From emlists at gmail.com Wed Oct 1 01:08:42 2008 From: emlists at gmail.com (Adam D) Date: Tue, 30 Sep 2008 22:08:42 -0700 Subject: Issues with user.sub files - subscription files hangs system. In-Reply-To: <48D64916.4000706@gmail.com> References: <48CB26A3.6090603@gmail.com> <48D0B228.3090404@gmail.com> <48D0C133.9070808@bkr-ac.de> <48D12F5C.8040006@gmail.com> <48D64916.4000706@gmail.com> Message-ID: <48E305DA.8010705@gmail.com> Adam D wrote: > Adam D wrote: > >> Jens wrote: >> >> >>> Adam D schrieb: >>> >>> >>> >>>> Adam D wrote: >>>> >>>> >>>> >>>>> I have noticed this error in the log: >>>>> Sep 12 18:57:44 vts-post cyrus/imap[19629]: IOERROR: locking >>>>> /var/lib/cyrus/domain/W/domain1/user/A/userbox.sub: Interrupted system call >>>>> >>>>> Soon afterwards I notice imapd runs at 99.8 % and I can not kill the >>>>> process. It looks like the file is locked and can't be written to? I >>>>> saw another file called userbox.sub.NEW but even that files can't be >>>>> read. When I attempt the terminal freezes. I also noticed the system >>>>> can't be rebooted as well. I don't know what could be causing this. >>>>> Does anyone have any incite? >>>>> >>>>> >>>>> >>> [...] >>> >>> >>> >>>> We are using Ubuntu 8.04 on this particular amd 64 box running virtually >>>> within xen. >>>> >>>> >>>> >>> I had the same problem with Ubuntu 7.10 running in VMWare. I was not >>> able to fix it. My solution was a system-upgrade to 8.04. The problem >>> disappeared. I just hope it does not appear again. Some other users >>> discovered the same problem and were able to solve it with an upgrade, too. >>> >>> Sorry not to help you, >>> Jens >>> >>> >>> >>> >> I thought about that last night as well and we are having the same issue >> with a system using Ubuntu 7.10. I did noticed though 7.04, 7.10, 8.04 >> are all using 2.2.13 but different patches. 7.10 uses the 2.2.13-11 >> while 8.10 uses the 2.2.13-13. I am thinking of trying 8.10 to see if >> it works.. if not.. sadly I am wondering if we will have to move the >> system over to a full Debian stable/testing? I would not be happy to >> build a Debian testing system to find out we have the same issue. Would >> this be a Ubuntu related issue with their patches? Has anyone else have >> had the same issue without using Ubuntu? >> >> -Adam >> -- >> > > OK. I have tried everything I know. I have converted the user.sub file > from flat file to skiplist and it still gives me the same issue. I have > also created a new test install of Debian stable with just the same > setup but using 2.2.13-10 and everything is the same. When I am using > cyradm in the command line even loged in to the user accout and > subscribe to a folder I just created, I again get: > > PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ > COMMAND > 3489 cyrus 25 0 81212 3968 3116 R 99.9 1.3 4:39.88 > imapd > > I have converted everything over to skiplist even quota to make sure and > as far as I am sure it is not related to that. My > /usr/lib/cyrus/cyrus-db-types.active reads: > > ANNOTATION skiplist > DBENGINE BerkeleyDB4.2 > DUPLICATE skiplist > MBOX skiplist > PTS berkeley > QUOTA quotalegacy > SEEN skiplist > SUBS skiplist > TLS skiplist > > > My cyrus.conf file reads as: > START { > # do not delete this entry! > recover cmd="/usr/sbin/ctl_cyrusdb -r" > > # this is only necessary if idlemethod is set to "idled" in > imapd.conf > #idled cmd="idled" > > # this is useful on backend nodes of a Murder cluster > # it causes the backend to syncronize its mailbox list with > # the mupdate master upon startup > #mupdatepush cmd="/usr/sbin/ctl_mboxlist -m" > > # this is recommended if using duplicate delivery suppression > delprune cmd="/usr/sbin/cyr_expire -E 3" > # this is recommended if caching TLS sessions > tlsprune cmd="/usr/sbin/tls_prune" > } > SERVICES { > # --- Normal cyrus spool, or Murder backends --- > # add or remove based on preferences > imap cmd="imapd -U 30" listen="imap" prefork=0 > maxchild=100 > imaps cmd="imapd -s -U 30" listen="imaps" prefork=0 > maxchild=100 > #pop3 cmd="pop3d -U 30" listen="pop3" prefork=0 > maxchild=50 > #pop3s cmd="pop3d -s -U 30" listen="pop3s" prefork=0 > maxchild=50 > #nntp cmd="nntpd -U 30" listen="nntp" prefork=0 > maxchild=100 > #nntps cmd="nntpd -s -U 30" listen="nntps" prefork=0 > maxchild=100 > > # At least one form of LMTP is required for delivery > # (you must keep the Unix socket name in sync with imap.conf) > #lmtp cmd="lmtpd" listen="localhost:lmtp" prefork=0 > maxchild=20 > lmtpunix cmd="lmtpd" listen="/var/run/cyrus/socket/lmtp" > prefork=0 maxchild=20 > # ---------------------------------------------- > > # useful if you need to give users remote access to sieve > # by default, we limit this to localhost in Debian > sieve cmd="timsieved" listen="localhost:sieve" > prefork=0 maxchild=100 > # this one is needed for the notification services > notify cmd="notifyd" > listen="/var/run/cyrus/socket/notify" proto="udp" prefork=1 > > } > > EVENTS { > # this is required > checkpoint cmd="/usr/sbin/ctl_cyrusdb -c" period=30 > > # this is only necessary if using duplicate delivery suppression > delprune cmd="/usr/sbin/cyr_expire -E 3" at=0401 > > # this is only necessary if caching TLS sessions > tlsprune cmd="/usr/sbin/tls_prune" at=0401 > > # indexing of mailboxs for server side fulltext searches > > # reindex changed mailboxes (fulltext) approximately every other > hour > squatter_1 cmd="/usr/bin/nice -n 19 /usr/sbin/squatter -s" > period=120 > > # reindex all mailboxes (fulltext) daily > squatter_a cmd="/usr/sbin/squatter" at=0517 > } > > > My imap.conf reads: > configdirectory: /var/lib/cyrus > defaultpartition: default > partition-default: /var/spool/cyrus/mail > partition-news: /var/spool/cyrus/news > newsspool: /var/spool/news > altnamespace: no > unixhierarchysep: yes > lmtp_downcase_rcpt: yes > admins: cyrus > imap_admins: cyrus > sieve_admins: cyrus > allowanonymouslogin: no > autocreatequota: 0 > umask: 077 > sieveusehomedir: false > sievedir: /var/spool/sieve > allowplaintext: yes > allowapop: no > loginrealms: @domain1.tld @domain2.tld > virtdomains: userid > defaultdomain: domain1.tld > sasl_pwcheck_method: saslauthd > sasl_auto_transition: no > tls_ca_path: /etc/ssl/certs > tls_session_timeout: 1440 > lmtpsocket: /var/run/cyrus/socket/lmtp > idlemethod: poll > idlesocket: /var/run/cyrus/socket/idle > notifysocket: /var/run/cyrus/socket/notify > syslog_prefix: cyrus > # Extras > allowusermoves: 1 > defaultacl: anyone lrs > userprefix: user > servername: domain1.tld > > # Hashing (mailbox storing) > fulldirhash: true > > createonpost: yes > autocreateinboxfolders: "Drafts|Sent|Templates|Trash|Junk Mail" > autosubscribeinboxfolders: "Drafts|Sent|Templates|Trash|Junk Mail" > > singleinstancestore: 1 > allowallsubscribe: 1 > > > # Sieve > anysievefolder: yes > autosievefolders: Drafts|Sent|Templates|JunkMail > ##autocreate_sieve_script: /var/spool/sieve/default-scripts > ##autocreate_sieve_compiledscript: > ##generate_compiled_sieve_script: true > sieve_extensions: fileinto, reject, vacation, imapflags, notify, > include, envelope, body, relational, > regex, subaddress, copy > sieve_maxscriptsize: 75 > sieve_maxscripts: 100 > > > # File formats > annotation_db: skiplist > duplicate_db: skiplist > # mboxkey_db: skiplist > # ptscache_db skiplist > mboxlist_db: skiplist > seenstate_db: skiplist > tlscache_db: skiplist > subscription_db: skiplist > > # DB tuning > #berkeley_cachesize: 10240 > #berkeley_locks_max: 5000 > #berkeley_txns_max: 1000 > > #softfail if over quota > lmtp_over_quota_perm_failure: 0 > > > quotawarn: 90 > duplicatesuppression: 1 > > > I am totally at a lose and have exhausted everything I know and have > read, researched. I even bought the book of IMAP which is a very good > read by the way. > > Thanks in advanced. > > -Adam > ---- > Cyrus Home Page: http://cyrusimap.web.cmu.edu/ > Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html > > Has anyone else had this same issue and have been able to fix it? I really do not know why when deleting the username.sub.NEW file it is recreated and when making changes to the subscriptions an imapd process is spawned and freezes. -Adam From brong at fastmail.fm Wed Oct 1 02:40:17 2008 From: brong at fastmail.fm (Bron Gondwana) Date: Wed, 1 Oct 2008 16:40:17 +1000 Subject: Issues with user.sub files - subscription files hangs system. In-Reply-To: <48E305DA.8010705@gmail.com> References: <48CB26A3.6090603@gmail.com> <48D0B228.3090404@gmail.com> <48D0C133.9070808@bkr-ac.de> <48D12F5C.8040006@gmail.com> <48D64916.4000706@gmail.com> <48E305DA.8010705@gmail.com> Message-ID: <20081001064017.GB1991@brong.net> On Tue, Sep 30, 2008 at 10:08:42PM -0700, Adam D wrote: > > createonpost: yes > > autocreateinboxfolders: "Drafts|Sent|Templates|Trash|Junk Mail" > > autosubscribeinboxfolders: "Drafts|Sent|Templates|Trash|Junk Mail" I would suspect these in the first instance, having never seen this behaviour before on any of our production systems. You're running the auto-create-folders patch obviously. The existance of the .NEW file for a skiplist suggests that something crashed during a checkpoint. Are you sure that it's a skiplist database being used for the .sub file? Can you email me the .sub file if it's not too confidential. I'm interested in seeing if anything's wrong with it. I really do think it's probably in the autosubscribe code... I don't run the Ubuntu or Debian packages directly anyway, because we use 2.3.x for the replication features and some other goodies. Regards, Bron. From simon.matter at invoca.ch Wed Oct 1 02:47:45 2008 From: simon.matter at invoca.ch (Simon Matter) Date: Wed, 1 Oct 2008 08:47:45 +0200 (CEST) Subject: Issues with user.sub files - subscription files hangs system. In-Reply-To: <48E305DA.8010705@gmail.com> References: <48CB26A3.6090603@gmail.com> <48D0B228.3090404@gmail.com> <48D0C133.9070808@bkr-ac.de> <48D12F5C.8040006@gmail.com> <48D64916.4000706@gmail.com> <48E305DA.8010705@gmail.com> Message-ID: <754263e14226c15a99927852f915d0ee.squirrel@webmail.bi.corp.invoca.ch> > Adam D wrote: >> Adam D wrote: >> >>> Jens wrote: >>> >>> >>>> Adam D schrieb: >>>> >>>> >>>> >>>>> Adam D wrote: >>>>> >>>>> >>>>> >>>>>> I have noticed this error in the log: >>>>>> Sep 12 18:57:44 vts-post cyrus/imap[19629]: IOERROR: locking >>>>>> /var/lib/cyrus/domain/W/domain1/user/A/userbox.sub: Interrupted >>>>>> system call >>>>>> >>>>>> Soon afterwards I notice imapd runs at 99.8 % and I can not kill the >>>>>> process. It looks like the file is locked and can't be written to? >>>>>> I >>>>>> saw another file called userbox.sub.NEW but even that files can't be >>>>>> read. When I attempt the terminal freezes. I also noticed the >>>>>> system >>>>>> can't be rebooted as well. I don't know what could be causing this. >>>>>> Does anyone have any incite? >>>>>> >>>>>> >>>>>> >>>> [...] >>>> >>>> >>>> >>>>> We are using Ubuntu 8.04 on this particular amd 64 box running >>>>> virtually >>>>> within xen. >>>>> >>>>> >>>>> >>>> I had the same problem with Ubuntu 7.10 running in VMWare. I was not >>>> able to fix it. My solution was a system-upgrade to 8.04. The problem >>>> disappeared. I just hope it does not appear again. Some other users >>>> discovered the same problem and were able to solve it with an upgrade, >>>> too. >>>> >>>> Sorry not to help you, >>>> Jens >>>> >>>> >>>> >>>> >>> I thought about that last night as well and we are having the same >>> issue >>> with a system using Ubuntu 7.10. I did noticed though 7.04, 7.10, 8.04 >>> are all using 2.2.13 but different patches. 7.10 uses the 2.2.13-11 >>> while 8.10 uses the 2.2.13-13. I am thinking of trying 8.10 to see if >>> it works.. if not.. sadly I am wondering if we will have to move the >>> system over to a full Debian stable/testing? I would not be happy to >>> build a Debian testing system to find out we have the same issue. >>> Would >>> this be a Ubuntu related issue with their patches? Has anyone else >>> have >>> had the same issue without using Ubuntu? >>> >>> -Adam >>> -- >>> >> >> OK. I have tried everything I know. I have converted the user.sub file >> from flat file to skiplist and it still gives me the same issue. I have >> also created a new test install of Debian stable with just the same >> setup but using 2.2.13-10 and everything is the same. When I am using >> cyradm in the command line even loged in to the user accout and >> subscribe to a folder I just created, I again get: >> >> PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ >> COMMAND >> 3489 cyrus 25 0 81212 3968 3116 R 99.9 1.3 4:39.88 >> imapd >> >> I have converted everything over to skiplist even quota to make sure and >> as far as I am sure it is not related to that. My >> /usr/lib/cyrus/cyrus-db-types.active reads: >> >> ANNOTATION skiplist >> DBENGINE BerkeleyDB4.2 >> DUPLICATE skiplist >> MBOX skiplist >> PTS berkeley >> QUOTA quotalegacy >> SEEN skiplist >> SUBS skiplist >> TLS skiplist >> >> >> My cyrus.conf file reads as: >> START { >> # do not delete this entry! >> recover cmd="/usr/sbin/ctl_cyrusdb -r" >> >> # this is only necessary if idlemethod is set to "idled" in >> imapd.conf >> #idled cmd="idled" >> >> # this is useful on backend nodes of a Murder cluster >> # it causes the backend to syncronize its mailbox list with >> # the mupdate master upon startup >> #mupdatepush cmd="/usr/sbin/ctl_mboxlist -m" >> >> # this is recommended if using duplicate delivery suppression >> delprune cmd="/usr/sbin/cyr_expire -E 3" >> # this is recommended if caching TLS sessions >> tlsprune cmd="/usr/sbin/tls_prune" >> } >> SERVICES { >> # --- Normal cyrus spool, or Murder backends --- >> # add or remove based on preferences >> imap cmd="imapd -U 30" listen="imap" prefork=0 >> maxchild=100 >> imaps cmd="imapd -s -U 30" listen="imaps" prefork=0 >> maxchild=100 >> #pop3 cmd="pop3d -U 30" listen="pop3" prefork=0 >> maxchild=50 >> #pop3s cmd="pop3d -s -U 30" listen="pop3s" prefork=0 >> maxchild=50 >> #nntp cmd="nntpd -U 30" listen="nntp" prefork=0 >> maxchild=100 >> #nntps cmd="nntpd -s -U 30" listen="nntps" prefork=0 >> maxchild=100 >> >> # At least one form of LMTP is required for delivery >> # (you must keep the Unix socket name in sync with imap.conf) >> #lmtp cmd="lmtpd" listen="localhost:lmtp" prefork=0 >> maxchild=20 >> lmtpunix cmd="lmtpd" listen="/var/run/cyrus/socket/lmtp" >> prefork=0 maxchild=20 >> # ---------------------------------------------- >> >> # useful if you need to give users remote access to sieve >> # by default, we limit this to localhost in Debian >> sieve cmd="timsieved" listen="localhost:sieve" >> prefork=0 maxchild=100 >> # this one is needed for the notification services >> notify cmd="notifyd" >> listen="/var/run/cyrus/socket/notify" proto="udp" prefork=1 >> >> } >> >> EVENTS { >> # this is required >> checkpoint cmd="/usr/sbin/ctl_cyrusdb -c" period=30 >> >> # this is only necessary if using duplicate delivery suppression >> delprune cmd="/usr/sbin/cyr_expire -E 3" at=0401 >> >> # this is only necessary if caching TLS sessions >> tlsprune cmd="/usr/sbin/tls_prune" at=0401 >> >> # indexing of mailboxs for server side fulltext searches >> >> # reindex changed mailboxes (fulltext) approximately every other >> hour >> squatter_1 cmd="/usr/bin/nice -n 19 /usr/sbin/squatter -s" >> period=120 >> >> # reindex all mailboxes (fulltext) daily >> squatter_a cmd="/usr/sbin/squatter" at=0517 >> } >> >> >> My imap.conf reads: >> configdirectory: /var/lib/cyrus >> defaultpartition: default >> partition-default: /var/spool/cyrus/mail >> partition-news: /var/spool/cyrus/news >> newsspool: /var/spool/news >> altnamespace: no >> unixhierarchysep: yes >> lmtp_downcase_rcpt: yes >> admins: cyrus >> imap_admins: cyrus >> sieve_admins: cyrus >> allowanonymouslogin: no >> autocreatequota: 0 >> umask: 077 >> sieveusehomedir: false >> sievedir: /var/spool/sieve >> allowplaintext: yes >> allowapop: no >> loginrealms: @domain1.tld @domain2.tld >> virtdomains: userid >> defaultdomain: domain1.tld >> sasl_pwcheck_method: saslauthd >> sasl_auto_transition: no >> tls_ca_path: /etc/ssl/certs >> tls_session_timeout: 1440 >> lmtpsocket: /var/run/cyrus/socket/lmtp >> idlemethod: poll >> idlesocket: /var/run/cyrus/socket/idle >> notifysocket: /var/run/cyrus/socket/notify >> syslog_prefix: cyrus >> # Extras >> allowusermoves: 1 >> defaultacl: anyone lrs >> userprefix: user >> servername: domain1.tld >> >> # Hashing (mailbox storing) >> fulldirhash: true >> >> createonpost: yes >> autocreateinboxfolders: "Drafts|Sent|Templates|Trash|Junk Mail" >> autosubscribeinboxfolders: "Drafts|Sent|Templates|Trash|Junk Mail" >> >> singleinstancestore: 1 >> allowallsubscribe: 1 >> >> >> # Sieve >> anysievefolder: yes >> autosievefolders: Drafts|Sent|Templates|JunkMail >> ##autocreate_sieve_script: /var/spool/sieve/default-scripts >> ##autocreate_sieve_compiledscript: >> ##generate_compiled_sieve_script: true >> sieve_extensions: fileinto, reject, vacation, imapflags, notify, >> include, envelope, body, relational, >> regex, subaddress, copy >> sieve_maxscriptsize: 75 >> sieve_maxscripts: 100 >> >> >> # File formats >> annotation_db: skiplist >> duplicate_db: skiplist >> # mboxkey_db: skiplist >> # ptscache_db skiplist >> mboxlist_db: skiplist >> seenstate_db: skiplist >> tlscache_db: skiplist >> subscription_db: skiplist >> >> # DB tuning >> #berkeley_cachesize: 10240 >> #berkeley_locks_max: 5000 >> #berkeley_txns_max: 1000 >> >> #softfail if over quota >> lmtp_over_quota_perm_failure: 0 >> >> >> quotawarn: 90 >> duplicatesuppression: 1 >> >> >> I am totally at a lose and have exhausted everything I know and have >> read, researched. I even bought the book of IMAP which is a very good >> read by the way. >> >> Thanks in advanced. >> >> -Adam >> ---- >> Cyrus Home Page: http://cyrusimap.web.cmu.edu/ >> Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki >> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html >> >> > Has anyone else had this same issue and have been able to fix it? I > really do not know why when deleting the username.sub.NEW file it is > recreated and when making changes to the subscriptions an imapd process > is spawned and freezes. I didn't follow the thread but, did you reconstruct your mailspool? Things like that are usually a filesystem full problem or some kind of corruption in the mailspool. Simon From brong at fastmail.fm Wed Oct 1 02:53:35 2008 From: brong at fastmail.fm (Bron Gondwana) Date: Wed, 1 Oct 2008 16:53:35 +1000 Subject: Issues with user.sub files - subscription files hangs system. In-Reply-To: <48E305DA.8010705@gmail.com> References: <48CB26A3.6090603@gmail.com> <48D0B228.3090404@gmail.com> <48D0C133.9070808@bkr-ac.de> <48D12F5C.8040006@gmail.com> <48D64916.4000706@gmail.com> <48E305DA.8010705@gmail.com> Message-ID: <20081001065335.GA2027@brong.net> On Tue, Sep 30, 2008 at 10:08:42PM -0700, Adam D wrote: > >> I thought about that last night as well and we are having the same issue > >> with a system using Ubuntu 7.10. I did noticed though 7.04, 7.10, 8.04 > >> are all using 2.2.13 but different patches. 7.10 uses the 2.2.13-11 > >> while 8.10 uses the 2.2.13-13. I am thinking of trying 8.10 to see if > >> it works.. if not.. sadly I am wondering if we will have to move the > >> system over to a full Debian stable/testing? I would not be happy to > >> build a Debian testing system to find out we have the same issue. Would > >> this be a Ubuntu related issue with their patches? Has anyone else have > >> had the same issue without using Ubuntu? I'm running Ubuntu 8.04 on this laptop, so I've just pulled in the sources for cyrus-imapd-2.2. (hmm, I notice they're not shipping my skiplist patches. I might prod them about that...) I don't see the autocreateinbox stuff anywhere in the code. Odd. Does Ubuntu actually apply those patches? Bron. From emlists at gmail.com Wed Oct 1 05:02:12 2008 From: emlists at gmail.com (Adam D) Date: Wed, 01 Oct 2008 02:02:12 -0700 Subject: Issues with user.sub files - subscription files hangs system. In-Reply-To: <20081001064017.GB1991@brong.net> References: <48CB26A3.6090603@gmail.com> <48D0B228.3090404@gmail.com> <48D0C133.9070808@bkr-ac.de> <48D12F5C.8040006@gmail.com> <48D64916.4000706@gmail.com> <48E305DA.8010705@gmail.com> <20081001064017.GB1991@brong.net> Message-ID: <48E33C94.7040703@gmail.com> Sorry, been doing some extensive testing and every test still end in the same results. Bron Gondwana wrote: > On Tue, Sep 30, 2008 at 10:08:42PM -0700, Adam D wrote: > >>> createonpost: yes >>> autocreateinboxfolders: "Drafts|Sent|Templates|Trash|Junk Mail" >>> autosubscribeinboxfolders: "Drafts|Sent|Templates|Trash|Junk Mail" >>> > > I would suspect these in the first instance, having never seen this > behaviour before on any of our production systems. You're running > the auto-create-folders patch obviously. > Ahhh, yes... We did not use the auto-create patch on this system. > The existance of the .NEW file for a skiplist suggests that something > crashed during a checkpoint. Are you sure that it's a skiplist database > being used for the .sub file? > We had converted the sub file to a skiplist from a flat file and either format still gave the .sub.NEW file. The server had crashed on a couple of power outages in a single day but oddly even a new built Debian system without any of our configs still gave us the same issue. Currently the .sub file is a flat file. From each of our testing this happens on a fresh raw install to our production server. > Can you email me the .sub file if it's not too confidential. I'm > interested in seeing if anything's wrong with it. I really do think > it's probably in the autosubscribe code... I don't run the Ubuntu > or Debian packages directly anyway, because we use 2.3.x for the > replication features and some other goodies. > > Regards, > > Bron. > > From emlists at gmail.com Wed Oct 1 05:07:23 2008 From: emlists at gmail.com (Adam D) Date: Wed, 01 Oct 2008 02:07:23 -0700 Subject: Issues with user.sub files - subscription files hangs system. In-Reply-To: <754263e14226c15a99927852f915d0ee.squirrel@webmail.bi.corp.invoca.ch> References: <48CB26A3.6090603@gmail.com> <48D0B228.3090404@gmail.com> <48D0C133.9070808@bkr-ac.de> <48D12F5C.8040006@gmail.com> <48D64916.4000706@gmail.com> <48E305DA.8010705@gmail.com> <754263e14226c15a99927852f915d0ee.squirrel@webmail.bi.corp.invoca.ch> Message-ID: <48E33DCB.9020305@gmail.com> Simon Matter wrote: >> [snip] >> Has anyone else had this same issue and have been able to fix it? I >> really do not know why when deleting the username.sub.NEW file it is >> recreated and when making changes to the subscriptions an imapd process >> is spawned and freezes. >> > > I didn't follow the thread but, did you reconstruct your mailspool? Things > like that are usually a filesystem full problem or some kind of corruption > in the mailspool. > > Simon > Yes, we ran reconstruct as cyrus user for all mailboxes. It did take a while but does reconstruct, reconstructs the sub and seen files? Would the corruption be in the mboxlist_db or in the subscription_db? Thank you -Adam From emlists at gmail.com Wed Oct 1 05:15:20 2008 From: emlists at gmail.com (Adam D) Date: Wed, 01 Oct 2008 02:15:20 -0700 Subject: Issues with user.sub files - subscription files hangs system. In-Reply-To: <20081001065335.GA2027@brong.net> References: <48CB26A3.6090603@gmail.com> <48D0B228.3090404@gmail.com> <48D0C133.9070808@bkr-ac.de> <48D12F5C.8040006@gmail.com> <48D64916.4000706@gmail.com> <48E305DA.8010705@gmail.com> <20081001065335.GA2027@brong.net> Message-ID: <48E33FA8.5030001@gmail.com> Bron Gondwana wrote: > On Tue, Sep 30, 2008 at 10:08:42PM -0700, Adam D wrote: > >>>> I thought about that last night as well and we are having the same issue >>>> with a system using Ubuntu 7.10. I did noticed though 7.04, 7.10, 8.04 >>>> are all using 2.2.13 but different patches. 7.10 uses the 2.2.13-11 >>>> while 8.10 uses the 2.2.13-13. I am thinking of trying 8.10 to see if >>>> it works.. if not.. sadly I am wondering if we will have to move the >>>> system over to a full Debian stable/testing? I would not be happy to >>>> build a Debian testing system to find out we have the same issue. Would >>>> this be a Ubuntu related issue with their patches? Has anyone else have >>>> had the same issue without using Ubuntu? >>>> > > I'm running Ubuntu 8.04 on this laptop, so I've just pulled in the > sources for cyrus-imapd-2.2. > > (hmm, I notice they're not shipping my skiplist patches. I might > prod them about that...) > > I don't see the autocreateinbox stuff anywhere in the code. Odd. > Does Ubuntu actually apply those patches? > > Bron You are correct. Ubuntu nor Debian are not shipping with the auto create patches as far as I know. An oversight and we took the auto create out of imap.conf but it did not make any difference. I had thought maybe any of the mail boxes were corrupted so we created a raw Debian stable system (just with the same imap.conf) on a xen server with just enough to run cyrus for testing and we still ran into the same issues. Maybe could it be related to any of the settings? The production server was running DTC control panel and on the testing system the DTC settings were removed (mysql). Tomorrow night I can recreate a default cyrus config settings to make sure without any costume configs. -Adam From brong at fastmail.fm Wed Oct 1 09:00:28 2008 From: brong at fastmail.fm (Bron Gondwana) Date: Wed, 1 Oct 2008 23:00:28 +1000 Subject: Issues with user.sub files - subscription files hangs system. In-Reply-To: <48E33DCB.9020305@gmail.com> References: <48CB26A3.6090603@gmail.com> <48D0B228.3090404@gmail.com> <48D0C133.9070808@bkr-ac.de> <48D12F5C.8040006@gmail.com> <48D64916.4000706@gmail.com> <48E305DA.8010705@gmail.com> <754263e14226c15a99927852f915d0ee.squirrel@webmail.bi.corp.invoca.ch> <48E33DCB.9020305@gmail.com> Message-ID: <20081001130028.GA15730@brong.net> On Wed, Oct 01, 2008 at 02:07:23AM -0700, Adam D wrote: > Simon Matter wrote: > >> [snip] > >> Has anyone else had this same issue and have been able to fix it? I > >> really do not know why when deleting the username.sub.NEW file it is > >> recreated and when making changes to the subscriptions an imapd process > >> is spawned and freezes. > >> > > > > I didn't follow the thread but, did you reconstruct your mailspool? Things > > like that are usually a filesystem full problem or some kind of corruption > > in the mailspool. > > > > Simon > > > Yes, we ran reconstruct as cyrus user for all mailboxes. It did take a > while but does reconstruct, reconstructs the sub and seen files? Would > the corruption be in the mboxlist_db or in the subscription_db? *sigh* It looks a whole lot like this old cow rearing its ugly head again: http://lkml.org/lkml/2008/6/17/9 Here's the interesting bit: niov = 0; if (offset) { WRITEV_ADD_TO_IOVEC(iov, niov, (char *) db->base, offset); } if (data) { /* new entry */ WRITEV_ADD_TO_IOVEC(iov, niov, (char *) key, keylen); WRITEV_ADD_TO_IOVEC(iov, niov, "\t", 1); WRITEV_ADD_TO_IOVEC(iov, niov, (char *) data, datalen); WRITEV_ADD_TO_IOVEC(iov, niov, "\n", 1); } if (db->size - (offset + len) > 0) { WRITEV_ADD_TO_IOVEC(iov, niov, (char *) db->base + offset + len, db->size - (offset + len)); } See that last one - it's being written from mmapped memory that's probably not yet paged in. It will be replaced with a bunch of zeros. Yay zeros. Looks remarkably like the bug that I saw in the copies of the admin.sub and admin.sub.NEW files that were emailed to me. Fix: use a kernel since 2.6.25.7. 2.6.25.8 contains the patch: x86-64: Fix "bytes left to copy" return value for copy_from_user() from Linus which fixes the issue. Bron ( it was also harder to trigger before 2.6.22, but still existed ) From brong at fastmail.fm Wed Oct 1 09:16:11 2008 From: brong at fastmail.fm (Bron Gondwana) Date: Wed, 1 Oct 2008 23:16:11 +1000 Subject: Issues with user.sub files - subscription files hangs system. In-Reply-To: <48E33FA8.5030001@gmail.com> References: <48CB26A3.6090603@gmail.com> <48D0B228.3090404@gmail.com> <48D0C133.9070808@bkr-ac.de> <48D12F5C.8040006@gmail.com> <48D64916.4000706@gmail.com> <48E305DA.8010705@gmail.com> <20081001065335.GA2027@brong.net> <48E33FA8.5030001@gmail.com> Message-ID: <20081001131611.GA17761@brong.net> On Wed, Oct 01, 2008 at 02:15:20AM -0700, Adam D wrote: > I had thought maybe any of the mail boxes were corrupted so we created a > raw Debian stable system (just with the same imap.conf) on a xen server > with just enough to run cyrus for testing and we still ran into the same > issues. Maybe could it be related to any of the settings? The > production server was running DTC control panel and on the testing > system the DTC settings were removed (mysql). Try a 32 bit kernel if you can't upgrade the kernel to a new version. It's a kernel bug, I'm pretty sure. I can make you a skiplist from those files easily enough, but if you're running a buggy kernel it won't help you any (besides, skiplist in 2.2 is buggy as all whatsit... and I can tell you the code in cyrusdb_flat.c stinks too. Whoever wrote this stuff must have done it before any of the concepts like factoring identical code out into functions had been invented!) Bron. From emlists at gmail.com Wed Oct 1 20:54:45 2008 From: emlists at gmail.com (Adam D) Date: Wed, 01 Oct 2008 17:54:45 -0700 Subject: Issues with user.sub files - subscription files hangs system. In-Reply-To: <20081001131611.GA17761@brong.net> References: <48CB26A3.6090603@gmail.com> <48D0B228.3090404@gmail.com> <48D0C133.9070808@bkr-ac.de> <48D12F5C.8040006@gmail.com> <48D64916.4000706@gmail.com> <48E305DA.8010705@gmail.com> <20081001065335.GA2027@brong.net> <48E33FA8.5030001@gmail.com> <20081001131611.GA17761@brong.net> Message-ID: <48E41BD5.2030705@gmail.com> Bron Gondwana wrote: > On Wed, Oct 01, 2008 at 02:15:20AM -0700, Adam D wrote: > >> I had thought maybe any of the mail boxes were corrupted so we created a >> raw Debian stable system (just with the same imap.conf) on a xen server >> with just enough to run cyrus for testing and we still ran into the same >> issues. Maybe could it be related to any of the settings? The >> production server was running DTC control panel and on the testing >> system the DTC settings were removed (mysql). >> > > Try a 32 bit kernel if you can't upgrade the kernel to a new version. > It's a kernel bug, I'm pretty sure. > > I can make you a skiplist from those files easily enough, but if you're > running a buggy kernel it won't help you any (besides, skiplist in 2.2 > is buggy as all whatsit... and I can tell you the code in cyrusdb_flat.c > stinks too. Whoever wrote this stuff must have done it before any of > the concepts like factoring identical code out into functions had been > invented!) > > Bron. > > Bron, Thank you...... Thank you.... It does make a lot of sense esp since It was not a specific Ubuntu vs. Debian issue. settings. Late tonight we will make a test with the latest kernel and let you know. This helped tremendously. -Adam From vsawney at fit.edu Thu Oct 2 09:10:39 2008 From: vsawney at fit.edu (Valentino Sawney) Date: Thu, 2 Oct 2008 09:10:39 -0400 Subject: Question ?? Message-ID: Periodically some clients get this error "Mailbox is locked by POP server " whenever they try to connect to our frontend mail servers. I am currently running the cyrus murder cluster in production with two frontend servers and two backend servers. The error above pops up on the backend servers whenever the connection is forwarded to backend . Are there any known fixes for this. Thank Alots. Junior Sawney -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20081002/dfff80e4/attachment.html From brennan at columbia.edu Thu Oct 2 09:18:14 2008 From: brennan at columbia.edu (Joseph Brennan) Date: Thu, 02 Oct 2008 09:18:14 -0400 Subject: Question ?? In-Reply-To: References: Message-ID: <0AD5A820000734DEEB6E8B1D@sodor.cc.columbia.edu> --On Thursday, October 2, 2008 9:10 -0400 Valentino Sawney wrote: > > > Periodically some clients get this error "Mailbox is locked by POP server > " whenever they try to connect to our frontend mail servers. > > > > I am currently running the cyrus murder cluster in production with two > frontend servers and two backend servers. The error above pops up on the > backend servers whenever the connection is forwarded to backend . > > > > Are there any known fixes for this. > That's normal, since the POP protocol requires the mailbox be locked for the duration of a POP session. People who run two POP clients at once will see the error message sometimes. Of course if POP sessions don't quit when the client quits, that's another story. Joseph Brennan Columbia University Information Technology From simon.matter at invoca.ch Fri Oct 3 04:31:06 2008 From: simon.matter at invoca.ch (Simon Matter) Date: Fri, 3 Oct 2008 10:31:06 +0200 (CEST) Subject: Problems with frontend to backend authentication in murder 2.3.12 In-Reply-To: References: <48E22A25.5000009@onlight.com> Message-ID: <2082957295827421c89d501f661ea703.squirrel@webmail.bi.corp.invoca.ch> > On 30 Sep 2008, at 09:31, Nic Bernstein wrote: >> I have seen much discussion of the "no mechanism available" issue, but >> the answer typically is "install certificates," or "Use START_TLS" or >> the like. Well, I have certificates, I have START_TLS, and I still >> have >> this problem. How do I get the frontend to use PLAIN+TLS?? > > PLAIN+TLS is not a mechanism. In the released code, if you want PLAIN > +TLS, you need to configure the server to not allow plain text. You > also need to not configure the frontend with a mechanism at all. > Personally, I think this is a bug. See: > > https://bugzilla.andrew.cmu.edu/show_bug.cgi?id=3093 > > for a fix. Good luck. Any update on this issue? I'm wondering whether the patch will go into 2.3.13? Simon From wes at umich.edu Fri Oct 3 23:19:21 2008 From: wes at umich.edu (Wesley Craig) Date: Fri, 3 Oct 2008 23:19:21 -0400 Subject: Problems with frontend to backend authentication in murder 2.3.12 In-Reply-To: <2082957295827421c89d501f661ea703.squirrel@webmail.bi.corp.invoca.ch> References: <48E22A25.5000009@onlight.com> <2082957295827421c89d501f661ea703.squirrel@webmail.bi.corp.invoca.ch> Message-ID: <69240BC1-A146-43D4-B6D6-27996A7285F3@umich.edu> On 03 Oct 2008, at 04:31, Simon Matter wrote: > Any update on this issue? I'm wondering whether the patch will go into > 2.3.13? Nic and I are still talking. This patch will likely be applied after 2.3.13 is released. We've already made "last call" for 2.3.13. I did find a bug in the version Nic tried, so if you're messing with it, you should get it again. :wes From dnewman at networktest.com Sun Oct 5 16:02:56 2008 From: dnewman at networktest.com (David Newman) Date: Sun, 05 Oct 2008 13:02:56 -0700 Subject: compiling cyrus-imapd on amd64 Message-ID: <48E91D70.6090906@networktest.com> cyrus-imapd-2.3.12p2, FreeBSD 7.0 64-bit, Opteron CPUs When building from source, running configure produces this error: checking build system type... Invalid configuration `amd64-unknown-freebsd7.0': machine `amd64-unknown' not recognized Searching archives showed some posts from a few years ago asking if autoconf and automake are installed (they are). Is cyrus-imapd supported on 64-bit amd machines? If so, what steps are needed to compile it? thanks dn From michael.menge at zdv.uni-tuebingen.de Sun Oct 5 18:14:55 2008 From: michael.menge at zdv.uni-tuebingen.de (Michael Menge) Date: Mon, 6 Oct 2008 00:14:55 +0200 Subject: compiling cyrus-imapd on amd64 In-Reply-To: <48E91D70.6090906@networktest.com> References: <48E91D70.6090906@networktest.com> Message-ID: <20081006001455.iiqa9o6vr4ww8gs8@webmail.uni-tuebingen.de> Hi Quoting David Newman : > cyrus-imapd-2.3.12p2, FreeBSD 7.0 64-bit, Opteron CPUs > > When building from source, running configure produces this error: > > checking build system type... Invalid configuration > `amd64-unknown-freebsd7.0': machine `amd64-unknown' not recognized > > Searching archives showed some posts from a few years ago asking if > autoconf and automake are installed (they are). > > Is cyrus-imapd supported on 64-bit amd machines? If so, what steps are > needed to compile it? > the config.guess and config.sub included in cyrus are very old, replace them with a newer version.You may already have a newer version on your system. Regards Michael -------------------------------------------------------------------------------- M.Menge Tel.: (49) 7071/29-70316 Universitaet Tuebingen Fax.: (49) 7071/29-5912 Zentrum fuer Datenverarbeitung mail: michael.menge at zdv.uni-tuebingen.de Waechterstrasse 76 72074 Tuebingen From wes at umich.edu Sun Oct 5 21:21:55 2008 From: wes at umich.edu (Wesley Craig) Date: Sun, 5 Oct 2008 21:21:55 -0400 Subject: compiling cyrus-imapd on amd64 In-Reply-To: <20081006001455.iiqa9o6vr4ww8gs8@webmail.uni-tuebingen.de> References: <48E91D70.6090906@networktest.com> <20081006001455.iiqa9o6vr4ww8gs8@webmail.uni-tuebingen.de> Message-ID: <7423DA68-2ABE-4EBE-A437-BE872DC2D75E@umich.edu> On 05 Oct 2008, at 18:14, Michael Menge wrote: > the config.guess and config.sub included in cyrus are very old, > replace them with a newer version.You may already have a newer version > on your system. Also, the latest config.guess and .sub have been committed to HEAD for inclusion in the upcoming release. :wes From tarjei at nu.no Mon Oct 6 08:49:04 2008 From: tarjei at nu.no (tarjei) Date: Mon, 06 Oct 2008 14:49:04 +0200 Subject: ACL to deny move mailbox/folder Message-ID: <48EA0940.30009@nu.no> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, I got a shared folder where I want users to be able to create subfolders, but where I want to restrict the users so they do not move or delete the shared folder. The folder is a top level shared folder. I read through the cyradm documentation, but it wasn't very clear on how to do this. Is it possible? Should I consider other ways to do this - for example change the file permissions of the mailbox directory directly? All tips are welcome. Kind regards, Tarjei -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFI6glAYVRKCnSvzfIRAsvfAJ95/s+vO/Pb37SQJkYGgGg2PZC26ACeJdEL PaqZg6SjMVPV6XJ/mp7BdUM= =+ywm -----END PGP SIGNATURE----- From murch at andrew.cmu.edu Mon Oct 6 11:33:18 2008 From: murch at andrew.cmu.edu (Ken Murchison) Date: Mon, 06 Oct 2008 11:33:18 -0400 Subject: Cyrus 2.3.13 RC2 Message-ID: <48EA2FBE.2000009@andrew.cmu.edu> I just put together a second release candidate for Cyrus 2.3.13. I'd appreciate any independent testing before I release this to the masses. http://www.contrib.andrew.cmu.edu/~murch/cyrus-imapd-2.3.13rc2.tar.gz http://www.contrib.andrew.cmu.edu/~murch/cyrus-imapd-2.3.13rc2.tar.gz.sig Noteworthy changes: * Added an experimental "sql" backend for cyrusdb. Currently MySQL, PostgreSQL, and SQLite are supported. * Added support for IMAP [CAPABILITY] response code to client-side of Murder proxies. * Added support for ManageSieve auto-capability response after STARTTLS and after AUTH with a SASL security layer. * Made MAXWORD and MAXQUOTED sizes configurable via imapd.conf * Rewrote cyrusdb_quotalegacy.c to use readir() rather than glob.c. This avoids a potential crash due to conflicts between glibc and Heimdal implementations of glob(). * Added support for fulldirhash to 'ctl_mboxlist -v' * Several skiplist transaction bugfixes. * cyr_expire no longer has a default of 0 (zero) for -X and -D. These options must be used explicitly in order to have the desired effect. * Added sieve_utf8fileinto option. Check doc/changes.html for a complete list of changes. If there are any outstanding issues that you believe still need to be addressed in 2.3.13, please let me know. -- Kenneth Murchison Systems Programmer Project Cyrus Developer/Maintainer Carnegie Mellon University From dnewman at networktest.com Mon Oct 6 11:37:31 2008 From: dnewman at networktest.com (David Newman) Date: Mon, 06 Oct 2008 08:37:31 -0700 Subject: compiling cyrus-imapd on amd64 In-Reply-To: <7423DA68-2ABE-4EBE-A437-BE872DC2D75E@umich.edu> References: <48E91D70.6090906@networktest.com> <20081006001455.iiqa9o6vr4ww8gs8@webmail.uni-tuebingen.de> <7423DA68-2ABE-4EBE-A437-BE872DC2D75E@umich.edu> Message-ID: <48EA30BB.8040106@networktest.com> On 10/5/08 6:21 PM, Wesley Craig wrote: > On 05 Oct 2008, at 18:14, Michael Menge wrote: >> the config.guess and config.sub included in cyrus are very old, >> replace them with a newer version.You may already have a newer version >> on your system. > > Also, the latest config.guess and .sub have been committed to HEAD > for inclusion in the upcoming release. Thanks for your responses. Where are the newer config.guess and config.sub files? thanks again dn From ram at netcore.co.in Tue Oct 7 02:21:55 2008 From: ram at netcore.co.in (ram) Date: Tue, 07 Oct 2008 11:51:55 +0530 Subject: Allow all numeric mailbox names Message-ID: <1223360515.588.50.camel@darkstar.netcore.co.in> How do I allow all numeric mailbox names in cyrus On my old cyrus imapd server( 2.2.38) when I create a numeric mailbox and try logging in on pop I get an error immediately after giving username [root at netserv root]# telnet localhost 110 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. +OK POP3 server ready user 821012 -ERR [AUTH] Invalid user From simon.matter at invoca.ch Tue Oct 7 06:18:01 2008 From: simon.matter at invoca.ch (Simon Matter) Date: Tue, 7 Oct 2008 12:18:01 +0200 (CEST) Subject: Cyrus 2.3.13 RC2 In-Reply-To: <48EA2FBE.2000009@andrew.cmu.edu> References: <48EA2FBE.2000009@andrew.cmu.edu> Message-ID: <2e630656ac2399f84971202c829c3874.squirrel@webmail.bi.corp.invoca.ch> > I just put together a second release candidate for Cyrus 2.3.13. I'd > appreciate any independent testing before I release this to the masses. > > http://www.contrib.andrew.cmu.edu/~murch/cyrus-imapd-2.3.13rc2.tar.gz > http://www.contrib.andrew.cmu.edu/~murch/cyrus-imapd-2.3.13rc2.tar.gz.sig > > > Noteworthy changes: > > * Added an experimental "sql" backend for cyrusdb. Currently MySQL, > PostgreSQL, and SQLite are supported. > * Added support for IMAP [CAPABILITY] response code to client-side > of Murder proxies. > * Added support for ManageSieve auto-capability response after > STARTTLS and after AUTH with a SASL security layer. > * Made MAXWORD and MAXQUOTED sizes configurable via imapd.conf > * Rewrote cyrusdb_quotalegacy.c to use readir() > rather than glob.c. This avoids a potential crash due to > conflicts between glibc and Heimdal implementations of glob(). > * Added support for fulldirhash to 'ctl_mboxlist -v' > * Several skiplist transaction bugfixes. > * cyr_expire no longer has a default of 0 (zero) for -X and -D. > These options must be used explicitly in order to have the desired > effect. > * Added sieve_utf8fileinto option. > > Check doc/changes.html for a complete list of changes. > > If there are any outstanding issues that you believe still need to be > addressed in 2.3.13, please let me know. I did some test builds on different systems and found that postgresql support doesn't work with postgresql 7.1.x and 7.2.x as shown in the error below. I understand that these are old versions but if there is an easy workaround for the problem it would still be nice. One question to the new sieve_utf8fileinto options, is the default that it behaves like old cyrus versions? Thanks, Simon i386-redhat-linux-gcc -L/usr/lib -lpcreposix -lpcre -L/usr/lib/mysql -L/usr/include/mysql -Wl,-rpath,/usr/include/mysql -L/usr/include/pgsql/lib -Wl,-rpath,/usr/include/pgsql/lib -o imapd \ ../master/service.o pushstats.o imapd.o proxy.o imap_proxy.o index.o version.o mutex_fake.o \ libimap.a ../lib/libcyrus.a ../lib/libcyrus_min.a -lsasl2 -lssl -lcrypto -lresolv -lfl -lresolv -ldb-3.2 -lmysqlclient -lpq -lpcre -lpcreposix -lcom_err -lwrap -lnsl /usr/bin/ld: warning: libcom_err.so.3, needed by /usr/lib/libpq.so, may conflict with libcom_err.so.2 ../lib/libcyrus.a(cyrusdb_sql.o): In function `_pgsql_escape': cyrusdb_sql.o(.text+0x4af): undefined reference to `PQescapeBytea' ../lib/libcyrus.a(cyrusdb_sql.o): In function `_pgsql_exec': cyrusdb_sql.o(.text+0x5ae): undefined reference to `PQunescapeBytea' cyrusdb_sql.o(.text+0x5d1): undefined reference to `PQunescapeBytea' collect2: ld returned 1 exit status make[1]: *** [imapd] Error 1 make[1]: Leaving directory `/usr/src/redhat/BUILD/cyrus-imapd-2.3.13rc2/imap' make: *** [all] Error 1 error: Bad exit status from /var/tmp/rpm-tmp.769 (%build) From murch at andrew.cmu.edu Tue Oct 7 06:26:18 2008 From: murch at andrew.cmu.edu (Ken Murchison) Date: Tue, 07 Oct 2008 06:26:18 -0400 Subject: Cyrus 2.3.13 RC2 In-Reply-To: <2e630656ac2399f84971202c829c3874.squirrel@webmail.bi.corp.invoca.ch> References: <48EA2FBE.2000009@andrew.cmu.edu> <2e630656ac2399f84971202c829c3874.squirrel@webmail.bi.corp.invoca.ch> Message-ID: <48EB394A.40702@andrew.cmu.edu> Simon Matter wrote: >> I just put together a second release candidate for Cyrus 2.3.13. I'd >> appreciate any independent testing before I release this to the masses. >> >> http://www.contrib.andrew.cmu.edu/~murch/cyrus-imapd-2.3.13rc2.tar.gz >> http://www.contrib.andrew.cmu.edu/~murch/cyrus-imapd-2.3.13rc2.tar.gz.sig >> >> >> Noteworthy changes: >> >> * Added an experimental "sql" backend for cyrusdb. Currently MySQL, >> PostgreSQL, and SQLite are supported. >> * Added support for IMAP [CAPABILITY] response code to client-side >> of Murder proxies. >> * Added support for ManageSieve auto-capability response after >> STARTTLS and after AUTH with a SASL security layer. >> * Made MAXWORD and MAXQUOTED sizes configurable via imapd.conf >> * Rewrote cyrusdb_quotalegacy.c to use readir() >> rather than glob.c. This avoids a potential crash due to >> conflicts between glibc and Heimdal implementations of glob(). >> * Added support for fulldirhash to 'ctl_mboxlist -v' >> * Several skiplist transaction bugfixes. >> * cyr_expire no longer has a default of 0 (zero) for -X and -D. >> These options must be used explicitly in order to have the desired >> effect. >> * Added sieve_utf8fileinto option. >> >> Check doc/changes.html for a complete list of changes. >> >> If there are any outstanding issues that you believe still need to be >> addressed in 2.3.13, please let me know. > > I did some test builds on different systems and found that postgresql > support doesn't work with postgresql 7.1.x and 7.2.x as shown in the error > below. I understand that these are old versions but if there is an easy > workaround for the problem it would still be nice. Do you happen to have a workaround? > One question to the new sieve_utf8fileinto options, is the default that it > behaves like old cyrus versions? Yes. -- Kenneth Murchison Systems Programmer Project Cyrus Developer/Maintainer Carnegie Mellon University From simon.matter at invoca.ch Tue Oct 7 06:48:12 2008 From: simon.matter at invoca.ch (Simon Matter) Date: Tue, 7 Oct 2008 12:48:12 +0200 (CEST) Subject: Cyrus 2.3.13 RC2 In-Reply-To: <48EB394A.40702@andrew.cmu.edu> References: <48EA2FBE.2000009@andrew.cmu.edu> <2e630656ac2399f84971202c829c3874.squirrel@webmail.bi.corp.invoca.ch> <48EB394A.40702@andrew.cmu.edu> Message-ID: > Simon Matter wrote: >>> I just put together a second release candidate for Cyrus 2.3.13. I'd >>> appreciate any independent testing before I release this to the masses. >>> >>> http://www.contrib.andrew.cmu.edu/~murch/cyrus-imapd-2.3.13rc2.tar.gz >>> http://www.contrib.andrew.cmu.edu/~murch/cyrus-imapd-2.3.13rc2.tar.gz.sig >>> >>> >>> Noteworthy changes: >>> >>> * Added an experimental "sql" backend for cyrusdb. Currently MySQL, >>> PostgreSQL, and SQLite are supported. >>> * Added support for IMAP [CAPABILITY] response code to client-side >>> of Murder proxies. >>> * Added support for ManageSieve auto-capability response after >>> STARTTLS and after AUTH with a SASL security layer. >>> * Made MAXWORD and MAXQUOTED sizes configurable via imapd.conf >>> * Rewrote cyrusdb_quotalegacy.c to use readir() >>> rather than glob.c. This avoids a potential crash due to >>> conflicts between glibc and Heimdal implementations of glob(). >>> * Added support for fulldirhash to 'ctl_mboxlist -v' >>> * Several skiplist transaction bugfixes. >>> * cyr_expire no longer has a default of 0 (zero) for -X and -D. >>> These options must be used explicitly in order to have the desired >>> effect. >>> * Added sieve_utf8fileinto option. >>> >>> Check doc/changes.html for a complete list of changes. >>> >>> If there are any outstanding issues that you believe still need to be >>> addressed in 2.3.13, please let me know. >> >> I did some test builds on different systems and found that postgresql >> support doesn't work with postgresql 7.1.x and 7.2.x as shown in the >> error >> below. I understand that these are old versions but if there is an easy >> workaround for the problem it would still be nice. > > Do you happen to have a workaround? No unfortunately not. Maybe it's not worth to care for those old versions. Simon From ktm at rice.edu Tue Oct 7 08:48:36 2008 From: ktm at rice.edu (Kenneth Marshall) Date: Tue, 7 Oct 2008 07:48:36 -0500 Subject: Cyrus 2.3.13 RC2 In-Reply-To: <2e630656ac2399f84971202c829c3874.squirrel@webmail.bi.corp.invoca.ch> References: <48EA2FBE.2000009@andrew.cmu.edu> <2e630656ac2399f84971202c829c3874.squirrel@webmail.bi.corp.invoca.ch> Message-ID: <20081007124836.GG547@it.is.rice.edu> On Tue, Oct 07, 2008 at 12:18:01PM +0200, Simon Matter wrote: > > I just put together a second release candidate for Cyrus 2.3.13. I'd > > appreciate any independent testing before I release this to the masses. > > > > http://www.contrib.andrew.cmu.edu/~murch/cyrus-imapd-2.3.13rc2.tar.gz > > http://www.contrib.andrew.cmu.edu/~murch/cyrus-imapd-2.3.13rc2.tar.gz.sig > > > > > > Noteworthy changes: > > > > * Added an experimental "sql" backend for cyrusdb. Currently MySQL, > > PostgreSQL, and SQLite are supported. > > * Added support for IMAP [CAPABILITY] response code to client-side > > of Murder proxies. > > * Added support for ManageSieve auto-capability response after > > STARTTLS and after AUTH with a SASL security layer. > > * Made MAXWORD and MAXQUOTED sizes configurable via imapd.conf > > * Rewrote cyrusdb_quotalegacy.c to use readir() > > rather than glob.c. This avoids a potential crash due to > > conflicts between glibc and Heimdal implementations of glob(). > > * Added support for fulldirhash to 'ctl_mboxlist -v' > > * Several skiplist transaction bugfixes. > > * cyr_expire no longer has a default of 0 (zero) for -X and -D. > > These options must be used explicitly in order to have the desired > > effect. > > * Added sieve_utf8fileinto option. > > > > Check doc/changes.html for a complete list of changes. > > > > If there are any outstanding issues that you believe still need to be > > addressed in 2.3.13, please let me know. > > I did some test builds on different systems and found that postgresql > support doesn't work with postgresql 7.1.x and 7.2.x as shown in the error > below. I understand that these are old versions but if there is an easy > workaround for the problem it would still be nice. > > One question to the new sieve_utf8fileinto options, is the default that it > behaves like old cyrus versions? > > Thanks, > Simon > There have been 5 major releases of PostgreSQL since 7.2 was released and 7.2 is EOL in the next few months. I think it is completely reasonable to not support version 7.1/7.2 in a new system considering that 7.1 is EOL and 7.2 will be shortly. Cheers, Ken From murch at andrew.cmu.edu Tue Oct 7 08:52:30 2008 From: murch at andrew.cmu.edu (Ken Murchison) Date: Tue, 07 Oct 2008 08:52:30 -0400 Subject: Cyrus 2.3.13 RC2 In-Reply-To: <20081007124836.GG547@it.is.rice.edu> References: <48EA2FBE.2000009@andrew.cmu.edu> <2e630656ac2399f84971202c829c3874.squirrel@webmail.bi.corp.invoca.ch> <20081007124836.GG547@it.is.rice.edu> Message-ID: <48EB5B8E.6090009@andrew.cmu.edu> Kenneth Marshall wrote: > On Tue, Oct 07, 2008 at 12:18:01PM +0200, Simon Matter wrote: >>> I just put together a second release candidate for Cyrus 2.3.13. I'd >>> appreciate any independent testing before I release this to the masses. >>> >>> http://www.contrib.andrew.cmu.edu/~murch/cyrus-imapd-2.3.13rc2.tar.gz >>> http://www.contrib.andrew.cmu.edu/~murch/cyrus-imapd-2.3.13rc2.tar.gz.sig >>> >>> >>> Noteworthy changes: >>> >>> * Added an experimental "sql" backend for cyrusdb. Currently MySQL, >>> PostgreSQL, and SQLite are supported. >>> * Added support for IMAP [CAPABILITY] response code to client-side >>> of Murder proxies. >>> * Added support for ManageSieve auto-capability response after >>> STARTTLS and after AUTH with a SASL security layer. >>> * Made MAXWORD and MAXQUOTED sizes configurable via imapd.conf >>> * Rewrote cyrusdb_quotalegacy.c to use readir() >>> rather than glob.c. This avoids a potential crash due to >>> conflicts between glibc and Heimdal implementations of glob(). >>> * Added support for fulldirhash to 'ctl_mboxlist -v' >>> * Several skiplist transaction bugfixes. >>> * cyr_expire no longer has a default of 0 (zero) for -X and -D. >>> These options must be used explicitly in order to have the desired >>> effect. >>> * Added sieve_utf8fileinto option. >>> >>> Check doc/changes.html for a complete list of changes. >>> >>> If there are any outstanding issues that you believe still need to be >>> addressed in 2.3.13, please let me know. >> I did some test builds on different systems and found that postgresql >> support doesn't work with postgresql 7.1.x and 7.2.x as shown in the error >> below. I understand that these are old versions but if there is an easy >> workaround for the problem it would still be nice. >> >> One question to the new sieve_utf8fileinto options, is the default that it >> behaves like old cyrus versions? >> >> Thanks, >> Simon >> > > There have been 5 major releases of PostgreSQL since 7.2 was released > and 7.2 is EOL in the next few months. I think it is completely reasonable > to not support version 7.1/7.2 in a new system considering that 7.1 is > EOL and 7.2 will be shortly. I wasn't aware of the release history, thanks for that. Given this, I agree that support for 7.1/7.2 isn't necessary, especially since the cyrusdb_sql.c code is experimental and not built by default. If somebody really wants/needs 7.1/7.2 for Cyrus, they can send a patch. -- Kenneth Murchison Systems Programmer Project Cyrus Developer/Maintainer Carnegie Mellon University From eddy.beliveau at hec.ca Tue Oct 7 15:31:04 2008 From: eddy.beliveau at hec.ca (Eddy Beliveau) Date: Tue, 07 Oct 2008 15:31:04 -0400 Subject: Allow all numeric mailbox names In-Reply-To: <1223360515.588.50.camel@darkstar.netcore.co.in> References: <1223360515.588.50.camel@darkstar.netcore.co.in> Message-ID: <48EBB8F8.6000004@hec.ca> Hi! You should remove any references to variable "sawalpha" within file lib/auth_unix.c and recompile cyrus. Cheers, Eddy -------- Message original -------- Sujet : Allow all numeric mailbox names De : ram Pour : info-cyrus at lists.andrew.cmu.edu Date : 2008-10-07 02:21 > How do I allow all numeric mailbox names in cyrus > > On my old cyrus imapd server( 2.2.38) when I create a numeric mailbox > and try logging in on pop I get an error immediately after giving > username > > > [root at netserv root]# telnet localhost 110 > Trying 127.0.0.1... > Connected to localhost. > Escape character is '^]'. > +OK POP3 server ready > user 821012 > -ERR [AUTH] Invalid user > > > ---- > Cyrus Home Page: http://cyrusimap.web.cmu.edu/ > Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html > -- Eddy Beliveau HEC Montreal Montreal (Quebec) Canada From mark.cave-ayland at siriusit.co.uk Tue Oct 7 16:02:25 2008 From: mark.cave-ayland at siriusit.co.uk (Mark Cave-Ayland) Date: Tue, 07 Oct 2008 21:02:25 +0100 Subject: Cyrus 2.3.13 RC2 In-Reply-To: <20081007124836.GG547@it.is.rice.edu> References: <48EA2FBE.2000009@andrew.cmu.edu> <2e630656ac2399f84971202c829c3874.squirrel@webmail.bi.corp.invoca.ch> <20081007124836.GG547@it.is.rice.edu> Message-ID: <48EBC051.6040005@siriusit.co.uk> Kenneth Marshall wrote: > There have been 5 major releases of PostgreSQL since 7.2 was released > and 7.2 is EOL in the next few months. I think it is completely reasonable > to not support version 7.1/7.2 in a new system considering that 7.1 is > EOL and 7.2 will be shortly. > > Cheers, > Ken Oh seriously, don't even waste time worrying about it. 7.2 died a long time ago, 7.3 was EOL the beginning of this year [1], and 7.4 is about to go the same way real soon now. Normally adding 7.3 support is fairly easy if required, whereas going back to 7.2 is often a complete pain, plus you have to live with several unfixable data loss bugs... HTH, Mark. [1] http://www.postgresql.org/about/news.905 -- Mark Cave-Ayland Sirius Corporation - The Open Source Experts http://www.siriusit.co.uk T: +44 870 608 0063 From murch at andrew.cmu.edu Tue Oct 7 20:44:50 2008 From: murch at andrew.cmu.edu (Ken Murchison) Date: Tue, 07 Oct 2008 20:44:50 -0400 Subject: ACL to deny move mailbox/folder In-Reply-To: <48EA0940.30009@nu.no> References: <48EA0940.30009@nu.no> Message-ID: <48EC0282.9040804@andrew.cmu.edu> tarjei wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hi, > > I got a shared folder where I want users to be able to create > subfolders, but where I want to restrict the users so they do not move > or delete the shared folder. The folder is a top level shared folder. > > I read through the cyradm documentation, but it wasn't very clear on how > to do this. Is it possible? What version of Cyrus? If you're using 2.3.x, removing the 'x' right from your users will prevent them from deleting the mailbox. I'd have to check the ACL RFC, but I believe it will also prevent renaming (I think RENAME need delete on the source and create on the destination). -- Kenneth Murchison Systems Programmer Project Cyrus Developer/Maintainer Carnegie Mellon University From brong at fastmail.fm Wed Oct 8 00:36:06 2008 From: brong at fastmail.fm (Bron Gondwana) Date: Wed, 8 Oct 2008 15:36:06 +1100 Subject: Cyrus 2.3.13 RC2 In-Reply-To: <48EA2FBE.2000009@andrew.cmu.edu> References: <48EA2FBE.2000009@andrew.cmu.edu> Message-ID: <20081008043606.GA25036@brong.net> On Mon, Oct 06, 2008 at 11:33:18AM -0400, Ken Murchison wrote: > I just put together a second release candidate for Cyrus 2.3.13. I'd > appreciate any independent testing before I release this to the masses. Sorry about the delay in testing - we've had a few exciting issues here that had to be fixed first. > If there are any outstanding issues that you believe still need to be > addressed in 2.3.13, please let me know. No, it's looking good. I just removed the patches that have gone into CVS from my build tree and it built fine. Running on our test server now with no problems. All the patches that have gone upstream have been running happily on our production machines for a bit too. I think now's a good time to release a 2.3.13. Bron. From simon.matter at invoca.ch Wed Oct 8 02:28:45 2008 From: simon.matter at invoca.ch (Simon Matter) Date: Wed, 8 Oct 2008 08:28:45 +0200 (CEST) Subject: Cyrus 2.3.13 RC2 In-Reply-To: <48EBC051.6040005@siriusit.co.uk> References: <48EA2FBE.2000009@andrew.cmu.edu> <2e630656ac2399f84971202c829c3874.squirrel@webmail.bi.corp.invoca.ch> <20081007124836.GG547@it.is.rice.edu> <48EBC051.6040005@siriusit.co.uk> Message-ID: <8621b66c985a164dcb2dd819a31da216.squirrel@webmail.bi.corp.invoca.ch> > Kenneth Marshall wrote: > >> There have been 5 major releases of PostgreSQL since 7.2 was released >> and 7.2 is EOL in the next few months. I think it is completely >> reasonable >> to not support version 7.1/7.2 in a new system considering that 7.1 is >> EOL and 7.2 will be shortly. >> >> Cheers, >> Ken > > Oh seriously, don't even waste time worrying about it. 7.2 died a long > time ago, 7.3 was EOL the beginning of this year [1], and 7.4 is about > to go the same way real soon now. Normally adding 7.3 support is fairly > easy if required, whereas going back to 7.2 is often a complete pain, > plus you have to live with several unfixable data loss bugs... The point is that I'm maintaining cyrus-imapd rpms for RedHat/Fedora and always try to provide maximum functionality with them. PostgreSQL 7.1 is still supported there, not by the PostgreSQL team but by RedHat, so that's not a security problem or whatever. However, I understand now that it doesn't make sense to support those old version with cyrus-imapd because of the changes on the PostgreSQL side. Simon From mathieu.kretchner at sophia.inria.fr Wed Oct 8 03:37:07 2008 From: mathieu.kretchner at sophia.inria.fr (Mathieu Kretchner) Date: Wed, 08 Oct 2008 09:37:07 +0200 Subject: Mstone Benchmark Message-ID: <48EC6323.9000304@sophia.inria.fr> Hello, Does anyone have a cyrus.wld or a special configuration in order to bench imap with Mstone ? Because the result of mstone doesn't fit exactly my needs ! Thanks in advance. -------------- next part -------------- A non-text attachment was scrubbed... Name: mathieu_kretchner.vcf Type: text/x-vcard Size: 258 bytes Desc: not available Url : http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20081008/aa22c506/attachment.vcf From ian.batten at uk.fujitsu.com Wed Oct 8 04:24:49 2008 From: ian.batten at uk.fujitsu.com (Ian G Batten) Date: Wed, 8 Oct 2008 09:24:49 +0100 Subject: Cyrus 2.3.13 RC2 In-Reply-To: <20081008043606.GA25036@brong.net> References: <48EA2FBE.2000009@andrew.cmu.edu> <20081008043606.GA25036@brong.net> Message-ID: <89AB2FFA-9C15-4DB5-8E68-8FDAC9CDD284@uk.fujitsu.com> On 08 Oct 08, at 0536, Bron Gondwana wrote: > On Mon, Oct 06, 2008 at 11:33:18AM -0400, Ken Murchison wrote: >> I just put together a second release candidate for Cyrus 2.3.13. I'd >> appreciate any independent testing before I release this to the >> masses. > > Sorry about the delay in testing - we've had a few exciting issues > here that had to be fixed first. > >> If there are any outstanding issues that you believe still need to be >> addressed in 2.3.13, please let me know. > > No, it's looking good. I just removed the patches that have gone into > CVS from my build tree and it built fine. Running on our test server > now with no problems. All the patches that have gone upstream have > been running happily on our production machines for a bit too. > > I think now's a good time to release a 2.3.13. What's the testing status of the SQL backend for cyrusdb? I'll switch batten.eu.org over to it, but that only has a dozen or so users; ftel.co.uk's 1000+ users might be a little tenser. I'm keen to switch as the ability to replicate cyrusdb as well as replicating the entire mailsystem is attractive. ian From tarjei at nu.no Wed Oct 8 05:29:47 2008 From: tarjei at nu.no (tarjei) Date: Wed, 08 Oct 2008 11:29:47 +0200 Subject: ACL to deny move mailbox/folder In-Reply-To: <48EC0282.9040804@andrew.cmu.edu> References: <48EA0940.30009@nu.no> <48EC0282.9040804@andrew.cmu.edu> Message-ID: <48EC7D8B.5000301@nu.no> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Ken Murchison wrote: > tarjei wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> Hi, >> >> I got a shared folder where I want users to be able to create >> subfolders, but where I want to restrict the users so they do not move >> or delete the shared folder. The folder is a top level shared folder. >> >> I read through the cyradm documentation, but it wasn't very clear on how >> to do this. Is it possible? > > What version of Cyrus? If you're using 2.3.x, removing the 'x' right > from your users will prevent them from deleting the mailbox. I'd have > to check the ACL RFC, but I believe it will also prevent renaming (I > think RENAME need delete on the source and create on the destination). > 2.3.7. Interestingly enough, it seems that removing the 'x' right isn't possible : localhost.localdomain> lam Fag anyone lrswipkxtecda localhost.localdomain> sam Fag anyone lrswipktecda localhost.localdomain> lam Fag anyone lrswipkxtecda localhost.localdomain> sam Fag anyone write localhost.localdomain> lam Fag anyone lrswipkxtecd localhost.localdomain> sam Fag anyone lrswipktecda localhost.localdomain> lam Fag anyone lrswipkxtecda localhost.localdomain> After some fooling around, I found out that the problem is that if you give the user the a right, then you also grant the e and t rights. Also, cyradm doesn't document what the c and d rights are. A small documentation update would be nice here. Anyhow, thanks for the tip - it solves my problem I think. Kind regards, Tarjei -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFI7H2LYVRKCnSvzfIRAiwGAJ9VItud/O1CGvJGwNP1cJaD8y3MxwCgul26 vp1Bg7KB7OGVWwue9WJ/ovE= =Dqmo -----END PGP SIGNATURE----- From brong at fastmail.fm Wed Oct 8 06:19:49 2008 From: brong at fastmail.fm (Bron Gondwana) Date: Wed, 08 Oct 2008 21:19:49 +1100 Subject: Cyrus 2.3.13 RC2 In-Reply-To: <89AB2FFA-9C15-4DB5-8E68-8FDAC9CDD284@uk.fujitsu.com> References: <48EA2FBE.2000009@andrew.cmu.edu> <20081008043606.GA25036@brong.net> <89AB2FFA-9C15-4DB5-8E68-8FDAC9CDD284@uk.fujitsu.com> Message-ID: <1223461189.4822.1278157073@webmail.messagingengine.com> On Wed, 8 Oct 2008 09:24:49 +0100, "Ian G Batten" said: > What's the testing status of the SQL backend for cyrusdb? I'll > switch batten.eu.org over to it, but that only has a dozen or so > users; ftel.co.uk's 1000+ users might be a little tenser. I'm keen to > switch as the ability to replicate cyrusdb as well as replicating the > entire mailsystem is attractive. You are aware that cyrus replication replicates DB records for all the important things as well, aren't you? Bron. -- Bron Gondwana brong at fastmail.fm From murch at andrew.cmu.edu Wed Oct 8 06:25:45 2008 From: murch at andrew.cmu.edu (Ken Murchison) Date: Wed, 08 Oct 2008 06:25:45 -0400 Subject: Cyrus 2.3.13 RC2 In-Reply-To: <89AB2FFA-9C15-4DB5-8E68-8FDAC9CDD284@uk.fujitsu.com> References: <48EA2FBE.2000009@andrew.cmu.edu> <20081008043606.GA25036@brong.net> <89AB2FFA-9C15-4DB5-8E68-8FDAC9CDD284@uk.fujitsu.com> Message-ID: <48EC8AA9.7030500@andrew.cmu.edu> Ian G Batten wrote: > > On 08 Oct 08, at 0536, Bron Gondwana wrote: > >> On Mon, Oct 06, 2008 at 11:33:18AM -0400, Ken Murchison wrote: >>> I just put together a second release candidate for Cyrus 2.3.13. I'd >>> appreciate any independent testing before I release this to the masses. >> >> Sorry about the delay in testing - we've had a few exciting issues >> here that had to be fixed first. >> >>> If there are any outstanding issues that you believe still need to be >>> addressed in 2.3.13, please let me know. >> >> No, it's looking good. I just removed the patches that have gone into >> CVS from my build tree and it built fine. Running on our test server >> now with no problems. All the patches that have gone upstream have >> been running happily on our production machines for a bit too. >> >> I think now's a good time to release a 2.3.13. > > What's the testing status of the SQL backend for cyrusdb? I'll switch > batten.eu.org over to it, but that only has a dozen or so users; > ftel.co.uk's 1000+ users might be a little tenser. I'm keen to switch > as the ability to replicate cyrusdb as well as replicating the entire > mailsystem is attractive. Minimal. My boss asked if we could try to get away from BDB and move to something like SQlite. I dusted off an old SQL patch that I wrote while working for my old employer and ported it to the 2.3 code. We set it up on a test machine and threw a couple of low volume users on it and the campus didn't burn down. We haven't done any kind of load testing or performance testing yet. That's why its listed as experimental -- use at your own risk. -- Kenneth Murchison Systems Programmer Project Cyrus Developer/Maintainer Carnegie Mellon University From murch at andrew.cmu.edu Wed Oct 8 06:33:22 2008 From: murch at andrew.cmu.edu (Ken Murchison) Date: Wed, 08 Oct 2008 06:33:22 -0400 Subject: ACL to deny move mailbox/folder In-Reply-To: <48EC7D8B.5000301@nu.no> References: <48EA0940.30009@nu.no> <48EC0282.9040804@andrew.cmu.edu> <48EC7D8B.5000301@nu.no> Message-ID: <48EC8C72.9030300@andrew.cmu.edu> tarjei wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Ken Murchison wrote: >> tarjei wrote: >>> -----BEGIN PGP SIGNED MESSAGE----- >>> Hash: SHA1 >>> >>> Hi, >>> >>> I got a shared folder where I want users to be able to create >>> subfolders, but where I want to restrict the users so they do not move >>> or delete the shared folder. The folder is a top level shared folder. >>> >>> I read through the cyradm documentation, but it wasn't very clear on how >>> to do this. Is it possible? >> What version of Cyrus? If you're using 2.3.x, removing the 'x' right >> from your users will prevent them from deleting the mailbox. I'd have >> to check the ACL RFC, but I believe it will also prevent renaming (I >> think RENAME need delete on the source and create on the destination). >> 2.3.7. > > Interestingly enough, it seems that removing the 'x' right isn't possible : > > localhost.localdomain> lam Fag > anyone lrswipkxtecda > localhost.localdomain> sam Fag anyone lrswipktecda > localhost.localdomain> lam Fag > anyone lrswipkxtecda > localhost.localdomain> sam Fag anyone write > localhost.localdomain> lam Fag > anyone lrswipkxtecd > localhost.localdomain> sam Fag anyone lrswipktecda > localhost.localdomain> lam Fag > anyone lrswipkxtecda > localhost.localdomain> > > After some fooling around, I found out that the problem is that if you > give the user the a right, then you also grant the e and t rights. This would only be the case if you have 'deleteright' set to 'a'. > Also, cyradm doesn't document what the c and d rights are. They are legacy rights macros that are now macros. If the 'deleteright' option in imapd.conf is set to the default of 'c', the c='kx' and d='et'. By explicitly granting 'd' above, you're implicitly granting 'x'. -- Kenneth Murchison Systems Programmer Project Cyrus Developer/Maintainer Carnegie Mellon University From ian.batten at uk.fujitsu.com Wed Oct 8 08:25:24 2008 From: ian.batten at uk.fujitsu.com (Ian G Batten) Date: Wed, 8 Oct 2008 13:25:24 +0100 Subject: Cyrus 2.3.13 RC2 In-Reply-To: <1223461189.4822.1278157073@webmail.messagingengine.com> References: <48EA2FBE.2000009@andrew.cmu.edu> <20081008043606.GA25036@brong.net> <89AB2FFA-9C15-4DB5-8E68-8FDAC9CDD284@uk.fujitsu.com> <1223461189.4822.1278157073@webmail.messagingengine.com> Message-ID: <731A6FB1-C8D2-4B5C-845F-AF80E9EC4982@uk.fujitsu.com> On 08 Oct 08, at 1119, Bron Gondwana wrote: > > On Wed, 8 Oct 2008 09:24:49 +0100, "Ian G Batten" > said: >> What's the testing status of the SQL backend for cyrusdb? I'll >> switch batten.eu.org over to it, but that only has a dozen or so >> users; ftel.co.uk's 1000+ users might be a little tenser. I'm keen >> to >> switch as the ability to replicate cyrusdb as well as replicating the >> entire mailsystem is attractive. > > You are aware that cyrus replication replicates DB records for all the > important things as well, aren't you? Yes, of course. It's just that having, many years ago, experienced the loss of a cyrusdb, being able to keep up-to-date copies of it which I can use without the nuclear option of failing over to my off- site replica is a good thing. So I will shortly have my whole Cyrus instance (~60K mailboxes, ~1000 users, ~4TB of mail) replicated via GigE to a remote site. But if my local instance went south just because Cyrus DB had gone, being able to simply switch cyrusdb to a MySQL/PostgresQL replica while keeping mail service on the master is preferable to doing a full off-site failover. ian From murch at andrew.cmu.edu Wed Oct 8 08:28:09 2008 From: murch at andrew.cmu.edu (Ken Murchison) Date: Wed, 08 Oct 2008 08:28:09 -0400 Subject: Cyrus 2.3.13 RC2 In-Reply-To: <731A6FB1-C8D2-4B5C-845F-AF80E9EC4982@uk.fujitsu.com> References: <48EA2FBE.2000009@andrew.cmu.edu> <20081008043606.GA25036@brong.net> <89AB2FFA-9C15-4DB5-8E68-8FDAC9CDD284@uk.fujitsu.com> <1223461189.4822.1278157073@webmail.messagingengine.com> <731A6FB1-C8D2-4B5C-845F-AF80E9EC4982@uk.fujitsu.com> Message-ID: <48ECA759.7030009@andrew.cmu.edu> Ian G Batten wrote: > > On 08 Oct 08, at 1119, Bron Gondwana wrote: > >> >> On Wed, 8 Oct 2008 09:24:49 +0100, "Ian G Batten" >> said: >>> What's the testing status of the SQL backend for cyrusdb? I'll >>> switch batten.eu.org over to it, but that only has a dozen or so >>> users; ftel.co.uk's 1000+ users might be a little tenser. I'm keen to >>> switch as the ability to replicate cyrusdb as well as replicating the >>> entire mailsystem is attractive. >> >> You are aware that cyrus replication replicates DB records for all the >> important things as well, aren't you? > > Yes, of course. It's just that having, many years ago, experienced the > loss of a cyrusdb, being able to keep up-to-date copies of it which I > can use without the nuclear option of failing over to my off-site > replica is a good thing. So I will shortly have my whole Cyrus instance > (~60K mailboxes, ~1000 users, ~4TB of mail) replicated via GigE to a > remote site. But if my local instance went south just because Cyrus DB > had gone, being able to simply switch cyrusdb to a MySQL/PostgresQL > replica while keeping mail service on the master is preferable to doing > a full off-site failover. We were only looking at SQL to replace BDB (deliver.db, tls_sessions.db), because we still think that skiplist is superior from mailboxes.db and seen.db. If you do some heavy testing with the BDB code we'd be interested in your results. -- Kenneth Murchison Systems Programmer Project Cyrus Developer/Maintainer Carnegie Mellon University From ian.batten at uk.fujitsu.com Wed Oct 8 08:45:33 2008 From: ian.batten at uk.fujitsu.com (Ian G Batten) Date: Wed, 8 Oct 2008 13:45:33 +0100 Subject: Cyrus 2.3.13 RC2 In-Reply-To: <48ECA759.7030009@andrew.cmu.edu> References: <48EA2FBE.2000009@andrew.cmu.edu> <20081008043606.GA25036@brong.net> <89AB2FFA-9C15-4DB5-8E68-8FDAC9CDD284@uk.fujitsu.com> <1223461189.4822.1278157073@webmail.messagingengine.com> <731A6FB1-C8D2-4B5C-845F-AF80E9EC4982@uk.fujitsu.com> <48ECA759.7030009@andrew.cmu.edu> Message-ID: <02E5FA93-1523-4D85-8F0B-EB9473C8FCC6@uk.fujitsu.com> > > We were only looking at SQL to replace BDB (deliver.db, > tls_sessions.db), because we still think that skiplist is superior > from mailboxes.db and seen.db. If you do some heavy testing with > the BDB code we'd be interested in your results. OK, that's interesting. I'll get 2.3.13 onto batten.eu.org and try some testing. The whole instance is under ZFS so I can roll back if necessary. ian From murch at andrew.cmu.edu Thu Oct 9 10:57:33 2008 From: murch at andrew.cmu.edu (Ken Murchison) Date: Thu, 09 Oct 2008 10:57:33 -0400 Subject: Cyrus 2.3.13 RC3 Message-ID: <48EE1BDD.8010504@andrew.cmu.edu> I just put together a third and hopefully FINAL release candidate for Cyrus 2.3.13. I'd appreciate any independent testing before I release this to the masses. http://www.contrib.andrew.cmu.edu/~murch/cyrus-imapd-2.3.13rc3.tar.gz http://www.contrib.andrew.cmu.edu/~murch/cyrus-imapd-2.3.13rc3.tar.gz.sig Noteworthy changes: * Added an experimental "sql" backend for cyrusdb. Currently MySQL, PostgreSQL, and SQLite are supported. * Added support for IMAP [CAPABILITY] response code to client-side of Murder proxies. * Added support for ManageSieve auto-capability response after STARTTLS and after AUTH with a SASL security layer. * Made MAXWORD and MAXQUOTED sizes configurable via imapd.conf * Rewrote cyrusdb_quotalegacy.c to use readir() rather than glob.c. This avoids a potential crash due to conflicts between glibc and Heimdal implementations of glob(). * Added support for fulldirhash to 'ctl_mboxlist -v' * Several skiplist transaction bugfixes. * cyr_expire no longer has a default of 0 (zero) for -X and -D. These options must be used explicitly in order to have the desired effect. * Added sieve_utf8fileinto option. * Added sieve_sasl_send_unsolicited_capability and sieve_sasl_expect_unsolicited_capability options. * Several 32/64-bit compatibility fixes. Check doc/changes.html and doc/install-upgrade.html for a complete list of changes. If there are any outstanding critical issues that you believe still need to be addressed in 2.3.13, please let me know. This code has been in feature freeze for a while, so no new requests please. -- Kenneth Murchison Systems Programmer Project Cyrus Developer/Maintainer Carnegie Mellon University From brong at fastmail.fm Thu Oct 9 20:28:23 2008 From: brong at fastmail.fm (Bron Gondwana) Date: Fri, 10 Oct 2008 11:28:23 +1100 Subject: Cyrus 2.3.13 RC3 In-Reply-To: <48EE1BDD.8010504@andrew.cmu.edu> References: <48EE1BDD.8010504@andrew.cmu.edu> Message-ID: <20081010002823.GA8870@brong.net> On Thu, Oct 09, 2008 at 10:57:33AM -0400, Ken Murchison wrote: > I just put together a third and hopefully FINAL release candidate for > Cyrus 2.3.13. I'd appreciate any independent testing before I release > this to the masses. Looks good. The syslog deleted change broke the fastrename patch, so I had to re-build it, but otherwise applied fine and is working fine on our testbed. Bron. From antalarico at gmail.com Fri Oct 10 07:01:39 2008 From: antalarico at gmail.com (Antonio Talarico) Date: Fri, 10 Oct 2008 13:01:39 +0200 Subject: Sieve Authentication Message-ID: Hi Which file contains the configuration for users who can authenticate. How can enable a user to log in and add script. Thank you -- Antonio Talarico From ian.batten at uk.fujitsu.com Fri Oct 10 08:12:44 2008 From: ian.batten at uk.fujitsu.com (Ian G Batten) Date: Fri, 10 Oct 2008 13:12:44 +0100 Subject: Cyrus 2.3.13 RC3 In-Reply-To: <20081010002823.GA8870@brong.net> References: <48EE1BDD.8010504@andrew.cmu.edu> <20081010002823.GA8870@brong.net> Message-ID: <96AC1F6B-CBDA-4E2B-85E4-F79A90E2348D@uk.fujitsu.com> On 10 Oct 08, at 0128, Bron Gondwana wrote: > On Thu, Oct 09, 2008 at 10:57:33AM -0400, Ken Murchison wrote: >> I just put together a third and hopefully FINAL release candidate for >> Cyrus 2.3.13. I'd appreciate any independent testing before I >> release >> this to the masses. > > Looks good. The syslog deleted change broke the fastrename patch, > so I > had to re-build it, but otherwise applied fine and is working fine on > our testbed. It's running fine on my test system (Solaris 10 on x86) with SQL backends as previously discussed. ian From dwhite at olp.net Fri Oct 10 09:36:36 2008 From: dwhite at olp.net (Dan White) Date: Fri, 10 Oct 2008 08:36:36 -0500 Subject: Sieve Authentication In-Reply-To: References: Message-ID: <48EF5A64.7000401@olp.net> Antonio Talarico wrote: > Hi > Which file contains the configuration for users who can authenticate. > How can enable a user to log in and add script. > Thank you > > Antonio, Authentication is handled by the Cyrus SASL library as configured in your imapd.conf (the lines beginning with sasl_). Documentation can be found in the man page for imapd.conf, /doc/install-auth.html located within the cyrus-imapd source, and the /doc/ subdirectory located within the cyrus-sasl source. - Dan From jra at febo.com Fri Oct 10 14:18:41 2008 From: jra at febo.com (John Ackermann N8UR) Date: Fri, 10 Oct 2008 14:18:41 -0400 Subject: Jumping a bunch of Cyrus imap versions, and moving to a new machine... Message-ID: <48EF9C81.4050000@febo.com> 1.5.19 to 2.2.13, to be exact. I have a small mail system (about half a dozen users, and 3GB of mail store) that I am migrating from an old Debian box to a new one. Obviously, this is a pretty major version leap. Any suggestions about the simplest way to get this move/upgrade accomplished? It's not a big deal if we have to shut down mail services for a few hours to do database updating or whatever might be required. Thanks, John From ktm at rice.edu Fri Oct 10 14:28:31 2008 From: ktm at rice.edu (Kenneth Marshall) Date: Fri, 10 Oct 2008 13:28:31 -0500 Subject: Jumping a bunch of Cyrus imap versions, and moving to a new machine... In-Reply-To: <48EF9C81.4050000@febo.com> References: <48EF9C81.4050000@febo.com> Message-ID: <20081010182831.GW547@it.is.rice.edu> On Fri, Oct 10, 2008 at 02:18:41PM -0400, John Ackermann N8UR wrote: > 1.5.19 to 2.2.13, to be exact. > > I have a small mail system (about half a dozen users, and 3GB of mail > store) that I am migrating from an old Debian box to a new one. > > Obviously, this is a pretty major version leap. Any suggestions about > the simplest way to get this move/upgrade accomplished? It's not a big > deal if we have to shut down mail services for a few hours to do > database updating or whatever might be required. > > Thanks, > > John I am curious why you are moving to version 2.2.x when version 2.3.x has been out for quite a while? Cheers, Ken From jra at febo.com Fri Oct 10 14:35:27 2008 From: jra at febo.com (John Ackermann N8UR) Date: Fri, 10 Oct 2008 14:35:27 -0400 Subject: Jumping a bunch of Cyrus imap versions, and moving to a new machine... In-Reply-To: <20081010182831.GW547@it.is.rice.edu> References: <48EF9C81.4050000@febo.com> <20081010182831.GW547@it.is.rice.edu> Message-ID: <48EFA06F.7050805@febo.com> Kenneth Marshall wrote: > I am curious why you are moving to version 2.2.x when version 2.3.x > has been out for quite a while? It's the version provided in Debian Etch, and I'd prefer to stay with a stock Debian installation (unless there's a very good reason to do otherwise). Thanks, John From dwhite at olp.net Fri Oct 10 18:03:24 2008 From: dwhite at olp.net (Dan White) Date: Fri, 10 Oct 2008 17:03:24 -0500 Subject: Jumping a bunch of Cyrus imap versions, and moving to a new machine... In-Reply-To: <48EF9C81.4050000@febo.com> References: <48EF9C81.4050000@febo.com> Message-ID: <48EFD12C.3090409@olp.net> John Ackermann N8UR wrote: > 1.5.19 to 2.2.13, to be exact. > > I have a small mail system (about half a dozen users, and 3GB of mail > store) that I am migrating from an old Debian box to a new one. > > Obviously, this is a pretty major version leap. Any suggestions about > the simplest way to get this move/upgrade accomplished? It's not a big > deal if we have to shut down mail services for a few hours to do > database updating or whatever might be required. > John, /doc/install-upgrade.html (within the latest cyrus-imapd source) has some advice for upgrading. Debian specific documentation can be found in /usr/share/doc/cyrus-imapd-2.2/ - Dan From jra at febo.com Fri Oct 10 18:48:58 2008 From: jra at febo.com (John Ackermann N8UR) Date: Fri, 10 Oct 2008 18:48:58 -0400 Subject: Jumping a bunch of Cyrus imap versions, and moving to a new machine... In-Reply-To: <48EFD12C.3090409@olp.net> References: <48EF9C81.4050000@febo.com> <48EFD12C.3090409@olp.net> Message-ID: <48EFDBDA.6030200@febo.com> Dan White said the following on 10/10/2008 06:03 PM: > John Ackermann N8UR wrote: >> 1.5.19 to 2.2.13, to be exact. > John, > > /doc/install-upgrade.html (within the latest cyrus-imapd source) has > some advice for upgrading. > > Debian specific documentation can be found in > /usr/share/doc/cyrus-imapd-2.2/ Thanks, Dan. I've reviewed that and became a little confused because there are so many intermediate versions between starting and ending points; it wasn't clear what the steps would be to make the move in one leap. John From bally.zijn at gmail.com Sat Oct 11 01:29:56 2008 From: bally.zijn at gmail.com (brian ally) Date: Sat, 11 Oct 2008 01:29:56 -0400 Subject: troubles with cyradm Message-ID: Fedora 8 # rpm -qa | grep cyrus cyrus-sasl-lib-2.1.22-8.fc8 cyrus-sasl-plain-2.1.22-8.fc8 cyrus-imapd-utils-2.3.11-1.fc8 cyrus-sasl-devel-2.1.22-8.fc8 cyrus-sasl-2.1.22-8.fc8 cyrus-sasl-md5-2.1.22-8.fc8 cyrus-imapd-perl-2.3.11-1.fc8 cyrus-imapd-2.3.11-1.fc8 # cat /etc/imapd.conf configdirectory: /var/lib/imap partition-default: /var/spool/imap admins: cyrus sievedir: /var/lib/imap/sieve sendmail: /usr/sbin/sendmail hashimapspool: true sasl_pwcheck_method: auxprop sasl_auxprop_plugin: sasldb2 sasldb_path: /etc/sasldb2 sasl_mech_list: PLAIN LOGIN DIGEST-MD5 CRAM-MD5 tls_cert_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem tls_key_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem tls_ca_file: /etc/pki/tls/certs/ca-bundle.crt # cat /usr/lib/sasl2/smtpd.conf pwcheck_method: auxprop mech_list: PLAIN LOGIN DIGEST-MD5 CRAM-MD5 I'm going around in circles here trying to figure out how to authenticate with cyradm. I'd like to use sasldb and so have created an entry there for the cyrus user. And I've disabled saslauthd. Whatever I've tried so far has failed. And, frankly, I'm very confused about how this is supposed to work. For instance, some info I've found online tells me to create an entry in /etc/paswd for the cyrus user, while other sources don't mention that. So, for the following, PASS1 is what i have in /etc/passwd and PASS2 was given to saslpasswd2 -c cyrus -- snip -- # cyradm --user=cyrus --server=localhost --auth=plain verify error:num=18:self signed certificate Password: PASS1 IMAP Password: PASS2 Login failed: authentication failure at /usr/lib/perl5/vendor_perl/5.8.8/i386-linux-thread-multi/Cyrus/IMAP/Admin.pm line 119 cyradm: cannot authenticate to server with plain as cyrus -- snip -- /var/log/messages says: perl: No worthy mechs found >From what I understand google is telling me, the "verify error" line can be ignored for now. If not, stop me now. I try LOGIN: -- snip -- # cyradm --user=cyrus --server=localhost --auth=login verify error:num=18:self signed certificate IMAP Password: PASS2 Login failed: authentication failure at /usr/lib/perl5/vendor_perl/5.8.8/i386-linux-thread-multi/Cyrus/IMAP/Admin.pm line 119 cyradm: cannot authenticate to server with login as cyrus -- snip -- This time, there's no entry in /var/log/messages I came across this while searching and thought I'd give it a try: cyradm --user=cyrus --tls localhost cyradm> This time, no password prompt (contrary to the example I saw) and I appear to be in. However, if I try any commands it complains that there's no connection: cyradm> cm user.USER at MYDOMAIN createmailbox: no connection to server Long story short: how the heck should I be connecting to cyradm if I'm using sasldb2? What's this, "No worthy mechs " about? Is there yet another config file to adjust? Sorry for the long post. I've scrolled through so many things online but most of the examples are just a little bit different from my setup (eg. LDAP, MySQL, etc.) and so wanted to try to spell it out as clearly as possible. Of course, if I've left out any crucial information ... -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20081011/5cc886ad/attachment.html From craigwhite at azapple.com Sat Oct 11 01:45:46 2008 From: craigwhite at azapple.com (Craig White) Date: Fri, 10 Oct 2008 22:45:46 -0700 Subject: troubles with cyradm In-Reply-To: References: Message-ID: <1223703946.7556.409.camel@lin-workstation.azapple.com> On Sat, 2008-10-11 at 01:29 -0400, brian ally wrote: > Fedora 8 > # rpm -qa | grep cyrus > cyrus-sasl-lib-2.1.22-8.fc8 > cyrus-sasl-plain-2.1.22-8.fc8 > cyrus-imapd-utils-2.3.11-1.fc8 > cyrus-sasl-devel-2.1.22-8.fc8 > cyrus-sasl-2.1.22-8.fc8 > cyrus-sasl-md5-2.1.22-8.fc8 > cyrus-imapd-perl-2.3.11-1.fc8 > cyrus-imapd-2.3.11-1.fc8 > > # cat /etc/imapd.conf > configdirectory: /var/lib/imap > partition-default: /var/spool/imap > admins: cyrus > sievedir: /var/lib/imap/sieve > sendmail: /usr/sbin/sendmail > hashimapspool: true > sasl_pwcheck_method: auxprop > sasl_auxprop_plugin: sasldb2 > sasldb_path: /etc/sasldb2 > sasl_mech_list: PLAIN LOGIN DIGEST-MD5 CRAM-MD5 > tls_cert_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem > tls_key_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem > tls_ca_file: /etc/pki/tls/certs/ca-bundle.crt > > # cat /usr/lib/sasl2/smtpd.conf > pwcheck_method: auxprop > mech_list: PLAIN LOGIN DIGEST-MD5 CRAM-MD5 > > I'm going around in circles here trying to figure out how to > authenticate with cyradm. I'd like to use sasldb and so have created > an entry there for the cyrus user. And I've disabled saslauthd. > Whatever I've tried so far has failed. And, frankly, I'm very confused > about how this is supposed to work. For instance, some info I've found > online tells me to create an entry in /etc/paswd for the cyrus user, > while other sources don't mention that. > > So, for the following, PASS1 is what i have in /etc/passwd and PASS2 > was given to saslpasswd2 -c cyrus > > -- snip -- > # cyradm --user=cyrus --server=localhost --auth=plain > verify error:num=18:self signed certificate > Password: PASS1 > IMAP Password: PASS2 > Login failed: authentication failure > at /usr/lib/perl5/vendor_perl/5.8.8/i386-linux-thread-multi/Cyrus/IMAP/Admin.pm line 119 > cyradm: cannot authenticate to server with plain as cyrus > -- snip -- > > /var/log/messages says: > perl: No worthy mechs found > > From what I understand google is telling me, the "verify error" line > can be ignored for now. If not, stop me now. > > I try LOGIN: > > -- snip -- > # cyradm --user=cyrus --server=localhost --auth=login > verify error:num=18:self signed certificate > IMAP Password: PASS2 > Login failed: authentication failure > at /usr/lib/perl5/vendor_perl/5.8.8/i386-linux-thread-multi/Cyrus/IMAP/Admin.pm line 119 > cyradm: cannot authenticate to server with login as cyrus > -- snip -- > > This time, there's no entry in /var/log/messages > > I came across this while searching and thought I'd give it a try: > > cyradm --user=cyrus --tls localhost > cyradm> > > This time, no password prompt (contrary to the example I saw) and I > appear to be in. However, if I try any commands it complains that > there's no connection: > > cyradm> cm user.USER at MYDOMAIN > createmailbox: no connection to server > > Long story short: how the heck should I be connecting to cyradm if I'm > using sasldb2? What's this, "No worthy mechs " about? Is there yet > another config file to adjust? > > Sorry for the long post. I've scrolled through so many things online > but most of the examples are just a little bit different from my setup > (eg. LDAP, MySQL, etc.) and so wanted to try to spell it out as > clearly as possible. > > Of course, if I've left out any crucial information ... ---- start slowly... /etc/imapd.conf sasl_mech_list: PLAIN and are you sure you want to use sasldb? If so, you would have to add each user/password (including cyrus) to that db. also, what's in /etc/sysconfig/saslauthd and is saslauthd service running? Craig From gbulfon at sonicle.com Mon Oct 13 10:22:01 2008 From: gbulfon at sonicle.com (Gabriele Bulfon) Date: Mon, 13 Oct 2008 16:22:01 +0200 (CEST) Subject: user groups Message-ID: <18049724.71.1223907721765.JavaMail.root@www> Hello, don't know if this is a stupid question or if it's something I can achieve with Virtual Domains on Cyrus. I'd like to know if there is a simple solution to my standard installation of Cyrus. Using ACLs I can have IMAP users see a "user" folder containing shared mailboxes. Now, I have to create a new group of users that pertains to a specific group. I'd like to be able to share their mailboxes to other users, having them aggregated into a different folder than "user", so that other users may easily see normal users under "user" and these special users under another name. Is it possible? Thanx for any help, Gabriele Bulfon. Gabriele Bulfon - Sonicle S.r.l. Tel +39 028246016 Int. 30 - Fax +39 028243880 Via Felice Cavallotti 16 - 20089, Rozzano - Milano - ITALY http://www.sonicle.com -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20081013/68ac9e67/attachment.html From nic at onlight.com Mon Oct 13 12:44:01 2008 From: nic at onlight.com (Nic Bernstein) Date: Mon, 13 Oct 2008 11:44:01 -0500 Subject: Problems with frontend to backend authentication in murder 2.3.12 In-Reply-To: <69240BC1-A146-43D4-B6D6-27996A7285F3@umich.edu> References: <48E22A25.5000009@onlight.com> <2082957295827421c89d501f661ea703.squirrel@webmail.bi.corp.invoca.ch> <69240BC1-A146-43D4-B6D6-27996A7285F3@umich.edu> Message-ID: <48F37AD1.7030607@onlight.com> Wesley Craig wrote: > On 03 Oct 2008, at 04:31, Simon Matter wrote: >> Any update on this issue? I'm wondering whether the patch will go into >> 2.3.13? > > Nic and I are still talking. This patch will likely be applied after > 2.3.13 is released. We've already made "last call" for 2.3.13. I did > find a bug in the version Nic tried, so if you're messing with it, you > should get it again. > > :wes I wanted to follow up to the list on this issue so that others may learn from my experience. The issue here was one of poor documentation and confusing examples rather than a software bug. The configuration in question involves numerous hosts on a geographically diverse WAN with similar systems in multiple locations. Frontends in these locations are named imap.xx.example.com and backends are called mailbox.xx.example.com, where xx is a two letter state or country code. For purposes of configuring cyrus imapd to use the correct mechanisms and passwords with these numerous systems the hostname_mechs and hostname_password configuration elements were used. The documentation (man page) for imapd.conf states: hostname_password: The password to use for authentication to the backend server host- name (where hostname is the short hostname of the server) - Cyrus Murder Short hostname is a somewhat ambiguous term. There are many examples floating around on the web, in mailing lists, etc. in which people define the hostname_password and hostname_mechs settings for multipart hostnames, such as imap.wi, by using an underscore (_) character, like so: imap_wi, since everything to the right of a period (.) in these settings would otherwise be discarded by the parser. My error was that I trusted these examples, and followed them in my configurations. Thus I had mailbox_wi_password and mailbox_wi_mechs settings, which were simply ignored by the software, as it ignored everything after the the first dot when looking for passwords, and not finding an entry for, say mailbox_password, it failed the authentication. So, since my hostnames are not unique in their "short hostname" (I will have eight systems named "mailbox" and eight named "imap" by this definition) I am not allowed to define unique passwords or mechanisms. I have fallen back to using common passwords for all hosts and the "proxy_password" setting. I must confess that I see this as a somewhat capricious limitation of the software, frustrated by the vague documentation and lack of debugging information. In this case the error logged was "no worthy mechanisms" which led to a wild goose chase for a mechanism problem when in fact the problem was that no password was being defined. I hope that the software is changed to allow for FQDNs to be defined for these host specific configuration variables. The limitation of only allowing "short hostnames" seems baseless. I also hope that the wiki is enhanced with more specific examples of murder configurations which show how these various settings interact. It is frustrating to waste so much time on configuration issues like this simply because of the dearth of good clear examples, and the proliferation of bad examples on the web. For example, a search for murder configurations on Google will turn up many examples with "mupdate_admins" when this is not actually a configuration setting used by cyrus imapd. When the only examples around are erroneous, errors will proliferate. I will be glad to offer up some concrete working examples with explanations once my own implementation is complete, and would be glad to contribute them to the wiki. Is there any consensus as to where such documentation should go on the wiki? Much thanks are due to Wesley Craig for his patience and assistance in tracking down the answer to this problem. Thanks again, Wes. Cheers, -nic -- Nic Bernstein nic at onlight.com Onlight llc. www.onlight.com 2266 North Prospect Avenue #610 v. 414.272.4477 Milwaukee, Wisconsin 53202-6306 f. 414.290.0335 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20081013/66d863a2/attachment.html From jvoorhees1 at gmail.com Mon Oct 13 13:58:48 2008 From: jvoorhees1 at gmail.com (Jason Voorhees) Date: Mon, 13 Oct 2008 12:58:48 -0500 Subject: IMAP account used for multiple users Message-ID: <48F38C58.10907@gmail.com> Hi all: A simple question: Is there any kind of problem if a unique IMAP account is used by more than one client at the same time? I'm thinking to give access to all my users (up to 90 users) trough MS Outlook to a unique IMAP account. I don't plan to use suscribed folders instead for simplicity reasons. Thanks, bytes! From selsky at columbia.edu Mon Oct 13 14:23:03 2008 From: selsky at columbia.edu (Matt Selsky) Date: Mon, 13 Oct 2008 14:23:03 -0400 Subject: Problems with frontend to backend authentication in murder 2.3.12 In-Reply-To: <48F37AD1.7030607@onlight.com> References: <48E22A25.5000009@onlight.com> <2082957295827421c89d501f661ea703.squirrel@webmail.bi.corp.invoca.ch> <69240BC1-A146-43D4-B6D6-27996A7285F3@umich.edu> <48F37AD1.7030607@onlight.com> Message-ID: <135872AC-4A7F-4717-93C7-94A0D351916F@columbia.edu> On Oct 13, 2008, at 12:44 PM, Nic Bernstein wrote: > Wesley Craig wrote: >> >> On 03 Oct 2008, at 04:31, Simon Matter wrote: >>> Any update on this issue? I'm wondering whether the patch will go >>> into >>> 2.3.13? >> >> Nic and I are still talking. This patch will likely be applied >> after 2.3.13 is released. We've already made "last call" for >> 2.3.13. I did find a bug in the version Nic tried, so if you're >> messing with it, you should get it again. >> >> :wes > I wanted to follow up to the list on this issue so that others may > learn from my experience. The issue here was one of poor > documentation and confusing examples rather than a software bug. > > The configuration in question involves numerous hosts on a > geographically diverse WAN with similar systems in multiple > locations. Frontends in these locations are named > imap.xx.example.com and backends are called mailbox.xx.example.com, > where xx is a two letter state or country code. For purposes of > configuring cyrus imapd to use the correct mechanisms and passwords > with these numerous systems the hostname_mechs and hostname_password > configuration elements were used. > > The documentation (man page) for imapd.conf states: > hostname_password: > The password to use for authentication to the backend > server host- > name (where hostname is the short hostname of the > server) - Cyrus > Murder > Short hostname is a somewhat ambiguous term. There are many > examples floating around on the web, in mailing lists, etc. in which > people define the hostname_password and hostname_mechs settings for > multipart hostnames, such as imap.wi, by using an underscore (_) > character, like so: imap_wi, since everything to the right of a > period (.) in these settings would otherwise be discarded by the > parser. > > My error was that I trusted these examples, and followed them in my > configurations. Thus I had mailbox_wi_password and mailbox_wi_mechs > settings, which were simply ignored by the software, as it ignored > everything after the the first dot when looking for passwords, and > not finding an entry for, say mailbox_password, it failed the > authentication. > > So, since my hostnames are not unique in their "short hostname" (I > will have eight systems named "mailbox" and eight named "imap" by > this definition) I am not allowed to define unique passwords or > mechanisms. I have fallen back to using common passwords for all > hosts and the "proxy_password" setting. > > I must confess that I see this as a somewhat capricious limitation > of the software, frustrated by the vague documentation and lack of > debugging information. In this case the error logged was "no worthy > mechanisms" which led to a wild goose chase for a mechanism problem > when in fact the problem was that no password was being defined. > > I hope that the software is changed to allow for FQDNs to be defined > for these host specific configuration variables. The limitation of > only allowing "short hostnames" seems baseless. I also hope that > the wiki is enhanced with more specific examples of murder > configurations which show how these various settings interact. It > is frustrating to waste so much time on configuration issues like > this simply because of the dearth of good clear examples, and the > proliferation of bad examples on the web. > > For example, a search for murder configurations on Google will turn > up many examples with "mupdate_admins" when this is not actually a > configuration setting used by cyrus imapd. When the only examples > around are erroneous, errors will proliferate. > > I will be glad to offer up some concrete working examples with > explanations once my own implementation is complete, and would be > glad to contribute them to the wiki. Is there any consensus as to > where such documentation should go on the wiki? > > Much thanks are due to Wesley Craig for his patience and assistance > in tracking down the answer to this problem. > > Thanks again, Wes. Nic, glad to hear you have things working. Can you open bugs in bugzilla for the places where the documentation is confusing, so we can track these properly? -- Matt From brennan at columbia.edu Mon Oct 13 14:26:10 2008 From: brennan at columbia.edu (Joseph Brennan) Date: Mon, 13 Oct 2008 14:26:10 -0400 Subject: IMAP account used for multiple users In-Reply-To: <48F38C58.10907@gmail.com> References: <48F38C58.10907@gmail.com> Message-ID: --On Monday, October 13, 2008 12:58 -0500 Jason Voorhees wrote: > Hi all: > > A simple question: > Is there any kind of problem if a unique IMAP account is used by more > than one client at the same time? > I'm thinking to give access to all my users (up to 90 users) trough MS > Outlook to a unique IMAP account. > I hope you mean that they would each log in with their own account, and share the same folder. That should work. If not, various problems might arise. Off the top of my head: -- Anybody could delete and expunge, or, nobody can. -- They can't keep track of what messages each person has seen. -- Somebody might POP the mailbox and remove everything. Joseph Brennan Columbia University Information Technology From list at joreybump.com Mon Oct 13 14:46:11 2008 From: list at joreybump.com (Jorey Bump) Date: Mon, 13 Oct 2008 14:46:11 -0400 Subject: IMAP account used for multiple users In-Reply-To: <48F38C58.10907@gmail.com> References: <48F38C58.10907@gmail.com> Message-ID: <48F39773.50006@joreybump.com> Jason Voorhees wrote, at 10/13/2008 01:58 PM: > A simple question: > Is there any kind of problem if a unique IMAP account is used by more > than one client at the same time? It can be done... > I'm thinking to give access to all my users (up to 90 users) trough MS > Outlook to a unique IMAP account. ...but not with Outlook. I should be fair, and state that any special features of any client can cause problems, along with the issues that simply come from everyone playing in the same sandbox. For example, all it takes is one user to set aggressive (or use poorly trained) junk filtering to wreak a bit of havoc for everyone. Nonetheless, Cyrus does allow concurrent read/write access, which is handy for users that access webmail while leaving desktop clients running. The extra burden with Outlook comes from its monolothic approach that allows email to trigger a variety of events. When I evaluated sharing an account with Outlook 2007, it didn't seem wise due to the ease with which another user can affect your todo list, calendar, and god knows what else. Outlook is really a personal organizer, and should be kept personal, IMHO. > I don't plan to use suscribed folders instead for simplicity reasons. A broadcast alias or mailing list is often better. Or go with a full-blown issue tracker, if that's what you're really trying to do. From nic at onlight.com Mon Oct 13 15:28:49 2008 From: nic at onlight.com (Nic Bernstein) Date: Mon, 13 Oct 2008 14:28:49 -0500 Subject: Problems with frontend to backend authentication in murder 2.3.12 In-Reply-To: <135872AC-4A7F-4717-93C7-94A0D351916F@columbia.edu> References: <48E22A25.5000009@onlight.com> <2082957295827421c89d501f661ea703.squirrel@webmail.bi.corp.invoca.ch> <69240BC1-A146-43D4-B6D6-27996A7285F3@umich.edu> <48F37AD1.7030607@onlight.com> <135872AC-4A7F-4717-93C7-94A0D351916F@columbia.edu> Message-ID: <48F3A171.5090706@onlight.com> Matt Selsky wrote: > > On Oct 13, 2008, at 12:44 PM, Nic Bernstein wrote: > >> Wesley Craig wrote: >>> >>> On 03 Oct 2008, at 04:31, Simon Matter wrote: >>>> Any update on this issue? I'm wondering whether the patch will go into >>>> 2.3.13? >>> >>> Nic and I are still talking. This patch will likely be applied >>> after 2.3.13 is released. We've already made "last call" for >>> 2.3.13. I did find a bug in the version Nic tried, so if you're >>> messing with it, you should get it again. >>> >>> :wes >> I wanted to follow up to the list on this issue so that others may >> learn from my experience. The issue here was one of poor >> documentation and confusing examples rather than a software bug. >> >> The configuration in question involves numerous hosts on a >> geographically diverse WAN with similar systems in multiple >> locations. Frontends in these locations are named >> imap.xx.example.com and backends are called mailbox.xx.example.com, >> where xx is a two letter state or country code. For purposes of >> configuring cyrus imapd to use the correct mechanisms and passwords >> with these numerous systems the hostname_mechs and hostname_password >> configuration elements were used. >> >> The documentation (man page) for imapd.conf states: >> hostname_password: >> The password to use for authentication to the backend >> server host- >> name (where hostname is the short hostname of the server) >> - Cyrus >> Murder >> Short hostname is a somewhat ambiguous term. There are many examples >> floating around on the web, in mailing lists, etc. in which people >> define the hostname_password and hostname_mechs settings for >> multipart hostnames, such as imap.wi, by using an underscore (_) >> character, like so: imap_wi, since everything to the right of a >> period (.) in these settings would otherwise be discarded by the parser. >> >> My error was that I trusted these examples, and followed them in my >> configurations. Thus I had mailbox_wi_password and mailbox_wi_mechs >> settings, which were simply ignored by the software, as it ignored >> everything after the the first dot when looking for passwords, and >> not finding an entry for, say mailbox_password, it failed the >> authentication. >> >> So, since my hostnames are not unique in their "short hostname" (I >> will have eight systems named "mailbox" and eight named "imap" by >> this definition) I am not allowed to define unique passwords or >> mechanisms. I have fallen back to using common passwords for all >> hosts and the "proxy_password" setting. >> >> I must confess that I see this as a somewhat capricious limitation of >> the software, frustrated by the vague documentation and lack of >> debugging information. In this case the error logged was "no worthy >> mechanisms" which led to a wild goose chase for a mechanism problem >> when in fact the problem was that no password was being defined. >> >> I hope that the software is changed to allow for FQDNs to be defined >> for these host specific configuration variables. The limitation of >> only allowing "short hostnames" seems baseless. I also hope that the >> wiki is enhanced with more specific examples of murder configurations >> which show how these various settings interact. It is frustrating to >> waste so much time on configuration issues like this simply because >> of the dearth of good clear examples, and the proliferation of bad >> examples on the web. >> >> For example, a search for murder configurations on Google will turn >> up many examples with "mupdate_admins" when this is not actually a >> configuration setting used by cyrus imapd. When the only examples >> around are erroneous, errors will proliferate. >> >> I will be glad to offer up some concrete working examples with >> explanations once my own implementation is complete, and would be >> glad to contribute them to the wiki. Is there any consensus as to >> where such documentation should go on the wiki? >> >> Much thanks are due to Wesley Craig for his patience and assistance >> in tracking down the answer to this problem. >> >> Thanks again, Wes. > > Nic, glad to hear you have things working. > > Can you open bugs in bugzilla for the places where the documentation > is confusing, so we can track these properly? I have just done so. Thanks for the tip. -nic -- Nic Bernstein nic at onlight.com Onlight llc. www.onlight.com 2266 North Prospect Avenue #610 v. 414.272.4477 Milwaukee, Wisconsin 53202-6306 f. 414.290.0335 From rosenbaumlm at ornl.gov Mon Oct 13 15:45:49 2008 From: rosenbaumlm at ornl.gov (Larry Rosenbaum) Date: Mon, 13 Oct 2008 15:45:49 -0400 Subject: Cyrus 2.3.13 RC3 In-Reply-To: <48EE1BDD.8010504@andrew.cmu.edu> References: <48EE1BDD.8010504@andrew.cmu.edu> Message-ID: <004801c92d6c$4ad32800$e0797800$@gov> I can't get it to build. I get the following: gcc -c -I.. -I/usr/local/BerkeleyDB.4.2/include -I/usr/local/ssl/include -I../com_err/et -I/usr/local/include -DHAVE_CONFIG_H -g -O2 \ auth_krb5.c auth_krb5.c:60:18: krb5.h: No such file or directory auth_krb5.c: In function `mycanonifyid': auth_krb5.c:104: error: `krb5_context' undeclared (first use in this function) auth_krb5.c:104: error: (Each undeclared identifier is reported only once auth_krb5.c:104: error: for each function it appears in.) auth_krb5.c:104: error: syntax error before "context" auth_krb5.c:105: error: `krb5_principal' undeclared (first use in this function) auth_krb5.c:121: error: `context' undeclared (first use in this function) auth_krb5.c:124: error: `princ' undeclared (first use in this function) auth_krb5.c:139: error: `princ_dummy' undeclared (first use in this function) gmake[1]: *** [auth_krb5.o] Error 1 gmake[1]: Leaving directory `/usr/local/src/cyrus/cyrus-imapd-2.3.13rc3/lib' I'm not interested in using Kerberos. I tried --without-krb but got the same error. What do I need to change? I am on Solaris 9 SPARC. Here is the configure input and output: CC=gcc LDFLAGS="-L/usr/local/lib -R/usr/local/lib" \ ./configure \ --enable-idled \ --without-krb \ --with-cyrus-prefix=/usr/local/cyrus \ --with-dbdir=/usr/local/BerkeleyDB.4.2 \ --with-openssl=/usr/local/ssl \ --with-sasl=/usr/local checking build system type... sparc-sun-solaris2.9 checking host system type... sparc-sun-solaris2.9 checking for makedepend... makedepend checking for gcc... gcc checking for C compiler default output file name... a.out checking whether the C compiler works... yes checking whether we are cross compiling... no checking for suffix of executables... checking for suffix of object files... o checking whether we are using the GNU C compiler... yes checking whether gcc accepts -g... yes checking for gcc option to accept ISO C89... none needed checking for ranlib... ranlib checking whether make sets $(MAKE)... yes checking for a BSD-compatible install... ./install-sh -c checking how to run the C preprocessor... gcc -E checking for grep that handles long lines and -e... /usr/xpg4/bin/grep checking for egrep... /usr/xpg4/bin/grep -E checking for AIX... no checking for library containing strerror... none required checking for gawk... no checking for mawk... no checking for nawk... nawk checking for an ANSI C-conforming const... yes checking for long file names... yes checking for inline... inline checking for ANSI C header files... yes checking for sys/types.h... yes checking for sys/stat.h... yes checking for stdlib.h... yes checking for string.h... yes checking for memory.h... yes checking for strings.h... yes checking for inttypes.h... yes checking for stdint.h... no checking for unistd.h... yes checking for int... yes checking size of int... 4 checking for long... yes checking size of long... 4 checking for size_t... yes checking size of size_t... 4 checking for off_t... yes checking size of off_t... 4 checking for long long int... yes checking size of long long int... 8 checking for unsigned long long int... yes checking size of unsigned long long int... 8 checking whether byte ordering is bigendian... yes checking for __attribute__... yes checking if compiler supports -fPIC... yes checking for runpath switch... -R checking for unistd.h... (cached) yes checking sys/select.h usability... yes checking sys/select.h presence... yes checking for sys/select.h... yes checking sys/param.h usability... yes checking sys/param.h presence... yes checking for sys/param.h... yes checking stdarg.h usability... yes checking stdarg.h presence... yes checking for stdarg.h... yes checking for memmove... yes checking for strcasecmp... yes checking for ftruncate... yes checking for strerror... yes checking for strlcat... yes checking for strlcpy... yes checking for getgrouplist... no checking for dirent.h that defines DIR... yes checking for library containing opendir... none required checking for connect... no checking for gethostbyname in -lnsl... yes checking for connect in -lsocket... yes checking for res_search... no checking for dn_expand... yes checking for dns_lookup... no checking for getaddrinfo... yes checking for gai_strerror... yes checking for getnameinfo... yes checking whether you have ss_family in struct sockaddr_storage... yes checking whether you have sa_len in struct sockaddr... no checking sys/time.h usability... yes checking sys/time.h presence... yes checking for sys/time.h... yes checking whether time.h and sys/time.h may both be included... yes checking whether struct tm is in sys/time.h or time.h... time.h checking for struct tm.tm_zone... no checking whether tzname is declared... yes checking for tzname... yes checking for vprintf... yes checking for _doprnt... yes checking db.h usability... yes checking db.h presence... yes checking for db.h... yes checking for bison... no checking for byacc... no checking for flex... no checking for lex... lex checking lex output file root... lex.yy checking lex library... -ll checking whether yytext is a pointer... no checking for main in -lfl... no checking pcreposix.h usability... no checking pcreposix.h presence... no checking for pcreposix.h... no checking rxposix.h usability... no checking rxposix.h presence... no checking for rxposix.h... no checking for library containing regcomp... none required checking for strerror... (cached) yes checking sys/resource.h usability... yes checking sys/resource.h presence... yes checking for sys/resource.h... yes checking for setrlimit... yes checking for getrlimit... yes checking for daemon... yes checking for setsid... yes checking for shutdown... yes checking for setproctitle... no checking for setproctitle in -lutil... no checking sys/pstat.h usability... no checking sys/pstat.h presence... no checking for sys/pstat.h... no checking sys/sysnews.h usability... no checking sys/sysnews.h presence... no checking for sys/sysnews.h... no checking for PS_STRINGS... no checking for SCO... no checking for setproctitle usability... yes checking nonblocking method... fcntl checking timezone GMT offset method... gmtime checking for shared mmap... yes checking for fcntl... yes checking for fdatasync... no checking for fdatasync in -lrt... yes checking for sigvec... no checking for sigvec in -lBSD... no checking for sigvec in -lucb... yes checking for res_search in -lresolv... yes checking krb.h usability... no checking krb.h presence... no checking for krb.h... no configure: WARNING: No Kerberos V4 found checking for openssl... /usr/local/ssl checking for ZInitialize in -lzephyr... no checking for com_err in -lcom_err... no configure: WARNING: Parts of com_err distribuion were found, but not compile_et. configure: WARNING: Will build com_err from included sources. checking for modern syslog... yes checking which syslog facility to use... LOG_LOCAL6 checking for getdtablesize... yes checking to use old sieve service name... no checking for dlopen... no checking for dlopen in -ldl... yes checking for crypt... yes checking gssapi.h usability... no checking gssapi.h presence... no checking for gssapi.h... no checking gssapi/gssapi.h usability... yes checking gssapi/gssapi.h presence... yes checking for gssapi/gssapi.h... yes checking for res_search in -lresolv... (cached) yes checking for gss_unwrap in -lgssapi... no checking for krb5int_getspecific in -lkrb5support... no checking for gss_unwrap in -lgssapi_krb5... no checking for csf_gss_acq_user in -lgss... no checking for csf_gss_acq_user in -lgss... no checking for gss_unwrap in -lgss... yes checking GSSAPI... with implementation seam checking for res_search in -lresolv... (cached) yes checking for gsskrb5_register_acceptor_identity... no checking sasl/sasl.h usability... yes checking sasl/sasl.h presence... yes checking for sasl/sasl.h... yes checking sasl/saslutil.h usability... yes checking sasl/saslutil.h presence... yes checking for sasl/saslutil.h... yes checking for prop_get in -lsasl2... yes checking for sasl_checkapop in -lsasl2... yes checking for perl... perl checking for MD5Init... no checking for MD5Init in -lmd... no checking for long... (cached) yes checking size of long... (cached) 4 checking what directory libraries are found in... lib checking for request_init in -lwrap... no checking libwrap support... no checking for net-snmp-config... no checking for sprint_objid in -lsnmp... no checking UCD SNMP libraries... no configure: creating ./config.status config.status: creating man/Makefile config.status: WARNING: man/Makefile.in seems to ignore the --datarootdir setting config.status: creating master/Makefile config.status: creating lib/Makefile config.status: creating imap/Makefile config.status: creating imtest/Makefile config.status: creating netnews/Makefile config.status: creating perl/Makefile config.status: creating sieve/Makefile config.status: creating com_err/et/Makefile config.status: creating timsieved/Makefile config.status: creating notifyd/Makefile config.status: creating perl/sieve/Makefile config.status: creating perl/sieve/lib/Makefile config.status: creating Makefile config.status: WARNING: Makefile.in seems to ignore the --datarootdir setting config.status: creating config.h > -----Original Message----- > From: info-cyrus-bounces at lists.andrew.cmu.edu [mailto:info-cyrus- > bounces at lists.andrew.cmu.edu] On Behalf Of Ken Murchison > Sent: Thursday, October 09, 2008 10:58 AM > To: cyrus-project at lists.andrew.cmu.edu; cyrus- > devel at lists.andrew.cmu.edu; Cyrus Info > Subject: Cyrus 2.3.13 RC3 > > I just put together a third and hopefully FINAL release candidate for > Cyrus 2.3.13. I'd appreciate any independent testing before I release > this to the masses. > > http://www.contrib.andrew.cmu.edu/~murch/cyrus-imapd-2.3.13rc3.tar.gz > http://www.contrib.andrew.cmu.edu/~murch/cyrus-imapd- > 2.3.13rc3.tar.gz.sig > > > Noteworthy changes: > > * Added an experimental "sql" backend for cyrusdb. Currently MySQL, > PostgreSQL, and SQLite are supported. > * Added support for IMAP [CAPABILITY] response code to client-side > of Murder proxies. > * Added support for ManageSieve auto-capability response after > STARTTLS and after AUTH with a SASL security layer. > * Made MAXWORD and MAXQUOTED sizes configurable via imapd.conf > * Rewrote cyrusdb_quotalegacy.c to use readir() > rather than glob.c. This avoids a potential crash due to > conflicts between glibc and Heimdal implementations of glob(). > * Added support for fulldirhash to 'ctl_mboxlist -v' > * Several skiplist transaction bugfixes. > * cyr_expire no longer has a default of 0 (zero) for -X and -D. > These options must be used explicitly in order to have the desired > effect. > * Added sieve_utf8fileinto option. > * Added sieve_sasl_send_unsolicited_capability and > sieve_sasl_expect_unsolicited_capability options. > * Several 32/64-bit compatibility fixes. > > > Check doc/changes.html and doc/install-upgrade.html for a complete list > of changes. > > If there are any outstanding critical issues that you believe still > need > to be addressed in 2.3.13, please let me know. This code has been in > feature freeze for a while, so no new requests please. > > -- > Kenneth Murchison > Systems Programmer > Project Cyrus Developer/Maintainer > Carnegie Mellon University > > > > > > > ---- > Cyrus Home Page: http://cyrusimap.web.cmu.edu/ > Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html From wes at umich.edu Mon Oct 13 15:57:39 2008 From: wes at umich.edu (Wesley Craig) Date: Mon, 13 Oct 2008 15:57:39 -0400 Subject: Cyrus 2.3.13 RC3 In-Reply-To: <004801c92d6c$4ad32800$e0797800$@gov> References: <48EE1BDD.8010504@andrew.cmu.edu> <004801c92d6c$4ad32800$e0797800$@gov> Message-ID: Try --without-gssapi. :wes On 13 Oct 2008, at 15:45, Larry Rosenbaum wrote: > I can't get it to build. I get the following: > > gcc -c -I.. -I/usr/local/BerkeleyDB.4.2/include -I/usr/local/ssl/ > include > -I../com_err/et -I/usr/local/include -DHAVE_CONFIG_H -g -O2 \ > auth_krb5.c > auth_krb5.c:60:18: krb5.h: No such file or directory > > I'm not interested in using Kerberos. I tried --without-krb but > got the > same error. What do I need to change? I am on Solaris 9 SPARC. > Here is > the configure input and output: From rosenbaumlm at ornl.gov Mon Oct 13 16:05:49 2008 From: rosenbaumlm at ornl.gov (Rosenbaum, Larry M.) Date: Mon, 13 Oct 2008 16:05:49 -0400 Subject: Cyrus 2.3.13 RC3 In-Reply-To: References: <48EE1BDD.8010504@andrew.cmu.edu> <004801c92d6c$4ad32800$e0797800$@gov> Message-ID: <43C68785C2728049AF86B0ECB240A1510865569F9A@EXCHMB.ornl.gov> > From: Wesley Craig [mailto:wes at umich.edu] > > Try --without-gssapi. Thanks, but that didn't help. > :wes > > On 13 Oct 2008, at 15:45, Larry Rosenbaum wrote: > > I can't get it to build. I get the following: > > > > gcc -c -I.. -I/usr/local/BerkeleyDB.4.2/include -I/usr/local/ssl/ > > include > > -I../com_err/et -I/usr/local/include -DHAVE_CONFIG_H -g -O2 \ > > auth_krb5.c > > auth_krb5.c:60:18: krb5.h: No such file or directory > > > > I'm not interested in using Kerberos. I tried --without-krb but > > got the > > same error. What do I need to change? I am on Solaris 9 SPARC. > > Here is > > the configure input and output: From rosenbaumlm at ornl.gov Mon Oct 13 16:42:20 2008 From: rosenbaumlm at ornl.gov (Rosenbaum, Larry M.) Date: Mon, 13 Oct 2008 16:42:20 -0400 Subject: Cyrus 2.3.13 RC3 In-Reply-To: References: <48EE1BDD.8010504@andrew.cmu.edu> <004801c92d6c$4ad32800$e0797800$@gov> Message-ID: <43C68785C2728049AF86B0ECB240A1510865569FE0@EXCHMB.ornl.gov> > From: Wesley Craig [mailto:wes at umich.edu] > > Try --without-gssapi. > Sorry, it's actually --disable-gssapi. That fixed it. Thanks. > :wes > > On 13 Oct 2008, at 15:45, Larry Rosenbaum wrote: > > I can't get it to build. I get the following: > > > > gcc -c -I.. -I/usr/local/BerkeleyDB.4.2/include -I/usr/local/ssl/ > > include > > -I../com_err/et -I/usr/local/include -DHAVE_CONFIG_H -g -O2 \ > > auth_krb5.c > > auth_krb5.c:60:18: krb5.h: No such file or directory > > > > I'm not interested in using Kerberos. I tried --without-krb but > > got the > > same error. What do I need to change? I am on Solaris 9 SPARC. > > Here is > > the configure input and output: From wes at umich.edu Mon Oct 13 16:50:35 2008 From: wes at umich.edu (Wesley Craig) Date: Mon, 13 Oct 2008 16:50:35 -0400 Subject: Cyrus 2.3.13 RC3 In-Reply-To: <43C68785C2728049AF86B0ECB240A1510865569FE0@EXCHMB.ornl.gov> References: <48EE1BDD.8010504@andrew.cmu.edu> <004801c92d6c$4ad32800$e0797800$@gov> <43C68785C2728049AF86B0ECB240A1510865569FE0@EXCHMB.ornl.gov> Message-ID: On 13 Oct 2008, at 16:42, Rosenbaum, Larry M. wrote: > That fixed it. Thanks. Sure, please respond to the list so someone finding your original question can get the correct answer as well. Thanks! :wes From Daniel.Dewald at iks-computer.de Tue Oct 14 05:04:52 2008 From: Daniel.Dewald at iks-computer.de (Daniel Dewald) Date: Tue, 14 Oct 2008 11:04:52 +0200 Subject: Mapping a username to a Mailbox via LDAP? Message-ID: Hi, I?m currently working on a project to integrate parts of a Kolab server into an M$ Active Directory. For that I wrote a script for postfix which converts the username into the Sid (this is done so that a user can be renamed in AD and still has the same Cyrus mailbox). So far this is working great. Upon receiving an email the mailbox is created (with all wanted subfolders) and the renaming of the user has no effect on that. But here comes my problem: As far as I understand it a user has to logon into Cyrus with the mailbox as username. Login into Cyrus works fine (authenticated via samba and winbind) but Cyrus creates a new mailbox (user.). I want the user to login with his AD credentials and still be routed to his correct mailbox. Is there a mapping feature in Cyrus for mailbox names I?m not aware of? It would be perfect if Cyrus could read the mailbox name from an ldap server (Because the real mailbox name is getting saved by the delivery script into AD). Any help in this matter would be much appreciated. Kind regards Daniel Dewald iks GmbH Auf der Kimm 36 66709 Weiskirchen-Konfeld Tel +49 6876 99000 33 Fax +49 6876 1501 Daniel.Dewald at iks-computer.de Firmenname: iks GmbH Sitz des Unternehmens: D-66709 Weiskirchen Registergericht: Amtsgericht D-66663 Merzig HRB 3940 Gesch?ftsf?hrer: Markus Backes -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20081014/7ed6bbd0/attachment-0001.html -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 4770 bytes Desc: not available Url : http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20081014/7ed6bbd0/attachment-0001.bin From Pascal.Gienger at uni-konstanz.de Tue Oct 14 06:29:42 2008 From: Pascal.Gienger at uni-konstanz.de (Pascal Gienger) Date: Tue, 14 Oct 2008 12:29:42 +0200 Subject: Mapping a username to a Mailbox via LDAP? In-Reply-To: References: Message-ID: Daniel Dewald wrote: > I want the user to login with his AD credentials and > still be routed to his correct mailbox. Is there a mapping feature in > Cyrus for mailbox names I?m not aware of? It would be perfect if There are two SASL plugins dealing with login and user names: 1. canonical translates the given username to an internal username, which cyrus imapd uses as mailbox name (with user prefix "user."). 2. auxprop takes the given username, retrieves the stored secret, and returns it to the SASL library. The auxprop can also do the mapping of the given username to another user name schema used in the authentication/secret database. It passes the given username unchanged to the imap daemon which will be the mailbox name then. In our setup, users do log in with their e-mail-address, but the mailboxes have our internal uid as name. A canonical plugin does the translation. In your case, a canonical plugin should convert the username into the sid, cyrus imap will use that as mail box name. Pascal Gienger Universit?t Konstanz From davidk at cs.umass.edu Tue Oct 14 11:44:35 2008 From: davidk at cs.umass.edu (David Korpiewski) Date: Tue, 14 Oct 2008 11:44:35 -0400 Subject: IMAPS terminating abnormally Message-ID: <48F4BE63.5050805@cs.umass.edu> I have two cyrus machines running and on both systems I'm getting a TLS error and then the error "in BUSY state: terminated abnormally". The interesting thing is that all of these errors are from the IPs of the load balancer that I have running. So 128.119.240.177 is the load balancer's external IP and 192.168.2.1 is the internal IP. I'm getting random seen file corruption and I don't know if this is somehow related. However, the external connections from other IPs *seem* to connect fine without any errors. Any ideas why this is happening? Thank you in advance! David ct 14 11:38:55 mail1 imaps[74784]: executed Oct 14 11:38:55 mail1 imaps[74784]: accepted connection Oct 14 11:38:55 mail1 master[74787]: about to exec /usr/bin/cyrus/bin/imapd Oct 14 11:38:55 mail1 imaps[74784]: imaps TLS negotiation failed: [192.168.2.1] Oct 14 11:38:55 mail1 imaps[74784]: Fatal error: tls_start_servertls() failed Oct 14 11:38:55 mail1 imaps[74787]: executed Oct 14 11:38:55 mail1 master[65069]: process 74784 exited, status 75 Oct 14 11:38:55 mail1 master[65069]: service imaps pid 74784 in BUSY state: terminated abnormally Oct 14 11:38:55 mail1 imaps[74787]: accepted connection Oct 14 11:38:55 mail1 imaps[74787]: imaps TLS negotiation failed: [128.119.240.177] Oct 14 11:38:55 mail1 imaps[74787]: Fatal error: tls_start_servertls() failed Oct 14 11:38:55 mail1 master[65069]: process 74787 exited, status 75 Oct 14 11:38:55 mail1 master[65069]: service imaps pid 74787 in BUSY state: terminated abnormally Oct 14 11:38:57 mail1 imap[74247]: accepted connection Oct 14 11:38:58 mail1 master[65069]: process 74725 exited, status 0 Oct 14 11:38:59 mail1 master[74788]: about to exec /usr/bin/cyrus/bin/imapd Oct 14 11:38:59 mail1 imaps[74788]: executed Oct 14 11:38:59 mail1 imaps[74788]: accepted connection Oct 14 11:38:59 mail1 imaps[74788]: imaps TLS negotiation failed: [128.119.240.177] Oct 14 11:38:59 mail1 imaps[74788]: Fatal error: tls_start_servertls() failed Oct 14 11:38:59 mail1 master[65069]: process 74788 exited, status 75 Oct 14 11:38:59 mail1 master[65069]: service imaps pid 74788 in BUSY state: terminated abnormally -- =========================================== David Korpiewski Software Specialist I CSCF - Computer Science Computing Facility Department of Computer Science Phone: 413-545-4319 Fax: 413-577-2285 =========================================== From Pascal.Gienger at uni-konstanz.de Tue Oct 14 12:40:36 2008 From: Pascal.Gienger at uni-konstanz.de (Pascal Gienger) Date: Tue, 14 Oct 2008 18:40:36 +0200 Subject: IMAPS terminating abnormally In-Reply-To: <48F4BE63.5050805@cs.umass.edu> References: <48F4BE63.5050805@cs.umass.edu> Message-ID: <0F500B0477F6C882665CB616@schnucki.djehoulou.com> David Korpiewski wrote: > I have two cyrus machines running and on both systems I'm getting a TLS > error and then the error "in BUSY state: terminated abnormally". Which cyrus imapd version? Can you set the loglevel to debug in your syslog.conf? From s.e.grier at qmul.ac.uk Tue Oct 14 13:09:49 2008 From: s.e.grier at qmul.ac.uk (Stephen Grier) Date: Tue, 14 Oct 2008 18:09:49 +0100 Subject: NULL pointer bug in 2.3.13rc3 when deleting top-level mailboxes Message-ID: <48F4D25D.1020209@qmul.ac.uk> Hi, While testing cyrus-imapd-2.3.13rc3, I noticed log entries like the following when deleting a top-level mailbox: Oct 14 17:39:21 machine master[24378]: process 24391 exited, signaled to death by 11 The mailbox had been removed from the filesystem, but the imapd process appears to have segfaulted. Trussing the imapd showed: stat("/var/imap/mailboxes.db", 0xFFBFB5B0) = 0 fcntl(6, F_SETLKW, 0xFFBFB628) = 0 rmdir("/var/spool/imap/v/wobble") = 0 Incurred fault #6, FLTBOUNDS %pc = 0x00047850 siginfo: SIGSEGV SEGV_MAPERR addr=0x00000000 Received signal #11, SIGSEGV [default] siginfo: SIGSEGV SEGV_MAPERR addr=0x00000000 Looking at the code there is a clear NULL pointer bug in the mailbox_delete function in imap/mailbox.c. The patch is: $ diff -u imap/mailbox.c.orig imap/mailbox.c --- imap/mailbox.c.orig Wed Oct 8 16:47:08 2008 +++ imap/mailbox.c Tue Oct 14 17:49:05 2008 @@ -2919,7 +2919,9 @@ r = mboxlist_lookup(nbuf, NULL, NULL); } while(r == IMAP_MAILBOX_NONEXISTENT); - *ntail = '\0'; + if (ntail != NULL) { + *ntail = '\0'; + } if (updatenotifier) updatenotifier(nbuf); -- Stephen Grier Systems Developer Computing Services Queen Mary, University of London From wes at umich.edu Tue Oct 14 13:52:05 2008 From: wes at umich.edu (Wesley Craig) Date: Tue, 14 Oct 2008 13:52:05 -0400 Subject: NULL pointer bug in 2.3.13rc3 when deleting top-level mailboxes In-Reply-To: <48F4D25D.1020209@qmul.ac.uk> References: <48F4D25D.1020209@qmul.ac.uk> Message-ID: <1D3A12CC-B401-434E-8BC7-F40FFF3A89B7@umich.edu> Thanks, I've opened this bugzilla: http://bugzilla.andrew.cmu.edu/show_bug.cgi?id=3071 as a blocker for 2.3.13. A reminder: it's much, much better to report bugs in the bugzilla than on the lists. The lists are for discussion. :wes On 14 Oct 2008, at 13:09, Stephen Grier wrote: > While testing cyrus-imapd-2.3.13rc3, I noticed log entries like the > following when deleting a top-level mailbox: > > Oct 14 17:39:21 machine master[24378]: process 24391 exited, > signaled to > death by 11 From davidk at cs.umass.edu Tue Oct 14 14:42:25 2008 From: davidk at cs.umass.edu (David Korpiewski) Date: Tue, 14 Oct 2008 14:42:25 -0400 Subject: IMAPS terminating abnormally In-Reply-To: <0F500B0477F6C882665CB616@schnucki.djehoulou.com> References: <48F4BE63.5050805@cs.umass.edu> <0F500B0477F6C882665CB616@schnucki.djehoulou.com> Message-ID: <48F4E811.9040906@cs.umass.edu> Thank you for asking questions, I'm very interested in getting this problem solved ASAP. I have turned on debugging level up by editing my /etc/syslog.conf file and adding this line: "local6.debug /var/log/mailaccess.log" However, I don't see any additional debug information (as shown below). I originally had "local6.*" which should have gotten the debug information anyways. The version of the OS is OSX 10.5.5 The version of cyrus is: (not sure if this is it, but) mail2:bin root# ./deliver 421-4.3.0 usage: deliver [-C ] [-m mailbox] [-a auth] [-r return_path] [-l] [-D] 421 4.3.0 v2.3.8-OS X Server 10.5: 9C31 This is the standard version that comes with OSX. I have not installed a new (or ported) version. Oct 14 14:14:20 mail1 master[76765]: process 77212 exited, status 0 Oct 14 14:14:56 mail1 master[77337]: about to exec /usr/bin/cyrus/bin/imapd Oct 14 14:14:56 mail1 imaps[77337]: executed Oct 14 14:14:56 mail1 imaps[77337]: accepted connection Oct 14 14:14:56 mail1 master[77340]: about to exec /usr/bin/cyrus/bin/imapd Oct 14 14:14:56 mail1 imaps[77337]: imaps TLS negotiation failed: [192.168.2.1] Oct 14 14:14:56 mail1 imaps[77337]: Fatal error: tls_start_servertls() failed Oct 14 14:14:56 mail1 imaps[77340]: executed Oct 14 14:14:56 mail1 master[76765]: process 77337 exited, status 75 Oct 14 14:14:56 mail1 master[76765]: service imaps pid 77337 in BUSY state: terminated abnormally Oct 14 14:14:56 mail1 imaps[77340]: accepted connection Oct 14 14:14:56 mail1 imaps[77340]: imaps TLS negotiation failed: [128.119.240.177] Oct 14 14:14:56 mail1 imaps[77340]: Fatal error: tls_start_servertls() failed Oct 14 14:14:56 mail1 master[76765]: process 77340 exited, status 75 Oct 14 14:14:56 mail1 master[76765]: service imaps pid 77340 in BUSY state: terminated abnormally Oct 14 14:14:58 mail1 imap[76782]: accepted connection Oct 14 14:14:59 mail1 master[77341]: about to exec /usr/bin/cyrus/bin/imapd Oct 14 14:14:59 mail1 imaps[77341]: executed Oct 14 14:14:59 mail1 imaps[77341]: accepted connection Oct 14 14:14:59 mail1 imaps[77341]: imaps TLS negotiation failed: [128.119.240.177] Oct 14 14:14:59 mail1 imaps[77341]: Fatal error: tls_start_servertls() failed Oct 14 14:14:59 mail1 master[76765]: process 77341 exited, status 75 Oct 14 14:14:59 mail1 master[76765]: service imaps pid 77341 in BUSY state: terminated abnormally Pascal Gienger wrote: > David Korpiewski wrote: > >> I have two cyrus machines running and on both systems I'm getting a TLS >> error and then the error "in BUSY state: terminated abnormally". > > Which cyrus imapd version? > Can you set the loglevel to debug in your syslog.conf? -- =========================================== David Korpiewski Software Specialist I CSCF - Computer Science Computing Facility Department of Computer Science Phone: 413-545-4319 Fax: 413-577-2285 =========================================== From Pascal.Gienger at uni-konstanz.de Tue Oct 14 15:13:14 2008 From: Pascal.Gienger at uni-konstanz.de (Pascal Gienger) Date: Tue, 14 Oct 2008 21:13:14 +0200 Subject: IMAPS terminating abnormally In-Reply-To: <48F4E811.9040906@cs.umass.edu> References: <48F4BE63.5050805@cs.umass.edu> <0F500B0477F6C882665CB616@schnucki.djehoulou.com> <48F4E811.9040906@cs.umass.edu> Message-ID: David Korpiewski wrote: > Thank you for asking questions, I'm very interested in getting this > problem solved ASAP. > > I have turned on debugging level up by editing my /etc/syslog.conf file > and adding this line: "local6.debug > /var/log/mailaccess.log" > However, I don't see any additional debug information (as shown below). > I originally had "local6.*" which should have gotten the debug > information anyways. > > The version of the OS is OSX 10.5.5 > The version of cyrus is: (not sure if this is it, but) > mail2:bin root# ./deliver > 421-4.3.0 usage: deliver [-C ] [-m mailbox] [-a auth] [-r > return_path] [-l] [-D] > 421 4.3.0 v2.3.8-OS X Server 10.5: 9C31 Ok I have to pass. This is the Apple Version of their Mail Server, they included many extensions to the original cyrus code. They added netinfo support in SASL2, and Rendezvous/Zeroconf in IMAP. The only thing I know is that SSL handling has been improved since Version 2.3.8 (which is supposedly the version Apple used as its base). We are at 2.3.12, and 2.3.13 as Release Candidate. Did you open a service request Apple with this issue? If it is OS X 10.5.5 server you'll have support. If you can live without rendezvous, you can compile an actual release of Cyrus IMAP, using Apple's SASL2 library. So you won't give up netinfo capabilities. You will lose Apple support though. Cyrus IMAP 2.3.12 compiles fine under OS X 10.5 when the Apple SDK is installed (gcc et.al.). Pascal From davidk at cs.umass.edu Tue Oct 14 15:44:07 2008 From: davidk at cs.umass.edu (David Korpiewski) Date: Tue, 14 Oct 2008 15:44:07 -0400 Subject: IMAPS terminating abnormally In-Reply-To: References: <48F4BE63.5050805@cs.umass.edu> <0F500B0477F6C882665CB616@schnucki.djehoulou.com> <48F4E811.9040906@cs.umass.edu> Message-ID: <48F4F687.9040107@cs.umass.edu> Sometimes I feel like an absolute idiot. I figured out what this is. The load balancer I have does not have the capability to connect via IMAPS to see if the cluster nodes are up and running, therefore the test it does to just telnet into the imaps port. However, this telnetting in is causing this error. If I check, sure enough the problem appears roughly around every 60 seconds, which is what the port test is set for its frequency. I apologize for annoying the list, but I sincerely thank Pascal for the help! David Pascal Gienger wrote: > David Korpiewski wrote: > >> Thank you for asking questions, I'm very interested in getting this >> problem solved ASAP. >> >> I have turned on debugging level up by editing my /etc/syslog.conf file >> and adding this line: "local6.debug >> /var/log/mailaccess.log" >> However, I don't see any additional debug information (as shown below). >> I originally had "local6.*" which should have gotten the debug >> information anyways. >> >> The version of the OS is OSX 10.5.5 >> The version of cyrus is: (not sure if this is it, but) >> mail2:bin root# ./deliver >> 421-4.3.0 usage: deliver [-C ] [-m mailbox] [-a auth] [-r >> return_path] [-l] [-D] >> 421 4.3.0 v2.3.8-OS X Server 10.5: 9C31 > > > Ok I have to pass. > This is the Apple Version of their Mail Server, they included many > extensions to the original cyrus code. They added netinfo support in > SASL2, and Rendezvous/Zeroconf in IMAP. The only thing I know is that > SSL handling has been improved since Version 2.3.8 (which is supposedly > the version Apple used as its base). We are at 2.3.12, and 2.3.13 as > Release Candidate. > Did you open a service request Apple with this issue? If it is OS X > 10.5.5 server you'll have support. > > If you can live without rendezvous, you can compile an actual release of > Cyrus IMAP, using Apple's SASL2 library. So you won't give up netinfo > capabilities. You will lose Apple support though. > > Cyrus IMAP 2.3.12 compiles fine under OS X 10.5 when the Apple SDK is > installed (gcc et.al.). > > > Pascal -- =========================================== David Korpiewski Software Specialist I CSCF - Computer Science Computing Facility Department of Computer Science Phone: 413-545-4319 Fax: 413-577-2285 =========================================== From dwhite at olp.net Wed Oct 15 00:29:08 2008 From: dwhite at olp.net (Dan White) Date: Tue, 14 Oct 2008 23:29:08 -0500 Subject: Sieve Authentication In-Reply-To: References: <48EF5A64.7000401@olp.net> Message-ID: <48F57194.1020606@olp.net> Antonio, The sieve protocol is defined in RFC 3028. 'sivtest' should be easier than telnet though. However, as mentioned in the documentation, you'll probably want to use sieveshell to manipulate scripts. - Dan Antonio Talarico wrote: > Thanks now i can authenticate with sieve, > But i have another problem. > How is the syntax to place a script on the server once authenticated by telnet? > Thanks for the help > > 2008/10/10 Dan White : > >> Antonio Talarico wrote: >> >>> Hi >>> Which file contains the configuration for users who can authenticate. >>> How can enable a user to log in and add script. >>> Thank you >>> >>> >>> >> Antonio, >> >> Authentication is handled by the Cyrus SASL library as configured in your >> imapd.conf (the lines beginning with sasl_). Documentation can be found in >> the man page for imapd.conf, /doc/install-auth.html located within the >> cyrus-imapd source, and the /doc/ subdirectory located within the cyrus-sasl >> source. >> >> - Dan >> >> >> From murch at andrew.cmu.edu Wed Oct 15 13:55:37 2008 From: murch at andrew.cmu.edu (Ken Murchison) Date: Wed, 15 Oct 2008 13:55:37 -0400 Subject: Upcoming Cyrus 2.3.13 Release Message-ID: <48F62E99.4050906@andrew.cmu.edu> Folks, I'm planning on releasing 2.3.13 late Friday afternoon EDT unless someone reports a bug that we would consider a blocker. So, if there is anyone planning on doing testing on RC3, please do it soon. -- Kenneth Murchison Systems Programmer Project Cyrus Developer/Maintainer Carnegie Mellon University From jimm at simutronics.com Wed Oct 15 16:58:25 2008 From: jimm at simutronics.com (James Miller) Date: Wed, 15 Oct 2008 15:58:25 -0500 Subject: Upcoming Cyrus 2.3.13 Release In-Reply-To: <48F62E99.4050906@andrew.cmu.edu> References: <48F62E99.4050906@andrew.cmu.edu> Message-ID: <48F65971.8030008@simutronics.com> Good God man, have you never heard of the axiom NOTING NEW ON FIRDAY? You're tempting the gods and fates. Jim Ken Murchison wrote: > Folks, > > I'm planning on releasing 2.3.13 late Friday afternoon EDT unless > someone reports a bug that we would consider a blocker. So, if there is > anyone planning on doing testing on RC3, please do it soon. > > From brong at fastmail.fm Wed Oct 15 19:53:00 2008 From: brong at fastmail.fm (Bron Gondwana) Date: Thu, 16 Oct 2008 10:53:00 +1100 Subject: Upcoming Cyrus 2.3.13 Release In-Reply-To: <48F65971.8030008@simutronics.com> References: <48F62E99.4050906@andrew.cmu.edu> <48F65971.8030008@simutronics.com> Message-ID: <20081015235300.GC8495@brong.net> On Wed, Oct 15, 2008 at 03:58:25PM -0500, James Miller wrote: > Good God man, have you never heard of the axiom NOTING NEW ON FIRDAY? > You're tempting the gods and fates. You could just disable your "automatically download and install the latest release from cmu without testing it" script for the weekend. Ho hum. Bron. From hans.moser at ofd-sth.niedersachsen.de Thu Oct 16 11:05:39 2008 From: hans.moser at ofd-sth.niedersachsen.de (Marc Patermann) Date: Thu, 16 Oct 2008 17:05:39 +0200 Subject: troubles with cyradm In-Reply-To: References: Message-ID: <48F75843.8070107@ofd-sth.niedersachsen.de> Hi! > # cat /etc/imapd.conf Without encryption plain text mechanisms are not allowed until allowplaintext: yes is set. > # cyradm --user=cyrus --server=localhost --auth=plain Try # cyradm -u cyrus -a cram-md5 localhost for a non plain text (shared secret) mechanism. Marc From Eric.Luyten at vub.ac.be Mon Oct 20 05:41:47 2008 From: Eric.Luyten at vub.ac.be (Eric Luyten) Date: Mon, 20 Oct 2008 11:41:47 +0200 (CEST) Subject: Automatic removal of messages over NN days present in a folder. Message-ID: <20081020094147.BBC0C75@mach.vub.ac.be> At our site we expire Spamboxes after 45 days. Messages arrive in Spamboxes by auto-triage at delivery time or when a user moves a false negative into it. I was thinking of generalizing the 'Trash' concept with a similar automatic expiry but it appears Cyrus doesn't quite have the necessary tool(s) for this. Imagine the Trash folders being auto-emptied after 45 days. Imagine a message sitting in a user mailbox for 50 days and which now gets moved to Trash. The idea is to not have this message removed from the server the following night but to have the countdown starting at the time of moving it to Trash. Any ideas/suggestions for a neat solution or workaround ? FWIW : this is Cyrus 2.2.13 Thx, Eric. From murch at andrew.cmu.edu Mon Oct 20 09:02:38 2008 From: murch at andrew.cmu.edu (Ken Murchison) Date: Mon, 20 Oct 2008 09:02:38 -0400 Subject: Cyrus IMAPd 2.3.13 Released Message-ID: <48FC816E.1090002@andrew.cmu.edu> I am pleased to announce the release of Cyrus IMAPd 2.3.13. This release should be considered production quality. Noteworthy changes: * Added an experimental "sql" backend for cyrusdb. Currently MySQL, PostgreSQL, and SQLite are supported. * Added support for IMAP [CAPABILITY] response code to client-side of Murder proxies. * Added support for ManageSieve auto-capability response after STARTTLS and after AUTH with a SASL security layer. * Made MAXWORD and MAXQUOTED sizes configurable via imapd.conf * Rewrote cyrusdb_quotalegacy.c to use readir() rather than glob.c. This avoids a potential crash due to conflicts between glibc and Heimdal implementations of glob(). * Added support for fulldirhash to 'ctl_mboxlist -v' * Several skiplist transaction bugfixes. * cyr_expire no longer has a default of 0 (zero) for -X and -D. These options must be used explicitly in order to have the desired effect. * Added sieve_utf8fileinto option. * Added sieve_sasl_send_unsolicited_capability and sieve_sasl_expect_unsolicited_capability options. * Several 32/64-bit compatibility fixes. For full details, please see doc/changes.html and doc/install-upgrade.html which are included in the distribution. URLs for this release: ftp://ftp.andrew.cmu.edu/pub/cyrus/cyrus-imapd-2.3.13.tar.gz or http://ftp.andrew.cmu.edu/pub/cyrus/cyrus-imapd-2.3.13.tar.gz Questions and comments can be directed to info-cyrus at lists.andrew.cmu.edu (public list), or cyrus-bugs at andrew.cmu.edu. -- Kenneth Murchison Systems Programmer Project Cyrus Developer/Maintainer Carnegie Mellon University From wes at umich.edu Mon Oct 20 11:51:01 2008 From: wes at umich.edu (Wesley Craig) Date: Mon, 20 Oct 2008 11:51:01 -0400 Subject: Automatic removal of messages over NN days present in a folder. In-Reply-To: <20081020094147.BBC0C75@mach.vub.ac.be> References: <20081020094147.BBC0C75@mach.vub.ac.be> Message-ID: <724F934D-94CB-48E5-A96F-1C6D8FDE5D8B@umich.edu> You're thinking of modifying ipurge to do this? Sounds like a nice idea. Messages are moved to Trash with COPY, and COPY retains the original INTERNALDATE. However, the last_updated is set to NOW on COPY, so that's probably what you want. ipurge currently supports SENTDATE and INTERNALDATE. A cursory review suggests that adding LAST_UPDATED is trivial -- not that I've tested it :) Is there some reason you're not running 2.3.x? I'm not aware of any plans to make new 2.2.x releases, certainly not for feature enhancements. :wes On 20 Oct 2008, at 05:41, Eric Luyten wrote: > I was thinking of generalizing the 'Trash' concept with > a similar automatic expiry but it appears Cyrus doesn't > quite have the necessary tool(s) for this. > > Imagine the Trash folders being auto-emptied after 45 days. > Imagine a message sitting in a user mailbox for 50 days and > which now gets moved to Trash. > The idea is to not have this message removed from the server > the following night but to have the countdown starting at the > time of moving it to Trash. > > Any ideas/suggestions for a neat solution or workaround ? From laurent.mail at gmail.com Mon Oct 20 14:23:16 2008 From: laurent.mail at gmail.com (Laurent G) Date: Mon, 20 Oct 2008 20:23:16 +0200 Subject: INBOX folder not available Message-ID: Hi list, under Linux Debian Etch and Cyrus Imap 2.2.13-10, I planned to synchronize ACLs between too IMAP servers, using imap. This works fine for almost mailboxes, except for very few of them. Symptoms : -1- the IMAP command SELECT does not work on the "INBOX" folder. (when it works for the huge majority). Non working example : 02 SELECT INBOX 02 NO Mailbox does not exist Working example : 02 SELECT INBOX * FLAGS (\Answered \Flagged \Draft \Deleted \Seen) * OK [PERMANENTFLAGS (\Answered \Flagged \Draft \Deleted \Seen \*)] * 6 EXISTS * 0 RECENT * OK [UIDVALIDITY 1114023713] * OK [UIDNEXT 24] 02 OK [READ-WRITE] Completed -2- The same box can be subscribed to, receives mails and so on and seems to be fully functionnal, even XFER works. Reconstruct on the box did no better. -3- With imapsync (Revision: 1.172), the answer for the "From" folder is ["INBOX"] when usually [INBOX] Any other solution than recreating it? -- Best regards, ----- Laurent -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20081020/e6b31316/attachment.html From murch at andrew.cmu.edu Tue Oct 21 08:02:41 2008 From: murch at andrew.cmu.edu (Ken Murchison) Date: Tue, 21 Oct 2008 08:02:41 -0400 Subject: INBOX folder not available In-Reply-To: References: Message-ID: <48FDC4E1.10508@andrew.cmu.edu> Laurent G wrote: > Hi list, > > under Linux Debian Etch and Cyrus Imap 2.2.13-10, I planned to > synchronize ACLs between too IMAP servers, using imap. This works fine > for almost mailboxes, except for very few of them. > > Symptoms : > -1- the IMAP command SELECT does not work on the "INBOX" folder. (when > it works for the huge majority). > > Non working example : > 02 SELECT INBOX > 02 NO Mailbox does not exist If you're sure that the mailbox exists in mailboxes.db and on disk, then the authenticated/authorized user doesn't have permission to see the mailbox ('l' right). -- Kenneth Murchison Systems Programmer Project Cyrus Developer/Maintainer Carnegie Mellon University From pilsl at goldfisch.at Wed Oct 22 10:39:45 2008 From: pilsl at goldfisch.at (peter pilsl) Date: Wed, 22 Oct 2008 16:39:45 +0200 Subject: wrong date of emails - how to change? Message-ID: <48FF3B31.1000203@goldfisch.at> When I copy old emails from one folder to another then the date of this emails as shown by several clients (OutlookExpress, Thunderbird) is not the original date but the date when I copied these emails. First I thought I can change this date by changing the date of the actual file that contains a certain email, but this did not work. So how can I change the date of a email on a cyrus-imap-server? Do I need to delete certain cache-files and reconstruct all mailboxes or is there a secret (at least to me) command or ...? thnx for any advice, peter -- mag. peter pilsl - goldfisch.at IT-Consulting Tel: +43-699-11288470 Tel: +43-1-8900602 Fax: +43-1-8900602-15 skype: peter.pilsl pilsl at goldfisch.at www.goldfisch.at From laurent.mail at gmail.com Wed Oct 22 17:20:58 2008 From: laurent.mail at gmail.com (Laurent G) Date: Wed, 22 Oct 2008 23:20:58 +0200 Subject: INBOX folder not available In-Reply-To: <48FDC4E1.10508@andrew.cmu.edu> References: <48FDC4E1.10508@andrew.cmu.edu> Message-ID: 2008/10/21 Ken Murchison > Laurent G wrote: > >> Hi list, >> >> under Linux Debian Etch and Cyrus Imap 2.2.13-10, I planned to synchronize >> ACLs between too IMAP servers, using imap. This works fine for almost >> mailboxes, except for very few of them. >> >> Symptoms : >> -1- the IMAP command SELECT does not work on the "INBOX" folder. (when it >> works for the huge majority). >> >> Non working example : >> 02 SELECT INBOX >> 02 NO Mailbox does not exist >> > > If you're sure that the mailbox exists in mailboxes.db and on disk, then > the authenticated/authorized user doesn't have permission to see the mailbox > ('l' right). > > > -- > Kenneth Murchison > Systems Programmer > Project Cyrus Developer/Maintainer > Carnegie Mellon University > Hi, You were right. The same context was set on the non-working box as on the working ones, done by script (imapsync) with user Cyrus. But the few non working boxes had been renamed by the past and the ACL was not. Those folders were usually accessed by other users than the one nammed like the box (clear?) Anyway its solved by setting the right ACL. Thank you. --- Laurent -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20081022/d1ca9210/attachment.html From pilsl at goldfisch.at Thu Oct 23 07:11:23 2008 From: pilsl at goldfisch.at (peter pilsl) Date: Thu, 23 Oct 2008 13:11:23 +0200 Subject: wrong date of emails - how to change? In-Reply-To: <48FF3B31.1000203@goldfisch.at> References: <48FF3B31.1000203@goldfisch.at> Message-ID: <49005BDB.5070505@goldfisch.at> To add to my question: Is there a imap-command that allows to change the value of internaldate or do I need to implement a series of FETCH,DELETE,APPEND-commands to change the date? So far the APPEND-command is the only way I've found to set the value of INTERNALDATE, but APPEND only is for new messages. I can imagine doing some imapsync and applying the "correct" date. (I can extract a proper date from the mailheaders), but as this is a problem that appears now and then on one of my servers and is asked now and then on the internet, I would like to create a solid solution for this. any help appretiated, thnx peter peter pilsl wrote: > When I copy old emails from one folder to another then the date of this > emails as shown by several clients (OutlookExpress, Thunderbird) is not > the original date but the date when I copied these emails. > > First I thought I can change this date by changing the date of the > actual file that contains a certain email, but this did not work. > > So how can I change the date of a email on a cyrus-imap-server? > > Do I need to delete certain cache-files and reconstruct all mailboxes or > is there a secret (at least to me) command or ...? > > thnx for any advice, > peter > > -- mag. peter pilsl - goldfisch.at IT-Consulting Tel: +43-699-11288470 Tel: +43-1-8900602 Fax: +43-1-8900602-15 skype: peter.pilsl pilsl at goldfisch.at www.goldfisch.at From Eric.Luyten at vub.ac.be Thu Oct 23 10:59:17 2008 From: Eric.Luyten at vub.ac.be (Eric Luyten) Date: Thu, 23 Oct 2008 16:59:17 +0200 (CEST) Subject: Automatic removal of messages over NN days present in a folder. In-Reply-To: <724F934D-94CB-48E5-A96F-1C6D8FDE5D8B@umich.edu> from Wesley Craig at "Oct 20, 2008 11:51:01 am" Message-ID: <20081023145917.12216AF@mach.vub.ac.be> > You're thinking of modifying ipurge to do this? Sounds like a nice > idea. Messages are moved to Trash with COPY, and COPY retains the > original INTERNALDATE. However, the last_updated is set to NOW on > COPY, so that's probably what you want. ipurge currently supports > SENTDATE and INTERNALDATE. A cursory review suggests that adding > LAST_UPDATED is trivial -- not that I've tested it :) Okay, thank you for the hint ! > Is there some reason you're not running 2.3.x? I'm not aware of any > plans to make new 2.2.x releases, certainly not for feature > enhancements. Our 2.2.13 has been running pretty smoothly for little over two years now. I'm stop/starting it every two months to reduce risk of deliver.db corruption (we've been bitten by this only twice when running non-stop for more than half a year). That's with +50,000 users, 300k mailboxes, +2 TB of messages and 30M messages in 8 partitions. 2.3 is for 2009 Eric. > On 20 Oct 2008, at 05:41, Eric Luyten wrote: > > I was thinking of generalizing the 'Trash' concept with > > a similar automatic expiry but it appears Cyrus doesn't > > quite have the necessary tool(s) for this. > > > > Imagine the Trash folders being auto-emptied after 45 days. > > Imagine a message sitting in a user mailbox for 50 days and > > which now gets moved to Trash. > > The idea is to not have this message removed from the server > > the following night but to have the countdown starting at the > > time of moving it to Trash. > > > > Any ideas/suggestions for a neat solution or workaround ? > From wes at umich.edu Thu Oct 23 11:51:26 2008 From: wes at umich.edu (Wesley Craig) Date: Thu, 23 Oct 2008 11:51:26 -0400 Subject: wrong date of emails - how to change? In-Reply-To: <49005BDB.5070505@goldfisch.at> References: <48FF3B31.1000203@goldfisch.at> <49005BDB.5070505@goldfisch.at> Message-ID: <49AA770D-6295-4696-AEE6-4BE07C7F34B4@umich.edu> INTERNALDATE is stored in the cyrus meta files. So if you were to delete the meta files and reconstruct, INTERNALDATE is set to the mtime of the message file. Your assertion that copy updates INTERNALDATE doesn't sound right to me. What version of cyrus are you talking about? :wes On 23 Oct 2008, at 07:11, peter pilsl wrote: > Is there a imap-command that allows to change the value of > internaldate > or do I need to implement a series of FETCH,DELETE,APPEND-commands to > change the date? So far the APPEND-command is the only way I've > found to > set the value of INTERNALDATE, but APPEND only is for new messages. > > I can imagine doing some imapsync and applying the "correct" date. (I > can extract a proper date from the mailheaders), but as this is a > problem that appears now and then on one of my servers and is asked > now > and then on the internet, I would like to create a solid solution > for this. > > peter pilsl wrote: >> When I copy old emails from one folder to another then the date of >> this >> emails as shown by several clients (OutlookExpress, Thunderbird) >> is not >> the original date but the date when I copied these emails. >> >> First I thought I can change this date by changing the date of the >> actual file that contains a certain email, but this did not work. >> >> So how can I change the date of a email on a cyrus-imap-server? >> >> Do I need to delete certain cache-files and reconstruct all >> mailboxes or >> is there a secret (at least to me) command or ...? From kirk at strauser.com Thu Oct 23 12:02:27 2008 From: kirk at strauser.com (Kirk Strauser) Date: Thu, 23 Oct 2008 11:02:27 -0500 Subject: Want to keep *some* duplicates Message-ID: <200810231102.27632.kirk@strauser.com> For some reason, people now commonly reply to mailing list messages by directing them to the sender and Cc'ing the list. This usually results in me only having one copy of the message: the one in my inbox, and not the one that's nicely threaded in the same folder as its references. My copy of imapd.conf says that I have to leave duplicatesuppression turned on if I want to use Sieve - and I definitely want to keep Sieve around! - but I don't see any other clear ways to handle this. -- Kirk Strauser From cyrus-ml at seichter.de Thu Oct 23 13:03:28 2008 From: cyrus-ml at seichter.de (Ralph Seichter) Date: Thu, 23 Oct 2008 19:03:28 +0200 Subject: Folders which automatically mark all messages as read/seen? Message-ID: <4900AE60.4040506@seichter.de> Hi folks, is it possible to add a "this folder never contains any unread messages" attribute to a given list of folders? For old Lotus Notes users: I am thinking of "don't maintain unread marks" not on a database level but on a folder level. I couldn't find this mentioned in the Cyrus IMAP Wiki/FAQ, so I kindly ask for your ideas. -R From cyrus-ml at seichter.de Thu Oct 23 15:48:44 2008 From: cyrus-ml at seichter.de (Ralph Seichter) Date: Thu, 23 Oct 2008 21:48:44 +0200 Subject: Folders which automatically mark all messages as read/seen? In-Reply-To: References: <4900AE60.4040506@seichter.de> Message-ID: <4900D51C.20801@seichter.de> Jeff wrote: > Sieve scripts can mark messages as read, though I'm not an expert on > sieve. Thanks for your suggestion, Jeff. I tried the following: require "fileinto"; require "imapflags"; if address :contains ["To", "Cc"] "foo at domain.tld" { addflag "\seen"; fileinto "INBOX.foo"; } I use Cyrus IMAP Daemon 2.3.12_p2 on Gentoo Linux, and I installed the Sieve script using the 'sieveshell' utility. The 'fileinto' is executed, but 'addflag' does not seem to have any effect. I tried both SquirrelMail and Mozilla Thunderbird as clients, but the messages in folder INBOX.foo appear as unread/unseen with both, just as in every other folder. -R From ml at awinkelmann.de Thu Oct 23 16:25:08 2008 From: ml at awinkelmann.de (Andreas Winkelmann) Date: Thu, 23 Oct 2008 22:25:08 +0200 Subject: Folders which automatically mark all messages as read/seen? In-Reply-To: <4900D51C.20801@seichter.de> References: <4900AE60.4040506@seichter.de> <4900D51C.20801@seichter.de> Message-ID: <200810232225.08529.ml@awinkelmann.de> Am Donnerstag 23 Oktober 2008 21:48:44 schrieb Ralph Seichter: > Jeff wrote: > > Sieve scripts can mark messages as read, though I'm not an expert on > > sieve. > > Thanks for your suggestion, Jeff. I tried the following: > > require "fileinto"; > require "imapflags"; > > if address :contains ["To", "Cc"] "foo at domain.tld" > { > addflag "\seen"; > fileinto "INBOX.foo"; > } > > I use Cyrus IMAP Daemon 2.3.12_p2 on Gentoo Linux, and I installed the > Sieve script using the 'sieveshell' utility. The 'fileinto' is executed, > but 'addflag' does not seem to have any effect. I tried both SquirrelMail > and Mozilla Thunderbird as clients, but the messages in folder INBOX.foo > appear as unread/unseen with both, just as in every other folder. Did you try: ... addflag "\\seen"; ... In the examples in draft-melnikov-sieve-imapflags-03.txt flags begin with two backslashes. -- Andreas -- -- Andreas From brong at fastmail.fm Thu Oct 23 18:13:29 2008 From: brong at fastmail.fm (Bron Gondwana) Date: Fri, 24 Oct 2008 09:13:29 +1100 Subject: wrong date of emails - how to change? In-Reply-To: <49005BDB.5070505@goldfisch.at> References: <48FF3B31.1000203@goldfisch.at> <49005BDB.5070505@goldfisch.at> Message-ID: <1224800009.26833.1280946997@webmail.messagingengine.com> Sneaky approach number 1: delete cyrus.index and run reconstruct after touching the files. Sneaky approach number 2: use the sync_server protocol to directly change the INTERNALDATE (I've done this with my "IMAP to Cyrus" importer that can keep UIDVALIDITY and all that jazz... it's not very polished yet though! - so far I've only used it to import my family's old email from Courier into FastMail's Cyrus world) Sneaky approach number 3: use Cyrus::IndexFile from my perl stuff (I'm sure I've posted it before, but I should probably package it up and push it upstream) to directly fiddle the cyrus.index and change the INTERNALDATE that way. Sneaky approach number 4: use a hex editor and hand fiddle cyrus.index (I don't do that any more, I have a library. I also have a tool which can dump cyrus.index files as a plaintext editable format and then recreate them from same!) Bron ( though I haven't used it for so long it probably has bitrot! ) On Thu, 23 Oct 2008 13:11:23 +0200, "peter pilsl" said: > > To add to my question: > > Is there a imap-command that allows to change the value of internaldate > or do I need to implement a series of FETCH,DELETE,APPEND-commands to > change the date? So far the APPEND-command is the only way I've found to > set the value of INTERNALDATE, but APPEND only is for new messages. > > I can imagine doing some imapsync and applying the "correct" date. (I > can extract a proper date from the mailheaders), but as this is a > problem that appears now and then on one of my servers and is asked now > and then on the internet, I would like to create a solid solution for > this. > > any help appretiated, > thnx > peter > > > peter pilsl wrote: > > When I copy old emails from one folder to another then the date of this > > emails as shown by several clients (OutlookExpress, Thunderbird) is not > > the original date but the date when I copied these emails. > > > > First I thought I can change this date by changing the date of the > > actual file that contains a certain email, but this did not work. > > > > So how can I change the date of a email on a cyrus-imap-server? > > > > Do I need to delete certain cache-files and reconstruct all mailboxes or > > is there a secret (at least to me) command or ...? > > > > thnx for any advice, > > peter > > > > > > > -- > mag. peter pilsl - goldfisch.at > IT-Consulting > Tel: +43-699-11288470 > Tel: +43-1-8900602 > Fax: +43-1-8900602-15 > skype: peter.pilsl > pilsl at goldfisch.at > www.goldfisch.at > ---- > Cyrus Home Page: http://cyrusimap.web.cmu.edu/ > Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html -- Bron Gondwana brong at fastmail.fm From wes at umich.edu Thu Oct 23 20:30:42 2008 From: wes at umich.edu (Wesley Craig) Date: Thu, 23 Oct 2008 20:30:42 -0400 Subject: Want to keep *some* duplicates In-Reply-To: <200810231102.27632.kirk@strauser.com> References: <200810231102.27632.kirk@strauser.com> Message-ID: Perhaps you're running a really old version? Changes to the Cyrus IMAP Server since 2.1.4 * Sieve is no longer dependent on duplicate delivery suppression (it still uses the duplicate delivery database however). You can cheerfully disable duplicatesuppression, and sieve will continue to work as expected. In fact: Changes to the Cyrus IMAP Server since 2.3.9 * Added support for disabling duplicate delivery suppression on a per-folder basis with the /vendor/cmu/cyrus-imapd/duplicatedeliver mailbox annotation -- courtesy of Fastmail.fm. you can choose to disable it on a per mailbox basis. :wes On 23 Oct 2008, at 12:02, Kirk Strauser wrote: > For some reason, people now commonly reply to mailing list messages by > directing them to the sender and Cc'ing the list. This usually > results in me > only having one copy of the message: the one in my inbox, and not > the one > that's nicely threaded in the same folder as its references. My > copy of > imapd.conf says that I have to leave duplicatesuppression turned on > if I want > to use Sieve - and I definitely want to keep Sieve around! - but I > don't see > any other clear ways to handle this. From iane at sussex.ac.uk Fri Oct 24 06:37:27 2008 From: iane at sussex.ac.uk (Ian Eiloart) Date: Fri, 24 Oct 2008 11:37:27 +0100 Subject: CAPABILITY response code. Message-ID: <8232447BA8C715C26997225A@lewes.staff.uscs.susx.ac.uk> Hi, In the changelist for cyrus imap 2.3.13, is this: "Added support for IMAP [CAPABILITY] response code to client-side of Murder proxies" I have little clue what that means, but I'm hoping it means I can change my CAPABILITY response string. Does it? My underlying problem here is that my front end proxies are issuing referrals causing AL/PINE to attempt to directly reach my backend server (when Fcc copying a message to a Sent mailbox). My firewall causes this to fail. In general, though, there may be other reasons for suppressing advertising of capabilities. -- Ian Eiloart IT Services, University of Sussex x3148 From shwaltz at cabm.rutgers.edu Fri Oct 24 09:20:17 2008 From: shwaltz at cabm.rutgers.edu (Shelley Waltz) Date: Fri, 24 Oct 2008 09:20:17 -0400 (EDT) Subject: Replica message dates Message-ID: One user on my cyrus replica has the dates wrong on the message files. I moved messages from one imap server to a new imap server and the message dates were preserved just fine. The replica, however, has message dates on all messages as the date/time the replication occurred. Subsequent messages to the master and replica have the correct date/time. cyrus-imapd-2.3.7-2.el5 Why is this and is there a way to correct this? S.Waltz From cyrus-ml at seichter.de Fri Oct 24 10:08:18 2008 From: cyrus-ml at seichter.de (Ralph Seichter) Date: Fri, 24 Oct 2008 16:08:18 +0200 Subject: Folders which automatically mark all messages as read/seen? In-Reply-To: <200810232225.08529.ml@awinkelmann.de> References: <4900AE60.4040506@seichter.de> <4900D51C.20801@seichter.de> <200810232225.08529.ml@awinkelmann.de> Message-ID: <4901D6D2.2080308@seichter.de> Andreas Winkelmann wrote: > In the examples in draft-melnikov-sieve-imapflags-03.txt flags begin > with two backslashes. It seems that I was unlucky in my choice of example scripts -- I found single backslashes only. Now I use the following script, et voil?, it works as desired. require "fileinto"; require "imapflags"; if address :contains ["To", "Cc"] "foo at domain.tld" { addflag "\\seen"; fileinto "INBOX.foo"; } Thanks for your help, Jeff and Andreas! -R From emerson.virti at gmail.com Fri Oct 24 10:41:50 2008 From: emerson.virti at gmail.com (Emerson Virti) Date: Fri, 24 Oct 2008 12:41:50 -0200 Subject: cyrus.header and php problem In-Reply-To: <7e0f5f40810240635u7e057299w695a22a8078fe94a@mail.gmail.com> References: <7e0f5f40810240635u7e057299w695a22a8078fe94a@mail.gmail.com> Message-ID: <7e0f5f40810240741n2fac3945ke3b1a24389eec9ce@mail.gmail.com> Hello, My company have almost ten thousand mailboxes on Cyrus Imap. We use Thunderbird for IMAP client and PHP for webmail. We have a problem in a very few mailboxes. This boxes don't have any visible problem with Thunderbird access but in PHP, the (webmail) access provide a "segmentation failed". If I modify the cyrus.header file the "segmentation failed" problem is resolved. This is a problematic cyrus.header: ??^B<8b>^MCyrus mailbox header "The best thing about this system was that it had lots of goals." --Jim Morris on Andrew user.0240169xxxx 5bc4b7c0488731c8 0240169xxxx lrswipcda $Forwarded $label1 $label4 $label2 $label3 $label5 $MDNSent NonJunk acade acgap alfredo andre_porto carneiro chevalier cida-bruno cida_coutinho claudia concei&aoca4w-o daniela elaine erlan fazer_reuni&aom-o fernanda godinho helenac inah joao_almeida katia lm luis mara marcio_rfb marco maria_lucia_-_acbsa nelicio pc pendente plinio pp resolvido rwagner tema vinicius-oracle 0240169xxxx lrswipcda If I modify cyrus.header, the "segmentation failed" is resolved, but this generate a Thunderbird labels messages problem. Modified cyrus.header: ??^B<8b>^MCyrus mailbox header "The best thing about this system was that it had lots of goals." --Jim Morris on Andrew user.0240169xxxx 5bc4b7c0488731c8 0240169xxxx lrswipcda $Forwarded $label1 $label4 $label2 $label3 $label5 $MDNSent NonJunk 0240169xxxx lrswipcda Thunderbird version: 2.0.0.14; PHP version (Debian Etch): 5.2.0-8+etch7 Cyrus Impad version: cyrus-imapd-2.2.12-8.1.RHEL4 I use this simple php script for tests: If the cyrus.header file is the problematic one, the result of this script is a list os subfolders and a "segmentation failed". Where is the problem? Thanks. -- ?merson Virti emerson.virti at gmail.com -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20081024/1806baec/attachment-0001.html From morgan at orst.edu Fri Oct 24 13:09:22 2008 From: morgan at orst.edu (Andrew Morgan) Date: Fri, 24 Oct 2008 10:09:22 -0700 (PDT) Subject: CAPABILITY response code. In-Reply-To: <8232447BA8C715C26997225A@lewes.staff.uscs.susx.ac.uk> References: <8232447BA8C715C26997225A@lewes.staff.uscs.susx.ac.uk> Message-ID: On Fri, 24 Oct 2008, Ian Eiloart wrote: > Hi, > > In the changelist for cyrus imap 2.3.13, is this: > > "Added support for IMAP [CAPABILITY] response code to client-side of Murder > proxies" > > I have little clue what that means, but I'm hoping it means I can change my > CAPABILITY response string. Does it? > > My underlying problem here is that my front end proxies are issuing > referrals causing AL/PINE to attempt to directly reach my backend server > (when Fcc copying a message to a Sent mailbox). My firewall causes this to > fail. Use the following option, which was added in 2.3.13: proxyd_disable_mailbox_referrals: 0 Set to true to disable the use of mailbox-referrals on the proxy servers. This fixes the exact problem you describe with Alpine/Pine. Set it to 1 on your frontends. Andy From wes at umich.edu Fri Oct 24 14:30:04 2008 From: wes at umich.edu (Wesley Craig) Date: Fri, 24 Oct 2008 14:30:04 -0400 Subject: CAPABILITY response code. In-Reply-To: References: <8232447BA8C715C26997225A@lewes.staff.uscs.susx.ac.uk> Message-ID: <7F5D43CD-8443-4AAB-A618-DECF5A316DD3@umich.edu> On 24 Oct 2008, at 13:09, Andrew Morgan wrote: > Use the following option, which was added in 2.3.13: > > proxyd_disable_mailbox_referrals: 0 > Set to true to disable the use of mailbox-referrals on > the proxy > servers. > > This fixes the exact problem you describe with Alpine/Pine. Set it > to 1 > on your frontends. (Change log says it was added to 2.3.12.) You'll probably also want: sieve_allowreferrals: 1 If enabled, timsieved will issue referrals to clients when the user?s scripts reside on a remote server (in a Murder). Other- wise, timsieved will proxy traffic to the remote server. set to 0. Nice how they are backwards from each other, eh? :) :wes From brong at fastmail.fm Fri Oct 24 19:01:35 2008 From: brong at fastmail.fm (Bron Gondwana) Date: Sat, 25 Oct 2008 10:01:35 +1100 Subject: Cyrus IMAPd 2.3.13 Released In-Reply-To: <48FC816E.1090002@andrew.cmu.edu> References: <48FC816E.1090002@andrew.cmu.edu> Message-ID: <20081024230135.GA12776@brong.net> On Mon, Oct 20, 2008 at 09:02:38AM -0400, Ken Murchison wrote: > I am pleased to announce the release of Cyrus IMAPd 2.3.13. This > release should be considered production quality. > > > Noteworthy changes: > > * Added an experimental "sql" backend for cyrusdb. Currently MySQL, > PostgreSQL, and SQLite are supported. > * Added support for IMAP [CAPABILITY] response code to client-side > of Murder proxies. > * Added support for ManageSieve auto-capability response after > STARTTLS and after AUTH with a SASL security layer. > * Made MAXWORD and MAXQUOTED sizes configurable via imapd.conf > * Rewrote cyrusdb_quotalegacy.c to use readir() > rather than glob.c. This avoids a potential crash due to > conflicts between glibc and Heimdal implementations of glob(). > * Added support for fulldirhash to 'ctl_mboxlist -v' > * Several skiplist transaction bugfixes. > * cyr_expire no longer has a default of 0 (zero) for -X and -D. > These options must be used explicitly in order to have the desired > effect. > * Added sieve_utf8fileinto option. > * Added sieve_sasl_send_unsolicited_capability and > sieve_sasl_expect_unsolicited_capability options. > * Several 32/64-bit compatibility fixes. * Changed the list of valid characters in mailbox names, which is interesting because it means that when you upgrade a master and not the associated replica, and then someone creates a mailbox with those characters and replication breaks. Bah. Bron ( at least the fix was easy! Just upgrade the replica ) From adam.stephens at bristol.ac.uk Mon Oct 27 09:04:21 2008 From: adam.stephens at bristol.ac.uk (Adam Stephens) Date: Mon, 27 Oct 2008 13:04:21 +0000 Subject: Want to keep *some* duplicates In-Reply-To: <200810231102.27632.kirk@strauser.com> References: <200810231102.27632.kirk@strauser.com> Message-ID: <4905BC55.7030804@bristol.ac.uk> Kirk Strauser wrote: > For some reason, people now commonly reply to mailing list messages by > directing them to the sender and Cc'ing the list. This usually results in me > only having one copy of the message: the one in my inbox, and not the one > that's nicely threaded in the same folder as its references. My copy of > imapd.conf says that I have to leave duplicatesuppression turned on if I want > to use Sieve - and I definitely want to keep Sieve around! - but I don't see > any other clear ways to handle this. > We had a query last week from someone who was accidentally making two copies of filtered mail using Sieve and wanted us to fix it so it didn't. They had one Sieve rule that forwarded mail off-site and kept a copy in the Inbox using 'keep', and they had other rules in a separate if...else block that filtered mail into folders. They ended up with one copy in the folder, one copy in their inbox, and one copy off-site. If you had an explicit rule saying 'If To: or CC: me, keep' and another rule in a separate if...else block filtering the message into a folder you should end up with two copies as required. regards, Adam. -- -------------------------------- Adam Stephens Network Specialist - Email & DNS adam.stephens at bristol.ac.uk From wes at umich.edu Mon Oct 27 10:57:17 2008 From: wes at umich.edu (Wesley Craig) Date: Mon, 27 Oct 2008 10:57:17 -0400 Subject: Replica message dates In-Reply-To: References: Message-ID: <1E8ABD3F-77D4-4132-B52B-9428EC8CFE95@umich.edu> It appears to me that sync'd messages get an mtime of the INTERNALDATE in 2.3.9 (and then improved in 2.3.10). Prior to that release, mtime is probably when the message was sync'd, at a guess. In your case, the subsequent message dates are probably just reflecting the speed of replication. The best way to correct those data IMHO is to upgrade, sync_reset the data on the replica, and replicate it again. :wes On 24 Oct 2008, at 09:20, Shelley Waltz wrote: > One user on my cyrus replica has the dates wrong on the message files. > I moved messages from one imap server to a new imap server and the > message dates were preserved just fine. The replica, however, has > message > dates on all messages as the date/time the replication occurred. > Subsequent messages to the master and replica have the correct date/ > time. > > cyrus-imapd-2.3.7-2.el5 > > Why is this and is there a way to correct this? From waw+cyrus at uvm.edu Mon Oct 27 22:35:33 2008 From: waw+cyrus at uvm.edu (Wesley Alan Wright) Date: Mon, 27 Oct 2008 22:35:33 -0400 Subject: Disable SSLv2 ? Message-ID: Using cyrus-imapd-2.2.12-9.RHEL4.i386 and cyrus-sasl-2.1.19-14.i386, trying to disable sslV2 to satisfy silly PCI (Purchase Card Industry) requirements yet keep ports 993 and 995 open. Tried 37 different variations of tls_cipher_list includin draconian tls_cipher_list: -ALL: +HIGH:-SSLv2m yet openssl s_client -ssl2 -connect localhost:993 Still yields SSL handshake has read 987 bytes and written 239 bytes --- New, SSLv2, Cipher is DES-CBC3-MD5 Server public key is 1024 bit SSL-Session: Protocol : SSLv2 Cipher : DES-CBC3-MD5 I beginning to think it can't be done.\? ----------------- So I try to rebuild imapd from most current sources. Thinking about -- but haven't yet -- hacking tls.c . Builds just fine, but now openssl s_client -ssl2 -connect localhost:993 yields CONNECTED(00000003) write:errno=104 WHy for? -------------------- I would consider switching to courier, but I have no desire to convert all my users' mailbox formats... ----------------------------------------------------------------------- | Wesley Alan Wright | | Academic Computing Services __0__ | | Room 407 Lafayette Building / \ | \ | | University of Vermont \77 | | Burlington, Vermont 05405-0160 USA. \\ http://www.uvm.edu/skivt-l | | Voice:802-656-1254 FAX:802-???-???? vv | | aim:goim?screenname=maddogskideath http://www.uvm.edu/~waw/ | From murch at andrew.cmu.edu Tue Oct 28 06:51:25 2008 From: murch at andrew.cmu.edu (Ken Murchison) Date: Tue, 28 Oct 2008 06:51:25 -0400 Subject: Disable SSLv2 ? In-Reply-To: References: Message-ID: <4906EEAD.20109@andrew.cmu.edu> Wesley Alan Wright wrote: > Using cyrus-imapd-2.2.12-9.RHEL4.i386 and cyrus-sasl-2.1.19-14.i386, > trying to disable sslV2 to satisfy silly PCI (Purchase Card Industry) > requirements yet keep ports 993 and 995 open. Tried 37 different > variations of tls_cipher_list includin draconian tls_cipher_list: -ALL: > +HIGH:-SSLv2m yet > > openssl s_client -ssl2 -connect localhost:993 > > > Still yields > > SSL handshake has read 987 bytes and written 239 bytes > --- > New, SSLv2, Cipher is DES-CBC3-MD5 > Server public key is 1024 bit > SSL-Session: > Protocol : SSLv2 > Cipher : DES-CBC3-MD5 > > > I beginning to think it can't be done.\? I've used this in the past and it works just fine: tls_cipher_list: DEFAULT:!SSLv2:!LOW:!EXPORT -- Kenneth Murchison Systems Programmer Project Cyrus Developer/Maintainer Carnegie Mellon University From iane at sussex.ac.uk Wed Oct 29 09:18:30 2008 From: iane at sussex.ac.uk (Ian Eiloart) Date: Wed, 29 Oct 2008 14:18:30 +0100 Subject: capability Message-ID: Hi, Is there a way that I can prevent the proxies on the front end of my Murder cluster from advertising MAILBOX-REFERRALS in the CAPABILITY string? Or from issuing referrals? -- Ian Eiloart IT Services, University of Sussex x3148 From iane at sussex.ac.uk Wed Oct 29 09:36:24 2008 From: iane at sussex.ac.uk (Ian Eiloart) Date: Wed, 29 Oct 2008 14:36:24 +0100 Subject: offering limited pop access Message-ID: Hi, I offer an IMAP service to 12000 users, but we don't offer POP3. However, we have a blind person who has a braille computer, with POP3 client, but no IMAP client. I've configured a perdition proxy which can give him POP, but not IMAP access. However, we're moving toward using Cyrus proxyd front end, with LDAP authentication (through SASL). Is there a way I can configure my murder cluster to perform a different IMAP lookup for POP3 authentication, compared to IMAP authentication. Or, is there some other way that I can restrict POP3 access to certain users? I've got configuration files at /local/cyrus-sasl-2.1.22/lib/sasl2/imap.conf which just says: pwcheck_method: saslauthd mech_list: plain I presume I need a pop.conf file that's similar, but can't find any documentation. and /local/cyrus-sasl-2.1.22/etc/saslauthd.conf which specifies how to access the LDAP servers. I want everything the same, but with a different value for ldap_filter. Can I just override this in pop3.conf? Or do I set sasl_ldap_filter my cyrus configuration, instead? -- Ian Eiloart IT Services, University of Sussex x3148 From wes at umich.edu Wed Oct 29 11:25:04 2008 From: wes at umich.edu (Wesley Craig) Date: Wed, 29 Oct 2008 11:25:04 -0400 Subject: capability In-Reply-To: References: Message-ID: <37B4DB0E-CD82-4CE4-AF07-8FA9B2233FAA@umich.edu> On 29 Oct 2008, at 09:18, Ian Eiloart wrote: > Is there a way that I can prevent the proxies on the front end of > my Murder > cluster from advertising MAILBOX-REFERRALS in the CAPABILITY > string? Or > from issuing referrals? There doesn't appear to be a way to disable advertising MAILBOX- REFERRALS, but you can set proxyd_disable_mailbox_referrals to turn them off. Seems wrong, doesn't it? Like the capability should be removed with that option as well, right? :wes From iane at sussex.ac.uk Wed Oct 29 10:52:02 2008 From: iane at sussex.ac.uk (Ian Eiloart) Date: Wed, 29 Oct 2008 15:52:02 +0100 Subject: capability In-Reply-To: <37B4DB0E-CD82-4CE4-AF07-8FA9B2233FAA@umich.edu> References: <37B4DB0E-CD82-4CE4-AF07-8FA9B2233FAA@umich.edu> Message-ID: --On 29 October 2008 11:25:04 -0400 Wesley Craig wrote: > On 29 Oct 2008, at 09:18, Ian Eiloart wrote: >> Is there a way that I can prevent the proxies on the front end of >> my Murder >> cluster from advertising MAILBOX-REFERRALS in the CAPABILITY >> string? Or >> from issuing referrals? > > There doesn't appear to be a way to disable advertising > MAILBOX-REFERRALS, but you can set proxyd_disable_mailbox_referrals to > turn them off. Seems wrong, doesn't it? Like the capability should be > removed with that option as well, right? > > :wes That should work nicely. I'll have to upgrade from 2.3.8 to do that. -- Ian Eiloart IT Services, University of Sussex x3148 From iane at sussex.ac.uk Wed Oct 29 10:52:05 2008 From: iane at sussex.ac.uk (Ian Eiloart) Date: Wed, 29 Oct 2008 15:52:05 +0100 Subject: offering limited pop access In-Reply-To: <6E02C8F43EF844059B7FA346F514D6D4@PROCHRIS> References: <6E02C8F43EF844059B7FA346F514D6D4@PROCHRIS> Message-ID: <1D960575F8B3BB3F13841A8F@lewes.staff.uscs.susx.ac.uk> --On 29 October 2008 16:21:34 +0100 Christiaan den Besten wrote: > Hi ! > > Can't you handle this in de search filter in perdition ? ... so run > perdition for pop with a different configuration file then for imap. And > add some specific field to ldap to search on for pop3 access .... I can, but I'm switching to Cyrus IMAP proxy (to enable sharing of mailboxes across backends), and would like to abandon perdition if possible. I don't want to maintain a whole set of software just to support one user. > bye, > Chris > > ----- Original Message ----- From: "Ian Eiloart" > To: > Sent: Wednesday, October 29, 2008 2:36 PM > Subject: offering limited pop access > > >> Hi, >> >> I offer an IMAP service to 12000 users, but we don't offer POP3. >> >> However, we have a blind person who has a braille computer, with POP3 >> client, but no IMAP client. >> >> I've configured a perdition proxy which can give him POP, but not IMAP >> access. However, we're moving toward using Cyrus proxyd front end, with >> LDAP authentication (through SASL). >> >> Is there a way I can configure my murder cluster to perform a different >> IMAP lookup for POP3 authentication, compared to IMAP authentication. Or, >> is there some other way that I can restrict POP3 access to certain users? >> >> I've got configuration files at >> /local/cyrus-sasl-2.1.22/lib/sasl2/imap.conf >> which just says: >> pwcheck_method: saslauthd >> mech_list: plain >> I presume I need a pop.conf file that's similar, but can't find any >> documentation. >> >> and >> /local/cyrus-sasl-2.1.22/etc/saslauthd.conf >> which specifies how to access the LDAP servers. >> >> I want everything the same, but with a different value for ldap_filter. >> Can >> I just override this in pop3.conf? Or do I set sasl_ldap_filter my cyrus >> configuration, instead? >> >> -- >> Ian Eiloart >> IT Services, University of Sussex >> x3148 >> ---- >> Cyrus Home Page: http://cyrusimap.web.cmu.edu/ >> Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki >> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html >> > -- Ian Eiloart IT Services, University of Sussex x3148 From wes at umich.edu Wed Oct 29 13:32:04 2008 From: wes at umich.edu (Wesley Craig) Date: Wed, 29 Oct 2008 13:32:04 -0400 Subject: offering limited pop access In-Reply-To: References: Message-ID: <2B9BB7F1-A4F4-46A0-BD4B-465C7D70C41B@umich.edu> You can run two saslauthd's, with separate configurations and separate sockets. The one for pop would use the special ldap filter, presumably looking for an attribute or something that only users authorized to use POP would have. :wes On 29 Oct 2008, at 09:36, Ian Eiloart wrote: > I offer an IMAP service to 12000 users, but we don't offer POP3. > > However, we have a blind person who has a braille computer, with POP3 > client, but no IMAP client. > > I've configured a perdition proxy which can give him POP, but not IMAP > access. However, we're moving toward using Cyrus proxyd front end, > with > LDAP authentication (through SASL). > > Is there a way I can configure my murder cluster to perform a > different > IMAP lookup for POP3 authentication, compared to IMAP > authentication. Or, > is there some other way that I can restrict POP3 access to certain > users? > > I've got configuration files at > /local/cyrus-sasl-2.1.22/lib/sasl2/imap.conf > which just says: > pwcheck_method: saslauthd > mech_list: plain > I presume I need a pop.conf file that's similar, but can't find any > documentation. > > and > /local/cyrus-sasl-2.1.22/etc/saslauthd.conf > which specifies how to access the LDAP servers. > > I want everything the same, but with a different value for > ldap_filter. Can > I just override this in pop3.conf? Or do I set sasl_ldap_filter my > cyrus > configuration, instead? From ml at awinkelmann.de Wed Oct 29 15:16:21 2008 From: ml at awinkelmann.de (Andreas Winkelmann) Date: Wed, 29 Oct 2008 20:16:21 +0100 (CET) Subject: offering limited pop access In-Reply-To: References: Message-ID: <49331.91.2.176.171.1225307781.squirrel@a-angels.ath.cx> > I offer an IMAP service to 12000 users, but we don't offer POP3. > > However, we have a blind person who has a braille computer, with POP3 > client, but no IMAP client. > > I've configured a perdition proxy which can give him POP, but not IMAP > access. However, we're moving toward using Cyrus proxyd front end, with > LDAP authentication (through SASL). > > Is there a way I can configure my murder cluster to perform a different > IMAP lookup for POP3 authentication, compared to IMAP authentication. Or, > is there some other way that I can restrict POP3 access to certain users? > > I've got configuration files at > /local/cyrus-sasl-2.1.22/lib/sasl2/imap.conf > which just says: > pwcheck_method: saslauthd > mech_list: plain > I presume I need a pop.conf file that's similar, but can't find any > documentation. > > and > /local/cyrus-sasl-2.1.22/etc/saslauthd.conf > which specifies how to access the LDAP servers. > > I want everything the same, but with a different value for ldap_filter. > Can > I just override this in pop3.conf? Or do I set sasl_ldap_filter my cyrus > configuration, instead? If you want to use ldap for both cases, you have to use two diffrent saslauthd's running. I would think about a diffrent auxprop Backend for example sasldb with only one entry for this User. Use the well hidden feature in your imapd.conf and separate them with: # SASL-COnfig only for pop3 Daemon pop3_sasl_pwcheck_method: auxprop pop3_sasl_auxprop_plugin: sasldb pop3_sasl_mech_list: plain login cram-md5 digest-md5 and # SASL-Config for all other Daemons sasl_pwcheck_method: saslauthd sasl_mech_list: plain login or you can use just: sasl_pwcheck_method: auxprop saslauthd sasl_auxprop_plugin: sasldb This would look in both backends. If you don't want to use sasldb and insist in using saslauthd, then something like: pop3_sasl_saslauthd_path: /path/to/second/saslauthd/mux and configure a second independent instance of saslauthd with it's own Configuration for this one User. -- Andreas From damm at yazzy.org Thu Oct 30 00:29:50 2008 From: damm at yazzy.org (Scott Likens) Date: Wed, 29 Oct 2008 21:29:50 -0700 Subject: Cyrus IMAPd 2.3.13 Released In-Reply-To: <48FC816E.1090002@andrew.cmu.edu> References: <48FC816E.1090002@andrew.cmu.edu> Message-ID: <73842C6B-F0CD-44B6-9F73-F97DABE559A6@yazzy.org> Hi, Recently updated to Cyrus IMAPd 2.3.13 with Gentoo, and ahem i'm having a unreliable connection on 1 account getting in with sieveshell. There is no decent way for me to debug this at this time except strace (gdb was not very useful). One account that has an active sieve script can login, however an account with a no sieve script... cannot login Dirty fix, copy the sieve.bc and sieve script from that user, ln -sf defaultbc it... login it works. Otherwise, it just sits there hanging at the prompt... Thanks, Scott M. Likens syslog here. Oct 29 21:25:27 desolation master[28464]: about to exec /usr/lib/cyrus/ timsieved Oct 29 21:25:27 desolation sieve[28464]: executed Oct 29 21:25:27 desolation sieve[28464]: accepted connection Oct 29 21:25:27 desolation perl: DIGEST-MD5 client step 2 Oct 29 21:25:39 desolation sieve[28464]: login: localhost[127.0.0.1] scott DIGEST-MD5 User logged in Oct 29 21:25:39 desolation perl: DIGEST-MD5 client step 3 I did try and nuke my mailboxes.db thinking that was related, nah... not even close. // cyrus at desolation /usr/lib/cyrus $ strace -p 28464 Process 28464 attached - interrupt to quit select(1, [0], NULL, NULL, {215992, 633000}) = 1 (in [0], left {215987, 975000}) read(0, "{352+}\r\n"..., 4096) = 8 select(1, [0], NULL, NULL, {216000, 0}) = 1 (in [0], left {215999, 960000}) read(0, "dXNlcm5hbWU9InNjb3R0IixyZWFsbT0iZ"..., 4096) = 354 open("/etc/sasl2/sasldb2", O_RDONLY) = 12 fstat(12, {st_mode=S_IFREG|0600, st_size=12398, ...}) = 0 flock(12, LOCK_SH|LOCK_NB) = 0 read(12, "\316\232W\23\0\20\0\0\0\20\0\0\0\0\0\0\0\20\0\0\t \0\0\0\0\20\0\0\246\0\0\0\0"..., 72) = 72 read(12, "\0 \0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 4024) = 4024 lseek(12, 4096, SEEK_SET) = 4096 read(12, "\0 \0\0\0\0\0\0\0 \0\0\0\0\0\0\0 \0\0\0\0\0\0\0 \0\0\0\0\0\0\0"..., 4096) = 4096 brk(0x734000) = 0x734000 brk(0x755000) = 0x755000 brk(0x776000) = 0x776000 lseek(12, 8192, SEEK_SET) = 8192 read(12, "\1 \0\0\0\0\0\0\0\222\17\0\0\0\0\0\0n0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 4096) = 4096 lseek(12, 12324, SEEK_SET) = 12324 read(12, "scott\0desolation\0userPasswordjade"..., 37) = 37 flock(12, LOCK_UN) = 0 close(12) = 0 brk(0x72b000) = 0x72b000 brk(0x729000) = 0x729000 brk(0x728000) = 0x728000 open("/etc/sasl2/sasldb2", O_RDONLY) = 12 fstat(12, {st_mode=S_IFREG|0600, st_size=12398, ...}) = 0 flock(12, LOCK_SH|LOCK_NB) = 0 read(12, "\316\232W\23\0\20\0\0\0\20\0\0\0\0\0\0\0\20\0\0\t \0\0\0\0\20\0\0\246\0\0\0\0"..., 72) = 72 read(12, "\0 \0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 4024) = 4024 lseek(12, 4096, SEEK_SET) = 4096 read(12, "\0 \0\0\0\0\0\0\0 \0\0\0\0\0\0\0 \0\0\0\0\0\0\0 \0\0\0\0\0\0\0"..., 4096) = 4096 brk(0x749000) = 0x749000 brk(0x76a000) = 0x76a000 brk(0x78b000) = 0x78b000 lseek(12, 8192, SEEK_SET) = 8192 read(12, "\1 \0\0\0\0\0\0\0\222\17\0\0\0\0\0\0n0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 4096) = 4096 flock(12, LOCK_UN) = 0 close(12) = 0 brk(0x72b000) = 0x72b000 brk(0x729000) = 0x729000 brk(0x728000) = 0x728000 socket(PF_FILE, SOCK_STREAM, 0) = 12 fcntl(12, F_SETFL, O_RDWR|O_NONBLOCK) = 0 connect(12, {sa_family=AF_FILE, path="/var/run/nscd/socket"...}, 110) = -1 ENOENT (No such file or directory) close(12) = 0 socket(PF_FILE, SOCK_STREAM, 0) = 12 fcntl(12, F_SETFL, O_RDWR|O_NONBLOCK) = 0 connect(12, {sa_family=AF_FILE, path="/var/run/nscd/socket"...}, 110) = -1 ENOENT (No such file or directory) close(12) = 0 open("/etc/ld.so.cache", O_RDONLY) = 12 fstat(12, {st_mode=S_IFREG|0644, st_size=102465, ...}) = 0 mmap(NULL, 102465, PROT_READ, MAP_PRIVATE, 12, 0) = 0x7fa5e4099000 close(12) = 0 open("/lib/libnss_compat.so.2", O_RDONLY) = 12 read(12, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0> \0\1\0\0\0\320\22\0\0\0\0\0\0@"..., 832) = 832 fstat(12, {st_mode=S_IFREG|0755, st_size=40294, ...}) = 0 mmap(NULL, 2127088, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 12, 0) = 0x7fa5dea74000 mprotect(0x7fa5dea7b000, 2093056, PROT_NONE) = 0 mmap(0x7fa5dec7a000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED| MAP_DENYWRITE, 12, 0x6000) = 0x7fa5dec7a000 close(12) = 0 open("/lib/libnsl.so.1", O_RDONLY) = 12 read(12, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0000@ \0\0\0\0\0\0@"..., 832) = 832 fstat(12, {st_mode=S_IFREG|0755, st_size=108430, ...}) = 0 mmap(NULL, 2190000, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 12, 0) = 0x7fa5de85d000 mprotect(0x7fa5de871000, 2093056, PROT_NONE) = 0 mmap(0x7fa5dea70000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED| MAP_DENYWRITE, 12, 0x13000) = 0x7fa5dea70000 mmap(0x7fa5dea72000, 6832, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED| MAP_ANONYMOUS, -1, 0) = 0x7fa5dea72000 close(12) = 0 mprotect(0x7fa5dea70000, 4096, PROT_READ) = 0 mprotect(0x7fa5dec7a000, 4096, PROT_READ) = 0 munmap(0x7fa5e4099000, 102465) = 0 open("/etc/ld.so.cache", O_RDONLY) = 12 fstat(12, {st_mode=S_IFREG|0644, st_size=102465, ...}) = 0 mmap(NULL, 102465, PROT_READ, MAP_PRIVATE, 12, 0) = 0x7fa5e4099000 close(12) = 0 open("/lib/libnss_nis.so.2", O_RDONLY) = 12 read(12, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0P \0\0\0\0\0\0@"..., 832) = 832 fstat(12, {st_mode=S_IFREG|0755, st_size=50714, ...}) = 0 mmap(NULL, 2135256, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 12, 0) = 0x7fa5de653000 mprotect(0x7fa5de65c000, 2093056, PROT_NONE) = 0 mmap(0x7fa5de85b000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED| MAP_DENYWRITE, 12, 0x8000) = 0x7fa5de85b000 close(12) = 0 mprotect(0x7fa5de85b000, 4096, PROT_READ) = 0 munmap(0x7fa5e4099000, 102465) = 0 open("/etc/passwd", O_RDONLY|O_CLOEXEC) = 12 fcntl(12, F_GETFD) = 0x1 (flags FD_CLOEXEC) lseek(12, 0, SEEK_CUR) = 0 fstat(12, {st_mode=S_IFREG|0644, st_size=2392, ...}) = 0 mmap(NULL, 2392, PROT_READ, MAP_SHARED, 12, 0) = 0x7fa5e4174000 lseek(12, 2392, SEEK_SET) = 2392 munmap(0x7fa5e4174000, 2392) = 0 close(12) = 0 socket(PF_FILE, SOCK_STREAM, 0) = 12 fcntl(12, F_SETFL, O_RDWR|O_NONBLOCK) = 0 connect(12, {sa_family=AF_FILE, path="/var/run/nscd/socket"...}, 110) = -1 ENOENT (No such file or directory) close(12) = 0 socket(PF_FILE, SOCK_STREAM, 0) = 12 fcntl(12, F_SETFL, O_RDWR|O_NONBLOCK) = 0 connect(12, {sa_family=AF_FILE, path="/var/run/nscd/socket"...}, 110) = -1 ENOENT (No such file or directory) close(12) = 0 open("/etc/group", O_RDONLY|O_CLOEXEC) = 12 lseek(12, 0, SEEK_CUR) = 0 fstat(12, {st_mode=S_IFREG|0644, st_size=997, ...}) = 0 mmap(NULL, 997, PROT_READ, MAP_SHARED, 12, 0) = 0x7fa5e4174000 lseek(12, 997, SEEK_SET) = 997 fstat(12, {st_mode=S_IFREG|0644, st_size=997, ...}) = 0 munmap(0x7fa5e4174000, 997) = 0 close(12) = 0 open("/etc/group", O_RDONLY|O_CLOEXEC) = 12 lseek(12, 0, SEEK_CUR) = 0 fstat(12, {st_mode=S_IFREG|0644, st_size=997, ...}) = 0 mmap(NULL, 997, PROT_READ, MAP_SHARED, 12, 0) = 0x7fa5e4174000 lseek(12, 997, SEEK_SET) = 997 munmap(0x7fa5e4174000, 997) = 0 close(12) = 0 fcntl(6, F_SETLKW, {type=F_RDLCK, whence=SEEK_SET, start=0, len=0}) = 0 fstat(6, {st_mode=S_IFREG|0600, st_size=4240, ...}) = 0 stat("/var/imap/mailboxes.db", {st_mode=S_IFREG|0600, st_size=4240, ...}) = 0 fcntl(6, F_SETLKW, {type=F_UNLCK, whence=SEEK_SET, start=0, len=0}) = 0 chdir("/var/imap/sieve/s/scott") = 0 stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=2819, ...}) = 0 sendto(5, "<181>Oct 29 21:25:39 sieve[28464]"..., 95, MSG_NOSIGNAL, NULL, 0) = 95 write(1, "OK (SASL \"cnNwYXV0aD1jNTZkYjVkZTV"..., 70) = 70 open("/var/imap/log/scott/28464", O_WRONLY|O_CREAT|O_APPEND, 0644) = 12 stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=2819, ...}) = 0 write(12, "---------- scott Wed Oct 29 21:25"..., 43) = 43 select(1, [0], NULL, NULL, {216000, 0} // On Oct 20, 2008, at 6:02 AM, Ken Murchison wrote: > I am pleased to announce the release of Cyrus IMAPd 2.3.13. This > release should be considered production quality. > > > Noteworthy changes: > > * Added an experimental "sql" backend for cyrusdb. Currently MySQL, > PostgreSQL, and SQLite are supported. > * Added support for IMAP [CAPABILITY] response code to client-side > of Murder proxies. > * Added support for ManageSieve auto-capability response after > STARTTLS and after AUTH with a SASL security layer. > * Made MAXWORD and MAXQUOTED sizes configurable via imapd.conf > * Rewrote cyrusdb_quotalegacy.c to use readir() > rather than glob.c. This avoids a potential crash due to > conflicts between glibc and Heimdal implementations of glob(). > * Added support for fulldirhash to 'ctl_mboxlist -v' > * Several skiplist transaction bugfixes. > * cyr_expire no longer has a default of 0 (zero) for -X and -D. > These options must be used explicitly in order to have the desired > effect. > * Added sieve_utf8fileinto option. > * Added sieve_sasl_send_unsolicited_capability and > sieve_sasl_expect_unsolicited_capability options. > * Several 32/64-bit compatibility fixes. > > > For full details, please see doc/changes.html and > doc/install-upgrade.html which are included in the distribution. > > URLs for this release: > ftp://ftp.andrew.cmu.edu/pub/cyrus/cyrus-imapd-2.3.13.tar.gz > or > http://ftp.andrew.cmu.edu/pub/cyrus/cyrus-imapd-2.3.13.tar.gz > > > Questions and comments can be directed to > info-cyrus at lists.andrew.cmu.edu (public list), or cyrus-bugs at andrew.cmu.edu > . > > -- > Kenneth Murchison > Systems Programmer > Project Cyrus Developer/Maintainer > Carnegie Mellon University > > > > > > > > > > > > > ---- > Cyrus Home Page: http://cyrusimap.web.cmu.edu/ > Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html > > > !DSPAM:48fc855a44983451810515! > > From iane at sussex.ac.uk Thu Oct 30 06:42:45 2008 From: iane at sussex.ac.uk (Ian Eiloart) Date: Thu, 30 Oct 2008 11:42:45 +0100 Subject: offering limited pop access In-Reply-To: <49331.91.2.176.171.1225307781.squirrel@a-angels.ath.cx> References: <49331.91.2.176.171.1225307781.squirrel@a-angels.ath.cx> Message-ID: Thanks, Andreas. That's probably enough to get me going. Can I ask how you discovered the "well hidden feature" of imapd.conf? Is there proper documentation for this anywhere? --On 29 October 2008 20:16:21 +0100 Andreas Winkelmann wrote: >> I offer an IMAP service to 12000 users, but we don't offer POP3. >> >> However, we have a blind person who has a braille computer, with POP3 >> client, but no IMAP client. >> >> I've configured a perdition proxy which can give him POP, but not IMAP >> access. However, we're moving toward using Cyrus proxyd front end, with >> LDAP authentication (through SASL). >> >> Is there a way I can configure my murder cluster to perform a different >> IMAP lookup for POP3 authentication, compared to IMAP authentication. Or, >> is there some other way that I can restrict POP3 access to certain users? >> >> I've got configuration files at >> /local/cyrus-sasl-2.1.22/lib/sasl2/imap.conf >> which just says: >> pwcheck_method: saslauthd >> mech_list: plain >> I presume I need a pop.conf file that's similar, but can't find any >> documentation. >> >> and >> /local/cyrus-sasl-2.1.22/etc/saslauthd.conf >> which specifies how to access the LDAP servers. >> >> I want everything the same, but with a different value for ldap_filter. >> Can >> I just override this in pop3.conf? Or do I set sasl_ldap_filter my cyrus >> configuration, instead? > > If you want to use ldap for both cases, you have to use two diffrent > saslauthd's running. > > I would think about a diffrent auxprop Backend for example sasldb with > only one entry for this User. Use the well hidden feature in your > imapd.conf and separate them with: > ># SASL-COnfig only for pop3 Daemon > pop3_sasl_pwcheck_method: auxprop > pop3_sasl_auxprop_plugin: sasldb > pop3_sasl_mech_list: plain login cram-md5 digest-md5 > > and > ># SASL-Config for all other Daemons > sasl_pwcheck_method: saslauthd > sasl_mech_list: plain login > > or you can use just: > > sasl_pwcheck_method: auxprop saslauthd > sasl_auxprop_plugin: sasldb > > This would look in both backends. > > If you don't want to use sasldb and insist in using saslauthd, then > something like: > > pop3_sasl_saslauthd_path: /path/to/second/saslauthd/mux > > and configure a second independent instance of saslauthd with it's own > Configuration for this one User. -- Ian Eiloart IT Services, University of Sussex x3148 From wes at umich.edu Thu Oct 30 12:09:21 2008 From: wes at umich.edu (Wesley Craig) Date: Thu, 30 Oct 2008 12:09:21 -0400 Subject: offering limited pop access In-Reply-To: References: <49331.91.2.176.171.1225307781.squirrel@a-angels.ath.cx> Message-ID: <14B8A5C3-0D61-46AD-BFDD-1FCC96D7352D@umich.edu> I think the actual syntax would be: sasl_pop_pwcheck_method: auxprop sasl_pop_auxprop_plugin: sasldb The documentation (which needs improvement, and since you're getting free help on the cyrus list I hope you'll open a bugzilla with some suggested improvements) is mostly in the imapd.conf man page. In particular: sasl_option: 0 Any SASL option can be set by preceding it with "sasl_". This file overrides the SASL configuration file. There are a couple of other examples, e.g.: sasl_pwcheck_method: The mechanism used by the server to verify plaintext passwords. Possible values include "auxprop", "saslauthd", and "pwcheck". What's mentioned in the SASL documentation (which is considerably worse than the IMAP documentation, IMHO) is that you can put the service name between sasl_ and _option. Also missing is what Cyrus IMAP uses for the service names -- I looked in the code to decide that "pop" was probably right and "pop3" is probably wrong. :wes On 30 Oct 2008, at 06:42, Ian Eiloart wrote: > Can I ask how you discovered the "well hidden feature" of > imapd.conf? Is > there proper documentation for this anywhere? > > --On 29 October 2008 20:16:21 +0100 Andreas Winkelmann > > wrote: >> # SASL-COnfig only for pop3 Daemon >> pop3_sasl_pwcheck_method: auxprop >> pop3_sasl_auxprop_plugin: sasldb >> pop3_sasl_mech_list: plain login cram-md5 digest-md5 From morgan at orst.edu Thu Oct 30 12:34:16 2008 From: morgan at orst.edu (Andrew Morgan) Date: Thu, 30 Oct 2008 09:34:16 -0700 (PDT) Subject: offering limited pop access In-Reply-To: <14B8A5C3-0D61-46AD-BFDD-1FCC96D7352D@umich.edu> References: <49331.91.2.176.171.1225307781.squirrel@a-angels.ath.cx> <14B8A5C3-0D61-46AD-BFDD-1FCC96D7352D@umich.edu> Message-ID: On Thu, 30 Oct 2008, Wesley Craig wrote: > What's mentioned in the SASL documentation (which is considerably > worse than the IMAP documentation, IMHO) is that you can put the > service name between sasl_ and _option. Also missing is what Cyrus > IMAP uses for the service names -- I looked in the code to decide > that "pop" was probably right and "pop3" is probably wrong. I always thought the service name for options was whatever service name you put in cyrus.conf. It would be the first column in the SERVICES section, such as: imap cmd="/usr/local/cyrus/bin/imapd" listen="imap" prefork=10 maxchild=1500 imaps cmd="/usr/local/cyrus/bin/imapd -s" listen="imaps" prefork=10 maxchild=1500 pop3 cmd="/usr/local/cyrus/bin/pop3d" listen="pop3" prefork=3 pop3s cmd="/usr/local/cyrus/bin/pop3d -s" listen="pop3s" prefork=1 In this example, the service names are imap, imaps, pop3, and pop3s. Andy From ml at awinkelmann.de Thu Oct 30 12:54:21 2008 From: ml at awinkelmann.de (Andreas Winkelmann) Date: Thu, 30 Oct 2008 17:54:21 +0100 Subject: offering limited pop access In-Reply-To: <14B8A5C3-0D61-46AD-BFDD-1FCC96D7352D@umich.edu> References: <14B8A5C3-0D61-46AD-BFDD-1FCC96D7352D@umich.edu> Message-ID: <200810301754.22574.ml@awinkelmann.de> Am Donnerstag 30 Oktober 2008 17:09:21 schrieb Wesley Craig: > I think the actual syntax would be: > > sasl_pop_pwcheck_method: auxprop > sasl_pop_auxprop_plugin: sasldb > > The documentation (which needs improvement, and since you're getting > free help on the cyrus list I hope you'll open a bugzilla with some > suggested improvements) is mostly in the imapd.conf man page. In > particular: > > sasl_option: 0 > Any SASL option can be set by preceding it with > "sasl_". This > file overrides the SASL configuration file. > > There are a couple of other examples, e.g.: > > sasl_pwcheck_method: > The mechanism used by the server to verify plaintext > passwords. > Possible values include "auxprop", "saslauthd", and > "pwcheck". > > What's mentioned in the SASL documentation (which is considerably > worse than the IMAP documentation, IMHO) is that you can put the > service name between sasl_ and _option. No, the Service-Name is prepended before the complete Option. This means servicename_sasl_option: ... For example: pop3_sasl_mech_list: PLAIN LOGIN > Also missing is what Cyrus > IMAP uses for the service names -- I looked in the code to decide > that "pop" was probably right and "pop3" is probably wrong. Service-Name itself is the given name of the Daemon from cyrus.conf. It is not the service Name from Cyrus-SASL. Separating Options between the Daemons is not a Cyrus-SASL Feature it is a Cyrus-IMAP Feature. You can use it for other Options than Cyrus-SASL Options in imapd.conf, too. ... pop3 cmd="pop3d" listen="pop3" prefork=0 ... Here it is "pop3". So Options for this Service begin with: pop3_ > On 30 Oct 2008, at 06:42, Ian Eiloart wrote: > > Can I ask how you discovered the "well hidden feature" of > > imapd.conf? Is > > there proper documentation for this anywhere? > > > > --On 29 October 2008 20:16:21 +0100 Andreas Winkelmann > > > > > > wrote: > >> # SASL-COnfig only for pop3 Daemon > >> pop3_sasl_pwcheck_method: auxprop > >> pop3_sasl_auxprop_plugin: sasldb > >> pop3_sasl_mech_list: plain login cram-md5 digest-md5 At the end, I would add another (and maybe the best) way. You (OP) can add the Servicename in the LDAP-Query from saslauthd with %s. So you only need to add something in the LDAP-Entry which includes the Service-Name. Here it is the Cyrus-SASL Service Name "imap", "pop", "sieve"... -- Andreas From wes at umich.edu Thu Oct 30 13:33:39 2008 From: wes at umich.edu (Wesley Craig) Date: Thu, 30 Oct 2008 13:33:39 -0400 Subject: offering limited pop access In-Reply-To: References: <49331.91.2.176.171.1225307781.squirrel@a-angels.ath.cx> <14B8A5C3-0D61-46AD-BFDD-1FCC96D7352D@umich.edu> Message-ID: <361A3F23-2AF9-4425-9AB9-4F93FF45ACD0@umich.edu> On 30 Oct 2008, at 12:34, Andrew Morgan wrote: > I always thought the service name for options was whatever service > name you put in cyrus.conf. It would be the first column in the > SERVICES section, such as: > > imap cmd="/usr/local/cyrus/bin/imapd" listen="imap" > prefork=10 maxchild=1500 > imaps cmd="/usr/local/cyrus/bin/imapd -s" listen="imaps" > prefork=10 maxchild=1500 > pop3 cmd="/usr/local/cyrus/bin/pop3d" listen="pop3" prefork=3 > pop3s cmd="/usr/local/cyrus/bin/pop3d -s" listen="pop3s" prefork=1 > > In this example, the service names are imap, imaps, pop3, and pop3s. Maybe... I'm looking at imap/pop3d.c around line 156: static struct protocol_t pop3_protocol = { "pop3", "pop", { 0, "+OK " }, { "CAPA", NULL, ".", NULL, { { "SASL ", CAPA_AUTH }, { "STLS", CAPA_STARTTLS }, { NULL, 0 } } }, { "STLS", "+OK", "-ERR", 0 }, { "AUTH", 255, 0, "+OK", "-ERR", "+ ", "*", NULL, 0 }, { "NOOP", NULL, "+OK" }, { "QUIT", NULL, "+OK" } }; and imap/protocol.h: struct protocol_t { const char *service; /* INET service name */ const char *sasl_service; /* SASL service name */ struct banner_t banner; struct capa_cmd_t capa_cmd; struct tls_cmd_t tls_cmd; struct sasl_cmd_t sasl_cmd; struct simple_cmd_t ping_cmd; struct simple_cmd_t logout_cmd; }; Perhaps pop3_protocol->sasl_service is not what's used for constructing the line. I haven't actually tried it, I'm just reading the code... :wes From wes at umich.edu Thu Oct 30 13:51:23 2008 From: wes at umich.edu (Wesley Craig) Date: Thu, 30 Oct 2008 13:51:23 -0400 Subject: offering limited pop access In-Reply-To: <200810301754.22574.ml@awinkelmann.de> References: <14B8A5C3-0D61-46AD-BFDD-1FCC96D7352D@umich.edu> <200810301754.22574.ml@awinkelmann.de> Message-ID: <14C5E92C-B67E-4F15-BA9A-97F0DC09AF0B@umich.edu> On 30 Oct 2008, at 12:54, Andreas Winkelmann wrote: > Service-Name itself is the given name of the Daemon from > cyrus.conf. It is not > the service Name from Cyrus-SASL. Separating Options between the > Daemons is > not a Cyrus-SASL Feature it is a Cyrus-IMAP Feature. You can use it > for other > Options than Cyrus-SASL Options in imapd.conf, too. I notice that pop3d.c doesn't seem to use the sasl_service from pop3_protocol. Instead, it appears to be hard coded in imap/pop3d.c service_main() around line 510: if (sasl_server_new("pop", config_servername, NULL, NULL, NULL, NULL, 0, &popd_saslconn) != SASL_OK) I believe that first argument is the one that's passed to the callbacks below as plugin_name. I could be wrong, I haven't tested this at all, I've only been looking over the code, in order to answer the earlier question of "how could I know about this hard to find option". Again, looking at the code, I see two places when the config option is not constant, i.e., it's built from components. The first is in imap/global.c: /* this is a wrapper to call the cyrus configuration from SASL */ int mysasl_config(void *context __attribute__((unused)), const char *plugin_name, const char *option, const char **result, unsigned *len) { ... if (plugin_name) { /* first try it with the plugin name */ strlcpy(opt, "sasl_", sizeof(opt)); strlcat(opt, plugin_name, sizeof(opt)); strlcat(opt, "_", sizeof(opt)); strlcat(opt, option, sizeof(opt)); *result = config_getoverflowstring(opt, NULL); } if (*result == NULL) { /* try without the plugin name */ strlcpy(opt, "sasl_", sizeof(opt)); strlcat(opt, option, sizeof(opt)); *result = config_getoverflowstring(opt, NULL); } ... The sasl_ seems to be pretty well described in the man page for imapd.conf. The method with the plugin_name (sasl__) wasn't in the documentation that I could find. The second place is in imap/backend.c: static int backend_authenticate(struct backend *s, struct protocol_t *prot, char **mechlist, const char *userid, sasl_callback_t *cb, const char **status) { ... strlcpy(optstr, s->hostname, sizeof(optstr)); p = strchr(optstr, '.'); if (p) *p = '\0'; strlcat(optstr, "_password", sizeof(optstr)); pass = config_getoverflowstring(optstr, NULL); if(!pass) pass = config_getstring(IMAPOPT_PROXY_PASSWORD); ... /* Get SASL mechanism list. We can force a particular mechanism using a _mechs option */ strcpy(buf, s->hostname); p = strchr(buf, '.'); if (p) *p = '\0'; strcat(buf, "_mechs"); mech_conf = config_getoverflowstring(buf, NULL); ... Using _mech and _password both seem to be pretty well documented, tho there was a discussion two weeks ago that the short hostname is not well defined and that perhaps the configured hostname should also be tried. :wes From ml at awinkelmann.de Thu Oct 30 15:28:21 2008 From: ml at awinkelmann.de (Andreas Winkelmann) Date: Thu, 30 Oct 2008 20:28:21 +0100 Subject: offering limited pop access In-Reply-To: <14C5E92C-B67E-4F15-BA9A-97F0DC09AF0B@umich.edu> References: <200810301754.22574.ml@awinkelmann.de> <14C5E92C-B67E-4F15-BA9A-97F0DC09AF0B@umich.edu> Message-ID: <200810302028.21876.ml@awinkelmann.de> Am Donnerstag 30 Oktober 2008 18:51:23 schrieb Wesley Craig: > On 30 Oct 2008, at 12:54, Andreas Winkelmann wrote: > > Service-Name itself is the given name of the Daemon from > > cyrus.conf. It is not > > the service Name from Cyrus-SASL. Separating Options between the > > Daemons is > > not a Cyrus-SASL Feature it is a Cyrus-IMAP Feature. You can use it > > for other > > Options than Cyrus-SASL Options in imapd.conf, too. > > I notice that pop3d.c doesn't seem to use the sasl_service from > pop3_protocol. Instead, it appears to be hard coded in imap/pop3d.c > service_main() around line 510: > > if (sasl_server_new("pop", config_servername, NULL, NULL, NULL, > NULL, 0, &popd_saslconn) != SASL_OK) This is the Cyrus-SASL Service Name. But not related to the Service Name which prepends to the Options in imapd.conf. The Cyrus SASL Service Name is hard-coded. In case of pop3 it is "pop". > I believe that first argument is the one that's passed to the > callbacks below as plugin_name. I could be wrong, I haven't tested > this at all, I've only been looking over the code, in order to answer > the earlier question of "how could I know about this hard to find > option". In case of the "plugin_name" you are looking at a Call Back which is called every time, the Cyrus-SASL Library tries to resolve an option. For common Cyrus-SASL Options like pwcheck_method, mech_list, saslauthd_path, ... plugin_name is NULL. > Again, looking at the code, I see two places when the config option > is not constant, i.e., it's built from components. The first is in > imap/global.c: > > /* this is a wrapper to call the cyrus configuration from SASL */ > int mysasl_config(void *context __attribute__((unused)), > const char *plugin_name, > const char *option, > const char **result, > unsigned *len) > { > ... > if (plugin_name) { > /* first try it with the plugin name */ > strlcpy(opt, "sasl_", sizeof(opt)); > strlcat(opt, plugin_name, sizeof(opt)); > strlcat(opt, "_", sizeof(opt)); > strlcat(opt, option, sizeof(opt)); > *result = config_getoverflowstring(opt, NULL); > } > > if (*result == NULL) { > /* try without the plugin name */ > strlcpy(opt, "sasl_", sizeof(opt)); > strlcat(opt, option, sizeof(opt)); > *result = config_getoverflowstring(opt, NULL); > } > ... Because plugin_name is NULL in most cases, the interesting part here is config_getoverflowstring()@lib/libconfig.c: const char *config_getoverflowstring(const char *key, const char *def) { char buf[256]; char *ret = NULL; /* First lookup _key, to see if we have a service-specific * override */ if(config_ident) { if(snprintf(buf,sizeof(buf),"%s_%s",config_ident,key) == -1) fatal("key too long in config_getoverflowstring", EC_TEMPFAIL); ret = hash_lookup(buf, &confighash); } /* No service-specific override, check the actual key */ if(!ret) ret = hash_lookup(key, &confighash); /* Return what we got or the default */ return ret ? ret : def; } config_ident is filled from master with the first column from cyrus.conf of the assoiciated Service. So in the case of pop3 Cyrus-IMAP tries first to lookup the Option with "pop3_sasl_..." > The sasl_ seems to be pretty well described in the man > page for imapd.conf. The method with the plugin_name > (sasl__) wasn't in the documentation that I > could find. A few examples for plugin_name "SQL", "ldapdb", "DIGEST-MD5", "GSSAPI", "SRP", NULL. The environment of the related option from Cyrus-SASL specifies the plugin_name. All ldapdb_ Options have "ldapdb", "sql_*" "SQL" and so on... > The second place is in imap/backend.c: > > static int backend_authenticate(struct backend *s, struct protocol_t > *prot, > char **mechlist, const char *userid, > sasl_callback_t *cb, const char > **status) > { > ... > strlcpy(optstr, s->hostname, sizeof(optstr)); > p = strchr(optstr, '.'); > if (p) *p = '\0'; > strlcat(optstr, "_password", sizeof(optstr)); > pass = config_getoverflowstring(optstr, NULL); > if(!pass) pass = config_getstring(IMAPOPT_PROXY_PASSWORD); > ... > /* Get SASL mechanism list. We can force a particular > mechanism using a _mechs option */ > strcpy(buf, s->hostname); > p = strchr(buf, '.'); > if (p) *p = '\0'; > strcat(buf, "_mechs"); > mech_conf = config_getoverflowstring(buf, NULL); > ... > > Using _mech and _password both seem to be pretty > well documented, tho there was a discussion two weeks ago that the > short hostname is not well defined and that perhaps the configured > hostname should also be tried. -- Andreas From wes at umich.edu Fri Oct 31 11:38:20 2008 From: wes at umich.edu (Wesley Craig) Date: Fri, 31 Oct 2008 11:38:20 -0400 Subject: offering limited pop access In-Reply-To: <200810302028.21876.ml@awinkelmann.de> References: <200810301754.22574.ml@awinkelmann.de> <14C5E92C-B67E-4F15-BA9A-97F0DC09AF0B@umich.edu> <200810302028.21876.ml@awinkelmann.de> Message-ID: <11D02C18-E0A8-4E94-B7B0-BDC5804D921B@umich.edu> I can see why you describe it as "well hidden". Thanks for the enlightenment. I'll endeavor to get all of these points adequately included in the documentation. Thanks! https://bugzilla.andrew.cmu.edu/show_bug.cgi?id=3114 https://bugzilla.andrew.cmu.edu/show_bug.cgi?id=3115 :wes On 30 Oct 2008, at 15:28, Andreas Winkelmann wrote: > Because plugin_name is NULL in most cases, the interesting part > here is > config_getoverflowstring()@lib/libconfig.c: > > const char *config_getoverflowstring(const char *key, const char *def) > { > char buf[256]; > char *ret = NULL; > > /* First lookup _key, to see if we have a service-specific > * override */ > > if(config_ident) { > if(snprintf(buf,sizeof(buf),"%s_%s",config_ident,key) == -1) > fatal("key too long in config_getoverflowstring", > EC_TEMPFAIL); > > ret = hash_lookup(buf, &confighash); > } > > /* No service-specific override, check the actual key */ > if(!ret) > ret = hash_lookup(key, &confighash); > > /* Return what we got or the default */ > return ret ? ret : def; > } > > config_ident is filled from master with the first column from > cyrus.conf of > the assoiciated Service. So in the case of pop3 Cyrus-IMAP tries > first to > lookup the Option with "pop3_sasl_..." > >> The sasl_ seems to be pretty well described in the man >> page for imapd.conf. The method with the plugin_name >> (sasl__) wasn't in the documentation that I >> could find. > > A few examples for plugin_name "SQL", "ldapdb", "DIGEST-MD5", > "GSSAPI", "SRP", > NULL. The environment of the related option from Cyrus-SASL > specifies the > plugin_name. All ldapdb_ Options have "ldapdb", "sql_*" "SQL" and > so on... From aspineux at gmail.com Fri Oct 31 11:57:33 2008 From: aspineux at gmail.com (Alain Spineux) Date: Fri, 31 Oct 2008 16:57:33 +0100 Subject: offering limited pop access In-Reply-To: References: Message-ID: <71fe4e760810310857r1b7bd904i6cff9ed5e8be64a@mail.gmail.com> On Wed, Oct 29, 2008 at 2:36 PM, Ian Eiloart wrote: > Hi, > > I offer an IMAP service to 12000 users, but we don't offer POP3. > > However, we have a blind person who has a braille computer, with POP3 > client, but no IMAP client. > > I've configured a perdition proxy which can give him POP, but not IMAP > access. However, we're moving toward using Cyrus proxyd front end, with > LDAP authentication (through SASL). > > Is there a way I can configure my murder cluster to perform a different > IMAP lookup for POP3 authentication, compared to IMAP authentication. Or, > is there some other way that I can restrict POP3 access to certain users? I use nginx to do that. nginx require a daemon using http protocol. You have to write your in your favorite scripting language (10 lines of python or perl code). This daemon can make the required check in my ldap database ! If you have only one user, just hard code his name in your script. > > I've got configuration files at > /local/cyrus-sasl-2.1.22/lib/sasl2/imap.conf > which just says: > pwcheck_method: saslauthd > mech_list: plain > I presume I need a pop.conf file that's similar, but can't find any > documentation. > > and > /local/cyrus-sasl-2.1.22/etc/saslauthd.conf > which specifies how to access the LDAP servers. > > I want everything the same, but with a different value for ldap_filter. Can > I just override this in pop3.conf? Or do I set sasl_ldap_filter my cyrus > configuration, instead? > > -- > Ian Eiloart > IT Services, University of Sussex > x3148 > ---- > Cyrus Home Page: http://cyrusimap.web.cmu.edu/ > Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html > -- Alain Spineux aspineux gmail com May the sources be with you