 135 9950 2413 http://www.realss.com From zhangweiwu at realss.com Wed May 14 08:33:18 2008 From: zhangweiwu at realss.com (Zhang Weiwu) Date: Wed, 14 May 2008 20:33:18 +0800 Subject: vacation extension: auto-reply starting with "Auto-reply: " instead of "Re:" Message-ID: <482ADC0E.6060508@realss.com> Hello. I enjoyed vacation extension of sieve for several weeks now. I am quite happy with it. However I prefer the auto reply message to be in the format "auto-reply: xxxx" where xxxx was the original subject line. It seems: If I don't use :subject, the auto reply message subject is "Re: xxxx"; If I use :subject "auto-reply: ", the auto reply message subject is "auto-reply: " (no xxxx); Both are not what I want to have. Do I miss some knowledge or need to RTFM more carefully? (I read ietf-sieve-vacation twice already) or is this simply not possible? Thanks in advance. -- Real Softservice Huateng Tower, Unit 1788 Jia 302 3rd area of Jinsong, Chao Yang Tel: +86 (10) 8773 0650 ext 603 Mobile: 135 9950 2413 http://www.realss.com From forrie at forrie.com Wed May 14 09:42:22 2008 From: forrie at forrie.com (Forrest Aldrich) Date: Wed, 14 May 2008 09:42:22 -0400 Subject: Archiving Cyrus Mail (slightly OT) Message-ID: <482AEC3E.9040909@forrie.com> I've got several thousand emails from the early 90's that I have, packed into a Cyrus Mail system, which I backup regularly. I had thought it might be nifty to utilize one of the Email archiving solutions out there (Zoe, DevonThink, DBMail, etc) to allow me to do better searches, etc. But then I thought how Cyrus is in a simple directory format, and there must be some clever way to set up a rich indexing service that can read the Cyrus message format and utilize the existing store, separate from squatter. I'd be interested in any suggestions about how others may be doing this. I can see where this type of service would be useful on a larger scale, too. Thanks. From wes at umich.edu Wed May 14 10:46:27 2008 From: wes at umich.edu (Wesley Craig) Date: Wed, 14 May 2008 10:46:27 -0400 Subject: Cyrus - GFS slow start and poor performace In-Reply-To: <1210761044.8585.1253082537@webmail.messagingengine.com> References: <200805141059.34066.maurizio.lobosco@eng.it> <1210761044.8585.1253082537@webmail.messagingengine.com> Message-ID: <9AA15144-D009-4FC7-880B-FD7AF2CC9FF8@umich.edu> Given that he's got two machines, I might suggest mupdate_config: replicated and definitely have mailboxes.db on local disk. :wes On 14 May 2008, at 06:30, Bron Gondwana wrote: > Depending on your requirements, it may make sense to place your > mailboxes.db on local > disk (it's pretty small) and regularly copy/rsync it onto your GFS > partition. Worst > case you lose a couple of mailboxes.db records in a crash. Depends > what you can afford > to lose. You could probably stat the file every second and copy it > on any change pretty > cheaply and risk losing at most the last second's changes (it > doesn't change often) From seymourdh at yahoo.com Wed May 14 11:20:28 2008 From: seymourdh at yahoo.com (Derrick Seymour) Date: Wed, 14 May 2008 08:20:28 -0700 (PDT) Subject: Cyrus questions, lost emails, reconstruct Message-ID: <880340.99688.qm@web30505.mail.mud.yahoo.com> I have been having a few problems as of late. First, lost emails. Well they aren't really lost, i have located them in the imap mail store under the users name, kind of hidden i guess you would say. not sure why that is. This happens randomly with incoming emails, maybe one out of a couple thousand. My fix to this was to reconstruct the user box. sudo -u cyrus /usr/bin/cyrus/bin/reconstruct r user/(short name) while this works, it seems to corrupt the inbox, only the inbox all other folders stay intack. the error i receive after the reconstruct is Mailbox does not exist, i receive this from Squirrel Mail and thunderbird. The only way i have found to fix this is to do a total reconstruct. mv /var/imap /var/imap.old mkdir /var/imap /usr/bin/cyrus/tools/mkimap chown -R cyrus:mail /var/imap sudo -u cyrus /usr/bin/cyrus/bin/reconstruct -i and of course this fixes the problem of the mail box does not exist but i always seems to lose some emails in the process, usually one or two users at random You can probably see a very bad cycle here. I have chased this for a couple of weeks now and have tried to solve on my own, i have search the internet and found a couple of threads on stuff close to this but nothing that i could use as a fix. History I have recently installed spamassassin for SPAM control and now use procmail for the relay for spamassassin. Perhaps procmail is the culprit for the lost emails in the first place, but i would like to be able to reconstruct my boxes with out losing mail(hidden email) or having the error that the mailbox does not exist. mac os x server 10.3.9 is the OS any more info you need please let me know Thank You in advance for any helpl Derrick From blake at ispn.net Wed May 14 15:10:40 2008 From: blake at ispn.net (Blake Hudson) Date: Wed, 14 May 2008 14:10:40 -0500 Subject: Cyrus questions, lost emails, reconstruct In-Reply-To: <880340.99688.qm@web30505.mail.mud.yahoo.com> References: <880340.99688.qm@web30505.mail.mud.yahoo.com> Message-ID: <482B3930.4080301@ispn.net> -------- Original Message -------- Subject: Cyrus questions, lost emails, reconstruct From: Derrick Seymour To: info-cyrus at lists.andrew.cmu.edu Date: Wednesday, May 14, 2008 10:20:28 AM > I have been having a few problems as of late. > > First, lost emails. Well they aren't really lost, i > have located them in the imap mail store under the > users name, kind of hidden i guess you would say. not > sure why that is. > > This happens randomly with incoming emails, maybe one > out of a couple thousand. > > My fix to this was to reconstruct the user box. > ... > while this works, it seems to corrupt the inbox, only > the inbox all other folders stay intack. > ... > sudo -u cyrus /usr/bin/cyrus/bin/reconstruct -i > > and of course this fixes the problem of the mail box > does not exist but i always seems to lose some emails > in the process, usually one or two users at random > > You can probably see a very bad cycle here. > ... Sounds like bad RAM maybe corrupting the cyrus databases... Any other indication of file corruption or system locking/freezing/rebooting (things associated with bad memory) ? In a PC I'd run memtest86, dunno if that option is available to you. -Blake From damm at yazzy.org Wed May 14 15:48:06 2008 From: damm at yazzy.org (Scott Likens) Date: Wed, 14 May 2008 12:48:06 -0700 Subject: Cyrus - GFS slow start and poor performace In-Reply-To: <9AA15144-D009-4FC7-880B-FD7AF2CC9FF8@umich.edu> References: <200805141059.34066.maurizio.lobosco@eng.it> <1210761044.8585.1253082537@webmail.messagingengine.com> <9AA15144-D009-4FC7-880B-FD7AF2CC9FF8@umich.edu> Message-ID: Going to toss in my 10 cents. I'm assuming the GFS is the same lun/id on both servers, and you are using GFS to read-write between 2 or more servers. You could try OCFS2 instead of GFS... Other then that the only thing I can think of is using DRBD in a read-write configuration. However that would be using 2 lun/id's instead of only 1. However I imagine the results will be more or less the same, as GFS2 and OCFS2 may handle reads and writes to ensure accuracy? On May 14, 2008, at 7:46 AM, Wesley Craig wrote: > Given that he's got two machines, I might suggest mupdate_config: > replicated and definitely have mailboxes.db on local disk. > > :wes > > On 14 May 2008, at 06:30, Bron Gondwana wrote: >> Depending on your requirements, it may make sense to place your >> mailboxes.db on local >> disk (it's pretty small) and regularly copy/rsync it onto your GFS >> partition. Worst >> case you lose a couple of mailboxes.db records in a crash. Depends >> what you can afford >> to lose. You could probably stat the file every second and copy it >> on any change pretty >> cheaply and risk losing at most the last second's changes (it >> doesn't change often) > > ---- > Cyrus Home Page: http://cyrusimap.web.cmu.edu/ > Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html > > > !DSPAM:482b00dc195276105139502! > > From damm at yazzy.org Wed May 14 16:14:51 2008 From: damm at yazzy.org (Scott Likens) Date: Wed, 14 May 2008 13:14:51 -0700 Subject: Fwd: NDN: Re: Cyrus - GFS slow start and poor performace References: Message-ID: Can someone please remove this user from the list? ... Begin forwarded message: > From: Gateway at yazzy.org > Date: May 14, 2008 12:57:34 PM PDT > To: "Scott Likens" > Subject: NDN: Re: Cyrus - GFS slow start and poor performace > > Sorry. Your message could not be delivered to: > > pemoyetd,Golden Gate Language Sc (The name was not found at the remote > site. Check that the name has been entered correctly.) > > > > !DSPAM:482b47ac208081263019146! > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20080514/32052028/attachment.html From seymourdh at yahoo.com Wed May 14 17:44:44 2008 From: seymourdh at yahoo.com (Derrick Seymour) Date: Wed, 14 May 2008 14:44:44 -0700 (PDT) Subject: Cyrus questions, lost emails, reconstruct In-Reply-To: <482B3930.4080301@ispn.net> Message-ID: <706153.78297.qm@web30501.mail.mud.yahoo.com> Blake, --- Blake Hudson wrote: > > > -------- Original Message -------- > Subject: Cyrus questions, lost emails, reconstruct > From: Derrick Seymour > To: info-cyrus at lists.andrew.cmu.edu > Date: Wednesday, May 14, 2008 10:20:28 AM > > I have been having a few problems as of late. > > > > First, lost emails. Well they aren't really lost, > i > > have located them in the imap mail store under the > > users name, kind of hidden i guess you would say. > not > > sure why that is. > > > > This happens randomly with incoming emails, maybe > one > > out of a couple thousand. > > > > My fix to this was to reconstruct the user box. > > > ... > > while this works, it seems to corrupt the inbox, > only > > the inbox all other folders stay intack. > > > ... > > sudo -u cyrus /usr/bin/cyrus/bin/reconstruct -i > > > > and of course this fixes the problem of the mail > box > > does not exist but i always seems to lose some > emails > > in the process, usually one or two users at random > > > > You can probably see a very bad cycle here. > > > ... > > Sounds like bad RAM maybe corrupting the cyrus > databases... Any other > indication of file corruption or system > locking/freezing/rebooting > (things associated with bad memory) ? > > In a PC I'd run memtest86, dunno if that option is > available to you. > > -Blake > ---- > Cyrus Home Page: http://cyrusimap.web.cmu.edu/ > Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki > List Archives/Info: > http://asg.web.cmu.edu/cyrus/mailing-list.html > No signs of bad memory, the server operates off a fiber channel RAID and there are no warnings or failures with that either. There are a couple of utilities i can try to test the memory, but i will not have an answer on that until this weekend. Why would reconstruct -i work (minus the few disappearing emails) and reconstruct -r user/short name corrupt the inbox? I have to assume if the inbox didn't get corrupted that the missing emails in question would be there. I have tried to copy emails from inbox to a folder in side the usernames folder, upon a reconstruct -r those emails are now viewable, but the main inbox is still corrupt. Just a few things I tried if any of this helps. Thanks again for you help in advance Derrick From blake at ispn.net Wed May 14 20:21:24 2008 From: blake at ispn.net (Blake Hudson) Date: Wed, 14 May 2008 19:21:24 -0500 Subject: Cyrus questions, lost emails, reconstruct In-Reply-To: <706153.78297.qm@web30501.mail.mud.yahoo.com> References: <706153.78297.qm@web30501.mail.mud.yahoo.com> Message-ID: <482B8204.4070609@ispn.net> >> >> Sounds like bad RAM maybe corrupting the cyrus >> databases... Any other >> indication of file corruption or system >> locking/freezing/rebooting >> (things associated with bad memory) ? >> >> In a PC I'd run memtest86, dunno if that option is >> available to you. >> >> -Blake >> ---- >> Cyrus Home Page: http://cyrusimap.web.cmu.edu/ >> Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki >> List Archives/Info: >> http://asg.web.cmu.edu/cyrus/mailing-list.html >> >> > > No signs of bad memory, the server operates off a > fiber channel RAID and there are no warnings or > failures with that either. There are a couple of > utilities i can try to test the memory, but i will not > have an answer on that until this weekend. > > Why would reconstruct -i work (minus the few > disappearing emails) and reconstruct -r user/short > name corrupt the inbox? I have to assume if the inbox > didn't get corrupted that the missing emails in > question would be there. I have tried to copy emails > from inbox to a folder in side the usernames folder, > upon a reconstruct -r those emails are now viewable, > but the main inbox is still corrupt. > > Just a few things I tried if any of this helps. > > Thanks again for you help in advance > > Derrick > I'm honestly not familiar with the "-i" option as my 2.3 systems do not seem to have that option and I seem to only run reconstruct when restoring backups so I don't use it very often on individual mailboxes. The fact that files seem to disappear no mater what, and the problem is reproducible, seems to indicate there is some larger problem. I haven't heard of this being a wide-spread problem I'm going to assume this is something with your config or scenario not common to all Cyrus installations. One of the tests I've used to burn in new systems and test for file corruption is to take a large file (an iso or dd if=/dev/urandom works fine) and compute the md5sum. Then copy the file and compute the md5sum on the copy. Compare, delete, and repeat via shell script. This could be from one drive to another, one partition to another, or just one file to a different file. Might try something similar to test your system, and it doesn't even require a maintenance window... -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20080514/a375f634/attachment.html From maurizio.lobosco at eng.it Thu May 15 05:15:06 2008 From: maurizio.lobosco at eng.it (Maurizio Lo Bosco) Date: Thu, 15 May 2008 11:15:06 +0200 Subject: Cyrus - GFS slow start and poor performace In-Reply-To: References: <200805141059.34066.maurizio.lobosco@eng.it> <9AA15144-D009-4FC7-880B-FD7AF2CC9FF8@umich.edu> Message-ID: <200805151115.06637.maurizio.lobosco@eng.it> I try to reply to every one. Bron, that's the cyrus log on a start. --------------------- May 14 16:41:55 ariel master[28238]: process started May 14 16:41:55 ariel master[28240]: about to exec /usr/lib/cyrus-imapd/ctl_cyrusdb May 14 16:41:56 ariel ctl_cyrusdb[28240]: recovering cyrus databases May 14 16:41:56 ariel ctl_cyrusdb[28240]: skiplist: recovered /var/lib/imap/mailboxes.db (20940 records, 1509256 bytes) in 0 seconds May 14 16:41:56 ariel ctl_cyrusdb[28240]: skiplist: recovered /var/lib/imap/annotations.db (0 records, 144 bytes) in 0 seconds May 14 16:56:09 ariel ctl_cyrusdb[28240]: done recovering cyrus databases May 14 16:56:09 ariel master[31046]: about to exec /usr/lib/cyrus-imapd/idled May 14 17:03:16 ariel master[28238]: ready for work May 14 17:03:16 ariel master[32426]: about to exec /usr/lib/cyrus-imapd/ctl_cyrusdb May 14 17:03:16 ariel master[32427]: about to exec /usr/lib/cyrus-imapd/imapd May 14 17:03:16 ariel master[32428]: about to exec /usr/lib/cyrus-imapd/pop3d May 14 17:03:16 ariel master[32429]: about to exec /usr/lib/cyrus-imapd/lmtpd May 14 17:03:16 ariel master[32430]: about to exec /usr/lib/cyrus-imapd/imapd May 14 17:03:16 ariel master[32431]: about to exec /usr/lib/cyrus-imapd/pop3d May 14 17:03:16 ariel master[32433]: about to exec /usr/lib/cyrus-imapd/imapd May 14 17:03:16 ariel master[32432]: about to exec /usr/lib/cyrus-imapd/imapd May 14 17:03:16 ariel master[32434]: about to exec /usr/lib/cyrus-imapd/imapd May 14 17:03:16 ariel master[32435]: about to exec /usr/lib/cyrus-imapd/imapd May 14 17:03:16 ariel master[32436]: about to exec /usr/lib/cyrus-imapd/pop3d May 14 17:03:16 ariel master[32438]: about to exec /usr/lib/cyrus-imapd/pop3d May 14 17:03:16 ariel master[32439]: about to exec /usr/lib/cyrus-imapd/imapd May 14 17:03:16 ariel master[32442]: about to exec /usr/lib/cyrus-imapd/imapd May 14 17:03:16 ariel master[32443]: about to exec /usr/lib/cyrus-imapd/imapd May 14 17:03:16 ariel master[32444]: about to exec /usr/lib/cyrus-imapd/imapd May 14 17:03:16 ariel master[32446]: about to exec /usr/lib/cyrus-imapd/pop3d May 14 17:03:16 ariel master[32447]: about to exec /usr/lib/cyrus-imapd/pop3d May 14 17:03:16 ariel imap[32444]: executed May 14 17:03:16 ariel imap[32435]: executed May 14 17:03:16 ariel ctl_cyrusdb[32426]: checkpointing cyrus databases May 14 17:03:16 ariel pop3[32447]: executed May 14 17:03:16 ariel imap[32434]: executed May 14 17:03:16 ariel lmtpunix[32429]: executed May 14 17:03:16 ariel imap[32427]: executed May 14 17:03:16 ariel pop3[32446]: executed May 14 17:03:16 ariel imap[32433]: executed May 14 17:03:16 ariel pop3[32436]: executed May 14 17:03:16 ariel imap[32442]: executed May 14 17:03:16 ariel ctl_cyrusdb[32426]: archiving database file: /var/lib/imap/annotations.db May 14 17:03:16 ariel ctl_cyrusdb[32426]: archiving database file: /var/lib/imap/mailboxes.db May 14 17:03:16 ariel ctl_cyrusdb[32426]: done checkpointing cyrus databases May 14 17:03:16 ariel master[28238]: process 32426 exited, status 0 May 14 17:03:16 ariel lmtpunix[32429]: skiplist: recovered /var/lib/imap/deliver.db (6 records, 240828 bytes) in 0 seconds May 14 17:12:48 ariel master[1849]: about to exec /usr/lib/cyrus-imapd/imapd May 14 17:12:48 ariel imap[32430]: accepted connection ------------------------------- Thanks for the great explanation of the cyrus, I will pass this information to the RedHat engineers and wait for a reply. move the database on a local filesystem and use the rsync on a GFS partition to synchronise both nodes. Wes, I have to find more information on the mupdate replicated architecture, may be a very good solution. I have taken a fast look on this but I have not For Scott: the servers are connected with a redundant fiber channel to a SAN (on 2 different controllers of the SAN). The servers are on the same partition of the SAN, so they can see the same lun. On that lun I have the shared GFS. Just a note, the GFS version 2 is available but not yet supported by redhat and not recommended for production environment. Kind regards Maurizio From Tobias.Gustavsson at granlund.biz Thu May 15 05:32:36 2008 From: Tobias.Gustavsson at granlund.biz (Tobias Gustavsson) Date: Thu, 15 May 2008 11:32:36 +0200 Subject: Need help with mailbox error. Message-ID: <61E97A88F5209244AC477680AE88C05962E82D@gkhostexc01.gkhost.lan> Hi everybody. I am hoping someone can help me with a problem I have with Postfix (v2.3.3) and Cyrus (v2.3.7-Invoca-RPM-2.3.7-1.1.el5) running on RHEL5.1. We are trying to migrate from a Debian Sarge system to the RHEL5.1 server. There seems to be a problem when cyrus/lmtpunix gets a mail and tries to save it to a mailbox. I get the following error in maillog: May 15 10:49:05 mail1 lmtpunix[25257]: verify_user(user.username) failed: Mailbox does not exist. I will include a longer paste further down. I have created the mailbox with cyradm. [root at mail1]# cyradm localhost IMAP Password: localhost.localdomain> lm username (\HasNoChildren) root (\HasNoChildren) user^username (\HasNoChildren) user^root (\HasNoChildren) userusername (\HasNoChildren) userroot (\HasNoChildren) localhost.localdomain> I am probably missing something obvious but I can't for the life of me understand what. We are using multiple domains in postfix which seems to work fine as the correct username is forwarded to the lmtpunix daemon. /var/log/maillog May 15 10:48:56 mail1 postfix/smtpd[25246]: connect from localhost.localdomain[127.0.0.1] May 15 10:48:56 mail1 postfix/smtpd[25246]: lost connection after CONNECT from localhost.localdomain[127.0.0.1] May 15 10:48:56 mail1 postfix/smtpd[25246]: disconnect from localhost.localdomain[127.0.0.1] May 15 10:49:05 mail1 postfix/smtpd[25246]: connect from localhost.localdomain[127.0.0.1] May 15 10:49:05 mail1 postfix/smtpd[25246]: C5EC750083: client=localhost.localdomain[127.0.0.1] May 15 10:49:05 mail1 postfix/cleanup[25266]: C5EC750083: message-id=<20080515084905.C5EC750083 at mail.domain1> May 15 10:49:05 mail1 postfix/qmgr[25226]: C5EC750083: from=, size=379, nrcpt=1 (queue active) May 15 10:49:05 mail1 postfix/smtpd[25246]: disconnect from localhost.localdomain[127.0.0.1] May 15 10:49:05 mail1 lmtpunix[25257]: accepted connection May 15 10:49:05 mail1 lmtpunix[25257]: lmtp connection preauth'd as postman May 15 10:49:05 mail1 lmtpunix[25257]: verify_user(user.username) failed: Mailbox does not exist May 15 10:49:05 mail1 master[25268]: about to exec /usr/lib/cyrus-imapd/lmtpd May 15 10:49:05 mail1 lmtpunix[25268]: executed May 15 10:49:05 mail1 postfix/lmtp[25267]: C5EC750083: to=, orig_to=, relay=mail.domain1[/var/lib/imap/socket/lmtp], delay=0.12, delays=0.05/0.02/0/0.04, dsn=5.1.1, status=bounced (host mail.domain[/var/lib/imap/socket/lmtp] said: 550-Mailbox unknown. Either there is no mailbox associated with this 550-name or you do not have authorization to see it. 550 5.1.1 User unknown (in reply to RCPT TO command)) May 15 10:49:05 mail1 postfix/cleanup[25266]: DD51250086: message-id=<20080515084905.DD51250086 at mail.domain1> May 15 10:49:05 mail1 postfix/qmgr[25226]: DD51250086: from=<>, size=2557, nrcpt=1 (queue active) May 15 10:49:05 mail1 postfix/bounce[25269]: C5EC750083: sender non-delivery notification: DD51250086 May 15 10:49:05 mail1 postfix/qmgr[25226]: C5EC750083: removed /etc/postfix/main.cf smtpd_banner = $myhostname ESMTP $mail_name (Linux) biff = no append_dot_mydomain = no myhostname = mail.domain1 relayhost = mynetworks = /etc/postfix/mynetworks mailbox_size_limit = 0 recipient_delimiter = + inet_interfaces = all show_user_unknown_table_name = no mydestination = hash:/etc/postfix/mydestination_domains local_recipient_maps = proxy:unix:passwd.byname, hash:/etc/postfix/virtusertable virtual_maps = hash:/etc/postfix/virtusertable, hash:/etc/aliases local_transport = lmtp:unix:/var/lib/imap/socket/lmtp strict_rfc821_envelopes=yes header_checks = regexp:/etc/postfix/header_checks smtpd_sender_restrictions = permit_mynetworks, reject_non_fqdn_sender, reject_unknown_sender_domain lmtp_destination_concurrency_limit = 150 message_size_limit = 52428800 /etc/cyrus.conf START { recover cmd="ctl_cyrusdb -r" idled cmd="idled" } SERVICES { imap cmd="imapd" listen="imap" prefork=5 pop3 cmd="pop3d" listen="pop3" prefork=3 sieve cmd="timsieved" listen="sieve" prefork=0 lmtpunix cmd="lmtpd" listen="/var/lib/imap/socket/lmtp" prefork=1 } EVENTS { checkpoint cmd="ctl_cyrusdb -c" period=30 delprune cmd="cyr_expire -E 3" at=0400 tlsprune cmd="tls_prune" at=0400 } /etc/imapd.conf configdirectory: /var/lib/imap defaultpartition: default partition-default: /var/spool/imap altnamespace: yes unixhierarchysep: yes lmtp_downcase_rcpt: yes admins: cyrus postfix root lmtp_admins: postman allowanonymouslogin: no popminpoll: 0 umask: 077 sendmail: /usr/sbin/sendmail sieveusehomedir: false sievedir: /var/spool/sieve hashimapspool: true allowplaintext: yes sasl_mech_list: PLAIN allowapop: no sasl_minimum_layer: 0 sasl_pwcheck_method: saslauthd sasl_auto_transition: no tls_session_timeout: 1440 tls_cipher_list: TLSv1:SSLv3:SSLv2:!NULL:!EXPORT:!DES:!LOW:@STRENGTH Thanks in advance for any help. Regards Tobias From tobias.gustavsson at granlund.biz Thu May 15 05:49:37 2008 From: tobias.gustavsson at granlund.biz (tobias.gustavsson at granlund.biz) Date: Thu, 15 May 2008 05:49:37 -0400 Subject: Need help with mailbox error. Message-ID: <200805150950.m4F9nbU1000673@lists2.andrew.cmu.edu> Hi everybody. I am hoping someone can help me with a problem I have with Postfix (v2.3.3) and Cyrus (v2.3.7-Invoca-RPM-2.3.7-1.1.el5) running on RHEL5.1. We are trying to migrate from a Debian Sarge system to the RHEL5.1 server. There seems to be a problem when cyrus/lmtpunix gets a mail and tries to save it to a mailbox. I get the following error in maillog: May 15 10:49:05 mail1 lmtpunix[25257]: verify_user(user.username) failed: Mailbox does not exist. I will include a longer paste further down. I have created the mailbox with cyradm. [root at mail1]# cyradm localhost IMAP Password: localhost.localdomain> lm username (\HasNoChildren) root (\HasNoChildren) user^username (\HasNoChildren) user^root (\HasNoChildren) userusername (\HasNoChildren) userroot (\HasNoChildren) localhost.localdomain> I am probably missing something obvious but I can't for the life of me understand what. We are using multiple domains in postfix which seems to work fine as the correct username is forwarded to the lmtpunix daemon. /var/log/maillog May 15 10:48:56 mail1 postfix/smtpd[25246]: connect from localhost.localdomain[127.0.0.1] May 15 10:48:56 mail1 postfix/smtpd[25246]: lost connection after CONNECT from localhost.localdomain[127.0.0.1] May 15 10:48:56 mail1 postfix/smtpd[25246]: disconnect from localhost.localdomain[127.0.0.1] May 15 10:49:05 mail1 postfix/smtpd[25246]: connect from localhost.localdomain[127.0.0.1] May 15 10:49:05 mail1 postfix/smtpd[25246]: C5EC750083: client=localhost.localdomain[127.0.0.1] May 15 10:49:05 mail1 postfix/cleanup[25266]: C5EC750083: message-id=<20080515084905.C5EC750083 at mail.domain1> May 15 10:49:05 mail1 postfix/qmgr[25226]: C5EC750083: from=, size=379, nrcpt=1 (queue active) May 15 10:49:05 mail1 postfix/smtpd[25246]: disconnect from localhost.localdomain[127.0.0.1] May 15 10:49:05 mail1 lmtpunix[25257]: accepted connection May 15 10:49:05 mail1 lmtpunix[25257]: lmtp connection preauth'd as postman May 15 10:49:05 mail1 lmtpunix[25257]: verify_user(user.username) failed: Mailbox does not exist May 15 10:49:05 mail1 master[25268]: about to exec /usr/lib/cyrus-imapd/lmtpd May 15 10:49:05 mail1 lmtpunix[25268]: executed May 15 10:49:05 mail1 postfix/lmtp[25267]: C5EC750083: to=, orig_to=, relay=mail.domain1[/var/lib/imap/socket/lmtp], delay=0.12, delays=0.05/0.02/0/0.04, dsn=5.1.1, status=bounced (host mail.domain[/var/lib/imap/socket/lmtp] said: 550-Mailbox unknown. Either there is no mailbox associated with this 550-name or you do not have authorization to see it. 550 5.1.1 User unknown (in reply to RCPT TO command)) May 15 10:49:05 mail1 postfix/cleanup[25266]: DD51250086: message-id=<20080515084905.DD51250086 at mail.domain1> May 15 10:49:05 mail1 postfix/qmgr[25226]: DD51250086: from=<>, size=2557, nrcpt=1 (queue active) May 15 10:49:05 mail1 postfix/bounce[25269]: C5EC750083: sender non-delivery notification: DD51250086 May 15 10:49:05 mail1 postfix/qmgr[25226]: C5EC750083: removed /etc/postfix/main.cf smtpd_banner = $myhostname ESMTP $mail_name (Linux) biff = no append_dot_mydomain = no myhostname = mail.domain1 relayhost = mynetworks = /etc/postfix/mynetworks mailbox_size_limit = 0 recipient_delimiter = + inet_interfaces = all show_user_unknown_table_name = no mydestination = hash:/etc/postfix/mydestination_domains local_recipient_maps = proxy:unix:passwd.byname, hash:/etc/postfix/virtusertable virtual_maps = hash:/etc/postfix/virtusertable, hash:/etc/aliases local_transport = lmtp:unix:/var/lib/imap/socket/lmtp strict_rfc821_envelopes=yes header_checks = regexp:/etc/postfix/header_checks smtpd_sender_restrictions = permit_mynetworks, reject_non_fqdn_sender, reject_unknown_sender_domain lmtp_destination_concurrency_limit = 150 message_size_limit = 52428800 /etc/cyrus.conf START { recover cmd="ctl_cyrusdb -r" idled cmd="idled" } SERVICES { imap cmd="imapd" listen="imap" prefork=5 pop3 cmd="pop3d" listen="pop3" prefork=3 sieve cmd="timsieved" listen="sieve" prefork=0 lmtpunix cmd="lmtpd" listen="/var/lib/imap/socket/lmtp" prefork=1 } EVENTS { checkpoint cmd="ctl_cyrusdb -c" period=30 delprune cmd="cyr_expire -E 3" at=0400 tlsprune cmd="tls_prune" at=0400 } /etc/imapd.conf configdirectory: /var/lib/imap defaultpartition: default partition-default: /var/spool/imap altnamespace: yes unixhierarchysep: yes lmtp_downcase_rcpt: yes admins: cyrus postfix root lmtp_admins: postman allowanonymouslogin: no popminpoll: 0 umask: 077 sendmail: /usr/sbin/sendmail sieveusehomedir: false sievedir: /var/spool/sieve hashimapspool: true allowplaintext: yes sasl_mech_list: PLAIN allowapop: no sasl_minimum_layer: 0 sasl_pwcheck_method: saslauthd sasl_auto_transition: no tls_session_timeout: 1440 tls_cipher_list: TLSv1:SSLv3:SSLv2:!NULL:!EXPORT:!DES:!LOW:@STRENGTH Thanks in advance for any help. Regards Tobias From aspineux at gmail.com Thu May 15 06:12:59 2008 From: aspineux at gmail.com (Alain Spineux) Date: Thu, 15 May 2008 12:12:59 +0200 Subject: Need help with mailbox error. In-Reply-To: <61E97A88F5209244AC477680AE88C05962E82D@gkhostexc01.gkhost.lan> References: <61E97A88F5209244AC477680AE88C05962E82D@gkhostexc01.gkhost.lan> Message-ID: <71fe4e760805150312s4f3a823dve1086ea79ad86d08@mail.gmail.com> On Thu, May 15, 2008 at 11:32 AM, Tobias Gustavsson wrote: > Hi everybody. > > I am hoping someone can help me with a problem I have with Postfix > (v2.3.3) and Cyrus (v2.3.7-Invoca-RPM-2.3.7-1.1.el5) running on RHEL5.1. > We are trying to migrate from a Debian Sarge system to the RHEL5.1 > server. > > There seems to be a problem when cyrus/lmtpunix gets a mail and tries to > save it to a mailbox. I get the following error in maillog: > May 15 10:49:05 mail1 lmtpunix[25257]: verify_user(user.username) > failed: Mailbox does not exist. > I will include a longer paste further down. > > I have created the mailbox with cyradm. > [root at mail1]# cyradm localhost > IMAP Password: > localhost.localdomain> lm > username (\HasNoChildren) > root (\HasNoChildren) > user^username (\HasNoChildren) > user^root (\HasNoChildren) > userusername (\HasNoChildren) > userroot (\HasNoChildren) > localhost.localdomain> You have unixhierarchysep: yes then the name of a mailbox in cyradm should be "user/username" Try to create the mailbox using command > cm user/username Regards > > > I am probably missing something obvious but I can't for the life of me > understand what. > We are using multiple domains in postfix which seems to work fine as the > correct username is forwarded to the lmtpunix daemon. > > /var/log/maillog > May 15 10:48:56 mail1 postfix/smtpd[25246]: connect from > localhost.localdomain[127.0.0.1] > May 15 10:48:56 mail1 postfix/smtpd[25246]: lost connection after > CONNECT from localhost.localdomain[127.0.0.1] > May 15 10:48:56 mail1 postfix/smtpd[25246]: disconnect from > localhost.localdomain[127.0.0.1] > May 15 10:49:05 mail1 postfix/smtpd[25246]: connect from > localhost.localdomain[127.0.0.1] > May 15 10:49:05 mail1 postfix/smtpd[25246]: C5EC750083: > client=localhost.localdomain[127.0.0.1] > May 15 10:49:05 mail1 postfix/cleanup[25266]: C5EC750083: > message-id=<20080515084905.C5EC750083 at mail.domain1> > May 15 10:49:05 mail1 postfix/qmgr[25226]: C5EC750083: > from=, size=379, nrcpt=1 (queue active) > May 15 10:49:05 mail1 postfix/smtpd[25246]: disconnect from > localhost.localdomain[127.0.0.1] > May 15 10:49:05 mail1 lmtpunix[25257]: accepted connection > May 15 10:49:05 mail1 lmtpunix[25257]: lmtp connection preauth'd as > postman > May 15 10:49:05 mail1 lmtpunix[25257]: verify_user(user.username) > failed: Mailbox does not exist > May 15 10:49:05 mail1 master[25268]: about to exec > /usr/lib/cyrus-imapd/lmtpd > May 15 10:49:05 mail1 lmtpunix[25268]: executed > May 15 10:49:05 mail1 postfix/lmtp[25267]: C5EC750083: > to=, orig_to=, > relay=mail.domain1[/var/lib/imap/socket/lmtp], delay=0.12, > delays=0.05/0.02/0/0.04, dsn=5.1.1, status=bounced (host > mail.domain[/var/lib/imap/socket/lmtp] said: 550-Mailbox unknown. > Either there is no mailbox associated with this 550-name or you do not > have authorization to see it. 550 5.1.1 User unknown (in reply to RCPT > TO command)) > May 15 10:49:05 mail1 postfix/cleanup[25266]: DD51250086: > message-id=<20080515084905.DD51250086 at mail.domain1> > May 15 10:49:05 mail1 postfix/qmgr[25226]: DD51250086: from=<>, > size=2557, nrcpt=1 (queue active) > May 15 10:49:05 mail1 postfix/bounce[25269]: C5EC750083: sender > non-delivery notification: DD51250086 > May 15 10:49:05 mail1 postfix/qmgr[25226]: C5EC750083: removed > > /etc/postfix/main.cf > smtpd_banner = $myhostname ESMTP $mail_name (Linux) > biff = no > append_dot_mydomain = no > myhostname = mail.domain1 > relayhost = > mynetworks = /etc/postfix/mynetworks > mailbox_size_limit = 0 > recipient_delimiter = + > inet_interfaces = all > show_user_unknown_table_name = no > mydestination = hash:/etc/postfix/mydestination_domains > local_recipient_maps = proxy:unix:passwd.byname, > hash:/etc/postfix/virtusertable > virtual_maps = hash:/etc/postfix/virtusertable, hash:/etc/aliases > local_transport = lmtp:unix:/var/lib/imap/socket/lmtp > strict_rfc821_envelopes=yes > header_checks = regexp:/etc/postfix/header_checks > smtpd_sender_restrictions = > permit_mynetworks, > reject_non_fqdn_sender, > reject_unknown_sender_domain > lmtp_destination_concurrency_limit = 150 > message_size_limit = 52428800 > > /etc/cyrus.conf > START { > recover cmd="ctl_cyrusdb -r" > idled cmd="idled" > } > SERVICES { > imap cmd="imapd" listen="imap" prefork=5 > pop3 cmd="pop3d" listen="pop3" prefork=3 > sieve cmd="timsieved" listen="sieve" prefork=0 > lmtpunix cmd="lmtpd" listen="/var/lib/imap/socket/lmtp" prefork=1 > } > EVENTS { > checkpoint cmd="ctl_cyrusdb -c" period=30 > delprune cmd="cyr_expire -E 3" at=0400 > tlsprune cmd="tls_prune" at=0400 > } > > /etc/imapd.conf > configdirectory: /var/lib/imap > defaultpartition: default > partition-default: /var/spool/imap > altnamespace: yes > unixhierarchysep: yes > lmtp_downcase_rcpt: yes > admins: cyrus postfix root > lmtp_admins: postman > allowanonymouslogin: no > popminpoll: 0 > umask: 077 > sendmail: /usr/sbin/sendmail > sieveusehomedir: false > sievedir: /var/spool/sieve > hashimapspool: true > allowplaintext: yes > sasl_mech_list: PLAIN > allowapop: no > sasl_minimum_layer: 0 > sasl_pwcheck_method: saslauthd > sasl_auto_transition: no > tls_session_timeout: 1440 > tls_cipher_list: TLSv1:SSLv3:SSLv2:!NULL:!EXPORT:!DES:!LOW:@STRENGTH > > Thanks in advance for any help. > > Regards > Tobias > ---- > Cyrus Home Page: http://cyrusimap.web.cmu.edu/ > Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html > -- Alain Spineux aspineux gmail com May the sources be with you From Tobias.Gustavsson at granlund.biz Thu May 15 06:22:11 2008 From: Tobias.Gustavsson at granlund.biz (Tobias Gustavsson) Date: Thu, 15 May 2008 12:22:11 +0200 Subject: Need help with mailbox error. References: <61E97A88F5209244AC477680AE88C05962E82D@gkhostexc01.gkhost.lan> <71fe4e760805150312s4f3a823dve1086ea79ad86d08@mail.gmail.com> Message-ID: <61E97A88F5209244AC477680AE88C05962E831@gkhostexc01.gkhost.lan> Thank you, it works! I thought I had tried that but, I guess not. List: Sorry about the double send. I'm not getting along with my e-mail right now. Regards Tobias -----Original Message----- From: Alain Spineux [mailto:aspineux at gmail.com] Sent: den 15 maj 2008 12:13 To: Tobias Gustavsson Cc: info-cyrus at lists.andrew.cmu.edu Subject: Re: Need help with mailbox error. On Thu, May 15, 2008 at 11:32 AM, Tobias Gustavsson wrote: > Hi everybody. > > I am hoping someone can help me with a problem I have with Postfix > (v2.3.3) and Cyrus (v2.3.7-Invoca-RPM-2.3.7-1.1.el5) running on RHEL5.1. > We are trying to migrate from a Debian Sarge system to the RHEL5.1 > server. > > There seems to be a problem when cyrus/lmtpunix gets a mail and tries to > save it to a mailbox. I get the following error in maillog: > May 15 10:49:05 mail1 lmtpunix[25257]: verify_user(user.username) > failed: Mailbox does not exist. > I will include a longer paste further down. > > I have created the mailbox with cyradm. > [root at mail1]# cyradm localhost > IMAP Password: > localhost.localdomain> lm > username (\HasNoChildren) > root (\HasNoChildren) > user^username (\HasNoChildren) > user^root (\HasNoChildren) > userusername (\HasNoChildren) > userroot (\HasNoChildren) > localhost.localdomain> You have unixhierarchysep: yes then the name of a mailbox in cyradm should be "user/username" Try to create the mailbox using command > cm user/username Regards > > > I am probably missing something obvious but I can't for the life of me > understand what. > We are using multiple domains in postfix which seems to work fine as the > correct username is forwarded to the lmtpunix daemon. > > /var/log/maillog > May 15 10:48:56 mail1 postfix/smtpd[25246]: connect from > localhost.localdomain[127.0.0.1] > May 15 10:48:56 mail1 postfix/smtpd[25246]: lost connection after > CONNECT from localhost.localdomain[127.0.0.1] > May 15 10:48:56 mail1 postfix/smtpd[25246]: disconnect from > localhost.localdomain[127.0.0.1] > May 15 10:49:05 mail1 postfix/smtpd[25246]: connect from > localhost.localdomain[127.0.0.1] > May 15 10:49:05 mail1 postfix/smtpd[25246]: C5EC750083: > client=localhost.localdomain[127.0.0.1] > May 15 10:49:05 mail1 postfix/cleanup[25266]: C5EC750083: > message-id=<20080515084905.C5EC750083 at mail.domain1> > May 15 10:49:05 mail1 postfix/qmgr[25226]: C5EC750083: > from=, size=379, nrcpt=1 (queue active) > May 15 10:49:05 mail1 postfix/smtpd[25246]: disconnect from > localhost.localdomain[127.0.0.1] > May 15 10:49:05 mail1 lmtpunix[25257]: accepted connection > May 15 10:49:05 mail1 lmtpunix[25257]: lmtp connection preauth'd as > postman > May 15 10:49:05 mail1 lmtpunix[25257]: verify_user(user.username) > failed: Mailbox does not exist > May 15 10:49:05 mail1 master[25268]: about to exec > /usr/lib/cyrus-imapd/lmtpd > May 15 10:49:05 mail1 lmtpunix[25268]: executed > May 15 10:49:05 mail1 postfix/lmtp[25267]: C5EC750083: > to=, orig_to=, > relay=mail.domain1[/var/lib/imap/socket/lmtp], delay=0.12, > delays=0.05/0.02/0/0.04, dsn=5.1.1, status=bounced (host > mail.domain[/var/lib/imap/socket/lmtp] said: 550-Mailbox unknown. > Either there is no mailbox associated with this 550-name or you do not > have authorization to see it. 550 5.1.1 User unknown (in reply to RCPT > TO command)) > May 15 10:49:05 mail1 postfix/cleanup[25266]: DD51250086: > message-id=<20080515084905.DD51250086 at mail.domain1> > May 15 10:49:05 mail1 postfix/qmgr[25226]: DD51250086: from=<>, > size=2557, nrcpt=1 (queue active) > May 15 10:49:05 mail1 postfix/bounce[25269]: C5EC750083: sender > non-delivery notification: DD51250086 > May 15 10:49:05 mail1 postfix/qmgr[25226]: C5EC750083: removed > > /etc/postfix/main.cf > smtpd_banner = $myhostname ESMTP $mail_name (Linux) > biff = no > append_dot_mydomain = no > myhostname = mail.domain1 > relayhost = > mynetworks = /etc/postfix/mynetworks > mailbox_size_limit = 0 > recipient_delimiter = + > inet_interfaces = all > show_user_unknown_table_name = no > mydestination = hash:/etc/postfix/mydestination_domains > local_recipient_maps = proxy:unix:passwd.byname, > hash:/etc/postfix/virtusertable > virtual_maps = hash:/etc/postfix/virtusertable, hash:/etc/aliases > local_transport = lmtp:unix:/var/lib/imap/socket/lmtp > strict_rfc821_envelopes=yes > header_checks = regexp:/etc/postfix/header_checks > smtpd_sender_restrictions = > permit_mynetworks, > reject_non_fqdn_sender, > reject_unknown_sender_domain > lmtp_destination_concurrency_limit = 150 > message_size_limit = 52428800 > > /etc/cyrus.conf > START { > recover cmd="ctl_cyrusdb -r" > idled cmd="idled" > } > SERVICES { > imap cmd="imapd" listen="imap" prefork=5 > pop3 cmd="pop3d" listen="pop3" prefork=3 > sieve cmd="timsieved" listen="sieve" prefork=0 > lmtpunix cmd="lmtpd" listen="/var/lib/imap/socket/lmtp" prefork=1 > } > EVENTS { > checkpoint cmd="ctl_cyrusdb -c" period=30 > delprune cmd="cyr_expire -E 3" at=0400 > tlsprune cmd="tls_prune" at=0400 > } > > /etc/imapd.conf > configdirectory: /var/lib/imap > defaultpartition: default > partition-default: /var/spool/imap > altnamespace: yes > unixhierarchysep: yes > lmtp_downcase_rcpt: yes > admins: cyrus postfix root > lmtp_admins: postman > allowanonymouslogin: no > popminpoll: 0 > umask: 077 > sendmail: /usr/sbin/sendmail > sieveusehomedir: false > sievedir: /var/spool/sieve > hashimapspool: true > allowplaintext: yes > sasl_mech_list: PLAIN > allowapop: no > sasl_minimum_layer: 0 > sasl_pwcheck_method: saslauthd > sasl_auto_transition: no > tls_session_timeout: 1440 > tls_cipher_list: TLSv1:SSLv3:SSLv2:!NULL:!EXPORT:!DES:!LOW:@STRENGTH > > Thanks in advance for any help. > > Regards > Tobias > ---- > Cyrus Home Page: http://cyrusimap.web.cmu.edu/ > Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html > -- Alain Spineux aspineux gmail com May the sources be with you From aspineux at gmail.com Thu May 15 06:23:01 2008 From: aspineux at gmail.com (Alain Spineux) Date: Thu, 15 May 2008 12:23:01 +0200 Subject: Cyrus questions, lost emails, reconstruct In-Reply-To: <482B8204.4070609@ispn.net> References: <706153.78297.qm@web30501.mail.mud.yahoo.com> <482B8204.4070609@ispn.net> Message-ID: <71fe4e760805150323vd61de68geac25ac53475371a@mail.gmail.com> On Thu, May 15, 2008 at 2:21 AM, Blake Hudson wrote: > > > Sounds like bad RAM maybe corrupting the cyrus > databases... Any other > indication of file corruption or system > locking/freezing/rebooting > (things associated with bad memory) ? > > In a PC I'd run memtest86, dunno if that option is > available to you. > > -Blake > ---- > Cyrus Home Page: http://cyrusimap.web.cmu.edu/ > Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki > List Archives/Info: > http://asg.web.cmu.edu/cyrus/mailing-list.html > > > > No signs of bad memory, the server operates off a > fiber channel RAID and there are no warnings or > failures with that either. There are a couple of > utilities i can try to test the memory, but i will not > have an answer on that until this weekend. > > Why would reconstruct -i work (minus the few > disappearing emails) and reconstruct -r user/short > name corrupt the inbox? I have to assume if the inbox > didn't get corrupted that the missing emails in > question would be there. I have tried to copy emails > from inbox to a folder in side the usernames folder, > upon a reconstruct -r those emails are now viewable, > but the main inbox is still corrupt. > > Just a few things I tried if any of this helps. > > Thanks again for you help in advance > > Derrick > > > I'm honestly not familiar with the "-i" option as my 2.3 systems do not seem > to have that option and I seem to only run reconstruct when restoring > backups so I don't use it very often on individual mailboxes. The fact that > files seem to disappear no mater what, and the problem is reproducible, > seems to indicate there is some larger problem. I haven't heard of this > being a wide-spread problem I'm going to assume this is something with your > config or scenario not common to all Cyrus installations. > > One of the tests I've used to burn in new systems and test for file > corruption is to take a large file (an iso or dd if=/dev/urandom works fine) > and compute the md5sum. Then copy the file and compute the md5sum on the > copy. Compare, delete, and repeat via shell script. This could be from one > drive to another, one partition to another, or just one file to a different > file. Nice idea for system that cannot be stopped, but memtest86 available on all centos, redhat, fedora installation cd (and probably lot of other distributions) are made for that and will detect any failure in memory. Of course memetest86 will ignore any drive failure :-) > > Might try something similar to test your system, and it doesn't even require > a maintenance window... > > ---- > Cyrus Home Page: http://cyrusimap.web.cmu.edu/ > Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html > -- Alain Spineux aspineux gmail com May the sources be with you From aspineux at gmail.com Thu May 15 06:40:18 2008 From: aspineux at gmail.com (Alain Spineux) Date: Thu, 15 May 2008 12:40:18 +0200 Subject: Cyrus questions, lost emails, reconstruct In-Reply-To: <706153.78297.qm@web30501.mail.mud.yahoo.com> References: <482B3930.4080301@ispn.net> <706153.78297.qm@web30501.mail.mud.yahoo.com> Message-ID: <71fe4e760805150340n6523937i5d535996ca54d6fc@mail.gmail.com> On Wed, May 14, 2008 at 11:44 PM, Derrick Seymour wrote: > Blake, > > --- Blake Hudson wrote: > >> >> >> -------- Original Message -------- >> Subject: Cyrus questions, lost emails, reconstruct >> From: Derrick Seymour >> To: info-cyrus at lists.andrew.cmu.edu >> Date: Wednesday, May 14, 2008 10:20:28 AM >> > I have been having a few problems as of late. >> > >> > First, lost emails. Well they aren't really lost, >> i >> > have located them in the imap mail store under the >> > users name, kind of hidden i guess you would say. >> not >> > sure why that is. >> > >> > This happens randomly with incoming emails, maybe >> one >> > out of a couple thousand. >> > >> > My fix to this was to reconstruct the user box. >> > >> ... >> > while this works, it seems to corrupt the inbox, >> only >> > the inbox all other folders stay intack. >> > >> ... >> > sudo -u cyrus /usr/bin/cyrus/bin/reconstruct -i >> > >> > and of course this fixes the problem of the mail >> box >> > does not exist but i always seems to lose some >> emails >> > in the process, usually one or two users at random >> > >> > You can probably see a very bad cycle here. >> > >> ... >> >> Sounds like bad RAM maybe corrupting the cyrus >> databases... Any other >> indication of file corruption or system >> locking/freezing/rebooting >> (things associated with bad memory) ? >> >> In a PC I'd run memtest86, dunno if that option is >> available to you. >> >> -Blake >> ---- >> Cyrus Home Page: http://cyrusimap.web.cmu.edu/ >> Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki >> List Archives/Info: >> http://asg.web.cmu.edu/cyrus/mailing-list.html >> > > No signs of bad memory, the server operates off a > fiber channel RAID and there are no warnings or > failures with that either. There are a couple of > utilities i can try to test the memory, but i will not > have an answer on that until this weekend. > > Why would reconstruct -i work (minus the few > disappearing emails) and reconstruct -r user/short > name corrupt the inbox? What is the -i for ? The -r was broken until last last 2.3.12 ! You must use $ reconstruct -r user/shortname/* to take care of subdirectories and add -f to discover unknown directories. Can you give more information about your system ? OS, cyrus version ? How long did it operate without problems ? Did you change anything ? Even something you thing is unreleated ? > I have to assume if the inbox > didn't get corrupted that the missing emails in > question would be there. I have tried to copy emails > from inbox to a folder in side the usernames folder, > upon a reconstruct -r those emails are now viewable, > but the main inbox is still corrupt. Try to reset the cyrus.index file before to reconstruct, because cyreconstruct could try to reuse it. something like # echo > cyrus.index or just delete it Regards > > Just a few things I tried if any of this helps. > > Thanks again for you help in advance > > Derrick > ---- > Cyrus Home Page: http://cyrusimap.web.cmu.edu/ > Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html > -- Alain Spineux aspineux gmail com May the sources be with you From aspineux at gmail.com Thu May 15 06:49:32 2008 From: aspineux at gmail.com (Alain Spineux) Date: Thu, 15 May 2008 12:49:32 +0200 Subject: can sieve file emails to corresponding folder by subaddress? In-Reply-To: <482AD3A3.2030304@realss.com> References: <482AD3A3.2030304@realss.com> Message-ID: <71fe4e760805150349h82affe4w6fe68aec52d1de5d@mail.gmail.com> On Wed, May 14, 2008 at 1:57 PM, Zhang Weiwu wrote: > The question is pretty simple: > > I wish sieve to file new emails to sub-folders of Projects folder by > using sub-address. > > e.g. > zhangweiwu+eecz at realss.com goes to INBOX.Projects.EECZ > zhangweiwu+gtz.pado at realss.com goes to INBOX.Projects.GTZ.PADO > zhangweiwu+web.yuliansu at realss.com goes to INBOX.Projects.web.yuliansu Do you now the "plus addressing" ? When cyrus receive an email for "zhangweiwu+web.yuliansu at realss.com", it will try to deliver it into the folder "web.yuliansu" in zhangweiwu's INBOX if the folder exists and "anyone" has "p" right on it. cyrus dont need sieve to do that. Anyway you still have to create the folder and give "anyone" the "p" right. Be careful if you mix lower and uppercase and the use of "." (dot) in the folder name. Hope this help > > I have been doing it with the following statements: > > if envelope :detail "to" "web.realss" > { fileinto "INBOX.Projects.Web.RealSS";} > .... [a dozen similar statements] > > > The problem is I maintain a list of a dozen projects, and they update > and changes. Everytime I had a different project I had to maintain > sieve. I am looking for is it possible to write only one statement? > > -- > Real Softservice > > Huateng Tower, Unit 1788 > Jia 302 3rd area of Jinsong, Chao Yang > > Tel: +86 (10) 8773 0650 ext 603 > Mobile: 135 9950 2413 > http://www.realss.com > > ---- > Cyrus Home Page: http://cyrusimap.web.cmu.edu/ > Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html > -- Alain Spineux aspineux gmail com May the sources be with you From dave64 at andrew.cmu.edu Thu May 15 07:22:46 2008 From: dave64 at andrew.cmu.edu (Dave McMurtrie) Date: Thu, 15 May 2008 07:22:46 -0400 Subject: Fwd: NDN: Re: Cyrus - GFS slow start and poor performace In-Reply-To: References: Message-ID: <482C1D06.7000503@andrew.cmu.edu> Scott Likens wrote: > Can someone please remove this user from the list? Done. Thanks, Dave From maurizio.lobosco at eng.it Thu May 15 09:25:58 2008 From: maurizio.lobosco at eng.it (Maurizio Lo Bosco) Date: Thu, 15 May 2008 15:25:58 +0200 Subject: Cyrus - GFS slow start and poor performace In-Reply-To: <9AA15144-D009-4FC7-880B-FD7AF2CC9FF8@umich.edu> References: <200805141059.34066.maurizio.lobosco@eng.it> <1210761044.8585.1253082537@webmail.messagingengine.com> <9AA15144-D009-4FC7-880B-FD7AF2CC9FF8@umich.edu> Message-ID: <200805151525.58295.maurizio.lobosco@eng.it> > Given that he's got two machines, I might suggest mupdate_config: > replicated and definitely have mailboxes.db on local disk. I'm taking a look at the configuration of the mupdate replicated architecture. As stated in an old post on this list (20-Dec-2005), the Cyrus 2.3 replicated configuration seams a very good solution, but in the current documentation is stated :"Note that load balancing is not possible with the current replication code, but it is intended to be supported in the future." I would like to use both server in active/active configuration, is it possible with the mupdate replication? Otherwise I will study the solution proposed by Bron to sync a local mailbox.db with the GFS...but I have to pay attention on the contemporary of the sync from the two servers. Regards Maurizio From seymourdh at yahoo.com Thu May 15 09:49:20 2008 From: seymourdh at yahoo.com (Derrick Seymour) Date: Thu, 15 May 2008 06:49:20 -0700 (PDT) Subject: Cyrus questions, lost emails, reconstruct Message-ID: <321661.14073.qm@web30505.mail.mud.yahoo.com> On Wed, May 14, 2008 at 11:44 PM, Derrick Seymour wrote: > Blake, > > --- Blake Hudson wrote: > >> >> >> -------- Original Message -------- >> Subject: Cyrus questions, lost emails, reconstruct >> From: Derrick Seymour >> To: info-cyrus at lists.andrew.cmu.edu >> Date: Wednesday, May 14, 2008 10:20:28 AM >> > I have been having a few problems as of late. >> > >> > First, lost emails. Well they aren't really lost, >> i >> > have located them in the imap mail store under the >> > users name, kind of hidden i guess you would say. >> not >> > sure why that is. >> > >> > This happens randomly with incoming emails, maybe >> one >> > out of a couple thousand. >> > >> > My fix to this was to reconstruct the user box. >> > >> ... >> > while this works, it seems to corrupt the inbox, >> only >> > the inbox all other folders stay intack. >> > >> ... >> > sudo -u cyrus /usr/bin/cyrus/bin/reconstruct -i >> > >> > and of course this fixes the problem of the mail >> box >> > does not exist but i always seems to lose some >> emails >> > in the process, usually one or two users at random >> > >> > You can probably see a very bad cycle here. >> > >> ... >> >> Sounds like bad RAM maybe corrupting the cyrus >> databases... Any other >> indication of file corruption or system >> locking/freezing/rebooting >> (things associated with bad memory) ? >> >> In a PC I'd run memtest86, dunno if that option is >> available to you. >> >> -Blake >> ---- >> Cyrus Home Page: http://cyrusimap.web.cmu.edu/ >> Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki >> List Archives/Info: >> http://asg.web.cmu.edu/cyrus/mailing-list.html >> > > No signs of bad memory, the server operates off a > fiber channel RAID and there are no warnings or > failures with that either. There are a couple of > utilities i can try to test the memory, but i will not > have an answer on that until this weekend. > > Why would reconstruct -i work (minus the few > disappearing emails) and reconstruct -r user/short > name corrupt the inbox? What is the -i for ? The -r was broken until last last 2.3.12 ! You must use $ reconstruct -r user/shortname/* to take care of subdirectories and add -f to discover unknown directories. Can you give more information about your system ? OS, cyrus version ? How long did it operate without problems ? Did you change anything ? Even something you thing is unreleated ? > I have to assume if the inbox > didn't get corrupted that the missing emails in > question would be there. I have tried to copy emails > from inbox to a folder in side the usernames folder, > upon a reconstruct -r those emails are now viewable, > but the main inbox is still corrupt. Try to reset the cyrus.index file before to reconstruct, because cyreconstruct could try to reuse it. something like # echo > cyrus.index or just delete it Regards > > Just a few things I tried if any of this helps. > > Thanks again for you help in advance > > Derrick > ---- > Cyrus Home Page: http://cyrusimap.web.cmu.edu/ > Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html > I am on a mac os x server 10.3.9 not sure how to find the cyrus version, naive i know... the -i is from one of apples documents on how to reconstruct the entire database for cyrus. the -r is for a single user, knowing now that it is broken makes a lot of sense with the problems i am having reconstructing. latest system changes was the installation of spamassassin with procmail for the relay. This i believe this caused my initial problem with the disappearing emails. Not to concerned about that right now, though i will be very happy to receive suggestions on that. Main problem is to get reconstruct working, I will deal with the disappearing emails later on, need to get them back now and be able to get them back reliably in the future until i fix the core problem with the disappearing emails. updated info that i found: when i take a look at the mailbox.db for the user that has a corrupted in box i get this.... myserver2:/var/imap user# sudo -u cyrus /usr/bin/cyrus/bin/ctl_mboxlist -d | grep brokenuser user.brokenuser default BROKENUSER lrswipcda user.brokenuser.INBOX^Drafts default brokenuser lrswipcda user.brokenuser.INBOX^Sent default brokenuser lrswipcda user.brokenuser.INBOX^Trash default brokenuser lrswipcda as you can see the inbox has the user in all caps, makes sense now why they can't get into there inbox, i believe this is case sensitive, so now how do i change this back to lowercase and or which reconstruct command (i know -r is broken) will work. I don't mind the broken construct if i can edit the mailbox.db successfully to fix the one issue with the caps. can always do up a script. i've checked other users, all of there info is in lowercase.... thanks Derrick From damm at yazzy.org Thu May 15 13:15:56 2008 From: damm at yazzy.org (Scott Likens) Date: Thu, 15 May 2008 10:15:56 -0700 Subject: Cyrus - GFS slow start and poor performace In-Reply-To: <200805151525.58295.maurizio.lobosco@eng.it> References: <200805141059.34066.maurizio.lobosco@eng.it> <1210761044.8585.1253082537@webmail.messagingengine.com> <9AA15144-D009-4FC7-880B-FD7AF2CC9FF8@umich.edu> <200805151525.58295.maurizio.lobosco@eng.it> Message-ID: <2E1EFC89-C0B5-43A1-8A0B-FD68EECE36E0@yazzy.org> If you wish to do load balancing, I suggest looking at nginx. For documentation ... http://wiki.codemongers.com/Main I don't have a lot of experience with GFS1 or OCFS, however I don't expect great performance. I would imagine worse then ext3 or about the same is the best you will be able to achieve. You may have better luck with syncclient, or setting up Murder with 2 Front ends and 1 backend. I guess the bottom line is read-write configuration shared between 2 servers is .. (to me) hit and miss. It really depends on what your trying to do with it, and how your trying to make it work. In this case, I would not personally suggest a read-write with DRBD or ocfs/gfs as you are going to either encounter bugs from filesystems, cyrus, or both; if someone has a configuration where any 3 of those I just mentioned works great... then by all means please chime in. Scott On May 15, 2008, at 6:25 AM, Maurizio Lo Bosco wrote: >> Given that he's got two machines, I might suggest mupdate_config: >> replicated and definitely have mailboxes.db on local disk. > I'm taking a look at the configuration of the mupdate replicated > architecture. > > As stated in an old post on this list (20-Dec-2005), the Cyrus 2.3 > replicated > configuration seams a very good solution, but in the current > documentation is > stated :"Note that load balancing is not possible with the current > replication code, but it is intended to be supported in the future." > > I would like to use both server in active/active configuration, is > it possible > with the mupdate replication? > Otherwise I will study the solution proposed by Bron to sync a local > mailbox.db with the GFS...but I have to pay attention on the > contemporary of > the sync from the two servers. > Regards > Maurizio > ---- > Cyrus Home Page: http://cyrusimap.web.cmu.edu/ > Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html > > > !DSPAM:482c4325166021222944467! > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20080515/63295f6c/attachment.html From aspineux at gmail.com Thu May 15 16:54:20 2008 From: aspineux at gmail.com (Alain Spineux) Date: Thu, 15 May 2008 22:54:20 +0200 Subject: Cyrus questions, lost emails, reconstruct In-Reply-To: <321661.14073.qm@web30505.mail.mud.yahoo.com> References: <321661.14073.qm@web30505.mail.mud.yahoo.com> Message-ID: <71fe4e760805151354n15571a1an99e190075802b067@mail.gmail.com> On Thu, May 15, 2008 at 3:49 PM, Derrick Seymour wrote: > On Wed, May 14, 2008 at 11:44 PM, Derrick Seymour > wrote: >> Blake, >> >> --- Blake Hudson wrote: >> >>> >>> >>> -------- Original Message -------- >>> Subject: Cyrus questions, lost emails, reconstruct >>> From: Derrick Seymour >>> To: info-cyrus at lists.andrew.cmu.edu >>> Date: Wednesday, May 14, 2008 10:20:28 AM >>> > I have been having a few problems as of late. >>> > >>> > First, lost emails. Well they aren't really > lost, >>> i >>> > have located them in the imap mail store under > the >>> > users name, kind of hidden i guess you would say. >>> not >>> > sure why that is. >>> > >>> > This happens randomly with incoming emails, maybe >>> one >>> > out of a couple thousand. >>> > >>> > My fix to this was to reconstruct the user box. >>> > >>> ... >>> > while this works, it seems to corrupt the inbox, >>> only >>> > the inbox all other folders stay intack. >>> > >>> ... >>> > sudo -u cyrus /usr/bin/cyrus/bin/reconstruct -i >>> > >>> > and of course this fixes the problem of the mail >>> box >>> > does not exist but i always seems to lose some >>> emails >>> > in the process, usually one or two users at > random >>> > >>> > You can probably see a very bad cycle here. >>> > >>> ... >>> >>> Sounds like bad RAM maybe corrupting the cyrus >>> databases... Any other >>> indication of file corruption or system >>> locking/freezing/rebooting >>> (things associated with bad memory) ? >>> >>> In a PC I'd run memtest86, dunno if that option is >>> available to you. >>> >>> -Blake >>> ---- >>> Cyrus Home Page: http://cyrusimap.web.cmu.edu/ >>> Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki >>> List Archives/Info: >>> http://asg.web.cmu.edu/cyrus/mailing-list.html >>> >> >> No signs of bad memory, the server operates off a >> fiber channel RAID and there are no warnings or >> failures with that either. There are a couple of >> utilities i can try to test the memory, but i will > not >> have an answer on that until this weekend. >> >> Why would reconstruct -i work (minus the few >> disappearing emails) and reconstruct -r user/short >> name corrupt the inbox? > > What is the -i for ? > The -r was broken until last last 2.3.12 ! You must > use > $ reconstruct -r user/shortname/* > to take care of subdirectories and add -f to discover > unknown directories. > > > Can you give more information about your system ? OS, > cyrus version ? > How long did it operate without problems ? Did you > change anything ? Even > something you thing is unreleated ? > > >> I have to assume if the inbox >> didn't get corrupted that the missing emails in >> question would be there. I have tried to copy > emails >> from inbox to a folder in side the usernames folder, >> upon a reconstruct -r those emails are now viewable, >> but the main inbox is still corrupt. > > Try to reset the cyrus.index file before to > reconstruct, because cyreconstruct > could try to reuse it. > something like > # echo > cyrus.index > or just delete it > > > Regards > >> >> Just a few things I tried if any of this helps. >> >> Thanks again for you help in advance >> >> Derrick >> ---- >> Cyrus Home Page: http://cyrusimap.web.cmu.edu/ >> Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki >> List Archives/Info: > http://asg.web.cmu.edu/cyrus/mailing-list.html >> > > > > > > I am on a mac os x server 10.3.9 > > not sure how to find the cyrus version, naive i > know... I dont know anything to os x packaging > > the -i is from one of apples documents on how to > reconstruct the entire database for cyrus. the -r is > for a single user, knowing now that it is broken makes > a lot of sense with the problems i am having > reconstructing. -r is for "recursive" (on usual cyrus install) > > latest system changes was the installation of > spamassassin with procmail for the relay. This i > believe this caused my initial problem with the > disappearing emails. Not to concerned about that > right now, though i will be very happy to receive > suggestions on that. cyrus users use SIEVE instead of procmail. Of course sieve is not as flexible as procmail, but a lot lot faster, more secure, and part of cyrus Read this, to be sure your procmail configuration is compatible with cyrus http://www.oreilly.com/catalog/mimap/chapter/ch09.html Is your mail store on a networked disk ? > > Main problem is to get reconstruct working, I will > deal with the disappearing emails later on, need to > get them back now and be able to get them back > reliably in the future until i fix the core problem > with the disappearing emails. > > updated info that i found: > > when i take a look at the mailbox.db for the user that > has a corrupted in box i get this.... > > myserver2:/var/imap user# sudo -u cyrus > /usr/bin/cyrus/bin/ctl_mboxlist -d | grep brokenuser > user.brokenuser default BROKENUSER lrswipcda > user.brokenuser.INBOX^Drafts default brokenuser > lrswipcda > user.brokenuser.INBOX^Sent default brokenuser > lrswipcda > user.brokenuser.INBOX^Trash default brokenuser > lrswipcda > > as you can see the inbox has the user in all caps, > makes sense now why they can't get into there inbox, i > believe this is case sensitive, so now how do i change > this back to lowercase and or which reconstruct > command (i know -r is broken) will work. I don't mind > the broken construct if i can edit the mailbox.db > successfully to fix the one issue with the caps. can > always do up a script. use cyradm to change ACL, using "sam" command > > i've checked other users, all of there info is in > lowercase.... > > thanks > > Derrick > > > ---- > Cyrus Home Page: http://cyrusimap.web.cmu.edu/ > Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html > -- Alain Spineux aspineux gmail com May the sources be with you From seymourdh at yahoo.com Thu May 15 17:41:32 2008 From: seymourdh at yahoo.com (Derrick Seymour) Date: Thu, 15 May 2008 14:41:32 -0700 (PDT) Subject: Cyrus questions, lost emails, reconstruct In-Reply-To: <71fe4e760805151354n15571a1an99e190075802b067@mail.gmail.com> Message-ID: <804249.78337.qm@web30504.mail.mud.yahoo.com> > I am on a mac os x server 10.3.9 > > not sure how to find the cyrus version, naive i > know... I dont know anything to os x packaging > > the -i is from one of apples documents on how to > reconstruct the entire database for cyrus. the -r is > for a single user, knowing now that it is broken makes > a lot of sense with the problems i am having > reconstructing. -r is for "recursive" (on usual cyrus install) > > latest system changes was the installation of > spamassassin with procmail for the relay. This i > believe this caused my initial problem with the > disappearing emails. Not to concerned about that > right now, though i will be very happy to receive > suggestions on that. cyrus users use SIEVE instead of procmail. Of course sieve is not as flexible as procmail, but a lot lot faster, more secure, and part of cyrus Read this, to be sure your procmail configuration is compatible with cyrus http://www.oreilly.com/catalog/mimap/chapter/ch09.html Is your mail store on a networked disk ? > > Main problem is to get reconstruct working, I will > deal with the disappearing emails later on, need to > get them back now and be able to get them back > reliably in the future until i fix the core problem > with the disappearing emails. > > updated info that i found: > > when i take a look at the mailbox.db for the user that > has a corrupted in box i get this.... > > myserver2:/var/imap user# sudo -u cyrus > /usr/bin/cyrus/bin/ctl_mboxlist -d | grep brokenuser > user.brokenuser default BROKENUSER lrswipcda > user.brokenuser.INBOX^Drafts default brokenuser > lrswipcda > user.brokenuser.INBOX^Sent default brokenuser > lrswipcda > user.brokenuser.INBOX^Trash default brokenuser > lrswipcda > > as you can see the inbox has the user in all caps, > makes sense now why they can't get into there inbox, i > believe this is case sensitive, so now how do i change > this back to lowercase and or which reconstruct > command (i know -r is broken) will work. I don't mind > the broken construct if i can edit the mailbox.db > successfully to fix the one issue with the caps. can > always do up a script. use cyradm to change ACL, using "sam" command > > i've checked other users, all of there info is in > lowercase.... First off let me thank all of you for your help so far. To answer the above questions: My mail store is on a fiber channel RAID Procmail looks to be set up properly, i will look into this further Mac os x 10.3.9 ships with cyrus 2.2.10, or should i say was updated to 2.2.10 Up until the installation of spamassassin and procmail there has been no 'reported' problems though i don't think the reconstruct problem has anything to do with the install, the disappearing emails maybe. Here is some updates: Through long searching I decided to try this, after i backed up everything....twice ;-) stopped mail sudo -u cyrus /usr/bin/cyrus/bin/ctl_mboxlist -d > /mailboxdb.txt edited the caps user to lower case with pico sudo -u cyrus /usr/bin/cyrus/bin/ctl_mboxlist -u < /mailboxdb.txt started mail this worked, as far as i can tell, no loss of email and the user can log back in with squirrelmail with out the error "mailbox does not exist" Logged in with a couple of other users via IMAP and POP everything looks good. While editing the mailboxdb i found something strange..... as you can see below there is an entry for some users in all upper case, there is also complete entries for these users also in lower case. user.USER1 default USER1 lrswipcda user.USER2 default USER2 lrswipcda user.user1 default user1 lrswipcda user.user1.INBOX^Drafts default user1 lrswipcda user.user1.INBOX^Sent default user1 lrswipcda user.user1.INBOX^Trash default user1 lrswipcda user.user2 default user2 lrswipcda user.user2.INBOX^Drafts default user2 lrswipcda user.user2.INBOX^Sent default user2 lrswipcda user.user2.INBOX^Trash default user2 lrswipcda The user that had the problem (mailbox does not exist) after i did a reconstruct was one of the users that had multiple entries in the mailbox.db. I am wondering if these single entries have any use, can i delete them, is this perhaps why when i did the reconstruct the user had an all caps entry for the inbox and then wasn't able to log in? Because that looks like what the problem was. I am also wondering if i deleted this single entries would the reconstruct work? Thanks again for all the help -derrick From aspineux at gmail.com Thu May 15 17:56:24 2008 From: aspineux at gmail.com (Alain Spineux) Date: Thu, 15 May 2008 23:56:24 +0200 Subject: Cyrus questions, lost emails, reconstruct In-Reply-To: <804249.78337.qm@web30504.mail.mud.yahoo.com> References: <71fe4e760805151354n15571a1an99e190075802b067@mail.gmail.com> <804249.78337.qm@web30504.mail.mud.yahoo.com> Message-ID: <71fe4e760805151456x51313237r96df7254c7f5f3ea@mail.gmail.com> On Thu, May 15, 2008 at 11:41 PM, Derrick Seymour wrote: >> I am on a mac os x server 10.3.9 >> >> not sure how to find the cyrus version, naive i >> know... > > I dont know anything to os x packaging > >> >> the -i is from one of apples documents on how to >> reconstruct the entire database for cyrus. the -r > is >> for a single user, knowing now that it is broken > makes >> a lot of sense with the problems i am having >> reconstructing. > > -r is for "recursive" (on usual cyrus install) > >> >> latest system changes was the installation of >> spamassassin with procmail for the relay. This i >> believe this caused my initial problem with the >> disappearing emails. Not to concerned about that >> right now, though i will be very happy to receive >> suggestions on that. > > cyrus users use SIEVE instead of procmail. > Of course sieve is not as flexible as procmail, but a > lot lot > faster, more secure, and part of cyrus > > Read this, to be sure your procmail configuration is > compatible with > cyrus > http://www.oreilly.com/catalog/mimap/chapter/ch09.html > > Is your mail store on a networked disk ? > >> >> Main problem is to get reconstruct working, I will >> deal with the disappearing emails later on, need to >> get them back now and be able to get them back >> reliably in the future until i fix the core problem >> with the disappearing emails. >> >> updated info that i found: >> >> when i take a look at the mailbox.db for the user > that >> has a corrupted in box i get this.... >> >> myserver2:/var/imap user# sudo -u cyrus >> /usr/bin/cyrus/bin/ctl_mboxlist -d | grep brokenuser >> user.brokenuser default BROKENUSER > lrswipcda >> user.brokenuser.INBOX^Drafts default brokenuser >> lrswipcda >> user.brokenuser.INBOX^Sent default brokenuser >> lrswipcda >> user.brokenuser.INBOX^Trash default brokenuser >> lrswipcda >> >> as you can see the inbox has the user in all caps, >> makes sense now why they can't get into there inbox, > i >> believe this is case sensitive, so now how do i > change >> this back to lowercase and or which reconstruct >> command (i know -r is broken) will work. I don't > mind >> the broken construct if i can edit the mailbox.db >> successfully to fix the one issue with the caps. > can >> always do up a script. > > use cyradm to change ACL, using "sam" command > >> >> i've checked other users, all of there info is in >> lowercase.... > > > > First off let me thank all of you for your help so > far. > > To answer the above questions: > > My mail store is on a fiber channel RAID > Procmail looks to be set up properly, i will look into > this further > Mac os x 10.3.9 ships with cyrus 2.2.10, or should i > say was updated to 2.2.10 > Up until the installation of spamassassin and procmail > there has been no 'reported' problems > > though i don't think the reconstruct problem has > anything to do with the install, the disappearing > emails maybe. > > Here is some updates: > > Through long searching I decided to try this, after i > backed up everything....twice ;-) > > stopped mail > > sudo -u cyrus /usr/bin/cyrus/bin/ctl_mboxlist -d > > /mailboxdb.txt > > edited the caps user to lower case with pico I already used this too, but cyradm allow you to keep your system running. > > sudo -u cyrus /usr/bin/cyrus/bin/ctl_mboxlist -u < > /mailboxdb.txt > > started mail > > this worked, as far as i can tell, no loss of email > and the user can log back in with squirrelmail with > out the error "mailbox does not exist" > > Logged in with a couple of other users via IMAP and > POP everything looks good. > > While editing the mailboxdb i found something > strange..... > > as you can see below there is an entry for some users > in all upper case, there is also complete entries for > these users also in lower case. > > user.USER1 default USER1 lrswipcda > user.USER2 default USER2 lrswipcda > > user.user1 default user1 lrswipcda > user.user1.INBOX^Drafts default user1 > lrswipcda > user.user1.INBOX^Sent default user1 lrswipcda > user.user1.INBOX^Trash default user1 lrswipcda > > user.user2 default user2 lrswipcda > user.user2.INBOX^Drafts default user2 > lrswipcda > user.user2.INBOX^Sent default user2 > lrswipcda > user.user2.INBOX^Trash default user2 > lrswipcda > > The user that had the problem (mailbox does not exist) > after i did a reconstruct was one of the users that > had multiple entries in the mailbox.db. I am > wondering if these single entries have any use, can i > delete them, is this perhaps why when i did the > reconstruct the user had an all caps entry for the > inbox and then wasn't able to log in? Because that > looks like what the problem was. I am also wondering > if i deleted this single entries would the reconstruct > work? > > > Thanks again for all the help > > -derrick > > > ---- > Cyrus Home Page: http://cyrusimap.web.cmu.edu/ > Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html > -- Alain Spineux aspineux gmail com May the sources be with you From simon.matter at invoca.ch Fri May 16 02:53:52 2008 From: simon.matter at invoca.ch (Simon Matter) Date: Fri, 16 May 2008 08:53:52 +0200 (CEST) Subject: Cyrus questions, lost emails, reconstruct In-Reply-To: <804249.78337.qm@web30504.mail.mud.yahoo.com> References: <804249.78337.qm@web30504.mail.mud.yahoo.com> Message-ID: <33260.192.168.10.25.1210920832.squirrel@webmail.bi.corp.invoca.ch> >> I am on a mac os x server 10.3.9 >> >> not sure how to find the cyrus version, naive i >> know... > > I dont know anything to os x packaging > >> >> the -i is from one of apples documents on how to >> reconstruct the entire database for cyrus. the -r > is >> for a single user, knowing now that it is broken > makes >> a lot of sense with the problems i am having >> reconstructing. > > -r is for "recursive" (on usual cyrus install) > >> >> latest system changes was the installation of >> spamassassin with procmail for the relay. This i >> believe this caused my initial problem with the >> disappearing emails. Not to concerned about that >> right now, though i will be very happy to receive >> suggestions on that. > > cyrus users use SIEVE instead of procmail. > Of course sieve is not as flexible as procmail, but a > lot lot > faster, more secure, and part of cyrus > > Read this, to be sure your procmail configuration is > compatible with > cyrus > http://www.oreilly.com/catalog/mimap/chapter/ch09.html > > Is your mail store on a networked disk ? > >> >> Main problem is to get reconstruct working, I will >> deal with the disappearing emails later on, need to >> get them back now and be able to get them back >> reliably in the future until i fix the core problem >> with the disappearing emails. >> >> updated info that i found: >> >> when i take a look at the mailbox.db for the user > that >> has a corrupted in box i get this.... >> >> myserver2:/var/imap user# sudo -u cyrus >> /usr/bin/cyrus/bin/ctl_mboxlist -d | grep brokenuser >> user.brokenuser default BROKENUSER > lrswipcda >> user.brokenuser.INBOX^Drafts default brokenuser >> lrswipcda >> user.brokenuser.INBOX^Sent default brokenuser >> lrswipcda >> user.brokenuser.INBOX^Trash default brokenuser >> lrswipcda >> >> as you can see the inbox has the user in all caps, >> makes sense now why they can't get into there inbox, > i >> believe this is case sensitive, so now how do i > change >> this back to lowercase and or which reconstruct >> command (i know -r is broken) will work. I don't > mind >> the broken construct if i can edit the mailbox.db >> successfully to fix the one issue with the caps. > can >> always do up a script. > > use cyradm to change ACL, using "sam" command > >> >> i've checked other users, all of there info is in >> lowercase.... > > > > First off let me thank all of you for your help so > far. > > To answer the above questions: > > My mail store is on a fiber channel RAID > Procmail looks to be set up properly, i will look into > this further > Mac os x 10.3.9 ships with cyrus 2.2.10, or should i > say was updated to 2.2.10 > Up until the installation of spamassassin and procmail > there has been no 'reported' problems > > though i don't think the reconstruct problem has > anything to do with the install, the disappearing > emails maybe. > > Here is some updates: > > Through long searching I decided to try this, after i > backed up everything....twice ;-) > > stopped mail > > sudo -u cyrus /usr/bin/cyrus/bin/ctl_mboxlist -d > > /mailboxdb.txt > > edited the caps user to lower case with pico > > sudo -u cyrus /usr/bin/cyrus/bin/ctl_mboxlist -u < > /mailboxdb.txt > > started mail > > this worked, as far as i can tell, no loss of email > and the user can log back in with squirrelmail with > out the error "mailbox does not exist" > > Logged in with a couple of other users via IMAP and > POP everything looks good. > > While editing the mailboxdb i found something > strange..... > > as you can see below there is an entry for some users > in all upper case, there is also complete entries for > these users also in lower case. > Are you using autocreate inbox? I don't know much about your config but that kind of problems usually comes when you let your users login with all caps usernames and you have an authentication method which is not case sensitive on the username side (like LDAP). Then your users can successfully login using all CAPS, but that means they don't get their true mailbox but a new empty one. Check the username_tolower setting in imapd.conf. But, you simply should not let your users login with squirrelmail with uppercase because the username may be lowered by cyrus but squirrelmail creates new preferences for the uppercase user. I made my own PAM module which denies all upper case usernames (we wanted all lowercase). http://www.invoca.ch/pub/packages/pam_deny_uc/ Simon From farislinux at yahoo.com Fri May 16 06:06:42 2008 From: farislinux at yahoo.com (faris) Date: Fri, 16 May 2008 03:06:42 -0700 (PDT) Subject: Imap saslauthd produces huge no of logs & crashes Message-ID: <533874.40713.qm@web33201.mail.mud.yahoo.com> Hi, I am little bit new to cyrus and now a days my cyrus imap server crashes every day. once stop/start cyrus, services are back to normal. After checking the /var/log/messages & /var/log/imapd.log i get huge no of messages coming. donno how to trace the error. also i need to stop cyrus imap & saslauthd information coming to my /var/log/messages file as well. information is listed below. please help ! [root at imap ~]# tail -f /var/log/messages May 16 10:41:14 mxstore2a saslauthd[7860]: sqlLog called. May 16 10:41:14 mxstore2a saslauthd[7860]: pam_mysql: error: sqllog set but logtable not set May 16 10:41:14 mxstore2a saslauthd[7860]: pam_mysql: error: sqllog set but logmsgcolumn not set May 16 10:41:14 mxstore2a saslauthd[7860]: pam_mysql: error: sqllog set but logusercolumn not set May 16 10:41:14 mxstore2a saslauthd[7860]: pam_mysql: error: sqllog set but loghostcolumn not set May 16 10:41:14 mxstore2a saslauthd[7860]: pam_mysql: error: sqllog set but logtimecolumn not set May 16 10:41:14 mxstore2a saslauthd[7860]: returning 0 . May 16 10:41:14 mxstore2a saslauthd[7860]: returning 0. May 16 10:41:14 mxstore2a saslauthd[7860]: pam_mysql: acct_mgmt called but not implemented. Dont panic though :) May 16 10:41:14 mxstore2a imap[7873]: login: cctrl1 [10.2.30.214] 999999999 plaintext User logged in May 16 10:41:20 mxstore2a saslauthd[7861]: pam_sm_authenticate called. May 16 10:41:20 mxstore2a saslauthd[7861]: dbuser changed. May 16 10:41:20 mxstore2a saslauthd[7861]: dbpasswd changed. May 16 10:41:20 mxstore2a saslauthd[7861]: host changed. May 16 10:41:20 mxstore2a saslauthd[7861]: database changed. May 16 10:41:20 mxstore2a saslauthd[7861]: table changed. May 16 10:41:20 mxstore2a saslauthd[7861]: usercolumn changed. May 16 10:41:20 mxstore2a saslauthd[7861]: passwdcolumn changed. May 16 10:41:20 mxstore2a saslauthd[7861]: db_connect called. May 16 10:41:20 mxstore2a saslauthd[7861]: returning 0 . May 16 10:41:20 mxstore2a saslauthd[7861]: db_checkpasswd called. May 16 10:41:20 mxstore2a saslauthd[7861]: pam_mysql: where clause = May 16 10:41:20 mxstore2a saslauthd[7861]: SELECT user_pswd FROM UserInfo WHERE username='94723783294' May 16 10:41:20 mxstore2a saslauthd[7861]: sqlLog called. May 16 10:41:20 mxstore2a saslauthd[7861]: pam_mysql: error: sqllog set but logtable not set May 16 10:41:20 mxstore2a saslauthd[7861]: pam_mysql: error: sqllog set but logmsgcolumn not set May 16 10:41:20 mxstore2a saslauthd[7861]: pam_mysql: error: sqllog set but logusercolumn not set May 16 10:41:20 mxstore2a saslauthd[7861]: pam_mysql: error: sqllog set but loghostcolumn not set May 16 10:41:20 mxstore2a saslauthd[7861]: pam_mysql: error: sqllog set but logtimecolumn not set May 16 10:41:20 mxstore2a saslauthd[7861]: returning 0 . ----------------------------------------------------------------------------- [root at imap ~]# tail -f /var/log/imapd.log May 16 11:28:21 mxstore2a imap[7968]: login: cctrl1 [10.2.30.214] 94724550835 plaintext User logged in May 16 11:28:21 mxstore2a imap[7968]: open: user 94724550835 opened INBOX May 16 11:28:21 mxstore2a imap[7968]: open: user 94724550835 opened INBOX May 16 11:28:21 mxstore2a imap[7968]: SQUAT failed to open index file May 16 11:28:21 mxstore2a imap[7968]: SQUAT failed May 16 11:28:21 mxstore2a imap[7968]: SQUAT failed to open index file May 16 11:28:21 mxstore2a imap[7968]: SQUAT failed May 16 11:28:21 mxstore2a imap[7968]: SQUAT failed to open index file May 16 11:28:21 mxstore2a imap[7968]: SQUAT failed May 16 11:28:21 mxstore2a imap[7968]: open: user 94724550835 opened INBOX.Saved Items ---------------------------------------------------------------------------------------- [root at imap ~]# tail -f /var/log/auth.log May 16 11:28:36 mxstore2a saslauthd[7862]: SELECT user_pswd FROM UserInfo WHERE username='94725327205' May 16 11:28:36 mxstore2a saslauthd[7862]: sqlLog called. May 16 11:28:36 mxstore2a saslauthd[7862]: pam_mysql: error: sqllog set but logtable not set May 16 11:28:36 mxstore2a saslauthd[7862]: pam_mysql: error: sqllog set but logmsgcolumn not set May 16 11:28:36 mxstore2a saslauthd[7862]: pam_mysql: error: sqllog set but logusercolumn not set May 16 11:28:36 mxstore2a saslauthd[7862]: pam_mysql: error: sqllog set but loghostcolumn not set May 16 11:28:36 mxstore2a saslauthd[7862]: pam_mysql: error: sqllog set but logtimecolumn not set May 16 11:28:36 mxstore2a saslauthd[7862]: returning 0 . May 16 11:28:36 mxstore2a saslauthd[7862]: returning 0. May 16 11:28:36 mxstore2a saslauthd[7862]: pam_mysql: acct_mgmt called but not implemented. Dont panic though :) May 16 11:28:55 mxstore2a saslauthd[7861]: pam_sm_authenticate called. May 16 11:28:55 mxstore2a saslauthd[7861]: dbuser changed. May 16 11:28:55 mxstore2a saslauthd[7861]: dbpasswd changed. May 16 11:28:55 mxstore2a saslauthd[7861]: host changed. May 16 11:28:55 mxstore2a saslauthd[7861]: database changed. May 16 11:28:55 mxstore2a saslauthd[7861]: table changed. May 16 11:28:55 mxstore2a saslauthd[7861]: usercolumn changed. May 16 11:28:55 mxstore2a saslauthd[7861]: passwdcolumn changed. May 16 11:28:55 mxstore2a saslauthd[7861]: db_connect called. May 16 11:28:55 mxstore2a saslauthd[7861]: returning 0 . Thanks ! Faris -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20080516/d861933b/attachment.html From Rudy.Gevaert at UGent.be Fri May 16 06:49:22 2008 From: Rudy.Gevaert at UGent.be (Rudy Gevaert) Date: Fri, 16 May 2008 12:49:22 +0200 Subject: debian etch 2.3.12p2 com_err Message-ID: <482D66B2.60200@UGent.be> Hello, I have compiled 2.3.12p2 on Debian Etch and I noticed that the binaries are not linked against com_err. Compiling on sarge with the same compile options produces binaries linked against com_err. I'm a bit confused why this is. As I have libcomerr2, and comerr-dev installed on both system. I compile with --with-com_err=/usr In config.log I see: COM_ERR_CPPFLAGS='-I/usr/include/et' COM_ERR_LDFLAGS='' COM_ERR_LIBS='/usr/lib/libcom_err.a' IMAP_COM_ERR_LIBS='/usr/lib/libcom_err.a' However, IMAP_LIBS does not have -lcom_err Also, the etch system doesn't have any kerberos libraries installed. Could that be the cause? Any idea why that is? Thanks in advance, -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- Rudy Gevaert Rudy.Gevaert at UGent.be tel:+32 9 264 4734 Directie ICT, afd. Infrastructuur ICT Department, Infrastructure office Groep Systemen Systems group Universiteit Gent Ghent University Krijgslaan 281, gebouw S9, 9000 Gent, Belgie www.UGent.be -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- From aspineux at gmail.com Fri May 16 08:06:51 2008 From: aspineux at gmail.com (Alain Spineux) Date: Fri, 16 May 2008 14:06:51 +0200 Subject: Imap saslauthd produces huge no of logs & crashe In-Reply-To: <533874.40713.qm@web33201.mail.mud.yahoo.com> References: <533874.40713.qm@web33201.mail.mud.yahoo.com> Message-ID: <71fe4e760805160506w3f170895y3e05503a9b88cf3e@mail.gmail.com> On Fri, May 16, 2008 at 12:06 PM, faris wrote: > Hi, > > I am little bit new to cyrus and now a days my cyrus imap server crashes > every day. once stop/start cyrus, services are back to normal. After > checking the /var/log/messages & /var/log/imapd.log i get huge no > of messages coming. donno how to trace the error. also i need to stop cyrus > imap & saslauthd information coming to my /var/log/messages file as > well. information is listed below. please help ! If restarting imapd solve your problem, this is probably related to cyrus, but I dont see anything wrong here. See below for further details. Whats is your problem ? What does mean "crashes" ? Doe you have a cyrmaster.log or any log about cyrmaster process ? > > > [root at imap ~]# tail -f /var/log/messages > May 16 10:41:14 mxstore2a saslauthd[7860]: sqlLog called. > May 16 10:41:14 mxstore2a saslauthd[7860]: pam_mysql: error: sqllog set but You have set sqllog to True but dont have created the required SQL table. Set it to False or create the table! > logtable not set > May 16 10:41:14 mxstore2a saslauthd[7860]: pam_mysql: error: sqllog set but > logmsgcolumn not set > May 16 10:41:14 mxstore2a saslauthd[7860]: pam_mysql: error: sqllog set but > logusercolumn not set > May 16 10:41:14 mxstore2a saslauthd[7860]: pam_mysql: error: sqllog set but > loghostcolumn not set > May 16 10:41:14 mxstore2a saslauthd[7860]: pam_mysql: error: sqllog set but > logtimecolumn not set > May 16 10:41:14 mxstore2a saslauthd[7860]: returning 0 . > May 16 10:41:14 mxstore2a saslauthd[7860]: returning 0. > May 16 10:41:14 mxstore2a saslauthd[7860]: pam_mysql: acct_mgmt called but > not implemented. Dont panic though :) > May 16 10:41:14 mxstore2a imap[7873]: login: cctrl1 [10.2.30.214] 999999999 > plaintext User logged in > May 16 10:41:20 mxstore2a saslauthd[7861]: pam_sm_authenticate called. > May 16 10:41:20 mxstore2a saslauthd[7861]: dbuser changed. > May 16 10:41:20 mxstore2a saslauthd[7861]: dbpasswd changed. > May 16 10:41:20 mxstore2a saslauthd[7861]: host changed. > May 16 10:41:20 mxstore2a saslauthd[7861]: database changed. > May 16 10:41:20 mxstore2a saslauthd[7861]: table changed. > May 16 10:41:20 mxstore2a saslauthd[7861]: usercolumn changed. > May 16 10:41:20 mxstore2a saslauthd[7861]: passwdcolumn changed. > May 16 10:41:20 mxstore2a saslauthd[7861]: db_connect called. > May 16 10:41:20 mxstore2a saslauthd[7861]: returning 0 . > May 16 10:41:20 mxstore2a saslauthd[7861]: db_checkpasswd called. > May 16 10:41:20 mxstore2a saslauthd[7861]: pam_mysql: where clause = > May 16 10:41:20 mxstore2a saslauthd[7861]: SELECT user_pswd FROM UserInfo > WHERE username='94723783294' > May 16 10:41:20 mxstore2a saslauthd[7861]: sqlLog called. > May 16 10:41:20 mxstore2a saslauthd[7861]: pam_mysql: error: sqllog set but > logtable not set > May 16 10:41:20 mxstore2a saslauthd[7861]: pam_mysql: error: sqllog set but > logmsgcolumn not set > May 16 10:41:20 mxstore2a saslauthd[7861]: pam_mysql: error: sqllog set but > logusercolumn not set > May 16 10:41:20 mxstore2a saslauthd[7861]: pam_mysql: error: sqllog set but > loghostcolumn not set > May 16 10:41:20 mxstore2a saslauthd[7861]: pam_mysql: error: sqllog set but > logtimecolumn not set > May 16 10:41:20 mxstore2a saslauthd[7861]: returning 0 . > ----------------------------------------------------------------------------- > > > [root at imap ~]# tail -f /var/log/imapd.log > May 16 11:28:21 mxstore2a imap[7968]: login: cctrl1 [10.2.30.214] > 94724550835 plaintext User logged in > May 16 11:28:21 mxstore2a imap[7968]: open: user 94724550835 opened INBOX > May 16 11:28:21 mxstore2a imap[7968]: open: user 94724550835 opened INBOX > May 16 11:28:21 mxstore2a imap[7968]: SQUAT failed to open index file > May 16 11:28:21 mxstore2a imap[7968]: SQUAT failed > May 16 11:28:21 mxstore2a imap[7968]: SQUAT failed to open index file > May 16 11:28:21 mxstore2a imap[7968]: SQUAT failed > May 16 11:28:21 mxstore2a imap[7968]: SQUAT failed to open index file > May 16 11:28:21 mxstore2a imap[7968]: SQUAT failed Their is nothing wrong with that > May 16 11:28:21 mxstore2a imap[7968]: open: user 94724550835 opened > INBOX.Saved Items > > ---------------------------------------------------------------------------------------- > > > [root at imap ~]# tail -f /var/log/auth.log > May 16 11:28:36 mxstore2a saslauthd[7862]: SELECT user_pswd FROM UserInfo > WHERE username='94725327205' > May 16 11:28:36 mxstore2a saslauthd[7862]: sqlLog called. > May 16 11:28:36 mxstore2a saslauthd[7862]: pam_mysql: error: sqllog set but > logtable not set > May 16 11:28:36 mxstore2a saslauthd[7862]: pam_mysql: error: sqllog set but > logmsgcolumn not set > May 16 11:28:36 mxstore2a saslauthd[7862]: pam_mysql: error: sqllog set but > logusercolumn not set > May 16 11:28:36 mxstore2a saslauthd[7862]: pam_mysql: error: sqllog set but > loghostcolumn not set > May 16 11:28:36 mxstore2a saslauthd[7862]: pam_mysql: error: sqllog set but > logtimecolumn not set > May 16 11:28:36 mxstore2a saslauthd[7862]: returning 0 . > May 16 11:28:36 mxstore2a saslauthd[7862]: returning 0. > May 16 11:28:36 mxstore2a saslauthd[7862]: pam_mysql: acct_mgmt called but > not implemented. Dont panic though :) > May 16 11:28:55 mxstore2a saslauthd[7861]: pam_sm_authenticate called. > May 16 11:28:55 mxstore2a saslauthd[7861]: dbuser changed. > May 16 11:28:55 mxstore2a saslauthd[7861]: dbpasswd changed. > May 16 11:28:55 mxstore2a saslauthd[7861]: host changed. > May 16 11:28:55 mxstore2a saslauthd[7861]: database changed. > May 16 11:28:55 mxstore2a saslauthd[7861]: table changed. > May 16 11:28:55 mxstore2a saslauthd[7861]: usercolumn changed. > May 16 11:28:55 mxstore2a saslauthd[7861]: passwdcolumn changed. > May 16 11:28:55 mxstore2a saslauthd[7861]: db_connect called. > May 16 11:28:55 mxstore2a saslauthd[7861]: returning 0 . > > > Thanks ! > > Faris > > ---- > Cyrus Home Page: http://cyrusimap.web.cmu.edu/ > Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html > -- Alain Spineux aspineux gmail com May the sources be with you From Nikolaus at rath.org Fri May 16 08:20:09 2008 From: Nikolaus at rath.org (Nikolaus Rath) Date: Fri, 16 May 2008 14:20:09 +0200 Subject: Return-Path in Sieve Scripts Message-ID: <874p8yphja.fsf@nokile.rath.org> Hello, I am delivering mail to cyrus from exim using lmtpd. Apparently lmtpd adds the Return-Path header only after the sieve scripts have been processed, because in the scripts I cannot match this header. If I add the return-path using exim before the message is delivered to lmtpd, the sieve script works. However, lmtpd then adds a second return-path header. This is does not cause any actual problems, but I do not like it nevertheless. Is there a way to forbid lmtpd to add a second return-path header or, alternatively, to have it add the header earlier, so that I can use it in sieve scripts? Thanks in advance, -Nikolaus -- Nikolaus at rath.org | College Ring 6, 28759 Bremen, Germany Class of 2008 - Physics | Jacobs University Bremen ?My opinions may have changed, but not the fact that I am right.? From Hagedorn at uni-koeln.de Fri May 16 10:04:15 2008 From: Hagedorn at uni-koeln.de (Sebastian Hagedorn) Date: Fri, 16 May 2008 16:04:15 +0200 Subject: Return-Path in Sieve Scripts In-Reply-To: <874p8yphja.fsf@nokile.rath.org> References: <874p8yphja.fsf@nokile.rath.org> Message-ID: Hi, --On 16. Mai 2008 14:20:09 +0200 Nikolaus Rath wrote: > I am delivering mail to cyrus from exim using lmtpd. > > Apparently lmtpd adds the Return-Path header only after the sieve > scripts have been processed, because in the scripts I cannot match > this header. > > If I add the return-path using exim before the message is delivered to > lmtpd, the sieve script works. However, lmtpd then adds a second > return-path header. This is does not cause any actual problems, but I > do not like it nevertheless. > > Is there a way to forbid lmtpd to add a second return-path header or, > alternatively, to have it add the header earlier, so that I can use it > in sieve scripts? I can't answer your question, but I don't think it's a good idea to even try it like that. That's what the "envelope" test in RFC 5228 is for ... require "envelope"; if envelope :all :is "from" "tim at example.com" { discard; } So the better question would be IMO if and when Cyrus will support that test. -- .:.Sebastian Hagedorn - RZKR-R1 (Geb?ude 52), Zimmer 18.:. Zentrum f?r angewandte Informatik - Universit?tsweiter Service RRZK .:.Universit?t zu K?ln / Cologne University - ? +49-221-478-5587.:. .:.:.:.Skype: shagedorn.:.:.:. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 186 bytes Desc: not available Url : http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20080516/a9dbc820/attachment.bin From blake at ispn.net Fri May 16 10:35:07 2008 From: blake at ispn.net (Blake Hudson) Date: Fri, 16 May 2008 09:35:07 -0500 Subject: Cyrus questions, lost emails, reconstruct In-Reply-To: <33260.192.168.10.25.1210920832.squirrel@webmail.bi.corp.invoca.ch> References: <804249.78337.qm@web30504.mail.mud.yahoo.com> <33260.192.168.10.25.1210920832.squirrel@webmail.bi.corp.invoca.ch> Message-ID: <482D9B9B.7070501@ispn.net> -------- Original Message -------- Subject: Re: Cyrus questions, lost emails, reconstruct From: Simon Matter To: Derrick Seymour Date: Friday, May 16, 2008 1:53:52 AM >>> I am on a mac os x server 10.3.9 >>> >>> not sure how to find the cyrus version, naive i >>> know... >>> >> I dont know anything to os x packaging >> >> >>> the -i is from one of apples documents on how to >>> reconstruct the entire database for cyrus. the -r >>> >> is >> >>> for a single user, knowing now that it is broken >>> >> makes >> >>> a lot of sense with the problems i am having >>> reconstructing. >>> >> -r is for "recursive" (on usual cyrus install) >> >> >>> latest system changes was the installation of >>> spamassassin with procmail for the relay. This i >>> believe this caused my initial problem with the >>> disappearing emails. Not to concerned about that >>> right now, though i will be very happy to receive >>> suggestions on that. >>> >> cyrus users use SIEVE instead of procmail. >> Of course sieve is not as flexible as procmail, but a >> lot lot >> faster, more secure, and part of cyrus >> >> Read this, to be sure your procmail configuration is >> compatible with >> cyrus >> http://www.oreilly.com/catalog/mimap/chapter/ch09.html >> >> Is your mail store on a networked disk ? >> >> >>> Main problem is to get reconstruct working, I will >>> deal with the disappearing emails later on, need to >>> get them back now and be able to get them back >>> reliably in the future until i fix the core problem >>> with the disappearing emails. >>> >>> updated info that i found: >>> >>> when i take a look at the mailbox.db for the user >>> >> that >> >>> has a corrupted in box i get this.... >>> >>> myserver2:/var/imap user# sudo -u cyrus >>> /usr/bin/cyrus/bin/ctl_mboxlist -d | grep brokenuser >>> user.brokenuser default BROKENUSER >>> >> lrswipcda >> >>> user.brokenuser.INBOX^Drafts default brokenuser >>> lrswipcda >>> user.brokenuser.INBOX^Sent default brokenuser >>> lrswipcda >>> user.brokenuser.INBOX^Trash default brokenuser >>> lrswipcda >>> >>> as you can see the inbox has the user in all caps, >>> makes sense now why they can't get into there inbox, >>> >> i >> >>> believe this is case sensitive, so now how do i >>> >> change >> >>> this back to lowercase and or which reconstruct >>> command (i know -r is broken) will work. I don't >>> >> mind >> >>> the broken construct if i can edit the mailbox.db >>> successfully to fix the one issue with the caps. >>> >> can >> >>> always do up a script. >>> >> use cyradm to change ACL, using "sam" command >> >> >>> i've checked other users, all of there info is in >>> lowercase.... >>> >> >> First off let me thank all of you for your help so >> far. >> >> To answer the above questions: >> >> My mail store is on a fiber channel RAID >> Procmail looks to be set up properly, i will look into >> this further >> Mac os x 10.3.9 ships with cyrus 2.2.10, or should i >> say was updated to 2.2.10 >> Up until the installation of spamassassin and procmail >> there has been no 'reported' problems >> >> though i don't think the reconstruct problem has >> anything to do with the install, the disappearing >> emails maybe. >> >> Here is some updates: >> >> Through long searching I decided to try this, after i >> backed up everything....twice ;-) >> >> stopped mail >> >> sudo -u cyrus /usr/bin/cyrus/bin/ctl_mboxlist -d > >> /mailboxdb.txt >> >> edited the caps user to lower case with pico >> >> sudo -u cyrus /usr/bin/cyrus/bin/ctl_mboxlist -u < >> /mailboxdb.txt >> >> started mail >> >> this worked, as far as i can tell, no loss of email >> and the user can log back in with squirrelmail with >> out the error "mailbox does not exist" >> >> Logged in with a couple of other users via IMAP and >> POP everything looks good. >> >> While editing the mailboxdb i found something >> strange..... >> >> as you can see below there is an entry for some users >> in all upper case, there is also complete entries for >> these users also in lower case. >> >> > > Are you using autocreate inbox? I don't know much about your config but > that kind of problems usually comes when you let your users login with all > caps usernames and you have an authentication method which is not case > sensitive on the username side (like LDAP). Then your users can > successfully login using all CAPS, but that means they don't get their > true mailbox but a new empty one. Check the username_tolower setting in > imapd.conf. But, you simply should not let your users login with > squirrelmail with uppercase because the username may be lowered by cyrus > but squirrelmail creates new preferences for the uppercase user. I made my > own PAM module which denies all upper case usernames (we wanted all > lowercase). http://www.invoca.ch/pub/packages/pam_deny_uc/ > > Simon > > > ---- > Cyrus Home Page: http://cyrusimap.web.cmu.edu/ > Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html > There is a squirrelmail option for this... $force_username_lowercase = true; -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20080516/b1d07818/attachment.html From simon.matter at invoca.ch Fri May 16 11:29:37 2008 From: simon.matter at invoca.ch (Simon Matter) Date: Fri, 16 May 2008 17:29:37 +0200 (CEST) Subject: Cyrus questions, lost emails, reconstruct In-Reply-To: <482D9B9B.7070501@ispn.net> References: <804249.78337.qm@web30504.mail.mud.yahoo.com> <33260.192.168.10.25.1210920832.squirrel@webmail.bi.corp.invoca.ch> <482D9B9B.7070501@ispn.net> Message-ID: <38650.192.168.10.25.1210951777.squirrel@webmail.bi.corp.invoca.ch> >> my >> own PAM module which denies all upper case usernames (we wanted all >> lowercase). http://www.invoca.ch/pub/packages/pam_deny_uc/ >> >> Simon >> > > There is a squirrelmail option for this... > $force_username_lowercase = true; Thanks for the info, that's good to know. The problem we had was that we had all kind of apps and just couldn't check every single app whether it has a way to force lowercase usernames. The group of apps was not limited to email related things like MTA's, cyrus and others. The easiest way was to simply deny all uppercase usernames, no matter where they came from. Simon From huston at astro.princeton.edu Fri May 16 11:40:37 2008 From: huston at astro.princeton.edu (Steve Huston) Date: Fri, 16 May 2008 11:40:37 -0400 Subject: Administrivia: info-cyrus VERPing? Message-ID: <482DAAF5.1020803@astro.princeton.edu> Could someone in charge of the Big Red Switch on the mailing list decide if VERP will be on or off for it? One out of every 5-6 emails to the list is delivered with a Sender: of info-cyrus-bounces+huston=astro.princeton.edu at lists.andrew.cmu.edu instead of info-cyrus-bounces at lists.andrew.cmu.edu and making me wonder why I'm getting personal emails off-list since they're not filtered. Though yes, I could change the filter to a regex, and probably will.. I just figured the setting would be either on or off and not flipping back and forth. To answer the question before it arrives, yes I'm that obstinate to have noticed :> -- Steve Huston - W2SRH - Unix Sysadmin, Dept. of Astrophysical Sciences Princeton University | ICBM Address: 40.346525 -74.651285 126 Peyton Hall |"On my ship, the Rocinante, wheeling through Princeton, NJ 08544 | the galaxies; headed for the heart of Cygnus, (609) 258-7375 | headlong into mystery." -Rush, 'Cygnus X-1' From blake at ispn.net Fri May 16 11:51:53 2008 From: blake at ispn.net (Blake Hudson) Date: Fri, 16 May 2008 10:51:53 -0500 Subject: Cyrus questions, lost emails, reconstruct In-Reply-To: <38650.192.168.10.25.1210951777.squirrel@webmail.bi.corp.invoca.ch> References: <804249.78337.qm@web30504.mail.mud.yahoo.com> <33260.192.168.10.25.1210920832.squirrel@webmail.bi.corp.invoca.ch> <482D9B9B.7070501@ispn.net> <38650.192.168.10.25.1210951777.squirrel@webmail.bi.corp.invoca.ch> Message-ID: <482DAD99.7070500@ispn.net> -------- Original Message -------- Subject: Re: Cyrus questions, lost emails, reconstruct From: Simon Matter To: Blake Hudson Date: Friday, May 16, 2008 10:29:37 AM >>> my >>> own PAM module which denies all upper case usernames (we wanted all >>> lowercase). http://www.invoca.ch/pub/packages/pam_deny_uc/ >>> >>> Simon >>> >>> >> There is a squirrelmail option for this... >> $force_username_lowercase = true; >> > > Thanks for the info, that's good to know. > > The problem we had was that we had all kind of apps and just couldn't > check every single app whether it has a way to force lowercase usernames. > The group of apps was not limited to email related things like MTA's, > cyrus and others. The easiest way was to simply deny all uppercase > usernames, no matter where they came from. > > Simon > > We've done similar, authentication is case sensitive for both usernames and passwords - Using the mysql BINARY flag. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20080516/c46abfff/attachment-0001.html From Nikolaus at rath.org Fri May 16 08:27:57 2008 From: Nikolaus at rath.org (Nikolaus Rath) Date: Fri, 16 May 2008 14:27:57 +0200 Subject: Backscatter solutions References: <48234E97.5000301@interak.com> Message-ID: <87wsluo2lu.fsf@nokile.rath.org> Marc Grober writes: > I am getting pounded by backscatter as a result of one of my addresses > being used by some major spammers. Are there any solutions available > to address all the Delivery failure and bounce notices. I would at > least like to be able to sort between such responses from mail I am > actually sending and the backscatter. I have looked through headers > and nothing seems an obvious candidate. I am using address rewriting for all addresses @rath.org: - Every outgoing mail has its envelope from rewritten to @bounce.rath.org, a domain name that isn't used for anything else - Bounces (i.e., mails coming with envelope from <>) send to @rath.org are rejected as backscatter. - Mail to @bounce.rath.org is rewritten back to @rath.org So far this has worked perfectly. But of course, there might be software that sends bounces to the From: or Reply-To: address. So if you want to use this not exclusively for your own address, you probably want to be careful. HTH, -Nikolaus -- Nikolaus at rath.org | College Ring 6, 28759 Bremen, Germany Class of 2008 - Physics | Jacobs University Bremen ?My opinions may have changed, but not the fact that I am right.? From cyrus at fiddaman.net Fri May 16 15:18:04 2008 From: cyrus at fiddaman.net (Andy Fiddaman) Date: Fri, 16 May 2008 19:18:04 +0000 (GMT) Subject: sync_server crashing.. Message-ID: Hi, I'm hoping that someone who is familiar with the replication code can help me with a problem I'm seeing with Cyrus 2.3.12. I have a two server replicated setup and sync_server is occasionally crashing. Once it's crashed once it keeps on crashing until I completely reset replication by snapshotting the master, removing the sync logs and rsyncing the snapshot to the replica. The crash is happening in sync_cacheitem_size() Core was generated by `sync_server'. Program terminated with signal 11, Segmentation fault. [New process 71345 ] #0 0x0000000100020204 in sync_cacheitem_size ( cacheitem=0xffffffff97db9528
) at sync_commit.c:330 330 cacheitem = CACHE_ITEM_NEXT(cacheitem); (gdb) print cacheitem $1 = 0xffffffff97db9528
(gdb) print cacheitembegin $3 = 0xffffffff778b22bc " Prestige\" ((\"del philippe\" NIL \"rangely\" \"domain.net\")) ((\"del philippe\" NIL \"rangely\" \"domain.net\")) ((\"del philippe\" NIL \"rangely\" \"domain.net\")) ((NIL NIL \"jagood\" \"domain.co.uk\")) NIL NIL NIL \"<000901c8a8b9$03fade7f$848e5f90 at dnmqfv>\")" I've added some debug lines to the function to print out the item length and item text for each cache item traversed. When it crashes I get something like the following: itemlen=407 item=[("Thu, 19 May 2016 15:20:46 +0800" "=?GB2312?B?c2FsZXPXqs/6ytuyvw==?=" (("=?GB2312?B?06rP+teovNIttPLU7MTjtcTNu8bGwaY=?=" NIL "osjdhk" "gokceada.com")) (("=?GB2312?B?06rP+teovNIttPLU7MTjtcTNu8bGwaY=?=" NIL "osjdhk" "gokceada.com")) (("=?GB2312?B?06rP+teovNIttPLU7MTjtcTNu8bGwaY=?=" NIL "osjdhk" "gokceada.com")) ((NIL NIL "sales" "somedomai.co.uk")) NIL NIL NIL "<200705190728.l4J7Sk8X005881 at myserver1.net>")] itemlen=77 item=[("TEXT" "PLAIN" ("CHARSET" "GB2312") NIL NIL "7BIT" 5267 179 NIL NIL NIL NIL)] itemlen=61 item=[("TEXT" "PLAIN" ("CHARSET" "GB2312") NIL NIL "7BIT" 5267 179)] itemlen=48 item=[] itemlen=166 item=[Message-Id: <200705190728.l4J7Sk8X005881 at myserver1.net>^M itemlen=56 item=[\350\220\245\351\224\200\344\270\223\345\256\266-\346\211\223\351\200\240\344\275\240\347\232\204\347\252\201\347\240\264\345\212\233 ] itemlen=23 item=[] itemlen=0 item=[] itemlen=0 item=[] itemlen=23 item=[{17}^M itemlen=468 item=[("Thu, 19 May 2016 17:28:11 +0800" ... over 8000 more lines, then: itemlen=1313426464 item=[NIL "7BIT" 475 16 NIL NIL NIL NIL)("TEXT" "HTML" ("CHARSET" "Windows-1252") NIL NIL "QUOTED-PRINTABLE" 1760 55 NIL NIL NIL NIL) "ALTERNATIVE" ("BOUNDARY" "----=_NextPart_000_0006_01C8A94A.CC9C2B80") NIL NIL NIL)] This last itemlen pushes the pointer out of the allocated memory and causes the crash. Any ideas on whether these entries look right and where I should look next to debug it? Thanks, Andy From brong at fastmail.fm Sun May 18 02:04:37 2008 From: brong at fastmail.fm (Bron Gondwana) Date: Sun, 18 May 2008 16:04:37 +1000 Subject: sync_server crashing.. In-Reply-To: References: Message-ID: <1211090677.20047.1253742743@webmail.messagingengine.com> On Fri, 16 May 2008 19:18:04 +0000 (GMT), "Andy Fiddaman" said: > > Hi, > > I'm hoping that someone who is familiar with the replication code can > help me with a problem I'm seeing with Cyrus 2.3.12. > > I have a two server replicated setup and sync_server is occasionally > crashing. Once it's crashed once it keeps on crashing until I completely > reset replication by snapshotting the master, removing the sync logs > and rsyncing the snapshot to the replica. > > The crash is happening in sync_cacheitem_size() > > Core was generated by `sync_server'. > Program terminated with signal 11, Segmentation fault. > > [...] > > This last itemlen pushes the pointer out of the allocated memory and > causes the crash. > > Any ideas on whether these entries look right and where I should look > next > to debug it? You have a corrupted cache file. Various things could have caused this, it isn?t easy to know what it was. Your fix works because once you rsync, there is no mention of the folder with the problem in the sync log any more, however next time anything happens on that folder you get the crash again. 1) figure out what folder it is 2) reconstruct it 3) profit??? Enjoy, Bron. -- Bron Gondwana brong at fastmail.fm From cyrus at fiddaman.net Sun May 18 17:44:45 2008 From: cyrus at fiddaman.net (Andy Fiddaman) Date: Sun, 18 May 2008 21:44:45 +0000 (GMT) Subject: sync_server crashing.. In-Reply-To: <1211090677.20047.1253742743@webmail.messagingengine.com> References: <1211090677.20047.1253742743@webmail.messagingengine.com> Message-ID: On Sun, 18 May 2008, Bron Gondwana wrote: ; You have a corrupted cache file. Various things could have caused this, ; it isn?t easy to know what it was. Thanks. I can't find the corrupted mailbox so I've run reconstruct on everything, rsyncd the master to replica again and I'll see if the problem recurs (you can tell it isn't a massive mailstore!) I tried to find the mailbox with the problem by writing a quick program to scan through each cache file and it didn't detect any errors. I also ran mbexamine on every mailbox with no problems so I don't know where the corruption, if any, was. Keeping my fingers crossed anyway, A. From brong at fastmail.fm Sun May 18 18:07:42 2008 From: brong at fastmail.fm (Bron Gondwana) Date: Mon, 19 May 2008 08:07:42 +1000 Subject: sync_server crashing.. In-Reply-To: References: <1211090677.20047.1253742743@webmail.messagingengine.com> Message-ID: <1211148462.32051.1253818251@webmail.messagingengine.com> On Sun, 18 May 2008 21:44:45 +0000 (GMT), "Andy Fiddaman" said: > On Sun, 18 May 2008, Bron Gondwana wrote: > > ; You have a corrupted cache file. Various things could have caused > this, > ; it isn?t easy to know what it was. > > Thanks. > > I can't find the corrupted mailbox so I've run reconstruct on everything, > rsyncd the master to replica again and I'll see if the problem recurs > (you > can tell it isn't a massive mailstore!) > > I tried to find the mailbox with the problem by writing a quick program > to > scan through each cache file and it didn't detect any errors. I also ran > mbexamine on every mailbox with no problems so I don't know where the > corruption, if any, was. > > Keeping my fingers crossed anyway, Hmm.. by corrupted cache file it could actually be the cache base pointers from the cyrus.index that are corrupted. One cause was delayed expunge and reconstruct, but David Carter wrote some patches which got into 2.3.12 to fix that, so new reconstructs will be fine. Bron. -- Bron Gondwana brong at fastmail.fm From dbosso+lists.cyrus at lsit.ucsb.edu Sun May 18 20:44:21 2008 From: dbosso+lists.cyrus at lsit.ucsb.edu (David R Bosso) Date: Sun, 18 May 2008 17:44:21 -0700 Subject: sync_server crashing.. In-Reply-To: <1211148462.32051.1253818251@webmail.messagingengine.com> References: <1211090677.20047.1253742743@webmail.messagingengine.com> <1211148462.32051.1253818251@webmail.messagingengine.com> Message-ID: --On Monday, May 19, 2008 8:07 AM +1000 Bron Gondwana wrote: > > On Sun, 18 May 2008 21:44:45 +0000 (GMT), "Andy Fiddaman" > said: >> On Sun, 18 May 2008, Bron Gondwana wrote: >> >> ; You have a corrupted cache file. Various things could have caused >> this, >> ; it isn?t easy to know what it was. >> >> Thanks. >> >> I can't find the corrupted mailbox so I've run reconstruct on everything, >> rsyncd the master to replica again and I'll see if the problem recurs >> (you >> can tell it isn't a massive mailstore!) >> >> I tried to find the mailbox with the problem by writing a quick program >> to >> scan through each cache file and it didn't detect any errors. I also ran >> mbexamine on every mailbox with no problems so I don't know where the >> corruption, if any, was. >> >> Keeping my fingers crossed anyway, > > Hmm.. by corrupted cache file it could actually be the cache base pointers > from the cyrus.index that are corrupted. One cause was delayed expunge > and reconstruct, but David Carter wrote some patches which got into 2.3.12 > to fix that, so new reconstructs will be fine. > FWIW, ipurge is corrupting cache files for me. I'll hopefully have some time to track it down soon unless someone has already looked at it. -David From maurizio.lobosco at eng.it Mon May 19 04:48:32 2008 From: maurizio.lobosco at eng.it (Maurizio Lo Bosco) Date: Mon, 19 May 2008 10:48:32 +0200 Subject: Cyrus - GFS slow start and poor performace In-Reply-To: <2E1EFC89-C0B5-43A1-8A0B-FD68EECE36E0@yazzy.org> References: <200805141059.34066.maurizio.lobosco@eng.it> <200805151525.58295.maurizio.lobosco@eng.it> <2E1EFC89-C0B5-43A1-8A0B-FD68EECE36E0@yazzy.org> Message-ID: <200805191048.32670.maurizio.lobosco@eng.it> Hi all, Bron has analysed the problem of the low start and it seams due to the locking on the mailbox.db for each mailbox. Something like //for mailbox in $mailbox_list // lock mailbox // do something // unlock The lock/unlock seams to be a bottleneck for the GFS. Using the flat configuration for the mailbox.db the slow start disapepars. May I use a flat database for 4300+ mailbox? Do you think I could have other performance problems in delivery/accessing the mailbox? Regards Maurizio From janne.peltonen at helsinki.fi Mon May 19 05:25:23 2008 From: janne.peltonen at helsinki.fi (Janne Peltonen) Date: Mon, 19 May 2008 12:25:23 +0300 Subject: Cyrus - GFS slow start and poor performace In-Reply-To: <200805191048.32670.maurizio.lobosco@eng.it> References: <200805141059.34066.maurizio.lobosco@eng.it> <200805151525.58295.maurizio.lobosco@eng.it> <2E1EFC89-C0B5-43A1-8A0B-FD68EECE36E0@yazzy.org> <200805191048.32670.maurizio.lobosco@eng.it> Message-ID: <20080519092523.GN16963@helsinki.fi> On Mon, May 19, 2008 at 10:48:32AM +0200, Maurizio Lo Bosco wrote: > Hi all, > Bron has analysed the problem of the low start and it seams due to the locking > on the mailbox.db for each mailbox. Something like > //for mailbox in $mailbox_list > // lock mailbox > // do something > // unlock > > The lock/unlock seams to be a bottleneck for the GFS. > > Using the flat configuration for the mailbox.db the slow start disapepars. > May I use a flat database for 4300+ mailbox? > Do you think I could have other performance problems in delivery/accessing the > mailbox? I considered creating a GFS spool for a 50000 mailbox system, but during testing, the GFS lock overhead would've been too much during delivery peaks. Probably had to do mostly with delivery.db locking. --Janne Peltonen University of Helsinki -- Janne Peltonen From maurizio.lobosco at eng.it Mon May 19 06:18:56 2008 From: maurizio.lobosco at eng.it (Maurizio Lo Bosco) Date: Mon, 19 May 2008 12:18:56 +0200 Subject: Cyrus - GFS slow start and poor performace In-Reply-To: <20080519092523.GN16963@helsinki.fi> References: <200805141059.34066.maurizio.lobosco@eng.it> <200805191048.32670.maurizio.lobosco@eng.it> <20080519092523.GN16963@helsinki.fi> Message-ID: <200805191218.57073.maurizio.lobosco@eng.it> > > Using the flat configuration for the mailbox.db the slow start > > disapepars. May I use a flat database for 4300+ mailbox? > > Do you think I could have other performance problems in > > delivery/accessing the mailbox? > > I considered creating a GFS spool for a 50000 mailbox system, but during > testing, the GFS lock overhead would've been too much during delivery > peaks. Probably had to do mostly with delivery.db locking. so far, with 4300+ users it is safe to use a flat database for the mailbox.db but I will encounter issues with the delivery. If I'm not wrong the delivery.db database is reported as duplicate_db in the imapd.conf and it is not possible to set it as flat. We don't use the suppression capability of the cyrus ( a bug of the outlook message id in the read_confirm&reply ) so It could be safe to put 2 separate database on the local FS. Is this correct? Regards Maurizio From damm at yazzy.org Mon May 19 07:09:40 2008 From: damm at yazzy.org (Scott Likens) Date: Mon, 19 May 2008 04:09:40 -0700 Subject: Cyrus - GFS slow start and poor performace In-Reply-To: <200805191218.57073.maurizio.lobosco@eng.it> References: <200805141059.34066.maurizio.lobosco@eng.it> <200805191048.32670.maurizio.lobosco@eng.it> <20080519092523.GN16963@helsinki.fi> <200805191218.57073.maurizio.lobosco@eng.it> Message-ID: Hi Maurizo, Technically, even if you were using duplicate suppression it would not be a huge loss to store it on a local filesystem. You don't usually see duplicate id's unless someone's MTA goes bonkers; or their MUA is stupid; oh and SPAM. So yeah go for it, that'll save you a good deal of heartache. On May 19, 2008, at 3:18 AM, Maurizio Lo Bosco wrote: >>> Using the flat configuration for the mailbox.db the slow start >>> disapepars. May I use a flat database for 4300+ mailbox? >>> Do you think I could have other performance problems in >>> delivery/accessing the mailbox? >> >> I considered creating a GFS spool for a 50000 mailbox system, but >> during >> testing, the GFS lock overhead would've been too much during delivery >> peaks. Probably had to do mostly with delivery.db locking. > > so far, with 4300+ users it is safe to use a flat database for the > mailbox.db > but I will encounter issues with the delivery. > If I'm not wrong the delivery.db database is reported as > duplicate_db in the > imapd.conf and it is not possible to set it as flat. We don't use the > suppression capability of the cyrus ( a bug of the outlook message > id in the > read_confirm&reply ) so It could be safe to put 2 separate database > on the > local FS. Is this correct? > > Regards > Maurizio > ---- > Cyrus Home Page: http://cyrusimap.web.cmu.edu/ > Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html > > > !DSPAM:48315d3550081699917803! > > From mahecha at jsums.edu Mon May 19 12:31:12 2008 From: mahecha at jsums.edu (mahecha at jsums.edu) Date: Mon, 19 May 2008 11:31:12 -0500 (CDT) Subject: are these error messages severe? and how to fix them? Message-ID: <1708.143.132.201.192.1211214672.squirrel@webmail.jsums.edu> greetings all. This morning a user called me saying that he was using reading his email (via squirrelmail) in one computer, then he logged out, and some time later went to another computer open squirrelmail, and his mail was gone.... I checked directly in the mailstore and he had only a couple of messages, but he assures me that he did not delete anything.... After some search on the log files, I found something like this: May 19 09:56:05 ccaix imaps[8619]: skiplist: recovered /var/lib/imap/user/C/user^name.seen (3 records, 7316 bytes) in 0 seconds after some more digging, Ifind that a bunch of account have the same type of "error" messages. What do they mean? and how to fix them? are they serious? I read some info and it says to delete the .seen and athen reconstruct the db for all users, but I'm not sure I want to do that for all the system. Is there a way to do it for a single user (or a smal group of users). Will cyrus delete emails during the process of recovering a user.seen file? Currently using: Cent OS 4 x_64 Cyrus POP3 v2.2.12-Invoca-RPM-2.2.12-8.1 ESMTP Sendmail 8.13.1/8.13.1 Thanks in advanced. Thanks -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20080519/3bf8278e/attachment.html From aspineux at gmail.com Mon May 19 14:17:41 2008 From: aspineux at gmail.com (Alain Spineux) Date: Mon, 19 May 2008 20:17:41 +0200 Subject: are these error messages severe? and how to fix them? In-Reply-To: <1708.143.132.201.192.1211214672.squirrel@webmail.jsums.edu> References: <1708.143.132.201.192.1211214672.squirrel@webmail.jsums.edu> Message-ID: <71fe4e760805191117o4fed2ebbyeb8aea674bd6257a@mail.gmail.com> On Mon, May 19, 2008 at 6:31 PM, wrote: > greetings all. > > This morning a user called me saying that he was using reading his email > (via squirrelmail) in one computer, then he logged out, and some time later > went to another computer open squirrelmail, and his mail was gone.... > > I checked directly in the mailstore and he had only a couple of messages, > but he assures me that he did not delete anything.... > > After some search on the log files, I found something like this: > > May 19 09:56:05 ccaix imaps[8619]: skiplist: recovered > /var/lib/imap/user/C/user^name.seen (3 records, 7316 bytes) in 0 seconds > > after some more digging, Ifind that a bunch of account have the same type of > "error" messages. Is it always about the .seen file ? Or about a skiplist ? > > What do they mean? and how to fix them? are they serious? > - The .seen is an index that contains the state of emails, if you have already read it or not. - cyrreconstruct aka reconstruct is the tool to do the job, but it looks like cyrus do it by itself ! - The .seen is only the .seen :-) This error is harmless, except if it appears to often and is the sign of something going wrong. > I read some info and it says to delete the .seen and athen reconstruct the > db for all users, but I'm not sure I want to do that for all the system. Don't delete these files. Cyrus and cyrreconstruct are able to repair them! If you still get a problem after a repair then you could try to delete it, for a try, but the you loose all your "mail status" > > Is there a way to do it for a single user (or a smal group of users). Yes cyrreconstruct can work for one ore more user and also all user at once. > > Will cyrus delete emails during the process of recovering a user.seen file? > No But the file that can be bring into play whe emailq are disappearing is the .index file, and a cyrreconstruct will repair it also. As you can see, running this command , # man imapd.conf | col -b | grep _db annotation_db: skiplist duplicate_db: berkeley-nosync mboxkey_db: skiplist mboxlist_db: skiplist ptscache_db: berkeley quota_db: quotalegacy seenstate_db: skiplist subscription_db: flat tlscache_db: berkeley-nosync cyrus use a lot of db with a lot of backend, some back-end are more or less reliable than other, depending the OS or the imap version. As a workaround it is possible to change the backend. > Currently using: > Cent OS 4 x_64 If you look in previous post (1 year ago maybe) theyr was post about probleme in the "map" function that was generating problem with old kernel. And a 64bits should not help. Was your system working well in the past ? Before to do something, be sure to have identified your problem. > Cyrus POP3 v2.2.12-Invoca-RPM-2.2.12-8.1 > ESMTP Sendmail 8.13.1/8.13.1 > > Thanks in advanced. > > Thanks > > ---- > Cyrus Home Page: http://cyrusimap.web.cmu.edu/ > Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html > -- Alain Spineux aspineux gmail com May the sources be with you From simon.matter at invoca.ch Mon May 19 15:07:55 2008 From: simon.matter at invoca.ch (Simon Matter) Date: Mon, 19 May 2008 21:07:55 +0200 (CEST) Subject: are these error messages severe? and how to fix them? In-Reply-To: <71fe4e760805191117o4fed2ebbyeb8aea674bd6257a@mail.gmail.com> References: <1708.143.132.201.192.1211214672.squirrel@webmail.jsums.edu> <71fe4e760805191117o4fed2ebbyeb8aea674bd6257a@mail.gmail.com> Message-ID: <40448.192.168.10.25.1211224075.squirrel@webmail.bi.corp.invoca.ch> > On Mon, May 19, 2008 at 6:31 PM, wrote: >> greetings all. >> >> This morning a user called me saying that he was using reading his email >> (via squirrelmail) in one computer, then he logged out, and some time >> later >> went to another computer open squirrelmail, and his mail was gone.... >> >> I checked directly in the mailstore and he had only a couple of >> messages, >> but he assures me that he did not delete anything.... >> >> After some search on the log files, I found something like this: >> >> May 19 09:56:05 ccaix imaps[8619]: skiplist: recovered >> /var/lib/imap/user/C/user^name.seen (3 records, 7316 bytes) in 0 seconds I think skiplist files are always "recovered" when they are opened. So that is not a sign of anything wrong. Simon >> >> after some more digging, Ifind that a bunch of account have the same >> type of >> "error" messages. > > Is it always about the .seen file ? Or about a skiplist ? > >> >> What do they mean? and how to fix them? are they serious? >> > > - The .seen is an index that contains the state of emails, if you have > already read it or not. > - cyrreconstruct aka reconstruct is the tool to do the job, but it > looks like cyrus do it by itself ! > - The .seen is only the .seen :-) This error is harmless, except if it > appears to often and > is the sign of something going wrong. > > >> I read some info and it says to delete the .seen and athen reconstruct >> the >> db for all users, but I'm not sure I want to do that for all the system. > > Don't delete these files. Cyrus and cyrreconstruct are able to repair > them! > If you still get a problem after a repair then you could try to delete > it, for a try, > but the you loose all your "mail status" > >> >> Is there a way to do it for a single user (or a smal group of users). > > Yes cyrreconstruct can work for one ore more user and also all user at > once. > >> >> Will cyrus delete emails during the process of recovering a user.seen >> file? >> > > No > > But the file that can be bring into play whe emailq are disappearing > is the .index file, > and a cyrreconstruct will repair it also. > > > As you can see, running this command , > # man imapd.conf | col -b | grep _db > annotation_db: skiplist > duplicate_db: berkeley-nosync > mboxkey_db: skiplist > mboxlist_db: skiplist > ptscache_db: berkeley > quota_db: quotalegacy > seenstate_db: skiplist > subscription_db: flat > tlscache_db: berkeley-nosync > > cyrus use a lot of db with a lot of backend, some back-end are more or > less reliable than other, > depending the OS or the imap version. As a workaround it is possible > to change the backend. > >> Currently using: >> Cent OS 4 x_64 > > If you look in previous post (1 year ago maybe) theyr was post about > probleme in the "map" function that was generating problem with old > kernel. > And a 64bits should not help. > > Was your system working well in the past ? > Before to do something, be sure to have identified your problem. > >> Cyrus POP3 v2.2.12-Invoca-RPM-2.2.12-8.1 >> ESMTP Sendmail 8.13.1/8.13.1 >> >> Thanks in advanced. >> >> Thanks >> >> ---- >> Cyrus Home Page: http://cyrusimap.web.cmu.edu/ >> Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki >> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html >> > > > > -- > Alain Spineux > aspineux gmail com > May the sources be with you > ---- > Cyrus Home Page: http://cyrusimap.web.cmu.edu/ > Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html > From cbs at cts.ucla.edu Mon May 19 20:25:29 2008 From: cbs at cts.ucla.edu (Chris Stromsoe) Date: Mon, 19 May 2008 17:25:29 -0700 (PDT) Subject: Return-Path in Sieve Scripts In-Reply-To: <874p8yphja.fsf@nokile.rath.org> References: <874p8yphja.fsf@nokile.rath.org> Message-ID: On Fri, 16 May 2008, Nikolaus Rath wrote: > Hello, > > I am delivering mail to cyrus from exim using lmtpd. > > Apparently lmtpd adds the Return-Path header only after the sieve > scripts have been processed, because in the scripts I cannot match this > header. This was fixed back in 2.2. See . What release are you running? -Chris From brong at fastmail.fm Mon May 19 20:50:21 2008 From: brong at fastmail.fm (Bron Gondwana) Date: Tue, 20 May 2008 10:50:21 +1000 Subject: are these error messages severe? and how to fix them? In-Reply-To: <40448.192.168.10.25.1211224075.squirrel@webmail.bi.corp.invoca.ch> References: <1708.143.132.201.192.1211214672.squirrel@webmail.jsums.edu> <71fe4e760805191117o4fed2ebbyeb8aea674bd6257a@mail.gmail.com> <40448.192.168.10.25.1211224075.squirrel@webmail.bi.corp.invoca.ch> Message-ID: <1211244621.10166.1254041545@webmail.messagingengine.com> On Mon, 19 May 2008 21:07:55 +0200 (CEST), "Simon Matter" said: > > On Mon, May 19, 2008 at 6:31 PM, wrote: > >> greetings all. > >> > >> This morning a user called me saying that he was using reading his email > >> (via squirrelmail) in one computer, then he logged out, and some time > >> later > >> went to another computer open squirrelmail, and his mail was gone.... > >> > >> I checked directly in the mailstore and he had only a couple of > >> messages, > >> but he assures me that he did not delete anything.... > >> > >> After some search on the log files, I found something like this: > >> > >> May 19 09:56:05 ccaix imaps[8619]: skiplist: recovered > >> /var/lib/imap/user/C/user^name.seen (3 records, 7316 bytes) in 0 seconds > > I think skiplist files are always "recovered" when they are opened. So > that is not a sign of anything wrong. Yeah, all that means is that the timestamp of the skiplist file is earlier than the timestamp of the last time cyrus was started. A "recovery" just goes through the file and makes sure that all the pointers are correct. That message is harmless. Bron. -- Bron Gondwana brong at fastmail.fm From mark at cyberdesigns.co.za Tue May 20 04:44:48 2008 From: mark at cyberdesigns.co.za (Mark Clarke) Date: Tue, 20 May 2008 10:44:48 +0200 Subject: Help with bulletin board functionality Message-ID: <1211273088.6963.40.camel@neo> Hi all, We are experimenting with using cyrus imap bulletin boards. Our imap server hosts several domains and we figured out how to create bulletin board folders for the different domains, in cyradm, by going "cm documents at mydomain.co.za". The issues we are having is 1) How to post to the bulletin board? I have read about using a syntax like +documents at mydomain.co.za. At first the smtp server was refusing to deliver to this address until we added it to the allowed virtual domain addresses. (We are using postfix for smtp). Now the message gets to cyrus but we get a 500 error about the mailbox not existing or not having sufficient rights to post. I have given myself "all" rights to the mailbox. 2)How do you delete an entry from the bulletin board folder? Since I had all rights I deleted a test mail I got into the folder by dragging and dropping it in evolution. On my machine the folder is empty. On other users who has lr rights to the mailbox the mail is still showing. How do I delete it from everyones view? thanks =========================================== Cyber Connect - More than just broadband http://www.CyberConnect.co.za - Vodacom 3G R99/month Cyber Designs - Put your business on the net http://www.CyberDesigns.co.za Jumping Bean - Your Java and Linux Experts http://www.JumpingBean.co.za Tel: 011-781 80 14 Fax: 011-781 80 15 =========================================== Disclaimer Any views or opinions presented in this email are solely those of the author and do not necessarily represent those of the company. Employees of Cyber Designs are expressly required not to make defamatory statements and not to infringe or authorize any infringement of copyright or any other legal right by email communications. Any such communication is contrary to company policy and outside the scope of the employment of the individual concerned. The company will not accept any liability in respect of such communication, and the employee responsible will be personally liable for any damages or other liability arising. From Nikolaus at rath.org Tue May 20 06:35:46 2008 From: Nikolaus at rath.org (Nikolaus Rath) Date: Tue, 20 May 2008 12:35:46 +0200 Subject: Return-Path in Sieve Scripts References: <874p8yphja.fsf@nokile.rath.org> Message-ID: <87tzgt1cvx.fsf@nokile.rath.org> Chris Stromsoe writes: > On Fri, 16 May 2008, Nikolaus Rath wrote: > >> Hello, >> >> I am delivering mail to cyrus from exim using lmtpd. >> >> Apparently lmtpd adds the Return-Path header only after the sieve >> scripts have been processed, because in the scripts I cannot match this >> header. > > This was fixed back in 2.2. See > . What release are > you running? 2.1. I have just upgraded and it is fixed indeed. Thanks, -Nikolaus -- Nikolaus at rath.org | College Ring 6, 28759 Bremen, Germany Class of 2008 - Physics | Jacobs University Bremen ?My opinions may have changed, but not the fact that I am right.? From mahecha at jsums.edu Tue May 20 09:55:28 2008 From: mahecha at jsums.edu (mahecha at jsums.edu) Date: Tue, 20 May 2008 08:55:28 -0500 (CDT) Subject: are these error messages severe? and how to fix them? In-Reply-To: <1211244621.10166.1254041545@webmail.messagingengine.com> References: <1708.143.132.201.192.1211214672.squirrel@webmail.jsums.edu> <71fe4e760805191117o4fed2ebbyeb8aea674bd6257a@mail.gmail.com> <40448.192.168.10.25.1211224075.squirrel@webmail.bi.corp.invoca.ch> <1211244621.10166.1254041545@webmail.messagingengine.com> Message-ID: <2671.143.132.201.192.1211291728.squirrel@webmail.jsums.edu> Thanks, all for your responses.... I still have some questions, though: 1. under what conditions will cyrus delete or "hide" messages from the users' (and admins) sight.... if it does it at all? 2. Ihave been running this cyrus for about 2 yrs now, and never done any maintenance; does cyrus takes care of its own? if not, what is suggested? I do backups every night, export the db to a txt files, etc. but nothing else... Thanks, again > > On Mon, 19 May 2008 21:07:55 +0200 (CEST), "Simon Matter" > said: >> > On Mon, May 19, 2008 at 6:31 PM, wrote: >> >> greetings all. >> >> >> >> This morning a user called me saying that he was using reading his >> email >> >> (via squirrelmail) in one computer, then he logged out, and some time >> >> later >> >> went to another computer open squirrelmail, and his mail was gone.... >> >> >> >> I checked directly in the mailstore and he had only a couple of >> >> messages, >> >> but he assures me that he did not delete anything.... >> >> >> >> After some search on the log files, I found something like this: >> >> >> >> May 19 09:56:05 ccaix imaps[8619]: skiplist: recovered >> >> /var/lib/imap/user/C/user^name.seen (3 records, 7316 bytes) in 0 >> seconds >> >> I think skiplist files are always "recovered" when they are opened. So >> that is not a sign of anything wrong. > > Yeah, all that means is that the timestamp of the skiplist file is earlier > than the timestamp of the last time cyrus was started. A "recovery" just > goes through the file and makes sure that all the pointers are correct. > > That message is harmless. > > Bron. > -- > Bron Gondwana > brong at fastmail.fm > > ---- > Cyrus Home Page: http://cyrusimap.web.cmu.edu/ > Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20080520/16238453/attachment.html From chitnis.ashay at gmail.com Tue May 20 11:27:14 2008 From: chitnis.ashay at gmail.com (Ashay Chitnis) Date: Tue, 20 May 2008 20:57:14 +0530 Subject: Cyrus POP access restritcion to users Message-ID: Hi, I wanted to know if we can restrict some users to access POP and allow some users to access POP. I do not want to have firewall based restriction. I am using cyrus-imapd-2.3.7-4. The same users should be allowed through Webmail without any issue. The users are LDAP users. Can anyone help me on this? regards, Ashay -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20080520/0f5b5cf4/attachment.html From maurizio.lobosco at eng.it Tue May 20 12:01:18 2008 From: maurizio.lobosco at eng.it (Maurizio Lo Bosco) Date: Tue, 20 May 2008 18:01:18 +0200 Subject: Cyrus POP access restritcion to users In-Reply-To: References: Message-ID: <200805201801.18209.maurizio.lobosco@eng.it> > I wanted to know if we can restrict some users to access POP and allow some > users to access POP. I do not want to have firewall based restriction. I > am using cyrus-imapd-2.3.7-4. The same users should be allowed through > Webmail without any issue. The users are LDAP users. Can anyone help me on > this? may be you can try with the pam.d/pop authentication, depending on the version of the pam_ldap library you have on your server, you can specify a different ldap filter only for the pop service, but I don't remember the version of the library you should have for this solution. Regards Maurizio From matthew at mxtelecom.com Tue May 20 12:44:54 2008 From: matthew at mxtelecom.com (Matthew Hodgson) Date: Tue, 20 May 2008 17:44:54 +0100 Subject: Hyphens in folder names break LIST Message-ID: <48330006.1010602@mxtelecom.com> Hi all, If I create a hierarchy of folders such as: test test.SPAM test-foo and try to list the folder hierarchy with something like: 11 LIST "" "test%" I get broken output, where test is listed twice - the second time with a \Noselect flag: * LIST (\HasNoChildren) "." "test" * LIST (\HasNoChildren) "." "test-foo" * LIST (\Noselect \HasChildren) "." "test" This breaks being able to subscribe to the test folder on MUAs such as Thunderbird. The bug appears to be in imapd.c:mstringdata(), which assumes that children immediately follow their parent folder in the list of pattern matches with which mstringdata is invoked. In the above scenario, mstringdata is invoked with test, test-foo, then test.SPAM, as hyphen comes before dot in ASCII. As a result, the partial match suppression logic fails, not recognising test.SPAM as a child folder, and the bogus LIST line is generated. A viable workaround seems to be to simplify the partial match suppression logic such that only the stems of the partial match and previous match are compared - and so the "test" of "test.SPAM" matches against the "test" of "test-foo", despite "test-foo" not actually being the parent of the folder in question. That said, I'm not 100% comfortable with the intended behaviour here, though, so I may well be missing something significant. Is name[matchlen] != '\0' not good enough to detect a partial match that should be suppressed, or does that break for more complicated patterns? My current workaround is: --- imapd.c.orig 2008-05-20 17:38:03.000000000 +0100 +++ imapd.c 2008-05-20 17:38:48.000000000 +0100 @@ -9305,10 +9305,11 @@ return; } - /* Suppress any output of a partial match */ + /* Suppress any output of a partial match. + * Do we even need to compare stems with lastname to see this is a partial match? + */ if ((name[matchlen] - && strncmp(lastname, name, matchlen) == 0 - && (lastname[matchlen] == '\0' || lastname[matchlen] == '.'))) { + && strncmp(lastname, name, matchlen) == 0)) { return; } thanks, M. -- Matthew Hodgson Media & Systems Project Manager Tel: +44 (0) 845 666 7778 http://www.mxtelecom.com From aspineux at gmail.com Tue May 20 13:35:14 2008 From: aspineux at gmail.com (Alain Spineux) Date: Tue, 20 May 2008 19:35:14 +0200 Subject: Cyrus POP access restritcion to users In-Reply-To: References: Message-ID: <71fe4e760805201035g66019c80v29a602f5fbe1a3ee@mail.gmail.com> On Tue, May 20, 2008 at 5:27 PM, Ashay Chitnis wrote: > Hi, > > I wanted to know if we can restrict some users to access POP and allow some > users to access POP. I do not want to have firewall based restriction. I am > using cyrus-imapd-2.3.7-4. The same users should be allowed through Webmail > without any issue. The users are LDAP users. Can anyone help me on this? > If you are using saslauthd you could customize the "ldap_filter" in saslauthd.conf to take care of the service name. adding something like |(!(allowed_service=*))(allowed_service=%s)) Here i suppose %s is the service name (like %u is the username) and you have an ldap attribute allowed_service containing the allowed service per user, or empty for no restriction. Regards. > regards, > Ashay > > > > > ---- > Cyrus Home Page: http://cyrusimap.web.cmu.edu/ > Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html > -- Alain Spineux aspineux gmail com May the sources be with you From michael.menge at zdv.uni-tuebingen.de Tue May 20 13:37:23 2008 From: michael.menge at zdv.uni-tuebingen.de (Michael Menge) Date: Tue, 20 May 2008 19:37:23 +0200 Subject: Cyrus POP access restritcion to users In-Reply-To: <200805201801.18209.maurizio.lobosco@eng.it> References: <200805201801.18209.maurizio.lobosco@eng.it> Message-ID: <20080520193723.yng4seejgg0c4wss@webmail.uni-tuebingen.de> Quoting Maurizio Lo Bosco : >> I wanted to know if we can restrict some users to access POP and allow some >> users to access POP. I do not want to have firewall based restriction. I >> am using cyrus-imapd-2.3.7-4. The same users should be allowed through >> Webmail without any issue. The users are LDAP users. Can anyone help me on >> this? > may be you can try with the pam.d/pop authentication, depending on > the version > of the pam_ldap library you have on your server, you can specify a different > ldap filter only for the pop service, but I don't remember the version of the > library you should have for this solution. > With PAM you can also add other plugins e.g. pam_access in the POP configuration and don't use it for the other PAM configurations -------------------------------------------------------------------------------- M.Menge Tel.: (49) 7071/29-70316 Universitaet Tuebingen Fax.: (49) 7071/29-5912 Zentrum fuer Datenverarbeitung mail: michael.menge at zdv.uni-tuebingen.de Waechterstrasse 76 72074 Tuebingen From aspineux at gmail.com Tue May 20 13:42:19 2008 From: aspineux at gmail.com (Alain Spineux) Date: Tue, 20 May 2008 19:42:19 +0200 Subject: are these error messages severe? and how to fix them? In-Reply-To: <2671.143.132.201.192.1211291728.squirrel@webmail.jsums.edu> References: <1708.143.132.201.192.1211214672.squirrel@webmail.jsums.edu> <71fe4e760805191117o4fed2ebbyeb8aea674bd6257a@mail.gmail.com> <40448.192.168.10.25.1211224075.squirrel@webmail.bi.corp.invoca.ch> <1211244621.10166.1254041545@webmail.messagingengine.com> <2671.143.132.201.192.1211291728.squirrel@webmail.jsums.edu> Message-ID: <71fe4e760805201042r2a8d0288xabc077d0a30c9372@mail.gmail.com> On Tue, May 20, 2008 at 3:55 PM, wrote: > Thanks, all for your responses.... > I still have some questions, though: > > 1. under what conditions will cyrus delete or "hide" messages from the > users' (and admins) sight.... if it does it at all? if the expire annotation is set on the folder (man cyradm for more) > > 2. Ihave been running this cyrus for about 2 yrs now, and never done any > maintenance; does cyrus takes care of its own? Yes > if not, what is suggested? I > do backups every night, export the db to a txt files, etc. but nothing > else... At least keep multiple version of your mailbox.db using "ctl_mboxlist -d ". Backup is mandatory on any system ! Google for "cyrus imap backup" to find more, also "kolab backup wiki" could be helpful. > > > Thanks, again >> >> On Mon, 19 May 2008 21:07:55 +0200 (CEST), "Simon Matter" >> said: >>> > On Mon, May 19, 2008 at 6:31 PM, wrote: >>> >> greetings all. >>> >> >>> >> This morning a user called me saying that he was using reading his >>> email >>> >> (via squirrelmail) in one computer, then he logged out, and some time >>> >> later >>> >> went to another computer open squirrelmail, and his mail was gone.... >>> >> >>> >> I checked directly in the mailstore and he had only a couple of >>> >> messages, >>> >> but he assures me that he did not delete anything.... >>> >> >>> >> After some search on the log files, I found something like this: >>> >> >>> >> May 19 09:56:05 ccaix imaps[8619]: skiplist: recovered >>> >> /var/lib/imap/user/C/user^name.seen (3 records, 7316 bytes) in 0 >>> seconds >>> >>> I think skiplist files are always "recovered" when they are opened. So >>> that is not a sign of anything wrong. >> >> Yeah, all that means is that the timestamp of the skiplist file is earlier >> than the timestamp of the last time cyrus was started. A "recovery" just >> goes through the file and makes sure that all the pointers are correct. >> >> That message is harmless. >> >> Bron. >> -- >> Bron Gondwana >> brong at fastmail.fm >> >> ---- >> Cyrus Home Page: http://cyrusimap.web.cmu.edu/ >> Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki >> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html >> > -- Alain Spineux aspineux gmail com May the sources be with you From sberthelot at emisfr.com Tue May 20 18:32:33 2008 From: sberthelot at emisfr.com (=?ISO-8859-1?Q?St=E9phane_BERTHELOT?=) Date: Wed, 21 May 2008 00:32:33 +0200 Subject: Protection against POP or IMAP Denial of Service (DOS) Message-ID: <48335181.6090704@emisfr.com> Hello everyone, We are using Cyrus IMAP and POP daemons on many servers for quite some time (3+ years) and we're very satisfied with it for now. But being recently attacked many times especially on POP3 service I am looking for some advice or maybe making a feature request for some more protection against DOS. I have had a quick look at the code from version 2.3.12pl2 especially in imap/pop3d.c and I wonder about the way the pop3d daemon accepts commands. If I am not too mistaken is seems to loop forever waiting for new commands until a "quit" or shutdown condition is encountered. But the "Invalid Login" error (cmd_pass) does not seem to close connection or at least start a timeout. Thus, a simple client trying to DOS one of our servers connected multiple times, not even really quickly but left connections open since after an "Invalid Login" error code the pop3d daemon keeps the connection open. This way it is really easy to make a denial of service attack against a production server running cyrus pop3d. I fear there is the same kind of problem with imapd which also seem to keep connections open after a failed login attempt. I read some solutions on this list before but I don't think they can be used correctly in an autonomous (which means I don't want to login and check everything everyday) production system. - using iptables with "recent" module is the "less worst" solution to me since it limits connections per IP, but since we have sometimes clients NATed with hundred of users on same IP address it would not match correctly, still allowing an attacker to leave open a hundred of connection eating a bunch of our resources. - using max child in cyrus.conf. It seems inappropriate to me since it will prevent legitimate users to connect while the attacker is performing, effectively denying service access during that time. - increase security level (SSL/ CRAM-MD5/ ...). In a wonderful world it would be possible but I would bet (but I've not checked yet) that some of our users have pretty broken clients (like old Outl**k...) that would not be able to login anymore. Then we would be stuck or denying some service ourselves ... The correct solution to me would be to allow some configuration directive or even a complex iptable rule that could close or timeout upon the status of the current connection. The logic may be quite simple, since only connections with bad login attempt would have to be closed. Since DOS could be done keeping connections open without trying to login, a timeout for this case should also be used. A production system should certainly use a combination of those, I have no idea how to figure with iptables that the connection has a failed login attempt, or still hasn't logged in. It may be simpler to manage this directly within cyrus backend and allow configuration directives to protect large servers from this kind of DOS... How do you protect your servers against this kind of easy (to me) way of sucking resources ? I am pretty sure this kind of problem will arise more and more often in following weeks/months and an efficient DOS protection is always a good argument for a professional grade IMAP/POP3 solution as Cyrus IMAP. Thanks for reading this long message, I hope you can help me fighting those DOS problems, Regards, Stephane Berthelot. -- St?phane BERTHELOT EmisFR - R?seau : S?curit? et Serveurs , D?veloppements m?tier et sp?cifiques - 10 rue Mazagran, 54000 NANCY, France http://www.emisfr.com Tel/Fax. 03 83 32 25 75 From list at joreybump.com Tue May 20 20:49:41 2008 From: list at joreybump.com (Jorey Bump) Date: Tue, 20 May 2008 20:49:41 -0400 Subject: Protection against POP or IMAP Denial of Service (DOS) In-Reply-To: <48335181.6090704@emisfr.com> References: <48335181.6090704@emisfr.com> Message-ID: <483371A5.9080604@joreybump.com> St?phane BERTHELOT wrote, at 05/20/2008 06:32 PM: > - increase security level (SSL/ CRAM-MD5/ ...). In a wonderful world it > would be possible but I would bet (but I've not checked yet) that some > of our users have pretty broken clients (like old Outl**k...) that would > not be able to login anymore. Then we would be stuck or denying some > service ourselves ... I suggested this, and I've been extremely happy with the results. Offering secure logins is essential these days, but allowing unencrypted PLAIN or LOGIN authentication is no longer necessary (and quite arguably foolish). At this point, anyone with a system so antiquated it can't cope with TLS, SSL or other secure logins poses more of a threat to your service than a drive-by attacker. It stopped the brute force attacks dead in their tracks on my servers. But this will only last until the attackers add TLS support to their malware, so I agree it would be nice if the Cyrus IMAPd code could be hardened against a DoS. I haven't experienced this debilitating effect with other POP3 servers I've used. In any case, I've found this configuration to be quite effective (I'm using sasldb), and it allowed me to identify and help users that were not configuring clients securely: sasl_pwcheck_method: auxprop sasl_mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5 allowplaintext: no sasl_minimum_layer: 128 Once everyone got settled, I haven't heard a peep, and there are no more DoS-related complaints. I also use the following iptables rules to only allow up to 2 connections in a 15 second period, but haven't determined if they're effective: iptables -A INPUT -p tcp -m state --state NEW --dport 110 -m recent --update --seconds 15 --hitcount 2 -j DROP iptables -A INPUT -p tcp -m state --state NEW --dport 110 -m recent --set -j ACCEPT None of my POP3 users have complained, but I don't have many. Most of my users use IMAP. From brong at fastmail.fm Tue May 20 22:59:46 2008 From: brong at fastmail.fm (Bron Gondwana) Date: Wed, 21 May 2008 12:59:46 +1000 Subject: Cyrus POP access restritcion to users In-Reply-To: References: Message-ID: <20080521025946.GB22383@brong.net> On Tue, May 20, 2008 at 08:57:14PM +0530, Ashay Chitnis wrote: > Hi, > > I wanted to know if we can restrict some users to access POP and allow some > users to access POP. I do not want to have firewall based restriction. I am > using cyrus-imapd-2.3.7-4. The same users should be allowed through Webmail > without any issue. The users are LDAP users. Can anyone help me on this? We do exactly this at FastMail, but we use a different approach. All user connections are via an nginx proxy, and the authentication daemon used by nginx will return an error if the user tries to log in via POP. It will also send them an email explaining the policy and offering them an option to upgrade to an account level that does support POP... Bron. From brong at fastmail.fm Tue May 20 23:08:06 2008 From: brong at fastmail.fm (Bron Gondwana) Date: Wed, 21 May 2008 13:08:06 +1000 Subject: Protection against POP or IMAP Denial of Service (DOS) In-Reply-To: <48335181.6090704@emisfr.com> References: <48335181.6090704@emisfr.com> Message-ID: <20080521030806.GC22383@brong.net> On Wed, May 21, 2008 at 12:32:33AM +0200, St?phane BERTHELOT wrote: > But being recently attacked many times especially on POP3 service I am > looking for some advice or maybe making a feature request for some more > protection against DOS. Gosh, I seem to be spending a lot of time pimping nginx here! We get protection against this sort of DOS for free (as well as load balancing and etc) by having frontend servers running nginx as a proxy. Nginx is compiled (on our 2.6.x kernels) with epoll support, so it can handle bazillions of connections with the 8 processes it's configured to use. It also handles SSL (so the backend IMAP machines don't need to) and deals with the connection up until the point where the user is authenticated, at which stage it performs a login on the backend server and links the connection through. Compared to Perdition which was one-process-per-connection, this has scaled amazingly well. One medium spec machine can easily handle (checks) about 7000 connections at the moment, and it scales to a lot more than that during the US day. That's with HTTP proxy, authenticated SMTP injection, ftp server, lots of other things - and the frontend machine is still barely using one of the 4 processor cores in it. You could easily put nginx on your IMAP server directly if you didn't want to dedicate a second machine to the job, and it would handle the DOS risk for you. I like this approach from a UNIX design perspective. One service that is designed for coping with DOS attacks and talking to the outside world, and a separate service that is designed purely for actually providing the service, rather than complicating it with DOS accounting and tracking mechanisms. Bron. From brong at fastmail.fm Wed May 21 07:19:41 2008 From: brong at fastmail.fm (Bron Gondwana) Date: Wed, 21 May 2008 21:19:41 +1000 Subject: Protection against POP or IMAP Denial of Service (DOS) In-Reply-To: <912D90C1-A970-48BC-B2D2-00DB883464C1@prolocation.net> References: <48335181.6090704@emisfr.com> <20080521030806.GC22383@brong.net> <912D90C1-A970-48BC-B2D2-00DB883464C1@prolocation.net> Message-ID: <1211368781.8620.1254324611@webmail.messagingengine.com> On Wed, 21 May 2008 07:13:10 +0200, "Christiaan den Besten" said: > Bron, > > What does the authentication for nginx for you, since it can't query > for example a ldap directly ( at least, not the last time I checked )? > The epoll will scale, but wondering what is the most 'light' method to > do the actual authentication .. Perl, it's the swiss cheese^H^H^H^H^H^Harmy knife of tools. Specifically, we have this funky little thing that's increasingly inaccurately named "saslperld". It's just forking Net::Server derivative that listens to unix sockets. It currently talks the following protocols: * lookup * mux * nginx * perdimap * perdpop * vfs Ok - so we don't use either of the perdition ones any more, they should probably get removed in the cleanup I'm planning to do later this week (while working on one time password, openid, other goodies). "lookup" is a simple key value protocol allowing usernames to be resolved to our internal userids. It's used by log analysis tools. "mux" is the saslauthd protocol. Some sort of packed struct format from memory. "nginx" is the nginx http authentication protocol "vfs" is also very badly named. It's the protocol that I originally wrote for handling our vfs interfaces (DAV & FTP) but has since expanded to be used by our web interface and every other bit of code that wants to check user authentication details, because the protocol is so easy to use from our perl libraries. The overhead of unix sockets really is very low, and being separate processes means any epoll thingy (looking a DJabberd soon hopefully) can chat to it asynchronously without having to do its own thread pool. It also listens on a UDP port for broadcast cache expiry events and caches user details to reduce database traffic for protocols with frequent short-lived logins. Bron. -- Bron Gondwana brong at fastmail.fm From dpc22 at cam.ac.uk Wed May 21 09:34:41 2008 From: dpc22 at cam.ac.uk (David Carter) Date: Wed, 21 May 2008 14:34:41 +0100 (BST) Subject: Hyphens in folder names break LIST In-Reply-To: <48330006.1010602@mxtelecom.com> References: <48330006.1010602@mxtelecom.com> Message-ID: On Tue, 20 May 2008, Matthew Hodgson wrote: > If I create a hierarchy of folders such as: > > test > test.SPAM > test-foo > > and try to list the folder hierarchy with something like: > > 11 LIST "" "test%" > > I get broken output, where test is listed twice - the second time with a > \Noselect flag: The problem is that '-' sorts before '.' in ASCII. Try: improved_mboxlist_sort: 1 (You will need to dump and then restore the mboxlist). -- David Carter Email: David.Carter at ucs.cam.ac.uk University Computing Service, Phone: (01223) 334502 New Museums Site, Pembroke Street, Fax: (01223) 334679 Cambridge UK. CB2 3QH. From brennan at columbia.edu Wed May 21 10:39:28 2008 From: brennan at columbia.edu (Joseph Brennan) Date: Wed, 21 May 2008 10:39:28 -0400 Subject: Help with bulletin board functionality In-Reply-To: <1211273088.6963.40.camel@neo> References: <1211273088.6963.40.camel@neo> Message-ID: <6EA08164354D388CD8572A49@sodor.cc.columbia.edu> --On Tuesday, May 20, 2008 10:44 +0200 Mark Clarke wrote: > We are experimenting with using cyrus imap bulletin boards. Our imap > server hosts several domains and we figured out how to create bulletin > board folders for the different domains, in cyradm, by going "cm > documents at mydomain.co.za". There are probably issues related to the domain hosting that I never had to deal with. But I can answer some of this. > 1) How to post to the bulletin board? > I have read about using a syntax like +documents at mydomain.co.za. At > first the smtp server was refusing to deliver to this address until we > added it to the allowed virtual domain addresses. (We are using postfix > for smtp). Now the message gets to cyrus but we get a 500 error about > the mailbox not existing or not having sufficient rights to post. I have > given myself "all" rights to the mailbox. The permission needed is "anyone p". Depending on how your system is set up, cyrus may have no way to verify who is sending mail, and would need to see that "anyone" has the "p" permission. This is no different than for any mailbox. All inboxes have an implicit "anyone p". > 2)How do you delete an entry from the bulletin board folder? > Since I had all rights I deleted a test mail I got into the folder by > dragging and dropping it in evolution. On my machine the folder is > empty. On other users who has lr rights to the mailbox the mail is still > showing. How do I delete it from everyones view? The same way you delete from any mailbox. Someone with the "d" permission can mark it deleted, and then expunge. I cannot think of any way to duplicate what you describe. It sounds like evolution is showing you something different from what is on the server, which would be pretty bad. Maybe you could check by reading with a different client, or from a different computer, using your own account, or even better, learn how to type imap commands from telnet so you can get a view without a client. Joseph Brennan Lead Email Systems Engineer Columbia University Information Technology From matthew at mxtelecom.com Thu May 22 06:20:15 2008 From: matthew at mxtelecom.com (Matthew Hodgson) Date: Thu, 22 May 2008 11:20:15 +0100 Subject: Hyphens in folder names break LIST In-Reply-To: References: <48330006.1010602@mxtelecom.com> Message-ID: <483548DF.10608@mxtelecom.com> David Carter wrote: > On Tue, 20 May 2008, Matthew Hodgson wrote: > >> If I create a hierarchy of folders such as: >> >> test >> test.SPAM >> test-foo >> >> and try to list the folder hierarchy with something like: >> >> 11 LIST "" "test%" >> >> I get broken output, where test is listed twice - the second time with a >> \Noselect flag: > > The problem is that '-' sorts before '.' in ASCII. Try: > > improved_mboxlist_sort: 1 > > (You will need to dump and then restore the mboxlist). Thanks for the response - I'm not sure how I managed to miss the improved_mboxlist_sort option so spectacularly... on spotting the ASCII sorting problem, one of my first thoughts was to change the comparator in order to fudge the ordering of '.'. Out of interest, do you (or anyone else) understand the mstringdata() code well enough to see what negative side-effects there might be of simplifying the partial match suppression logic? It seems that the function, which actually writes the output of LIST/LSUB commands to the client, is called with the name of the folder which has matched the pattern, with a matchlen argument which describes how much of the name was matched by the pattern before hitting a '%'. As such, I'd have thought that any expression where name[matchlen] != '\0' is by definition a partial match which can be suppressed - and I don't see why the code bothers to compare the stem of the match with the stem of the previously matched folder name (which is where the behaviour then breaks with the default comparator). I'm just wondering if improved_mboxlist_sort is in fact the correct fix to this problem. M. -- Matthew Hodgson Media & Systems Project Manager Tel: +44 (0) 845 666 7778 http://www.mxtelecom.com From iane at sussex.ac.uk Thu May 22 13:10:52 2008 From: iane at sussex.ac.uk (Ian Eiloart) Date: Thu, 22 May 2008 18:10:52 +0100 Subject: lmtp problem - end of file reached Message-ID: <3D1DCE52768D39872786EE1A@lewes.staff.uscs.susx.ac.uk> Hi, I have a set of cyrus servers, and a cluster of smtp servers with perdition IMAP proxy servers sitting in front. I'm creating a new front end, which will replace the perdition proxies with a cyrus murder, so that we can share mailboxes across servers. I'd like to include cyrus lmtpproxyd, so that my smtp servers can take advantage of the murder, instead of having to work out which back end to deliver to. Currently, they're using an LDAP server to discover the correct backend server. Instead, I want to deliver locally, via a UNIX domain socket. The problem is that I can't get my front end to connect with lmtp through murder. The problem isn't connectivity, since I can use lmtptest to connect directly to the backend, and actually deliver a message. And, I can actually get a log from the server. However, when I deliver to the local lmtp proxy, it does this: snow-170 % nc -vU /opt/local/etc/cyrus/socket/lmtpproxy 220 snow.uscs.susx.ac.uk LMTP Cyrus v2.3.8 ready mail from:<> 250 2.1.0 ok rcpt to: 550-Mailbox unknown. Either there is no mailbox associated with this 550-name or you do not have authorization to see it. 550 5.1.1 User unknown rcpt to: 250 2.1.5 ok data 354 go ahead Subject: foo . 451 4.4.3 Remote server unavailable Failure to handle an unknown recipient indicates that the mailbox has been found through the murder. And, the "server unavailable" message is false, because the server has actually logged part of the proxy to server conversation, thus: >1211466931>220 mailstore1.uscs.susx.ac.uk LMTP Cyrus v2.3.8 ready <12114669311211466931>250-mailstore1.uscs.susx.ac.uk 250-8BITMIME 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-SIZE 52428800 250-AUTH EXTERNAL 250 IGNOREQUOTA >1211466931>421 4.4.1 bye end of file reached What's more, I've seen that same conversation with tcpdump on both the proxy and the server hosts. Am I right in thinking that this happened because the lmtp proxy gave up? Or, has the server encountered some local end of file? LMTPTEST tells me a little more: snow-241 % lmtptest mailstore1.uscs.sussex.ac.uk lmtp S: 220 mailstore1.uscs.susx.ac.uk LMTP Cyrus v2.3.8 ready C: LHLO example.com S: 250-mailstore1.uscs.susx.ac.uk S: 250-8BITMIME S: 250-ENHANCEDSTATUSCODES S: 250-PIPELINING S: 250-SIZE 52428800 S: 250-AUTH EXTERNAL S: 250 IGNOREQUOTA Authentication failed. no mechanism available Security strength factor: 0 Here, I'm beginning to suspect that the client is giving up because it can't authenticate. The server is started using "-a" which means that we're pre-authenticated. I suspect that disabling pre-authentication might fix my problem, but will prevent the existing smtp/lmtp cluster from delivering email! In this case, I can press ahead and actually deliver the email. lhlo iane 250-mailstore1.uscs.susx.ac.uk 250-8BITMIME 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-SIZE 52428800 250-AUTH EXTERNAL 250 IGNOREQUOTA mail from:<> 250 2.1.0 ok rcpt to: 250 2.1.5 ok data 354 go ahead Subject: foobar . 250 2.1.5 Ok quit 221 2.0.0 bye Connection closed. -- Ian Eiloart IT Services, University of Sussex x3148 From blake at ispn.net Thu May 22 15:17:02 2008 From: blake at ispn.net (Blake Hudson) Date: Thu, 22 May 2008 14:17:02 -0500 Subject: Status of Cyrus replication Message-ID: <4835C6AE.8030602@ispn.net> Hey all, last time I checked replication was undergoing major overhauls and incompatibility between minor versions of 2.3.x was pretty great. There were also a few bugs that could potentially cause trouble down the road. I've had the need to create setups with failover servers and have continued using rsync on an interval (~30 to 60 min) for this purpose. Unfortunately this causes quite a lot of IO load on the servers and I was hoping that a rolling replication setup would help resolve this. What's the status of Cyrus replication in the latest releases of 2.3.x - specifically with virtual domains enabled? It also seems like there have been some problems with the latest releases of 2.3 and I'm hesitant to upgrade my 99% working 2.3.1 install. Any lingering issues or reason not to upgrade? For those who have the need to create a "hot spare" server and are not using Cyrus replication, what method are you guys using to accomplish this goal? Thanks, --Blake From morgan at orst.edu Thu May 22 15:21:35 2008 From: morgan at orst.edu (Andrew Morgan) Date: Thu, 22 May 2008 12:21:35 -0700 (PDT) Subject: lmtp problem - end of file reached In-Reply-To: <3D1DCE52768D39872786EE1A@lewes.staff.uscs.susx.ac.uk> References: <3D1DCE52768D39872786EE1A@lewes.staff.uscs.susx.ac.uk> Message-ID: On Thu, 22 May 2008, Ian Eiloart wrote: > LMTPTEST tells me a little more: > > snow-241 % lmtptest mailstore1.uscs.sussex.ac.uk lmtp > S: 220 mailstore1.uscs.susx.ac.uk LMTP Cyrus v2.3.8 ready > C: LHLO example.com > S: 250-mailstore1.uscs.susx.ac.uk > S: 250-8BITMIME > S: 250-ENHANCEDSTATUSCODES > S: 250-PIPELINING > S: 250-SIZE 52428800 > S: 250-AUTH EXTERNAL > S: 250 IGNOREQUOTA > Authentication failed. no mechanism available > Security strength factor: 0 > > Here, I'm beginning to suspect that the client is giving up because it > can't authenticate. The server is started using "-a" which means that > we're pre-authenticated. I suspect that disabling pre-authentication might > fix my problem, but will prevent the existing smtp/lmtp cluster from > delivering email! In this case, I can press ahead and actually deliver the > email. If I remember right, the -a option does not do anything when operating in a Murder cluster. It is not too hard to setup LMTP authentication using Postfix. You should be able to setup LMTP auth in your current environment, then remove the -a option, and continue with your Murder testing. Andy From brong at fastmail.fm Fri May 23 06:16:41 2008 From: brong at fastmail.fm (Bron Gondwana) Date: Fri, 23 May 2008 20:16:41 +1000 Subject: Status of Cyrus replication In-Reply-To: <4835C6AE.8030602@ispn.net> References: <4835C6AE.8030602@ispn.net> Message-ID: <20080523101641.GA9282@brong.net> On Thu, May 22, 2008 at 02:17:02PM -0500, Blake Hudson wrote: > Hey all, last time I checked replication was undergoing major overhauls > and incompatibility between minor versions of 2.3.x was pretty great. > There were also a few bugs that could potentially cause trouble down the > road. I've had the need to create setups with failover servers and have > continued using rsync on an interval (~30 to 60 min) for this purpose. > Unfortunately this causes quite a lot of IO load on the servers and I > was hoping that a rolling replication setup would help resolve this. Yeah, it would! Are you using rsync 3.0? It doesn't help with the IO load, but at least it's a bit more incremental about things. Also, you can get huge performance wins with a tiny bit of custom code, something like this hunk of untested perl: while (readdir(DH)) { if (m/^cyrus\./) { # rsync this file, could have changed arbitrarily } elsif (m/^\d+\.$/) { # this is a cyrus message file, if it exists on the replica then # no need to try and sync } elsif (! m/^\./) { # this is a subfolder, sync it. } } Basically, you don't need to stat the message files, which are the bulk of your data. ... but that's still a lot of custom protocol development and stuff. Annoying. > What's the status of Cyrus replication in the latest releases of 2.3.x - > specifically with virtual domains enabled? It's getting pretty good actually. Most of our replication errors for the last couple of weeks have been traced back to a bug in our automated user-move code, which meant it failed to add a "USER $foo" to the sync log after moving users to new servers - so moved users who had no activity were not replicated. > It also seems like there have been some problems with the latest > releases of 2.3 and I'm hesitant to upgrade my 99% working 2.3.1 > install. Any lingering issues or reason not to upgrade? There were some bad times in there. The only outstanding bug I'm aware of in 2.3.12 is the blank lines in config file segfault - you'll either see that straight away or not at all! > For those who have the need to create a "hot spare" server and are not > using Cyrus replication, what method are you guys using to accomplish > this goal? Our backup system (not quite the same!) uses a perl module which reads the folder records from mailboxes.db and then uses fcntl locks on the cyrus.* files in each folder to block out cyrus while it streams the cyrus.* files. These are then backed up, and also parsed to see what message files are indexed - this is compared against what has already been fetched, and any new messages are also fetched and stored. It's blindingly quick through intimate knowledge of Cyrus's internals. In the best case, no matter how big the folder, it costs only two stats (cyrus.header and cyrus.index, we don't bother backing up cyrus.cache since it's all derived information). If either of them has changed we stream the contents of them both. Only then if there are new message files do we cause any IO on the data partition, and that is direct filename opens. No readdirs ever. Bron. From iane at sussex.ac.uk Fri May 23 09:10:48 2008 From: iane at sussex.ac.uk (Ian Eiloart) Date: Fri, 23 May 2008 14:10:48 +0100 Subject: lmtp problem - end of file reached In-Reply-To: References: <3D1DCE52768D39872786EE1A@lewes.staff.uscs.susx.ac.uk> Message-ID: > > If I remember right, the -a option does not do anything when operating in > a Murder cluster. It is not too hard to setup LMTP authentication using > Postfix. You should be able to setup LMTP auth in your current > environment, then remove the -a option, and continue with your Murder > testing. > > Andy Thanks, that's a useful idea. Actually, I've settled on starting a second lmtp listener on the backend, this one with authentication. It requires me to use a separate port, but that seems to work ok. Presumably I need to authenticate using the values of proxy_authname: and proxy_password: as defined in imapd.conf? Hmm, anyone else considering trying this on a live service should make sure that soft_noauth: is enabled. Otherwise, you'll reject email deliveries in the event that your authentication fails. -- Ian Eiloart IT Services, University of Sussex x3148 From morgan at orst.edu Fri May 23 15:44:33 2008 From: morgan at orst.edu (Andrew Morgan) Date: Fri, 23 May 2008 12:44:33 -0700 (PDT) Subject: lmtp problem - end of file reached In-Reply-To: References: <3D1DCE52768D39872786EE1A@lewes.staff.uscs.susx.ac.uk> Message-ID: On Fri, 23 May 2008, Ian Eiloart wrote: > Thanks, that's a useful idea. Actually, I've settled on starting a second > lmtp listener on the backend, this one with authentication. It requires me to > use a separate port, but that seems to work ok. > > Presumably I need to authenticate using the values of > proxy_authname: > and > proxy_password: > as defined in imapd.conf? I don't if that works or not. We use: lmtp_admins: cyr_lmtp cyr_proxy "cyr_lmtp" is used only for mail delivery. "cyr_proxy" is the proxy_authname. Andy From torlasz at xenia.sote.hu Sat May 24 09:23:10 2008 From: torlasz at xenia.sote.hu (Tornoci Laszlo) Date: Sat, 24 May 2008 15:23:10 +0200 Subject: FUD client with virtual domains Message-ID: <483816BE.7080701@xenia.sote.hu> Hi, I cannot make FUD to work with virtual domain users. Can someone help me with this? I have been using the FUD client/server for local users for some time successfully. I am planning to introduce virtual domains, and did some testing. ACL's are ok for local user torlasz and virtual user valaki at net-test3.sote.hu: localhost.localdomain> lam user.torlasz torlasz lrswipcda anonymous 0 localhost.localdomain> lam user.valaki at net-test3.sote.hu valaki at net-test3.sote.hu lrswipkxtecda anonymous 0 FUD works fine for local user torlasz: $ ./fud-client localhost torlasz user.torlasz user: torlasz mbox: user.torlasz Number of Recent 5 Last read: Mon May 19 20:55:00 2008 Last arrived: Wed May 21 04:10:10 2008 However, fud times out for the virtual user (line may be wrapped): $ ./fud-client localhost valaki at net-test3.sote.hu user.valaki at net-test3.sote.hu fud-client: request timed out. FUD responds to local users about virtual mailboxes: $ ./fud-client localhost foobar user.valaki at net-test3.sote.hu user: foobar mbox: user.valaki at net-test3.sote.hu Number of Recent 9 Last read: Thu Jan 1 01:00:00 1970 Last arrived: Wed May 21 13:44:41 2008 However, the "Last read:" info is not correct. Am I doing something wrong, or is this a bug? Yours: Laszlo From cyrus at fiddaman.net Sat May 24 14:37:56 2008 From: cyrus at fiddaman.net (Andy Fiddaman) Date: Sat, 24 May 2008 18:37:56 +0000 (GMT) Subject: sync_server crashing.. In-Reply-To: <1211148462.32051.1253818251@webmail.messagingengine.com> References: <1211090677.20047.1253742743@webmail.messagingengine.com> <1211148462.32051.1253818251@webmail.messagingengine.com> Message-ID: On Mon, 19 May 2008, Bron Gondwana wrote: ; > On Sun, 18 May 2008, Bron Gondwana wrote: ; > ; > ; You have a corrupted cache file. Various things could have caused ; > this, ; > ; it isn?t easy to know what it was. ; ; Hmm.. by corrupted cache file it could actually be the cache base pointers ; from the cyrus.index that are corrupted. One cause was delayed expunge ; and reconstruct, but David Carter wrote some patches which got into 2.3.12 ; to fix that, so new reconstructs will be fine. Six days since the reconstruct and no crashes so it looks good, thanks again. Andy From ck1 at inf.tu-dresden.de Mon May 26 06:46:47 2008 From: ck1 at inf.tu-dresden.de (christine kuhlmey) Date: Mon, 26 May 2008 12:46:47 +0200 Subject: tell sieve vacation not to reply to return-path Message-ID: <483A9517.5020302@inf.tu-dresden.de> Hello to all, I need to forward my emails from one server to another and on that way the Return-Path header is being modified to my own address on the forwarding host. This usually won't be a problem because the From-header remains unchanged. But at the final destination server (cyrus) I do email-filtering with sieve and after filtering I want to submit vacation messages to the original sender. Unfortunately sieve-vacation sends it's replies to the address in the Return-Path header, which is my own address thus sending vacation replies to myself and not to the originator of that message. Is there a way to tell sieve not to do that and to reply to the From-address instead? Any help is greatly appreciated! Thanks in advance - Christine Kuhlmey From bob3bob3 at suddenlink.net Tue May 27 07:04:23 2008 From: bob3bob3 at suddenlink.net (Bob Bob) Date: Tue, 27 May 2008 06:04:23 -0500 Subject: Moving files to imap folders In-Reply-To: <20080423105115.5816.EE63E960@remedial-teacher.nl> References: <20080423105115.5816.EE63E960@remedial-teacher.nl> Message-ID: <483BEAB7.9050704@suddenlink.net> As much as I shouldnt suggest a M$ product.. Ordinary Outlook allows you to "post" to a mail folder. At the raw IMAP level it looks like a mail message but you can embedd anything you like within the post object. Note that it is still difficult however to search inside these "messages" if you are looking for specific content. The data gets saved inside the good old winmail.dat/RTF "attachment". Another simple way is to create a message, attach your file, save it as a draft and then move it to the folder where you want to save it.. Cheers Bob Test wrote: > Does anyone know if there is a way to move/copy files (like documents, > zip files etc.) to an imap folder ? > > I would not like to mail them, just make the files available through > imap. > From bob3bob3 at suddenlink.net Tue May 27 07:16:20 2008 From: bob3bob3 at suddenlink.net (Bob Bob) Date: Tue, 27 May 2008 06:16:20 -0500 Subject: Slow Outlook Connector In-Reply-To: <20080505195235.GA23175@estella.daimi.au.dk> References: <20080505195235.GA23175@estella.daimi.au.dk> Message-ID: <483BED84.1070701@suddenlink.net> An HTML attachment was scrubbed... URL: http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20080527/91a97f2c/attachment.html From kae at midnighthax.com Tue May 27 13:32:13 2008 From: kae at midnighthax.com (Keith Edmunds) Date: Tue, 27 May 2008 18:32:13 +0100 Subject: Not all mailboxes listed when migrating to new server Message-ID: <20080527183213.5c7b9a19@ws.in.tiger-computing.com> I am migrating a Cyrus IMAP server to new hardware. To migrate the accounts I did the following on the old server: ctl_mboxlist -d > /tmp/mailboxes.dump ...and on the server: /usr/sbin/ctl_mboxlist -u < /tmp/mailboxes.dump /usr/sbin/cyrreconstruct (This is a Debian system, so the "reconstruct" command has been renamed). From inside cyradm, a "lm" lists about a quarter of the mailboxes (that's a guess; if it's important I'll find out how many), yet the directory structure within the Cyrus partition appears to contain all accounts. If I do a 'lam user.xxx' where user.xxx is one of the accounts not listed, I get 'Mailbox does not exist'. If I send a mail to that user on the new server and repeat the 'lam user.xxx', I get a blank line output, suggesting that the mailbox does now exist but with no acls. The mail sent to that user can be seen in the filesystem. Can anyone shed any light on what is happening here? Thanks, Keith Versions: Old server: name : Cyrus IMAPD version : v2.2.10 2004/11/23 17:52:52 vendor : Project Cyrus support-url: http://asg.web.cmu.edu/cyrus os : FreeBSD os-version : 4.11-STABLE environment: Built w/Cyrus SASL 2.1.20 Running w/Cyrus SASL 2.1.20 Built w/Sleepycat Software: Berkeley DB 3.3.11: (July 12, 2001) Running w/Sleepycat Software: Berkeley DB 3.3.11: (July 12, 2001) Built w/OpenSSL 0.9.7d 17 Mar 2004 Running w/OpenSSL 0.9.7d 17 Mar 2004 CMU Sieve 2.2 TCP Wrappers mmap = shared lock = fcntl nonblock = fcntl auth = unix idle = poll New server: name : Cyrus IMAPD version : v2.2.13-Debian-2.2.13-10 2006/11/13 16:17:53 vendor : Project Cyrus support-url: http://asg.web.cmu.edu/cyrus os : Linux os-version : 2.6.18-6-686 environment: Built w/Cyrus SASL 2.1.22 Running w/Cyrus SASL 2.1.22 Built w/Sleepycat Software: Berkeley DB 4.2.52: (December 3, 2003) Running w/Sleepycat Software: Berkeley DB 4.2.52: (December 3, 2003) Built w/OpenSSL 0.9.8c 05 Sep 2006 Running w/OpenSSL 0.9.8c 05 Sep 2006 CMU Sieve 2.2 TCP Wrappers NET-SNMP mmap = shared lock = fcntl nonblock = fcntl idle = poll From aspineux at gmail.com Tue May 27 15:45:31 2008 From: aspineux at gmail.com (Alain Spineux) Date: Tue, 27 May 2008 21:45:31 +0200 Subject: Not all mailboxes listed when migrating to new server In-Reply-To: <20080527183213.5c7b9a19@ws.in.tiger-computing.com> References: <20080527183213.5c7b9a19@ws.in.tiger-computing.com> Message-ID: <71fe4e760805271245v398799a6w28dc90d8f7d9caac@mail.gmail.com> On Tue, May 27, 2008 at 7:32 PM, Keith Edmunds wrote: > I am migrating a Cyrus IMAP server to new hardware. To > migrate the accounts I did the following on the old server: > > ctl_mboxlist -d > /tmp/mailboxes.dump > > ...and on the server: > > /usr/sbin/ctl_mboxlist -u < /tmp/mailboxes.dump > /usr/sbin/cyrreconstruct > > (This is a Debian system, so the "reconstruct" command has > been renamed). > > >From inside cyradm, a "lm" lists about a quarter of the > mailboxes (that's a guess; if it's important I'll find out > how many), yet the directory structure within the Cyrus > partition appears to contain all accounts. > > If I do a 'lam user.xxx' where user.xxx is one of the > accounts not listed, I get 'Mailbox does not exist'. If I > send a mail to that user on the new server and repeat the > 'lam user.xxx', I get a blank line output, suggesting that > the mailbox does now exist but with no acls. The mail sent > to that user can be seen in the filesystem. > > Can anyone shed any light on what is happening here? You should read the message posted one week ago with subject: "Hyphens in folder names break LIST" Maybe it will help > > Thanks, > Keith > > Versions: > Old server: > name : Cyrus IMAPD > version : v2.2.10 2004/11/23 17:52:52 > vendor : Project Cyrus > support-url: http://asg.web.cmu.edu/cyrus > os : FreeBSD > os-version : 4.11-STABLE > environment: Built w/Cyrus SASL 2.1.20 > Running w/Cyrus SASL 2.1.20 > Built w/Sleepycat Software: Berkeley DB 3.3.11: (July 12, 2001) > Running w/Sleepycat Software: Berkeley DB 3.3.11: (July 12, 2001) > Built w/OpenSSL 0.9.7d 17 Mar 2004 > Running w/OpenSSL 0.9.7d 17 Mar 2004 > CMU Sieve 2.2 > TCP Wrappers > mmap = shared > lock = fcntl > nonblock = fcntl > auth = unix > idle = poll > > > New server: > name : Cyrus IMAPD > version : v2.2.13-Debian-2.2.13-10 2006/11/13 16:17:53 > vendor : Project Cyrus > support-url: http://asg.web.cmu.edu/cyrus > os : Linux > os-version : 2.6.18-6-686 > environment: Built w/Cyrus SASL 2.1.22 > Running w/Cyrus SASL 2.1.22 > Built w/Sleepycat Software: Berkeley DB 4.2.52: (December 3, 2003) > Running w/Sleepycat Software: Berkeley DB 4.2.52: (December 3, 2003) > Built w/OpenSSL 0.9.8c 05 Sep 2006 > Running w/OpenSSL 0.9.8c 05 Sep 2006 > CMU Sieve 2.2 > TCP Wrappers > NET-SNMP > mmap = shared > lock = fcntl > nonblock = fcntl > idle = poll > > > ---- > Cyrus Home Page: http://cyrusimap.web.cmu.edu/ > Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html > -- Alain Spineux aspineux gmail com May the sources be with you From aj at mindcrash.com Wed May 28 16:08:27 2008 From: aj at mindcrash.com (aj at mindcrash.com) Date: Wed, 28 May 2008 16:08:27 -0400 Subject: Cyrus Redudancy with Autocreate Message-ID: <20080528160827.157376uuycjfvcg8@www.mindcrash.com> Hi, What I am looking to do is have a cyrus installation that supports the autocreate inbox patch, but also has some redundancy. I was looking into using a murder, but according to the documentation for the autocreate patch, it does not support a murder. Has anyone set up a large scale (> 20,000 mailboxes) cyrus installation with the autocreate patch, and if so would you be willing to share your experiences and what the best practices are? Thanks. AJ From k.proskurin at fxclub.org Thu May 29 04:41:18 2008 From: k.proskurin at fxclub.org (Proskurin Kirill) Date: Thu, 29 May 2008 12:41:18 +0400 Subject: Restore cyrus mailboxes.db script Message-ID: <483E6C2E.1050107@fxclub.org> Hello all. Yesterday we have a situation. On device were we store config directory of Cyrus 2.3.7 free space was finished... Im stop the Cyrus, and free some space. Try to start it again. It does not start. Then im look to logs im found that a we have many cyrus db errors. After some examination and fixes im found that mailboxes.db was empty (144 bytes). Cyrus can start but it dont know anything about mailboxes what stored in cyrus partition. We look at reconstruction tool and found the magic "-m" option which must reconstruct mailboxes.db parsing cyrus partition. But... it`s dont implemented yet... Great... We start to gooogle. Funny thing - google full of cyrus db error stories. After some hours of goooogling and shell scripting this script was created. Idea of this script is to parsing a cyrus partition and create a file in cyrus databases text dump format. See attachment. It is not fully universal of course but it works. Im hope Cyrus developers can make some sort of "reconstruct -m" program based on it. -- Best regards, Proskurin Kirill -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: cyrusrepair.sh Url: http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20080529/2be370ab/attachment.ksh From mz at newyorkcity.de Thu May 29 05:28:11 2008 From: mz at newyorkcity.de (Martin Ziegler) Date: Thu, 29 May 2008 11:28:11 +0200 Subject: IMSP Authentication issue Message-ID: Good Morning All, i'm currently migrating my system to a new server and unfortunately i have to recompile all the stuff. Happily it went quite well with one exception. The authentication mechanism for IMSPd is no longer working. I'm using saslauthd which connects to a MYSQL databse. This works for all other daemons without any problem including Cyrus IMAPd. When i try to log in to IMSPd saslauthd returns a successfull authentication but IMSPd says, that there is no such user on this server. On my old server i have exactly the same configuration running without problems for years now. Please find all the details below. I would be very happy if someone could point my into the right direction before i'm going mad. Thank you! Cheers, Martin BTW: In the meantime is there a working virtdomain patch available for IMSPd? ----------------- cyrus-imspd-v1.7b ./configure --prefix=/opt/cyrus/imsp --with-sasl=/opt --with-auth=unix ldd imspd: libsasl2.so.2 => /opt/lib/libsasl2.so.2 (0xb7efb000) libdl.so.2 => /lib/libdl.so.2 (0xb7ef8000) libresolv.so.2 => /lib/libresolv.so.2 (0xb7ee6000) libdb-4.0.so => /usr/lib/libdb-4.0.so (0xb7e1c000) libc.so.6 => /lib/libc.so.6 (0xb7ce2000) /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0xb7f2e000) ------------ cyrus-sasl-2.1.20.tar.gz ./configure \ --prefix=/opt \ --enable-anon \ --enable-plain \ --enable-login \ --disable-krb4 \ --disable-otp \ --disable-cram \ --disable-digest \ --with-saslauthd=/var/run/saslauthd \ --with-pam=/lib/security \ --with-dblib=berkeley \ --with-bdb-libdir=/usr/lib \ --with-bdb-incdir=/usr/include \ --with-openssl=/opt/openssl \ --with-plugindir=/opt/lib/sasl2 ------------- cat /opt/lib/sasl2/imspd.conf pwcheck_method: saslauthd -------------- testsaslauthd -u -p -s imsp 0: OK "Success." May 29 09:09:34 h1391047 saslauthd[4333]: pam_sm_authenticate called. May 29 09:09:34 h1391047 saslauthd[4333]: dbuser changed. May 29 09:09:34 h1391047 saslauthd[4333]: dbpasswd changed. May 29 09:09:34 h1391047 saslauthd[4333]: host changed. May 29 09:09:34 h1391047 saslauthd[4333]: database changed. May 29 09:09:34 h1391047 saslauthd[4333]: table changed. May 29 09:09:34 h1391047 saslauthd[4333]: usercolumn changed. May 29 09:09:34 h1391047 saslauthd[4333]: passwdcolumn changed. May 29 09:09:34 h1391047 saslauthd[4333]: crypt changed. May 29 09:09:34 h1391047 saslauthd[4333]: logtable changed. May 29 09:09:34 h1391047 saslauthd[4333]: logmsgcolumn changed. May 29 09:09:34 h1391047 saslauthd[4333]: logusercolumn changed. May 29 09:09:34 h1391047 saslauthd[4333]: loghostcolumn changed. May 29 09:09:34 h1391047 saslauthd[4333]: logpidcolumn changed. May 29 09:09:34 h1391047 saslauthd[4333]: logtimecolumn changed. May 29 09:09:34 h1391047 saslauthd[4333]: db_connect called. May 29 09:09:34 h1391047 saslauthd[4333]: returning 0 . May 29 09:09:34 h1391047 saslauthd[4333]: db_checkpasswd called. May 29 09:09:34 h1391047 saslauthd[4333]: pam_mysql: where clause = May 29 09:09:34 h1391047 saslauthd[4333]: SELECT password FROM accountuser WHERE username='' May 29 09:09:34 h1391047 saslauthd[4333]: sqlLog called. May 29 09:09:34 h1391047 saslauthd[4333]: insert into log (msg, user, host, pid, time) values('AUTH SUCCESSFUL', '', '', '4333', NOW()) May 29 09:09:34 h1391047 saslauthd[4333]: Returning 0 May 29 09:09:34 h1391047 saslauthd[4333]: returning 0 . May 29 09:09:34 h1391047 saslauthd[4333]: returning 0. -------------------- Log in to IMSPd: May 29 09:11:38 h1391047 saslauthd[4332]: pam_sm_authenticate called. May 29 09:11:38 h1391047 saslauthd[4332]: dbuser changed. May 29 09:11:38 h1391047 saslauthd[4332]: dbpasswd changed. May 29 09:11:38 h1391047 saslauthd[4332]: host changed. May 29 09:11:38 h1391047 saslauthd[4332]: database changed. May 29 09:11:38 h1391047 saslauthd[4332]: table changed. May 29 09:11:38 h1391047 saslauthd[4332]: usercolumn changed. May 29 09:11:38 h1391047 saslauthd[4332]: passwdcolumn changed. May 29 09:11:38 h1391047 saslauthd[4332]: crypt changed. May 29 09:11:38 h1391047 saslauthd[4332]: logtable changed. May 29 09:11:38 h1391047 saslauthd[4332]: logmsgcolumn changed. May 29 09:11:38 h1391047 saslauthd[4332]: logusercolumn changed. May 29 09:11:38 h1391047 saslauthd[4332]: loghostcolumn changed. May 29 09:11:38 h1391047 saslauthd[4332]: logpidcolumn changed. May 29 09:11:38 h1391047 saslauthd[4332]: logtimecolumn changed. May 29 09:11:38 h1391047 saslauthd[4332]: db_connect called. May 29 09:11:38 h1391047 saslauthd[4332]: returning 0 . May 29 09:11:38 h1391047 saslauthd[4332]: db_checkpasswd called. May 29 09:11:38 h1391047 saslauthd[4332]: pam_mysql: where clause = May 29 09:11:38 h1391047 saslauthd[4332]: SELECT password FROM accountuser WHERE username='' May 29 09:11:38 h1391047 saslauthd[4332]: sqlLog called. May 29 09:11:38 h1391047 saslauthd[4332]: insert into log (msg, user, host, pid, time) values('AUTH SUCCESSFUL', '', '', '4332', NOW()) May 29 09:11:38 h1391047 saslauthd[4332]: Returning 0 May 29 09:11:38 h1391047 saslauthd[4332]: returning 0 . May 29 09:11:38 h1391047 saslauthd[4332]: returning 0. May 29 09:11:38 h1391047 imsp[12467]: badlogin: plaintext User does not have an account on this server From mz at newyorkcity.de Fri May 30 03:59:23 2008 From: mz at newyorkcity.de (Martin Ziegler) Date: Fri, 30 May 2008 09:59:23 +0200 Subject: IMSP Authentication issue In-Reply-To: References: Message-ID: Anyone please? I need to go online with my new system this afternoon and IMSPd is driving me crazy. Thanks in advance! --On Donnerstag, 29. Mai 2008 11:28 +0200 Martin Ziegler wrote: > Good Morning All, > > i'm currently migrating my system to a new server and unfortunately i have > to recompile all the stuff. Happily it went quite well with one exception. > The authentication mechanism for IMSPd is no longer working. I'm using > saslauthd which connects to a MYSQL databse. This works for all other > daemons without any problem including Cyrus IMAPd. When i try to log in to > IMSPd saslauthd returns a successfull authentication but IMSPd says, that > there is no such user on this server. On my old server i have exactly the > same configuration running without problems for years now. Please find all > the details below. > > I would be very happy if someone could point my into the right direction > before i'm going mad. > > Thank you! > > Cheers, Martin > > BTW: In the meantime is there a working virtdomain patch available for > IMSPd? > > ----------------- > cyrus-imspd-v1.7b > > ./configure --prefix=/opt/cyrus/imsp --with-sasl=/opt --with-auth=unix > > ldd imspd: > libsasl2.so.2 => /opt/lib/libsasl2.so.2 (0xb7efb000) > libdl.so.2 => /lib/libdl.so.2 (0xb7ef8000) > libresolv.so.2 => /lib/libresolv.so.2 (0xb7ee6000) > libdb-4.0.so => /usr/lib/libdb-4.0.so (0xb7e1c000) > libc.so.6 => /lib/libc.so.6 (0xb7ce2000) > /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0xb7f2e000) > > ------------ > cyrus-sasl-2.1.20.tar.gz > ./configure \ > --prefix=/opt \ > --enable-anon \ > --enable-plain \ > --enable-login \ > --disable-krb4 \ > --disable-otp \ > --disable-cram \ > --disable-digest \ > --with-saslauthd=/var/run/saslauthd \ > --with-pam=/lib/security \ > --with-dblib=berkeley \ > --with-bdb-libdir=/usr/lib \ > --with-bdb-incdir=/usr/include \ > --with-openssl=/opt/openssl \ > --with-plugindir=/opt/lib/sasl2 > > ------------- > cat /opt/lib/sasl2/imspd.conf > pwcheck_method: saslauthd > -------------- > > testsaslauthd -u -p -s imsp > 0: OK "Success." > > May 29 09:09:34 h1391047 saslauthd[4333]: pam_sm_authenticate called. > May 29 09:09:34 h1391047 saslauthd[4333]: dbuser changed. > May 29 09:09:34 h1391047 saslauthd[4333]: dbpasswd changed. > May 29 09:09:34 h1391047 saslauthd[4333]: host changed. > May 29 09:09:34 h1391047 saslauthd[4333]: database changed. > May 29 09:09:34 h1391047 saslauthd[4333]: table changed. > May 29 09:09:34 h1391047 saslauthd[4333]: usercolumn changed. > May 29 09:09:34 h1391047 saslauthd[4333]: passwdcolumn changed. > May 29 09:09:34 h1391047 saslauthd[4333]: crypt changed. > May 29 09:09:34 h1391047 saslauthd[4333]: logtable changed. > May 29 09:09:34 h1391047 saslauthd[4333]: logmsgcolumn changed. > May 29 09:09:34 h1391047 saslauthd[4333]: logusercolumn changed. > May 29 09:09:34 h1391047 saslauthd[4333]: loghostcolumn changed. > May 29 09:09:34 h1391047 saslauthd[4333]: logpidcolumn changed. > May 29 09:09:34 h1391047 saslauthd[4333]: logtimecolumn changed. > May 29 09:09:34 h1391047 saslauthd[4333]: db_connect called. > May 29 09:09:34 h1391047 saslauthd[4333]: returning 0 . > May 29 09:09:34 h1391047 saslauthd[4333]: db_checkpasswd called. > May 29 09:09:34 h1391047 saslauthd[4333]: pam_mysql: where clause = > May 29 09:09:34 h1391047 saslauthd[4333]: SELECT password FROM accountuser > WHERE username='' > May 29 09:09:34 h1391047 saslauthd[4333]: sqlLog called. > May 29 09:09:34 h1391047 saslauthd[4333]: insert into log (msg, user, > host, pid, time) values('AUTH SUCCESSFUL', '', '', '4333', > NOW()) May 29 09:09:34 h1391047 saslauthd[4333]: Returning 0 > May 29 09:09:34 h1391047 saslauthd[4333]: returning 0 . > May 29 09:09:34 h1391047 saslauthd[4333]: returning 0. > > -------------------- > > Log in to IMSPd: > May 29 09:11:38 h1391047 saslauthd[4332]: pam_sm_authenticate called. > May 29 09:11:38 h1391047 saslauthd[4332]: dbuser changed. > May 29 09:11:38 h1391047 saslauthd[4332]: dbpasswd changed. > May 29 09:11:38 h1391047 saslauthd[4332]: host changed. > May 29 09:11:38 h1391047 saslauthd[4332]: database changed. > May 29 09:11:38 h1391047 saslauthd[4332]: table changed. > May 29 09:11:38 h1391047 saslauthd[4332]: usercolumn changed. > May 29 09:11:38 h1391047 saslauthd[4332]: passwdcolumn changed. > May 29 09:11:38 h1391047 saslauthd[4332]: crypt changed. > May 29 09:11:38 h1391047 saslauthd[4332]: logtable changed. > May 29 09:11:38 h1391047 saslauthd[4332]: logmsgcolumn changed. > May 29 09:11:38 h1391047 saslauthd[4332]: logusercolumn changed. > May 29 09:11:38 h1391047 saslauthd[4332]: loghostcolumn changed. > May 29 09:11:38 h1391047 saslauthd[4332]: logpidcolumn changed. > May 29 09:11:38 h1391047 saslauthd[4332]: logtimecolumn changed. > May 29 09:11:38 h1391047 saslauthd[4332]: db_connect called. > May 29 09:11:38 h1391047 saslauthd[4332]: returning 0 . > May 29 09:11:38 h1391047 saslauthd[4332]: db_checkpasswd called. > May 29 09:11:38 h1391047 saslauthd[4332]: pam_mysql: where clause = > May 29 09:11:38 h1391047 saslauthd[4332]: SELECT password FROM accountuser > WHERE username='' > May 29 09:11:38 h1391047 saslauthd[4332]: sqlLog called. > May 29 09:11:38 h1391047 saslauthd[4332]: insert into log (msg, user, > host, pid, time) values('AUTH SUCCESSFUL', '', '', '4332', > NOW()) May 29 09:11:38 h1391047 saslauthd[4332]: Returning 0 > May 29 09:11:38 h1391047 saslauthd[4332]: returning 0 . > May 29 09:11:38 h1391047 saslauthd[4332]: returning 0. > May 29 09:11:38 h1391047 imsp[12467]: badlogin: > plaintext User does not have an account on this server > > ---- > Cyrus Home Page: http://cyrusimap.web.cmu.edu/ > Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html > From simon.matter at invoca.ch Fri May 30 04:47:17 2008 From: simon.matter at invoca.ch (Simon Matter) Date: Fri, 30 May 2008 10:47:17 +0200 (CEST) Subject: IMSP Authentication issue In-Reply-To: References: Message-ID: <8d54b0d96688ad5d340330ec97d59096.squirrel@webmail.bi.corp.invoca.ch> > Anyone please? > > I need to go online with my new system this afternoon and IMSPd is driving > me crazy. I have never used IMSPd nor MySQL authentication with saslauthd. But, from what I understand your authentication goes via PAM. If yes, do you have the same PAM configuration on your new server, most likely in /etc/pam.d/? Simon > > Thanks in advance! > > --On Donnerstag, 29. Mai 2008 11:28 +0200 Martin Ziegler > wrote: > >> Good Morning All, >> >> i'm currently migrating my system to a new server and unfortunately i >> have >> to recompile all the stuff. Happily it went quite well with one >> exception. >> The authentication mechanism for IMSPd is no longer working. I'm using >> saslauthd which connects to a MYSQL databse. This works for all other >> daemons without any problem including Cyrus IMAPd. When i try to log in >> to >> IMSPd saslauthd returns a successfull authentication but IMSPd says, >> that >> there is no such user on this server. On my old server i have exactly >> the >> same configuration running without problems for years now. Please find >> all >> the details below. >> >> I would be very happy if someone could point my into the right direction >> before i'm going mad. >> >> Thank you! >> >> Cheers, Martin >> >> BTW: In the meantime is there a working virtdomain patch available for >> IMSPd? >> >> ----------------- >> cyrus-imspd-v1.7b >> >> ./configure --prefix=/opt/cyrus/imsp --with-sasl=/opt --with-auth=unix >> >> ldd imspd: >> libsasl2.so.2 => /opt/lib/libsasl2.so.2 (0xb7efb000) >> libdl.so.2 => /lib/libdl.so.2 (0xb7ef8000) >> libresolv.so.2 => /lib/libresolv.so.2 (0xb7ee6000) >> libdb-4.0.so => /usr/lib/libdb-4.0.so (0xb7e1c000) >> libc.so.6 => /lib/libc.so.6 (0xb7ce2000) >> /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0xb7f2e000) >> >> ------------ >> cyrus-sasl-2.1.20.tar.gz >> ./configure \ >> --prefix=/opt \ >> --enable-anon \ >> --enable-plain \ >> --enable-login \ >> --disable-krb4 \ >> --disable-otp \ >> --disable-cram \ >> --disable-digest \ >> --with-saslauthd=/var/run/saslauthd \ >> --with-pam=/lib/security \ >> --with-dblib=berkeley \ >> --with-bdb-libdir=/usr/lib \ >> --with-bdb-incdir=/usr/include \ >> --with-openssl=/opt/openssl \ >> --with-plugindir=/opt/lib/sasl2 >> >> ------------- >> cat /opt/lib/sasl2/imspd.conf >> pwcheck_method: saslauthd >> -------------- >> >> testsaslauthd -u -p -s imsp >> 0: OK "Success." >> >> May 29 09:09:34 h1391047 saslauthd[4333]: pam_sm_authenticate called. >> May 29 09:09:34 h1391047 saslauthd[4333]: dbuser changed. >> May 29 09:09:34 h1391047 saslauthd[4333]: dbpasswd changed. >> May 29 09:09:34 h1391047 saslauthd[4333]: host changed. >> May 29 09:09:34 h1391047 saslauthd[4333]: database changed. >> May 29 09:09:34 h1391047 saslauthd[4333]: table changed. >> May 29 09:09:34 h1391047 saslauthd[4333]: usercolumn changed. >> May 29 09:09:34 h1391047 saslauthd[4333]: passwdcolumn changed. >> May 29 09:09:34 h1391047 saslauthd[4333]: crypt changed. >> May 29 09:09:34 h1391047 saslauthd[4333]: logtable changed. >> May 29 09:09:34 h1391047 saslauthd[4333]: logmsgcolumn changed. >> May 29 09:09:34 h1391047 saslauthd[4333]: logusercolumn changed. >> May 29 09:09:34 h1391047 saslauthd[4333]: loghostcolumn changed. >> May 29 09:09:34 h1391047 saslauthd[4333]: logpidcolumn changed. >> May 29 09:09:34 h1391047 saslauthd[4333]: logtimecolumn changed. >> May 29 09:09:34 h1391047 saslauthd[4333]: db_connect called. >> May 29 09:09:34 h1391047 saslauthd[4333]: returning 0 . >> May 29 09:09:34 h1391047 saslauthd[4333]: db_checkpasswd called. >> May 29 09:09:34 h1391047 saslauthd[4333]: pam_mysql: where clause = >> May 29 09:09:34 h1391047 saslauthd[4333]: SELECT password FROM >> accountuser >> WHERE username='' >> May 29 09:09:34 h1391047 saslauthd[4333]: sqlLog called. >> May 29 09:09:34 h1391047 saslauthd[4333]: insert into log (msg, user, >> host, pid, time) values('AUTH SUCCESSFUL', '', '', '4333', >> NOW()) May 29 09:09:34 h1391047 saslauthd[4333]: Returning 0 >> May 29 09:09:34 h1391047 saslauthd[4333]: returning 0 . >> May 29 09:09:34 h1391047 saslauthd[4333]: returning 0. >> >> -------------------- >> >> Log in to IMSPd: >> May 29 09:11:38 h1391047 saslauthd[4332]: pam_sm_authenticate called. >> May 29 09:11:38 h1391047 saslauthd[4332]: dbuser changed. >> May 29 09:11:38 h1391047 saslauthd[4332]: dbpasswd changed. >> May 29 09:11:38 h1391047 saslauthd[4332]: host changed. >> May 29 09:11:38 h1391047 saslauthd[4332]: database changed. >> May 29 09:11:38 h1391047 saslauthd[4332]: table changed. >> May 29 09:11:38 h1391047 saslauthd[4332]: usercolumn changed. >> May 29 09:11:38 h1391047 saslauthd[4332]: passwdcolumn changed. >> May 29 09:11:38 h1391047 saslauthd[4332]: crypt changed. >> May 29 09:11:38 h1391047 saslauthd[4332]: logtable changed. >> May 29 09:11:38 h1391047 saslauthd[4332]: logmsgcolumn changed. >> May 29 09:11:38 h1391047 saslauthd[4332]: logusercolumn changed. >> May 29 09:11:38 h1391047 saslauthd[4332]: loghostcolumn changed. >> May 29 09:11:38 h1391047 saslauthd[4332]: logpidcolumn changed. >> May 29 09:11:38 h1391047 saslauthd[4332]: logtimecolumn changed. >> May 29 09:11:38 h1391047 saslauthd[4332]: db_connect called. >> May 29 09:11:38 h1391047 saslauthd[4332]: returning 0 . >> May 29 09:11:38 h1391047 saslauthd[4332]: db_checkpasswd called. >> May 29 09:11:38 h1391047 saslauthd[4332]: pam_mysql: where clause = >> May 29 09:11:38 h1391047 saslauthd[4332]: SELECT password FROM >> accountuser >> WHERE username='' >> May 29 09:11:38 h1391047 saslauthd[4332]: sqlLog called. >> May 29 09:11:38 h1391047 saslauthd[4332]: insert into log (msg, user, >> host, pid, time) values('AUTH SUCCESSFUL', '', '', '4332', >> NOW()) May 29 09:11:38 h1391047 saslauthd[4332]: Returning 0 >> May 29 09:11:38 h1391047 saslauthd[4332]: returning 0 . >> May 29 09:11:38 h1391047 saslauthd[4332]: returning 0. >> May 29 09:11:38 h1391047 imsp[12467]: badlogin: >> plaintext User does not have an account on this server >> >> ---- >> Cyrus Home Page: http://cyrusimap.web.cmu.edu/ >> Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki >> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html >> > > > ---- > Cyrus Home Page: http://cyrusimap.web.cmu.edu/ > Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html > From shwaltz at cabm.rutgers.edu Fri May 30 12:18:01 2008 From: shwaltz at cabm.rutgers.edu (Shelley Waltz) Date: Fri, 30 May 2008 12:18:01 -0400 (EDT) Subject: Imap spool directory Message-ID: <44022.192.76.178.13.1212164281.squirrel@webmail.cabm.rutgers.edu> I just created a new cyrus-2.3.7-2 server on RHEL5. I created the /etc/imapd.conf and started up /etc/init.d/cyrus-imapd start. On my old cyrus-2.2 server, the /var/spool/imap has all the directories for the user's mail files under a b c ... Question is ... I specified /var/spool/imap as the sppol directory in imapd.conf. however, when I started cyrus, no a b c ... directories were created. Does this only happen as I add accounts or migrate accounts? thanks S From mz at newyorkcity.de Fri May 30 12:42:05 2008 From: mz at newyorkcity.de (Martin Ziegler) Date: Fri, 30 May 2008 18:42:05 +0200 Subject: IMSP Authentication issue In-Reply-To: <8d54b0d96688ad5d340330ec97d59096.squirrel@webmail.bi.corp.invoca.ch> References: <8d54b0d96688ad5d340330ec97d59096.squirrel@webmail.bi.corp.invoca.ch> Message-ID: <4E3A0C4F5153C36F98C084FD@martin-zieglers-imac.local> Hi Simon, yes, it is also the same than on the old server. cat /etc/pam.d/imsp auth sufficient pam_mysql.so user=mail passwd=Paiste88 host=localhost db=mail table=accountuser usercolumn=username passwdcolumn=password crypt=0 logtable=log logmsgcolumn=msg logusercolumn=user loghostcolumn=host logpidcolumn=pid logtimecolumn=time account required pam_mysql.so user=mail passwd=Paiste88 host=localhost db=mail table=accountuser usercolumn=username passwdcolumn=password crypt=0 logtable=log logmsgcolumn=msg logusercolumn=user loghostcolumn=host logpidcolumn=pid logtimecolumn=time Any other ideas? Thanks, Martin --On May 30, 2008 10:47:17 AM +0200 Simon Matter wrote: >> Anyone please? >> >> I need to go online with my new system this afternoon and IMSPd is >> driving me crazy. > > I have never used IMSPd nor MySQL authentication with saslauthd. > But, from what I understand your authentication goes via PAM. If yes, do > you have the same PAM configuration on your new server, most likely in > /etc/pam.d/? > > Simon > >> >> Thanks in advance! >> >> --On Donnerstag, 29. Mai 2008 11:28 +0200 Martin Ziegler >> wrote: >> >>> Good Morning All, >>> >>> i'm currently migrating my system to a new server and unfortunately i >>> have >>> to recompile all the stuff. Happily it went quite well with one >>> exception. >>> The authentication mechanism for IMSPd is no longer working. I'm using >>> saslauthd which connects to a MYSQL databse. This works for all other >>> daemons without any problem including Cyrus IMAPd. When i try to log in >>> to >>> IMSPd saslauthd returns a successfull authentication but IMSPd says, >>> that >>> there is no such user on this server. On my old server i have exactly >>> the >>> same configuration running without problems for years now. Please find >>> all >>> the details below. >>> >>> I would be very happy if someone could point my into the right direction >>> before i'm going mad. >>> >>> Thank you! >>> >>> Cheers, Martin >>> >>> BTW: In the meantime is there a working virtdomain patch available for >>> IMSPd? >>> >>> ----------------- >>> cyrus-imspd-v1.7b >>> >>> ./configure --prefix=/opt/cyrus/imsp --with-sasl=/opt --with-auth=unix >>> >>> ldd imspd: >>> libsasl2.so.2 => /opt/lib/libsasl2.so.2 (0xb7efb000) >>> libdl.so.2 => /lib/libdl.so.2 (0xb7ef8000) >>> libresolv.so.2 => /lib/libresolv.so.2 (0xb7ee6000) >>> libdb-4.0.so => /usr/lib/libdb-4.0.so (0xb7e1c000) >>> libc.so.6 => /lib/libc.so.6 (0xb7ce2000) >>> /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0xb7f2e000) >>> >>> ------------ >>> cyrus-sasl-2.1.20.tar.gz >>> ./configure \ >>> --prefix=/opt \ >>> --enable-anon \ >>> --enable-plain \ >>> --enable-login \ >>> --disable-krb4 \ >>> --disable-otp \ >>> --disable-cram \ >>> --disable-digest \ >>> --with-saslauthd=/var/run/saslauthd \ >>> --with-pam=/lib/security \ >>> --with-dblib=berkeley \ >>> --with-bdb-libdir=/usr/lib \ >>> --with-bdb-incdir=/usr/include \ >>> --with-openssl=/opt/openssl \ >>> --with-plugindir=/opt/lib/sasl2 >>> >>> ------------- >>> cat /opt/lib/sasl2/imspd.conf >>> pwcheck_method: saslauthd >>> -------------- >>> >>> testsaslauthd -u -p -s imsp >>> 0: OK "Success." >>> >>> May 29 09:09:34 h1391047 saslauthd[4333]: pam_sm_authenticate called. >>> May 29 09:09:34 h1391047 saslauthd[4333]: dbuser changed. >>> May 29 09:09:34 h1391047 saslauthd[4333]: dbpasswd changed. >>> May 29 09:09:34 h1391047 saslauthd[4333]: host changed. >>> May 29 09:09:34 h1391047 saslauthd[4333]: database changed. >>> May 29 09:09:34 h1391047 saslauthd[4333]: table changed. >>> May 29 09:09:34 h1391047 saslauthd[4333]: usercolumn changed. >>> May 29 09:09:34 h1391047 saslauthd[4333]: passwdcolumn changed. >>> May 29 09:09:34 h1391047 saslauthd[4333]: crypt changed. >>> May 29 09:09:34 h1391047 saslauthd[4333]: logtable changed. >>> May 29 09:09:34 h1391047 saslauthd[4333]: logmsgcolumn changed. >>> May 29 09:09:34 h1391047 saslauthd[4333]: logusercolumn changed. >>> May 29 09:09:34 h1391047 saslauthd[4333]: loghostcolumn changed. >>> May 29 09:09:34 h1391047 saslauthd[4333]: logpidcolumn changed. >>> May 29 09:09:34 h1391047 saslauthd[4333]: logtimecolumn changed. >>> May 29 09:09:34 h1391047 saslauthd[4333]: db_connect called. >>> May 29 09:09:34 h1391047 saslauthd[4333]: returning 0 . >>> May 29 09:09:34 h1391047 saslauthd[4333]: db_checkpasswd called. >>> May 29 09:09:34 h1391047 saslauthd[4333]: pam_mysql: where clause = >>> May 29 09:09:34 h1391047 saslauthd[4333]: SELECT password FROM >>> accountuser >>> WHERE username='' >>> May 29 09:09:34 h1391047 saslauthd[4333]: sqlLog called. >>> May 29 09:09:34 h1391047 saslauthd[4333]: insert into log (msg, user, >>> host, pid, time) values('AUTH SUCCESSFUL', '', '', '4333', >>> NOW()) May 29 09:09:34 h1391047 saslauthd[4333]: Returning 0 >>> May 29 09:09:34 h1391047 saslauthd[4333]: returning 0 . >>> May 29 09:09:34 h1391047 saslauthd[4333]: returning 0. >>> >>> -------------------- >>> >>> Log in to IMSPd: >>> May 29 09:11:38 h1391047 saslauthd[4332]: pam_sm_authenticate called. >>> May 29 09:11:38 h1391047 saslauthd[4332]: dbuser changed. >>> May 29 09:11:38 h1391047 saslauthd[4332]: dbpasswd changed. >>> May 29 09:11:38 h1391047 saslauthd[4332]: host changed. >>> May 29 09:11:38 h1391047 saslauthd[4332]: database changed. >>> May 29 09:11:38 h1391047 saslauthd[4332]: table changed. >>> May 29 09:11:38 h1391047 saslauthd[4332]: usercolumn changed. >>> May 29 09:11:38 h1391047 saslauthd[4332]: passwdcolumn changed. >>> May 29 09:11:38 h1391047 saslauthd[4332]: crypt changed. >>> May 29 09:11:38 h1391047 saslauthd[4332]: logtable changed. >>> May 29 09:11:38 h1391047 saslauthd[4332]: logmsgcolumn changed. >>> May 29 09:11:38 h1391047 saslauthd[4332]: logusercolumn changed. >>> May 29 09:11:38 h1391047 saslauthd[4332]: loghostcolumn changed. >>> May 29 09:11:38 h1391047 saslauthd[4332]: logpidcolumn changed. >>> May 29 09:11:38 h1391047 saslauthd[4332]: logtimecolumn changed. >>> May 29 09:11:38 h1391047 saslauthd[4332]: db_connect called. >>> May 29 09:11:38 h1391047 saslauthd[4332]: returning 0 . >>> May 29 09:11:38 h1391047 saslauthd[4332]: db_checkpasswd called. >>> May 29 09:11:38 h1391047 saslauthd[4332]: pam_mysql: where clause = >>> May 29 09:11:38 h1391047 saslauthd[4332]: SELECT password FROM >>> accountuser >>> WHERE username='' >>> May 29 09:11:38 h1391047 saslauthd[4332]: sqlLog called. >>> May 29 09:11:38 h1391047 saslauthd[4332]: insert into log (msg, user, >>> host, pid, time) values('AUTH SUCCESSFUL', '', '', '4332', >>> NOW()) May 29 09:11:38 h1391047 saslauthd[4332]: Returning 0 >>> May 29 09:11:38 h1391047 saslauthd[4332]: returning 0 . >>> May 29 09:11:38 h1391047 saslauthd[4332]: returning 0. >>> May 29 09:11:38 h1391047 imsp[12467]: badlogin: >>> plaintext User does not have an account on this server >>> >>> ---- >>> Cyrus Home Page: http://cyrusimap.web.cmu.edu/ >>> Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki >>> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html >>> >> >> >> ---- >> Cyrus Home Page: http://cyrusimap.web.cmu.edu/ >> Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki >> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html >> > > > From simon.matter at invoca.ch Fri May 30 14:18:22 2008 From: simon.matter at invoca.ch (Simon Matter) Date: Fri, 30 May 2008 20:18:22 +0200 (CEST) Subject: Imap spool directory In-Reply-To: <44022.192.76.178.13.1212164281.squirrel@webmail.cabm.rutgers.edu> References: <44022.192.76.178.13.1212164281.squirrel@webmail.cabm.rutgers.edu> Message-ID: > I just created a new cyrus-2.3.7-2 server on RHEL5. I created the > /etc/imapd.conf and started up /etc/init.d/cyrus-imapd start. > > On my old cyrus-2.2 server, the /var/spool/imap has all the directories > for the user's mail files under a b c ... > > Question is ... I specified /var/spool/imap as the sppol directory in > imapd.conf. however, when I started cyrus, no a b c ... directories were > created. Does this only happen as I add accounts or migrate accounts? Yes. Simon From shwaltz at cabm.rutgers.edu Fri May 30 21:55:08 2008 From: shwaltz at cabm.rutgers.edu (Shelley Waltz) Date: Fri, 30 May 2008 21:55:08 -0400 (EDT) Subject: Imap spool directory In-Reply-To: References: <44022.192.76.178.13.1212164281.squirrel@webmail.cabm.rutgers.edu> Message-ID: <51602.98.221.136.138.1212198908.squirrel@webmail.cabm.rutgers.edu> Simon Matter said: >> I just created a new cyrus-2.3.7-2 server on RHEL5. I created the >> /etc/imapd.conf and started up /etc/init.d/cyrus-imapd start. >> >> On my old cyrus-2.2 server, the /var/spool/imap has all the directories >> for the user's mail files under a b c ... >> >> Question is ... I specified /var/spool/imap as the sppol directory in >> imapd.conf. however, when I started cyrus, no a b c ... directories were >> created. Does this only happen as I add accounts or migrate accounts? > > Yes. > > Simon > > > I migrated my mailboxes.db to the new server, so I need to create the /var/spool/imap/{a-z}/user/username/* and reconstruct? From hal.huntley at sri.com Sat May 31 04:09:12 2008 From: hal.huntley at sri.com (Hal Huntley) Date: Sat, 31 May 2008 01:09:12 -0700 Subject: reconstruct not seeing empty subfolders with messages Message-ID: <484107A8.7050702@sri.com> I'm new to Cyris IMAP but I do have some experience with Sun's IMAP, so I know some of the commands. We have Cyrus IMAP Server 2.1.13. I did not set it up, but I've been asked to add some more messages to a person's IMAP account. We acquired a tar file of some email messages from another location. The message store appears to be the right type of each message number followed by a dot (.). I've untarred these messages in to a user's area as a subfolder. There are many subfolders in this original folder as well as sub-subfolders. Here's a representation of the issue. username -> user account folder norne -> top level folder foo -> sub folder (usually does not have messages but might) bar -> sub-sub folder (may or may not have messages) If there are messages at the "foo" level, they are seen fine. But if the "foo" level is empty of messages, but has sub-folders, none of the sub-folders are seen and thus none of their messages are seen. As the cyrus user, I've done a "reconstruct -r -f user.username.username.norne". (To get us started on making things work, we did a "touch cyrus.index" in each directory to make things work with the reconstruct.). It looks like all the "cyrus.index", "cyrus.cache" and "cyrus.header" files are created appropriately. However, the IMAP client (in this case Thunderbird) does not see any folders beyond the "foo" level folder -- that is all the sub-sub-folders at the "bar" level (and below) are not see -- and those are the ones that contain most of the messages. The message base is very large. There are about 480,000 messages in all the folders totaling almost three gig of disk space and about 3500 folder Is there any way I can get the folders to be seen? I noticed someone in a previous post asking about a "reconstruct -m" capability which the Sun IMAP uses to get the list of all the folders in an IMAP structure. Is that what may be needed here? Thoughts and suggestions welcome. Hal Huntley SRI International From simon.matter at invoca.ch Sat May 31 05:07:31 2008 From: simon.matter at invoca.ch (Simon Matter) Date: Sat, 31 May 2008 11:07:31 +0200 (CEST) Subject: Imap spool directory In-Reply-To: <51602.98.221.136.138.1212198908.squirrel@webmail.cabm.rutgers.edu> References: <44022.192.76.178.13.1212164281.squirrel@webmail.cabm.rutgers.edu> <51602.98.221.136.138.1212198908.squirrel@webmail.cabm.rutgers.edu> Message-ID: <4609611d5881094aee26ef80c8ce8d7b.squirrel@webmail.bi.corp.invoca.ch> > > Simon Matter said: >>> I just created a new cyrus-2.3.7-2 server on RHEL5. I created the >>> /etc/imapd.conf and started up /etc/init.d/cyrus-imapd start. >>> >>> On my old cyrus-2.2 server, the /var/spool/imap has all the >>> directories >>> for the user's mail files under a b c ... >>> >>> Question is ... I specified /var/spool/imap as the sppol directory in >>> imapd.conf. however, when I started cyrus, no a b c ... directories >>> were >>> created. Does this only happen as I add accounts or migrate accounts? >> >> Yes. >> >> Simon >> >> >> > I migrated my mailboxes.db to the new server, so I need to create the > /var/spool/imap/{a-z}/user/username/* and reconstruct? I think that should work if you want to have new, empty inboxes. But why don't you transfer all data, configdir and spooldir, as well? Simon From simon.matter at invoca.ch Sat May 31 05:15:46 2008 From: simon.matter at invoca.ch (Simon Matter) Date: Sat, 31 May 2008 11:15:46 +0200 (CEST) Subject: reconstruct not seeing empty subfolders with messages In-Reply-To: <484107A8.7050702@sri.com> References: <484107A8.7050702@sri.com> Message-ID: <9ac588ae3eed5e99bd3ba3b8121831d6.squirrel@webmail.bi.corp.invoca.ch> > I'm new to Cyris IMAP but I do have some experience with Sun's IMAP, so > I know some of the commands. > > We have Cyrus IMAP Server 2.1.13. I did not set it up, but I've been > asked to add some more messages to a person's IMAP account. We acquired > a tar file of some email messages from another location. The message > store appears to be the right type of each message number followed by a > dot (.). I've untarred these messages in to a user's area as a > subfolder. There are many subfolders in this original folder as well as > sub-subfolders. > > Here's a representation of the issue. > > username -> user account folder > norne -> top level folder > foo -> sub folder (usually does not have messages but might) > bar -> sub-sub folder (may or may not have messages) > > If there are messages at the "foo" level, they are seen fine. But if > the "foo" level is empty of messages, but has sub-folders, none of the > sub-folders are seen and thus none of their messages are seen. > > As the cyrus user, I've done a "reconstruct -r -f > user.username.username.norne". (To get us started on making things > work, we did a "touch cyrus.index" in each directory to make things work > with the reconstruct.). It looks like all the "cyrus.index", > "cyrus.cache" and "cyrus.header" files are created appropriately. > However, the IMAP client (in this case Thunderbird) does not see any > folders beyond the "foo" level folder -- that is all the sub-sub-folders > at the "bar" level (and below) are not see -- and those are the ones > that contain most of the messages. > > The message base is very large. There are about 480,000 messages in all > the folders totaling almost three gig of disk space and about 3500 folder > > Is there any way I can get the folders to be seen? I noticed someone in > a previous post asking about a "reconstruct -m" capability which the Sun > IMAP uses to get the list of all the folders in an IMAP structure. Is > that what may be needed here? Thoughts and suggestions welcome. I don't know what exactly you did and what your config looks like. Seems like you treated cyrus like a file server and expected everything to work after running reconstruct. I don't know exactly why it fails because there are different ways why it can fail. Are the folders subscribed, what are the ACL's on it and so on. You said your message base is very large. However, if it's ~3Gb, it looks quite small to me - I mean 3Tb would be large. So if that's your total amount you have to migrate (and not only per user and you have thousands of users), then I really suggest doing it using a tool like http://www.linux-france.org/prj/imapsync/ Simon From aspineux at gmail.com Sat May 31 06:45:50 2008 From: aspineux at gmail.com (Alain Spineux) Date: Sat, 31 May 2008 12:45:50 +0200 Subject: Imap spool directory In-Reply-To: <51602.98.221.136.138.1212198908.squirrel@webmail.cabm.rutgers.edu> References: <44022.192.76.178.13.1212164281.squirrel@webmail.cabm.rutgers.edu> <51602.98.221.136.138.1212198908.squirrel@webmail.cabm.rutgers.edu> Message-ID: <71fe4e760805310345u557f380eta07971e2991e2a33@mail.gmail.com> On Sat, May 31, 2008 at 3:55 AM, Shelley Waltz wrote: > > Simon Matter said: >>> I just created a new cyrus-2.3.7-2 server on RHEL5. I created the >>> /etc/imapd.conf and started up /etc/init.d/cyrus-imapd start. >>> >>> On my old cyrus-2.2 server, the /var/spool/imap has all the directories >>> for the user's mail files under a b c ... >>> >>> Question is ... I specified /var/spool/imap as the sppol directory in >>> imapd.conf. however, when I started cyrus, no a b c ... directories were >>> created. Does this only happen as I add accounts or migrate accounts? >> >> Yes. >> >> Simon >> >> >> > I migrated my mailboxes.db to the new server, so I need to create the > /var/spool/imap/{a-z}/user/username/* and reconstruct? No need to create dirs! reconstruct is able to read mailbox.db and reconstruct all missing directories using something like:(depending "unixhierarchysep") $ reconstruct -rf user/* or $ reconstruct -rf user.* -r is a little broken and can be useless, but the '*' wilcard do the job > ---- > Cyrus Home Page: http://cyrusimap.web.cmu.edu/ > Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html > -- Alain Spineux aspineux gmail com May the sources be with you From dave64 at andrew.cmu.edu Sat May 31 16:56:28 2008 From: dave64 at andrew.cmu.edu (Dave McMurtrie) Date: Sat, 31 May 2008 16:56:28 -0400 Subject: reconstruct not seeing empty subfolders with messages In-Reply-To: <484107A8.7050702@sri.com> References: <484107A8.7050702@sri.com> Message-ID: <4841BB7C.4020600@andrew.cmu.edu> Hal Huntley wrote: > I'm new to Cyris IMAP but I do have some experience with Sun's IMAP, so > I know some of the commands. > > We have Cyrus IMAP Server 2.1.13. I did not set it up, but I've been > asked to add some more messages to a person's IMAP account. We acquired > a tar file of some email messages from another location. The message > store appears to be the right type of each message number followed by a > dot (.). I've untarred these messages in to a user's area as a > subfolder. There are many subfolders in this original folder as well as > sub-subfolders. > > Here's a representation of the issue. > > username -> user account folder > norne -> top level folder > foo -> sub folder (usually does not have messages but might) > bar -> sub-sub folder (may or may not have messages) > > If there are messages at the "foo" level, they are seen fine. But if > the "foo" level is empty of messages, but has sub-folders, none of the > sub-folders are seen and thus none of their messages are seen. How were the subdirectories (folders) created? Did you use an IMAP client, or did you just create the subdirectories in the filesystem and then copy the mail into them? Can you see these subdirectories using cyradm? $ cyradm your.server.com your.server.com> lm user.username.* If you just created them as directories in the filesystem and did not use an IMAP client, remove the subdirectories you created from the filesystem, recreate them using an IMAP client, then copy the mail back and reconstruct. Thanks, Dave