From hans.moser at ofd-sth.niedersachsen.de Wed Jul 1 06:21:15 2009 From: hans.moser at ofd-sth.niedersachsen.de (Marc Patermann) Date: Wed, 01 Jul 2009 12:21:15 +0200 Subject: Migrate from 2.2. to 2.3 with ldap In-Reply-To: References: <4A2E872B.5020202@ofd-sth.niedersachsen.de> <20090609183845.12303kbimqdcdyj9@webmail.uni-tuebingen.de> Message-ID: <4A4B389B.80909@ofd-sth.niedersachsen.de> Hi again, Marc Patermann schrieb: > On CentOS it ist working now. Now that I have a working config, I'll > go back to SuSE to try again ... I tried to rebuild the openSuSE rpm with openSuSE Build Service. -> https://build.opensuse.org/ (These are my first steps with OBS.) I created a new project and linked the original files from cyrus-imapd. This builds fine. I edited the spec file: BuildRequires: cyrus-sasl-devel db-devel drac ed krb5-devel openslp-devel openssl-devel opie tcpd-devel openldap2-devel (new: openldap2-devel) export CFLAGS="$RPM_OPT_FLAGS -fno-strict-aliasing -I/usr/include/kerberosIV -I%{_libdir}/sasl2/include" LIBS="-lldap -llber" (new: LIBS="-lldap -llber") This builds fine, too. When I finally add the configure switch "--with-ldap=%{_libdir} \" or "--with-ldap \", there are the following errors, built fails: Checking for unpackaged file(s): /usr/lib/rpm/check-files /var/tmp/cyrus-imapd-2.3.11-build Checking for unpackaged file(s): /usr/lib/rpm/check-files /var/tmp/cyrus-imapd-2.3.11-build Wrote: /usr/src/packages/SRPMS/cyrus-imapd-2.3.11-129.1.src.rpm Wrote: /usr/src/packages/RPMS/x86_64/cyrus-imapd-2.3.11-129.1.x86_64.rpm Wrote: /usr/src/packages/RPMS/x86_64/perl-Cyrus-IMAP-2.3.11-129.1.x86_64.rpm Wrote: /usr/src/packages/RPMS/x86_64/perl-Cyrus-SIEVE-managesieve-2.3.11-129.1.x86_64.rpm Wrote: /usr/src/packages/RPMS/x86_64/cyrus-imapd-devel-2.3.11-129.1.x86_64.rpm ... checking for files with abuild user/group ... running 00-check-install-rpms ... installing all built rpms Preparing packages for installation... perl-Cyrus-SIEVE-managesieve-2.3.11-129.1 perl-Cyrus-IMAP-2.3.11-129.1 cyrus-imapd-devel-2.3.11-129.1 /var/tmp/rpm-tmp.57455: line 2: /usr/sbin/usermod: No such file or directory cyrus-imapd-2.3.11-129.1 warning: user cyrus does not exist - using root warning: user cyrus does not exist - using root warning: user cyrus does not exist - using root warning: user cyrus does not exist - using root warning: user cyrus does not exist - using root warning: user cyrus does not exist - using root warning: user cyrus does not exist - using root warning: user cyrus does not exist - using root warning: user cyrus does not exist - using root warning: user cyrus does not exist - using root warning: user cyrus does not exist - using root warning: user cyrus does not exist - using root warning: user cyrus does not exist - using root warning: user cyrus does not exist - using root warning: user cyrus does not exist - using root warning: user cyrus does not exist - using root warning: user cyrus does not exist - using root warning: user cyrus does not exist - using root warning: user cyrus does not exist - using root warning: user cyrus does not exist - using root warning: user cyrus does not exist - using root warning: user cyrus does not exist - using root warning: user cyrus does not exist - using root warning: user cyrus does not exist - using root warning: user cyrus does not exist - using root warning: user cyrus does not exist - using root warning: user cyrus does not exist - using root warning: user cyrus does not exist - using root warning: user cyrus does not exist - using root warning: user cyrus does not exist - using root warning: user cyrus does not exist - using root warning: user cyrus does not exist - using root warning: user cyrus does not exist - using root warning: user cyrus does not exist - using root warning: user cyrus does not exist - using root warning: user cyrus does not exist - using root warning: user cyrus does not exist - using root warning: user cyrus does not exist - using root warning: user cyrus does not exist - using root warning: user cyrus does not exist - using root warning: user cyrus does not exist - using root warning: user cyrus does not exist - using root warning: user cyrus does not exist - using root warning: user cyrus does not exist - using root warning: user cyrus does not exist - using root warning: user cyrus does not exist - using root warning: user cyrus does not exist - using root warning: user cyrus does not exist - using root warning: user cyrus does not exist - using root warning: user cyrus does not exist - using root warning: user cyrus does not exist - using root warning: user cyrus does not exist - using root warning: user cyrus does not exist - using root warning: user cyrus does not exist - using root warning: user cyrus does not exist - using root warning: user cyrus does not exist - using root warning: user cyrus does not exist - using root warning: user cyrus does not exist - using root warning: user cyrus does not exist - using root warning: user cyrus does not exist - using root warning: user cyrus does not exist - using root warning: user cyrus does not exist - using root warning: user cyrus does not exist - using root warning: user cyrus does not exist - using root warning: user cyrus does not exist - using root warning: user cyrus does not exist - using root warning: user cyrus does not exist - using root warning: user cyrus does not exist - using root warning: user cyrus does not exist - using root warning: user cyrus does not exist - using root warning: user cyrus does not exist - using root warning: user cyrus does not exist - using root warning: user cyrus does not exist - using root warning: user cyrus does not exist - using root warning: user cyrus does not exist - using root warning: user cyrus does not exist - using root warning: user cyrus does not exist - using root warning: user cyrus does not exist - using root warning: user cyrus does not exist - using root warning: user cyrus does not exist - using root warning: user cyrus does not exist - using root warning: user cyrus does not exist - using root warning: user cyrus does not exist - using root warning: user cyrus does not exist - using root warning: user cyrus does not exist - using root warning: user cyrus does not exist - using root warning: user cyrus does not exist - using root warning: user cyrus does not exist - using root warning: user cyrus does not exist - using root warning: user cyrus does not exist - using root warning: user cyrus does not exist - using root ... running 01-check-debuginfo ... testing for empty debuginfo packages ... running 02-check-gcc-output ... testing for serious compiler warnings (using /usr/lib/build/checks-data/check_gcc_output) (using //.build.log) I: Program returns random data in a function E: cyrus-imapd no-return-in-nonvoid-function afskrb.c:550 System halted. It seems to me, that the rpms are built - but then something goes wrong!? Does anybody have a hint? Thanks! Marc From paul at vandervlis.nl Wed Jul 1 07:22:29 2009 From: paul at vandervlis.nl (Paul van der Vlis) Date: Wed, 01 Jul 2009 13:22:29 +0200 Subject: Db4 problems Message-ID: <4A4B46F5.30109@vandervlis.nl> Hello! I have errors in my log, and sometimes Cyrus crashes and I have to reboot the server because restarting gives this error: mail:~# /etc/init.d/cyrus2.2 restart Stopping Cyrus IMAPd: cyrmaster. Waiting for complete shutdown........ fatal: incomplete shutdown detected, aborting. In the log I see all the time errors like: ------ Jul 1 10:35:27 mail cyrus/imap[16841]: DBERROR db4: Database handles open during environment close Jul 1 10:35:27 mail cyrus/imap[16841]: DBERROR: error exiting application: Invalid argument ------ When Cyrus stops working I see this in the logs: ------- Jul 1 10:40:04 mail cyrus/imap[16920]: DBERROR db4: Logging region out of memory; you may need to increase its size Jul 1 10:40:04 mail cyrus/imap[16920]: DBERROR: opening /var/lib/cyrus/tls_sessions.db: Cannot allocate memory Jul 1 10:40:04 mail cyrus/imap[16920]: DBERROR: opening /var/lib/cyrus/tls_sessions.db: cyrusdb error --------- I am not sure what's the problem here. Do I need to increase the memory size of the Berkeley database? and where can I do that? Can I remove /var/lib/cyrus/tls_sessions.db? (I have the same problem with deliver.db.) What will be that "Databases handles open during environment close", can that give this problem? With regards, Paul van der Vlis. -- http://www.vandervlis.nl/ From garry at glendown.de Wed Jul 1 09:04:31 2009 From: garry at glendown.de (Garry) Date: Wed, 01 Jul 2009 15:04:31 +0200 Subject: Automatically moving marked mails? Message-ID: <4A4B5EDF.9050300@glendown.de> Hi, in order to fix a customer's wrong perception of how a mail server should work, I was wondering: Is there a way to make Cyrus IMAP move marked-for-deletion mails to a trash folder, effectively purging it from the original folder? Tnx, -garry From hans.moser at ofd-sth.niedersachsen.de Wed Jul 1 09:59:43 2009 From: hans.moser at ofd-sth.niedersachsen.de (Marc Patermann) Date: Wed, 01 Jul 2009 15:59:43 +0200 Subject: Automatically moving marked mails? In-Reply-To: <4A4B5EDF.9050300@glendown.de> References: <4A4B5EDF.9050300@glendown.de> Message-ID: <4A4B6BCF.9040006@ofd-sth.niedersachsen.de> Garry, Garry schrieb: > in order to fix a customer's wrong perception of how a mail server > should work, I was wondering: > > Is there a way to make Cyrus IMAP move marked-for-deletion mails to a > trash folder, effectively purging it from the original folder? If I look in my MUA (Thunderbird), I have the choice to - move to trash - delete immediately - mark as deleted (and purge later). So why should cyrus do something else than configured in the client? Marc From josh at endries.org Wed Jul 1 10:14:15 2009 From: josh at endries.org (josh at endries.org) Date: Wed, 01 Jul 2009 10:14:15 -0400 Subject: Please change the DNS lookup = defaultdomain process, and use defaultdomain as the default domain. Message-ID: <20090701101415.78946oxmv1jh0w00@www.endries.org> Argh, vent time. I don't know if this is fixed in later versions, I really really hope so, but this machine has 2.2 on it. This problem is a huge PITA. I've ran into it before and stumbled across a random (trial-and-error) workaround each time, though I don't remember what they were...I don't change these things very often. The problem, which I believe is a ridiculous bug, has to do with the combination of DNS lookups, defaultdomain and virtdomains. I don't really know if virtdomains is involved, but since I run with them enabled I'll mention it. I have a server, mail.blah.com, serving mail for various domains. The defaultdomain parameter is set to mail.blah.com, though that doesn't seem very relevant--certainly it isn't the "default". The server does a reverse DNS lookup on it's own IP when logging in with an unqualified address (e.g. "admin"), appends the domain name from that lookup AND NOT defaultdomain, and uses that as the effective address for logging in. I happen to serve blah.com out of this machine, and happen to have "admin" as a global admin and "admin at blah.com" as another user. Amazingly, it appended the DNS domain to my unqualified login and worked! It took me a while to figure out but both passwords were the same, so it "defaulted" to the made-up DNS-based address. When I changed the password for admin at blah.com, leaving admin alone, and logged in with admin's password, it instead used the defaultdomain parameter as expected and logged in successfully as the global admin user. Holy crap. Nonsense. If anything, that order should be reversed. I seem to remember previously messing with defaultdomain and the machine's hostname to work around it before, maybe using the hosts file, unfortunately I don't remember what I did previously. Some combination of DNS and/or fake hostname and/or fake defaultdomain setting maybe...I know it wasn't due to identical passwords, but it was due to using the reverse DNS lookup as the default domain. I think it really should just simply append the defaultdomain to unqualified login names and try that, and if it doesn't work, fail. That, I think, is expected behavior. Alternatively this procedure should be documented somewhere, like in imapd.conf, to save people hours of frustration... It also makes me wonder what other sorts of wonky things it might do behind the scenes. Now, on to work on my mysterious no-vacation-messages sieve problem... From garry at glendown.de Wed Jul 1 10:35:15 2009 From: garry at glendown.de (Garry) Date: Wed, 01 Jul 2009 16:35:15 +0200 Subject: Automatically moving marked mails? In-Reply-To: <4A4B6BCF.9040006@ofd-sth.niedersachsen.de> References: <4A4B5EDF.9050300@glendown.de> <4A4B6BCF.9040006@ofd-sth.niedersachsen.de> Message-ID: <4A4B7423.7000007@glendown.de> Marc Patermann wrote: > Garry, > > Garry schrieb: > > >> in order to fix a customer's wrong perception of how a mail server >> should work, I was wondering: >> >> Is there a way to make Cyrus IMAP move marked-for-deletion mails to a >> trash folder, effectively purging it from the original folder? >> > If I look in my MUA (Thunderbird), I have the choice to > - move to trash > - delete immediately > - mark as deleted (and purge later). > > So why should cyrus do something else than configured in the client? > The point is not when decent MUAs are used, like Thunderbird, but rather crap like Outlook ... which is unable to do a decent, logical handling of deleted mails... ;) Problem is, $customer is using a groupware which - when using IMAP - will display deleted or moved mails as struck-through mails, which will no doubt confuse certain users ... therefore, it would be nice if Cyrus could be convinced to have a special delted-mails handling ... as it is close to impossible to change Outlook's handling ... Guess I might need to take a look at the source if it's not in there, and see if it can be added ... -gg From josh at endries.org Wed Jul 1 10:44:57 2009 From: josh at endries.org (josh at endries.org) Date: Wed, 01 Jul 2009 10:44:57 -0400 Subject: Please change the DNS lookup = defaultdomain process, and use defaultdomain as the default domain. In-Reply-To: <20090701101415.78946oxmv1jh0w00@www.endries.org> References: <20090701101415.78946oxmv1jh0w00@www.endries.org> Message-ID: <20090701104457.128717ie7tv8ro1w@www.endries.org> Sigh...correction: Using the unqualified name still appends the DNS domain, not the specified defaultdomain. However, now I can login using admin at mail.blah.com whereas when the passwords were the same, it used admin at blah.com first and never logged me in as @mail.blah.com. Now at least it (I'm guessing) fails as admin at blah.com and then tries admin at mail.blah.com as typed, which works. (my defaultdomain is "something.fake" right now BTW). Josh Quoting josh at endries.org: > Argh, vent time. I don't know if this is fixed in later versions, I > really really hope so, but this machine has 2.2 on it. This problem is > a huge PITA. I've ran into it before and stumbled across a random > (trial-and-error) workaround each time, though I don't remember what > they were...I don't change these things very often. The problem, which > I believe is a ridiculous bug, has to do with the combination of DNS > lookups, defaultdomain and virtdomains. I don't really know if > virtdomains is involved, but since I run with them enabled I'll > mention it. > > I have a server, mail.blah.com, serving mail for various domains. The > defaultdomain parameter is set to mail.blah.com, though that doesn't > seem very relevant--certainly it isn't the "default". The server does > a reverse DNS lookup on it's own IP when logging in with an > unqualified address (e.g. "admin"), appends the domain name from that > lookup AND NOT defaultdomain, and uses that as the effective address > for logging in. I happen to serve blah.com out of this machine, and > happen to have "admin" as a global admin and "admin at blah.com" as > another user. Amazingly, it appended the DNS domain to my unqualified > login and worked! It took me a while to figure out but both passwords > were the same, so it "defaulted" to the made-up DNS-based address. > When I changed the password for admin at blah.com, leaving admin alone, > and logged in with admin's password, it instead used the defaultdomain > parameter as expected and logged in successfully as the global admin > user. Holy crap. Nonsense. If anything, that order should be reversed. > > I seem to remember previously messing with defaultdomain and the > machine's hostname to work around it before, maybe using the hosts > file, unfortunately I don't remember what I did previously. Some > combination of DNS and/or fake hostname and/or fake defaultdomain > setting maybe...I know it wasn't due to identical passwords, but it > was due to using the reverse DNS lookup as the default domain. I think > it really should just simply append the defaultdomain to unqualified > login names and try that, and if it doesn't work, fail. That, I think, > is expected behavior. Alternatively this procedure should be > documented somewhere, like in imapd.conf, to save people hours of > frustration... It also makes me wonder what other sorts of wonky > things it might do behind the scenes. > > Now, on to work on my mysterious no-vacation-messages sieve problem... > > ---- > Cyrus Home Page: http://cyrusimap.web.cmu.edu/ > Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html > From josh at endries.org Wed Jul 1 11:01:43 2009 From: josh at endries.org (josh at endries.org) Date: Wed, 01 Jul 2009 11:01:43 -0400 Subject: Please change the DNS lookup = defaultdomain process, and use defaultdomain as the default domain. In-Reply-To: <20090701104457.128717ie7tv8ro1w@www.endries.org> References: <20090701101415.78946oxmv1jh0w00@www.endries.org> <20090701104457.128717ie7tv8ro1w@www.endries.org> Message-ID: <20090701110143.12906ou2jl1bl7wo@www.endries.org> Okay, defaultdomain is set to mail.blah.com again, as it should be. Logging in as admin at mail.blah.com now doesn't work, reports the user name as 'admin', correctly, but doesn't work. Logging in as admin doesn't work, reports the user name as user at blah.com and the password for that user is (now) different. With the defaultdomain set to something else, like something.fake, logging in as admin at mail.blah.com works but then of course is not a global admin. Changing defaultdomain to blah.com, which kinda makes sense but shouldn't be forced...using admin tries login as admin and doesn't work (doesn't append blah.com?). Logging in as admin at blah.com also tries login as admin and doesn't work. e.g. by "tries login as..." I mean "admin" in: Jul 1 11:02:38 mail imaps[19476]: badlogin: mail.blah.com [x.x.x.x] plaintext admin SASL(-13): authentication failure: checkpass failed This was from logging in with c login "admin at blah.com" "password" Still working on it... Josh From ken at hudat.com Wed Jul 1 11:34:47 2009 From: ken at hudat.com (Kendrick Vargas) Date: Wed, 01 Jul 2009 11:34:47 -0400 Subject: Please change the DNS lookup = defaultdomain process, and use defaultdomain as the default domain. In-Reply-To: <20090701110143.12906ou2jl1bl7wo@www.endries.org> References: <20090701101415.78946oxmv1jh0w00@www.endries.org> <20090701104457.128717ie7tv8ro1w@www.endries.org> <20090701110143.12906ou2jl1bl7wo@www.endries.org> Message-ID: <4A4B8217.6010203@hudat.com> Not sure if this helps, but, you might wanna take a look at this post/thread and bugzilla entry: http://lists.andrew.cmu.edu/pipermail/info-cyrus/2006-October/023811.html https://bugzilla.andrew.cmu.edu/show_bug.cgi?id=2886 It's hard to tell from your post exactly what you want to achieve. However I wanted to mention that whenever I've set up local admin accounts in cyrus, I've always made them part of a domain which was @the.local.fqdn. It's just safer and removes ANY confusion. I also don't like the way the virtdomain option works, never thought it was very consistent. I just reworked the patch to work against the latest RPM's as of a week ago and it seems to work fine. It's a short one and should go in by hand rather easily. Otherwise I can send you the patch I used or the source rpm so you can rebuild it yourself. Hope this helped... -peace josh at endries.org wrote: > Okay, defaultdomain is set to mail.blah.com again, as it should be. > > Logging in as admin at mail.blah.com now doesn't work, reports the user > name as 'admin', correctly, but doesn't work. > > Logging in as admin doesn't work, reports the user name as > user at blah.com and the password for that user is (now) different. > > With the defaultdomain set to something else, like something.fake, > logging in as admin at mail.blah.com works but then of course is not a > global admin. > > Changing defaultdomain to blah.com, which kinda makes sense but > shouldn't be forced...using admin tries login as admin and doesn't > work (doesn't append blah.com?). Logging in as admin at blah.com also > tries login as admin and doesn't work. > > e.g. by "tries login as..." I mean "admin" in: > > Jul 1 11:02:38 mail imaps[19476]: badlogin: mail.blah.com [x.x.x.x] > plaintext admin SASL(-13): authentication failure: checkpass failed > > This was from logging in with > > c login "admin at blah.com" "password" > > Still working on it... > > Josh > > ---- > Cyrus Home Page: http://cyrusimap.web.cmu.edu/ > Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html From dwhite at olp.net Wed Jul 1 11:48:40 2009 From: dwhite at olp.net (Dan White) Date: Wed, 01 Jul 2009 10:48:40 -0500 Subject: Please change the DNS lookup = defaultdomain process, and use defaultdomain as the default domain. In-Reply-To: <20090701101415.78946oxmv1jh0w00@www.endries.org> References: <20090701101415.78946oxmv1jh0w00@www.endries.org> Message-ID: <4A4B8558.2000202@olp.net> josh at endries.org wrote: > Argh, vent time. I don't know if this is fixed in later versions, I > really really hope so, but this machine has 2.2 on it. This problem is > a huge PITA. I've ran into it before and stumbled across a random > (trial-and-error) workaround each time, though I don't remember what > they were...I don't change these things very often. The problem, which > I believe is a ridiculous bug, has to do with the combination of DNS > lookups, defaultdomain and virtdomains. I don't really know if > virtdomains is involved, but since I run with them enabled I'll > mention it. > > See: doc/install-virtdomains.html within the source tarball for documentation on this (the man page is a little lacking). setting virtdomains to 'userid', and removing the default domain may do what you want. - Dan From josh at endries.org Wed Jul 1 11:55:47 2009 From: josh at endries.org (josh at endries.org) Date: Wed, 01 Jul 2009 11:55:47 -0400 Subject: Please change the DNS lookup = defaultdomain process, and use defaultdomain as the default domain. In-Reply-To: <4A4B8217.6010203@hudat.com> References: <20090701101415.78946oxmv1jh0w00@www.endries.org> <20090701104457.128717ie7tv8ro1w@www.endries.org> <20090701110143.12906ou2jl1bl7wo@www.endries.org> <4A4B8217.6010203@hudat.com> Message-ID: <20090701115547.19523box7stngnok@www.endries.org> Hi, thanks for the reply. What I'm trying to achieve is that, when I log in with "user", Cyrus appends the defaultdomain value when looking up the password (I use SQL for that). My fqdn for the server is mail.blah.com, which is what I normally use. I'm not sure why it stopped working; I changed the IP of the box, along with forward and reverse DNS, and it broke. That's separate from the bug, though. It should append the defaultdomain if there is none in the user name; pretty simple. I did my admin stuff manually which seemed to work so I'm giving up on this for the time being. I have too much to do and have wasted a whole day on this already... I have another problem with Sieve vacation replies that I need to fix, which is even worse; no logging whatsoever. Joy. Josh Quoting Kendrick Vargas : > Not sure if this helps, but, you might wanna take a look at this post/thread > and bugzilla entry: > > http://lists.andrew.cmu.edu/pipermail/info-cyrus/2006-October/023811.html > > https://bugzilla.andrew.cmu.edu/show_bug.cgi?id=2886 > > It's hard to tell from your post exactly what you want to achieve. However I > wanted to mention that whenever I've set up local admin accounts in cyrus, > I've always made them part of a domain which was @the.local.fqdn. It's just > safer and removes ANY confusion. I also don't like the way the virtdomain > option works, never thought it was very consistent. > > I just reworked the patch to work against the latest RPM's as of a week ago > and it seems to work fine. It's a short one and should go in by hand rather > easily. Otherwise I can send you the patch I used or the source rpm so you > can rebuild it yourself. Hope this helped... > -peace > > josh at endries.org wrote: >> Okay, defaultdomain is set to mail.blah.com again, as it should be. >> >> Logging in as admin at mail.blah.com now doesn't work, reports the user >> name as 'admin', correctly, but doesn't work. >> >> Logging in as admin doesn't work, reports the user name as >> user at blah.com and the password for that user is (now) different. >> >> With the defaultdomain set to something else, like something.fake, >> logging in as admin at mail.blah.com works but then of course is not a >> global admin. >> >> Changing defaultdomain to blah.com, which kinda makes sense but >> shouldn't be forced...using admin tries login as admin and doesn't >> work (doesn't append blah.com?). Logging in as admin at blah.com also >> tries login as admin and doesn't work. >> >> e.g. by "tries login as..." I mean "admin" in: >> >> Jul 1 11:02:38 mail imaps[19476]: badlogin: mail.blah.com [x.x.x.x] >> plaintext admin SASL(-13): authentication failure: checkpass failed >> >> This was from logging in with >> >> c login "admin at blah.com" "password" >> >> Still working on it... >> >> Josh >> >> ---- >> Cyrus Home Page: http://cyrusimap.web.cmu.edu/ >> Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki >> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html > ---- > Cyrus Home Page: http://cyrusimap.web.cmu.edu/ > Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html > From morgan at orst.edu Wed Jul 1 12:24:42 2009 From: morgan at orst.edu (Andrew Morgan) Date: Wed, 1 Jul 2009 09:24:42 -0700 (PDT) Subject: Db4 problems In-Reply-To: <4A4B46F5.30109@vandervlis.nl> References: <4A4B46F5.30109@vandervlis.nl> Message-ID: On Wed, 1 Jul 2009, Paul van der Vlis wrote: > Hello! > > I have errors in my log, and sometimes Cyrus crashes and I have to > reboot the server because restarting gives this error: > > mail:~# /etc/init.d/cyrus2.2 restart > Stopping Cyrus IMAPd: cyrmaster. > Waiting for complete shutdown........ > fatal: incomplete shutdown detected, aborting. > > In the log I see all the time errors like: > ------ > Jul 1 10:35:27 mail cyrus/imap[16841]: DBERROR db4: Database handles > open during environment close > Jul 1 10:35:27 mail cyrus/imap[16841]: DBERROR: error exiting > application: Invalid argument > ------ > > When Cyrus stops working I see this in the logs: > ------- > Jul 1 10:40:04 mail cyrus/imap[16920]: DBERROR db4: Logging region out > of memory; you may need to increase its size > Jul 1 10:40:04 mail cyrus/imap[16920]: DBERROR: opening > /var/lib/cyrus/tls_sessions.db: Cannot allocate memory > Jul 1 10:40:04 mail cyrus/imap[16920]: DBERROR: opening > /var/lib/cyrus/tls_sessions.db: cyrusdb error > --------- > > I am not sure what's the problem here. > > Do I need to increase the memory size of the Berkeley database? > and where can I do that? > > Can I remove /var/lib/cyrus/tls_sessions.db? > (I have the same problem with deliver.db.) > > What will be that "Databases handles open during environment close", can > that give this problem? Here's what I recommend - get rid of Berkeley DB in Cyrus and use skiplist instead. :) Change your backend database formats to skiplist in imapd.conf, something like: # Backend database formats to use annotation_db: skiplist duplicate_db: skiplist mboxlist_db: skiplist quota_db: quotalegacy seenstate_db: skiplist statuscache_db: skiplist subscription_db: flat tlscache_db: skiplist A lot of us got tired of messing around with Berkeley DB and switched to skiplist. If you decide to change formats, make sure you stop Cyrus and remove the contents of the {configdirectory}/db/ directory. You'll also want to delete the deliver.db and tls_sessions.db files, assuming those are the ones you change. tls_sessions.db does not contain any information that needs to persist between Cyrus restarts. deliver.db contains duplicate messsage suppression information and is also used for vacation reply tracking. The worst that will happen if you delete deliver.db is that someone may get a second vacation reply message sent out. Andy From woods-cyrus at weird.com Wed Jul 1 14:48:41 2009 From: woods-cyrus at weird.com (Greg A. Woods) Date: Wed, 01 Jul 2009 14:48:41 -0400 Subject: Automatically moving marked mails? In-Reply-To: <4A4B7423.7000007@glendown.de> References: <4A4B5EDF.9050300@glendown.de> <4A4B6BCF.9040006@ofd-sth.niedersachsen.de> <4A4B7423.7000007@glendown.de> Message-ID: At Wed, 01 Jul 2009 16:35:15 +0200, Garry wrote: Subject: Re: Automatically moving marked mails? > > The point is not when decent MUAs are used, like Thunderbird, but rather > crap like Outlook ... which is unable to do a decent, logical handling > of deleted mails... ;) Decent MUAs are _always_ "available", at least to some extent. People who won't choose to use decent software when it is available and instead insist upon using broken crapware _must_ learn that they are on their own -- they are unsupported, they get no sympathy. In this case though I'm not sure what the problem is (at least based upon this one feature -- groupware might be broken in other ways). > Problem is, $customer is using a groupware which - when using IMAP - > will display deleted or moved mails as struck-through mails, which will > no doubt confuse certain users ... therefore, it would be nice if Cyrus > could be convinced to have a special delted-mails handling ... as it is > close to impossible to change Outlook's handling ... Actually that's the desired way for an IMAP client to work! (and the majority of the good ones I'm aware of do work that way where possible, though sadly not two of the ones I'm using at the moment) What could possibly be confusing about a summary index entry showing a message using a struck-through font face? It should be self-evident to anyone with a gram of experience using any modern decent graphical computer user interface that the message has been marked as deleted. (some more limited GUIs could use a particular colour or grey level to achieve the same indication) Some MUAs which operate in this correct manner do confuse users sometimes by not handling the somewhat "un-natural" expunge operation automatically. However I find it's very easy to teach users about this extra step by simply explaining to them that it gives them slightly more control over when they choose to release these marked messages from the the most immediate level of "undo" (or all possibility of undo if the MUA doesn't support the "move to trash" feature). > Guess I might need to take a look at the source if it's not in there, > and see if it can be added ... There's no logical sane way to do what _you_ think your customer might think should happen. IMAP does not work that way. It cannot safely do so. Please think long and hard about interoperability with multiple simultaneous MUA access, possibly from different types of MUAs. I suppose being Cyrus is open-source software it could indeed be bent to do illogical and/or unsafe things, but I think you really want to find out the truth about how your users perceive the correct behaviour before you go about abusing it into some caricature of what you think they might want. -- Greg A. Woods +1 416 218-0098 VE3TCP RoboHack Planix, Inc. Secrets of the Weird From awilliam at whitemice.org Wed Jul 1 17:04:05 2009 From: awilliam at whitemice.org (Adam Tauno Williams) Date: Wed, 01 Jul 2009 17:04:05 -0400 Subject: Automatically moving marked mails? In-Reply-To: References: <4A4B5EDF.9050300@glendown.de> <4A4B6BCF.9040006@ofd-sth.niedersachsen.de> <4A4B7423.7000007@glendown.de> Message-ID: <1246482245.20224.5.camel@linux-m3mt> On Wed, 2009-07-01 at 14:48 -0400, Greg A. Woods wrote: > At Wed, 01 Jul 2009 16:35:15 +0200, Garry wrote: > Subject: Re: Automatically moving marked mails? > > The point is not when decent MUAs are used, like Thunderbird, but rather > > crap like Outlook ... which is unable to do a decent, logical handling > > of deleted mails... ;) > Decent MUAs are _always_ "available", at least to some extent. > People who won't choose to use decent software when it is available and > instead insist upon using broken crapware _must_ learn that they are on > their own -- they are unsupported, they get no sympathy. Agree. Although I find TB's handling of deleted mail at least equivalently retarded as Outlook. Neither has a @*&^&$* key binding for expunge! In general IMAP in recent ($version>=2003) versions of Outlook works very well. > In this case though I'm not sure what the problem is (at least based > upon this one feature -- groupware might be broken in other ways). > > Problem is, $customer is using a groupware which - when using IMAP - > > will display deleted or moved mails as struck-through mails, which will > > no doubt confuse certain users ... therefore, it would be nice if Cyrus > > could be convinced to have a special delted-mails handling ... as it is > > close to impossible to change Outlook's handling ... > Actually that's the desired way for an IMAP client to work! (and the > majority of the good ones I'm aware of do work that way where possible, > though sadly not two of the ones I'm using at the moment) Ditto. > What could possibly be confusing about a summary index entry showing a > message using a struck-through font face? It should be self-evident to > anyone with a gram of experience using any modern decent graphical > computer user interface that the message has been marked as deleted. Agree. > Some MUAs which operate in this correct manner do confuse users > sometimes by not handling the somewhat "un-natural" expunge operation > automatically. However I find it's very easy to teach users about this Yes, throw-in-the-trash vs. taking-out-the-trash. Users grasp the difference very quickly. And I've had some dim ones... > extra step by simply explaining to them that it gives them slightly more > control over when they choose to release these marked messages from the > the most immediate level of "undo" (or all possibility of undo if the > MUA doesn't support the "move to trash" feature). And with delayed-expunge they can call up the help-desk and even get back messages they accidentally expunged. Cyrus is awesome. From julian at precisium.com Wed Jul 1 17:26:16 2009 From: julian at precisium.com (julian at precisium.com) Date: Wed, 01 Jul 2009 21:26:16 -0000 Subject: Automatically moving marked mails? In-Reply-To: References: <4A4B5EDF.9050300@glendown.de> <4A4B6BCF.9040006@ofd-sth.niedersachsen.de> <4A4B7423.7000007@glendown.de> Message-ID: On Wed, 01 Jul 2009 18:48:41 -0000, Greg A. Woods wrote: > At Wed, 01 Jul 2009 16:35:15 +0200, Garry wrote: > Subject: Re: Automatically moving marked mails? >> >> The point is not when decent MUAs are used, like Thunderbird, but rather >> crap like Outlook ... which is unable to do a decent, logical handling >> of deleted mails... ;) > > Decent MUAs are _always_ "available", at least to some extent. > > People who won't choose to use decent software when it is available and > instead insist upon using broken crapware _must_ learn that they are on > their own -- they are unsupported, they get no sympathy. > In the present commercial environment - they are more likely to "learn" (with the not so subtle help of certain consultants), that their MUA works perfectly well with an Exchange server - and that their current server provider is probably using some dodgy free system... so the client should change email providers. It's not always easy to counter that sort of thing. Switching to thunderbird is likely to be a harder change for some departments or companies than changing service providers. (especially if they have existing business processes or integration with other office products etc) It can hardly be accidental that Microsoft's flagship email clients don't quite interoperate nicely with standards based IMAP servers. Seems to me it's a driver towards sales of Exchange server services. I don't know what the primary goals of the Cyrus developers are - but I can only assume that serving their existing userbases as best possible and faithfully supporting open standards, are of more importance than gaining market share relative to proprietary server products. Perhaps there is even an element of fighting this by trying to aid in driving customers towards using an open source MUA. That would be fair enough I think.. but I understand why it would be frustrating to those who are in some way competing with providers who use Exchange. Perhaps if Cyrus were to adapt to too many Microsoft peculiarities.. Microsoft would end up driving the nature of the MUA-server relationship overall. Personally I agree it would be nice if Cyrus would do something to compensate for the deletion issue - but I can understand if there is a reluctance on the part of the developers to do this. Julian From list at joreybump.com Wed Jul 1 19:46:00 2009 From: list at joreybump.com (Jorey Bump) Date: Wed, 01 Jul 2009 19:46:00 -0400 Subject: Automatically moving marked mails? In-Reply-To: References: <4A4B5EDF.9050300@glendown.de> <4A4B6BCF.9040006@ofd-sth.niedersachsen.de> <4A4B7423.7000007@glendown.de> Message-ID: <4A4BF538.2050203@joreybump.com> julian at precisium.com wrote, at 07/01/2009 05:26 PM: > Personally I agree it would be nice if Cyrus would do something > to compensate for the deletion issue - but I can understand if there is a > reluctance on the part of the developers to do this. This issue involves the IMAP protocol and is not specific to Cyrus. The only meaningfully defined special mailbox is INBOX. It would be disastrous for Cyrus to change deletion behaviour by moving "deleted" mail to some arbitrarily named mailbox. What name should it use? One that pleases users of Outlook? Thunderbird? Some random webmail application? Until the IMAP protocol is updated or replaced, delete & expunge is a fact of life. It's true that the concept of delete/expunge is difficult for many new users to grasp. In my experience, the worst consequence is when users who delete but never expunge exceed quota and don't know why because deleted messages are hidden from view. A visual indicator (such as a strike-through, symbol, special color) is far more preferable, as it at least makes the problem evident. I agree that the whole process borders on the ridiculous, but that's a problem with IMAP, not Cyrus (and most users would probably clamour for similar functionality if the behaviour was removed). In any case, users expect to control this in the MUA, so it's probably best to keep it out of the server. From julian at precisium.com Wed Jul 1 20:46:10 2009 From: julian at precisium.com (julian at precisium.com) Date: Thu, 02 Jul 2009 00:46:10 -0000 Subject: Automatically moving marked mails? In-Reply-To: <4A4BF538.2050203@joreybump.com> References: <4A4B5EDF.9050300@glendown.de> <4A4B6BCF.9040006@ofd-sth.niedersachsen.de> <4A4B7423.7000007@glendown.de> <4A4BF538.2050203@joreybump.com> Message-ID: On Wed, 01 Jul 2009 23:46:00 -0000, Jorey Bump wrote: > julian at precisium.com wrote, at 07/01/2009 05:26 PM: > >> Personally I agree it would be nice if Cyrus would do something >> to compensate for the deletion issue - but I can understand if there is >> a >> reluctance on the part of the developers to do this. > > This issue involves the IMAP protocol and is not specific to Cyrus. The > only meaningfully defined special mailbox is INBOX. It would be > disastrous for Cyrus to change deletion behaviour by moving "deleted" > mail to some arbitrarily named mailbox. What name should it use? One > that pleases users of Outlook? Thunderbird? Some random webmail > application? Until the IMAP protocol is updated or replaced, delete & > expunge is a fact of life. > > It's true that the concept of delete/expunge is difficult for many new > users to grasp. In my experience, the worst consequence is when users > who delete but never expunge exceed quota and don't know why because > deleted messages are hidden from view. A visual indicator (such as a > strike-through, symbol, special color) is far more preferable, as it at > least makes the problem evident. I agree that the whole process borders > on the ridiculous, but that's a problem with IMAP, not Cyrus (and most > users would probably clamour for similar functionality if the behaviour > was removed). > > In any case, users expect to control this in the MUA, so it's probably > best to keep it out of the server. > I'd dare suggest some sort of ugly hack whereby an MUA need only create a special folder named e.g "_deleteto_Deleted Items" .. which doesn't even need to be subscribed to. The existence of such a folder would tell the server to move 'deleted' mail to the "Deleted Items" folder (or whatever name followed the magic _deleteto_ prefix) It doesn't need to be an 'automatic' fix for outlook out of the box - just one that is relatively easy for helpdesks to talk someone through - or to describe on a web page. I guess this sort of hack would give most of you the horrors though! Julian From nodens2099 at gmail.com Wed Jul 1 21:47:55 2009 From: nodens2099 at gmail.com (Clement Hermann (nodens)) Date: Thu, 02 Jul 2009 03:47:55 +0200 Subject: Automatically moving marked mails? In-Reply-To: References: <4A4B5EDF.9050300@glendown.de> <4A4B6BCF.9040006@ofd-sth.niedersachsen.de> <4A4B7423.7000007@glendown.de> <4A4BF538.2050203@joreybump.com> Message-ID: <4A4C11CB.80304@gmail.com> julian at precisium.com a ?crit : > > I'd dare suggest some sort of ugly hack whereby an MUA need only create a > special folder named e.g > "_deleteto_Deleted Items" .. which doesn't even need to be subscribed to. > > The existence of such a folder would tell the server to move 'deleted' > mail to the "Deleted Items" folder > (or whatever name followed the magic _deleteto_ prefix) > > It doesn't need to be an 'automatic' fix for outlook out of the box - just > one that is relatively easy for helpdesks to talk someone through - or to > describe on a web page. > > I guess this sort of hack would give most of you the horrors though! > It is ugly indeed. If you have to walk someone through a solution, better explain them "add the expunge button to the outlook toolbar, and click it to permanentely delete messages". Also, it should be relatively easy to write an outlook plugin that auto-expunge messages on deletion, possibly copying them to some "Trash" folder first. You may find one already written : IMAP is not so uncommon, and this is a common concern abount IMAP and outlook. The kind of functionality you want could be achieved more elegantly and more usefully by implementing lemonade-imap-sieve (sieve-like scripting on the imap operation level, not only on delivery, see http://tools.ietf.org/html/draft-ietf-lemonade-imap-sieve-05). Also, be aware that Outlook's IMAP implementation is commonly considered as being flawed, and behaving poorly on very large mailboxes. It goes better with Outlook 2007, or so I'm told, so YMMV. Regards, -- Clement Hermann (nodens) - "L'air pur ? c'est pas en RL, ?a ? c'est pas hors charte ?" Jean in L'Histoire des Pingouins, http://tnemeth.free.fr/fmbl/linuxsf/ Vous trouverez ma clef publique sur le serveur public pgp.mit.edu. Please find my public key on the public keyserver pgp.mit.edu. From awilliam at whitemice.org Wed Jul 1 22:12:54 2009 From: awilliam at whitemice.org (Adam Tauno Williams) Date: Wed, 01 Jul 2009 22:12:54 -0400 Subject: Automatically moving marked mails? In-Reply-To: <4A4BF538.2050203@joreybump.com> References: <4A4B5EDF.9050300@glendown.de> <4A4B6BCF.9040006@ofd-sth.niedersachsen.de> <4A4B7423.7000007@glendown.de> <4A4BF538.2050203@joreybump.com> Message-ID: <1246500774.4707.30.camel@linux-m3mt> > It's true that the concept of delete/expunge is difficult for many new > users to grasp. In my experience, the worst consequence is when users > who delete but never expunge exceed quota and don't know why because > deleted messages are hidden from view. A visual indicator (such as a > strike-through, symbol, special color) is far more preferable, as it at > least makes the problem evident. I agree that the whole process borders > on the ridiculous, but that's a problem with IMAP, I disagree, I think the process is quite elegant; certainly simpler to manage that a *&@(*@ Trash folder. In delete/expunge mode restoring a message (or many messages) keeps their original context whereas Trash accumulates messages from potentially many folders. > not Cyrus (and most > users would probably clamour for similar functionality if the behaviour > was removed). Yep. > In any case, users expect to control this in the MUA, so it's probably > best to keep it out of the server. From awilliam at whitemice.org Wed Jul 1 22:17:36 2009 From: awilliam at whitemice.org (Adam Tauno Williams) Date: Wed, 01 Jul 2009 22:17:36 -0400 Subject: Automatically moving marked mails? In-Reply-To: <4A4C11CB.80304@gmail.com> References: <4A4B5EDF.9050300@glendown.de> <4A4B6BCF.9040006@ofd-sth.niedersachsen.de> <4A4B7423.7000007@glendown.de> <4A4BF538.2050203@joreybump.com> <4A4C11CB.80304@gmail.com> Message-ID: <1246501056.4707.32.camel@linux-m3mt> > The kind of functionality you want could be achieved more elegantly and > more usefully by implementing lemonade-imap-sieve (sieve-like scripting > on the imap operation level, not only on delivery, see > http://tools.ietf.org/html/draft-ietf-lemonade-imap-sieve-05). That would be very useful; but I wonder about the performance implications. Has anyone (any server?) implemented this? > Also, be aware that Outlook's IMAP implementation is commonly considered > as being flawed, and behaving poorly on very large mailboxes. It goes > better with Outlook 2007, or so I'm told, so YMMV. I've had very few problems with $version>=2003. It certainly is a much better implementation than ThunderBird's. From rudy.gevaert at ugent.be Thu Jul 2 02:35:31 2009 From: rudy.gevaert at ugent.be (Rudy Gevaert) Date: Thu, 02 Jul 2009 08:35:31 +0200 Subject: Please change the DNS lookup = defaultdomain process, and use defaultdomain as the default domain. In-Reply-To: <20090701115547.19523box7stngnok@www.endries.org> References: <20090701101415.78946oxmv1jh0w00@www.endries.org> <20090701104457.128717ie7tv8ro1w@www.endries.org> <20090701110143.12906ou2jl1bl7wo@www.endries.org> <4A4B8217.6010203@hudat.com> <20090701115547.19523box7stngnok@www.endries.org> Message-ID: <20090702083531.645515kx2o7tbnlf@langoest.ugent.be> Hi Josh, Citeren josh at endries.org: > Hi, thanks for the reply. > > What I'm trying to achieve is that, when I log in with "user", Cyrus > appends the defaultdomain value when looking up the password (I use > SQL for that). > > My fqdn for the server is mail.blah.com, which is what I normally use. > I'm not sure why it stopped working; I changed the IP of the box, > along with forward and reverse DNS, and it broke. That's separate from > the bug, though. It should append the defaultdomain if there is none > in the user name; pretty simple. > I can't really help, but I can mention the following, I have in imapd.conf: admins: cyrus cyrus at mail1.ugent.be virtdomains: userid In our ldap we have a cyrus user. I also had some problems in the past, maybe more or less like you know have. I just log in as 'cyrus' user. However we don't have any domain admins. > I did my admin stuff manually which seemed to work so I'm giving up on > this for the time being. I have too much to do and have wasted a whole > day on this already... I have another problem with Sieve vacation > replies that I need to fix, which is even worse; no logging > whatsoever. Joy. > > Josh > > Quoting Kendrick Vargas : > >> Not sure if this helps, but, you might wanna take a look at this post/thread >> and bugzilla entry: >> >> http://lists.andrew.cmu.edu/pipermail/info-cyrus/2006-October/023811.html >> >> https://bugzilla.andrew.cmu.edu/show_bug.cgi?id=2886 >> >> It's hard to tell from your post exactly what you want to achieve. However I >> wanted to mention that whenever I've set up local admin accounts in cyrus, >> I've always made them part of a domain which was @the.local.fqdn. It's just >> safer and removes ANY confusion. I also don't like the way the virtdomain >> option works, never thought it was very consistent. >> >> I just reworked the patch to work against the latest RPM's as of a week ago >> and it seems to work fine. It's a short one and should go in by hand rather >> easily. Otherwise I can send you the patch I used or the source rpm so you >> can rebuild it yourself. Hope this helped... >> -peace >> >> josh at endries.org wrote: >>> Okay, defaultdomain is set to mail.blah.com again, as it should be. >>> >>> Logging in as admin at mail.blah.com now doesn't work, reports the user >>> name as 'admin', correctly, but doesn't work. >>> >>> Logging in as admin doesn't work, reports the user name as >>> user at blah.com and the password for that user is (now) different. >>> >>> With the defaultdomain set to something else, like something.fake, >>> logging in as admin at mail.blah.com works but then of course is not a >>> global admin. >>> >>> Changing defaultdomain to blah.com, which kinda makes sense but >>> shouldn't be forced...using admin tries login as admin and doesn't >>> work (doesn't append blah.com?). Logging in as admin at blah.com also >>> tries login as admin and doesn't work. >>> >>> e.g. by "tries login as..." I mean "admin" in: >>> >>> Jul 1 11:02:38 mail imaps[19476]: badlogin: mail.blah.com [x.x.x.x] >>> plaintext admin SASL(-13): authentication failure: checkpass failed >>> >>> This was from logging in with >>> >>> c login "admin at blah.com" "password" >>> >>> Still working on it... >>> >>> Josh >>> >>> ---- >>> Cyrus Home Page: http://cyrusimap.web.cmu.edu/ >>> Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki >>> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html >> ---- >> Cyrus Home Page: http://cyrusimap.web.cmu.edu/ >> Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki >> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html >> > > > ---- > Cyrus Home Page: http://cyrusimap.web.cmu.edu/ > Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html > -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- Rudy Gevaert Rudy.Gevaert at UGent.be tel:+32 9 264 4734 Directie ICT, afd. Infrastructuur Direction ICT, Infrastructure dept. Groep Systemen Systems group Universiteit Gent Ghent University Krijgslaan 281, gebouw S9, 9000 Gent, Belgie www.UGent.be -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- From awilliam at whitemice.org Thu Jul 2 11:29:18 2009 From: awilliam at whitemice.org (Adam Tauno Williams) Date: Thu, 02 Jul 2009 11:29:18 -0400 Subject: No -k option for cyradm's reconstrcut [Was: Re: unexpunge Bus Error (signal 7) [Was: Re: ipurge and delayed expunge]] In-Reply-To: <200906271006.52799.bawood@umich.edu> References: <1246029798.5584.4.camel@linux-m3mt> <1246041837.5584.14.camel@linux-m3mt> <1246063679.7801.9.camel@linux-m3mt> <200906271006.52799.bawood@umich.edu> Message-ID: <1246548558.9886.25.camel@linux-m3mt> On Sat, 2009-06-27 at 10:06 -0400, Brian Awood wrote: > On Friday 26 June 2009 @ 20:47, Adam Tauno Williams wrote: > > A reconstruct works, but then none of the expunged messages appear > > (list from unexpunge -l is empty). Should a reconstruct loose > > expunged messages in delayed expunge mode? > reconstruct will remove the expunged data if you don't specify the -k > option, also if it's not able to verify the cyrus.expunge file as > valid, it will delete it and put all messages back into the index. I've verified this behavior; with a batchreconstruct -rk everything seems OK. One note: the "reconstruct" command in cyradm accepts a "-r" option but not a "-k" option. > I posted a patch to the dev list which addresses this and a couple of > other issues in reconstruct. In this case it looks like the > cyrus.expunge file was corrupted since the expunge_index_base isn't > valid. Possibly due to a previous issue with the expunge file. From clarkp at mtmary.edu Thu Jul 2 16:26:05 2009 From: clarkp at mtmary.edu (Peter Clark) Date: Thu, 02 Jul 2009 15:26:05 -0500 Subject: Upgrade and Migration Message-ID: <4A4D17DD.5040903@mtmary.edu> Hello, I have an old cyrus install (2.1.16) with 30GB of data that I need to migrate to a new server. My challenge is that something on that server is screwed up and I have no access to PERL on that machine anymore (the OS is past EOL, so it is long past time to move anyways). I have a new box (2.3.14) and a bunch of trepidation about screwing this move up. I have looked at the Cyrus Upgrade doc and seemingly this is a rather straight forward operation. Does this make sense? 1.rsync (pulling from the old server to the new): config directory (/var/imap) partition-default (/var/spool/imap) 2. /usr/cyrus/bin/cvt_cyrusdb /var/imap/mailboxes.db berkeley /var/imap/mailboxes.db.new skiplist 3. mv /var/imap/mailboxes.db.new /var/imap/mailboxes.db 4. find /var/imap/user -name \*.seen -exec /usr/cyrus/bin/cvt_cyrusdb \{\} flat \{\}.new skiplist \; -exec mv \{\}.new \{\} \; 5. start imapd Is that it? I just want to make sure I am not missing anything. Thank you, Peter From bhc at pitt.edu Thu Jul 2 17:02:33 2009 From: bhc at pitt.edu (Ben Carter) Date: Thu, 02 Jul 2009 17:02:33 -0400 Subject: Upgrade and Migration In-Reply-To: <4A4D17DD.5040903@mtmary.edu> References: <4A4D17DD.5040903@mtmary.edu> Message-ID: <4A4D2069.80408@pitt.edu> Peter Clark wrote: > Hello, > > I have an old cyrus install (2.1.16) with 30GB of data that I need to > migrate to a new server. My challenge is that something on that server > is screwed up and I have no access to PERL on that machine anymore (the > OS is past EOL, so it is long past time to move anyways). I have a new > box (2.3.14) and a bunch of trepidation about screwing this move up. I > have looked at the Cyrus Upgrade doc and seemingly this is a rather > straight forward operation. > > Does this make sense? > > 1.rsync (pulling from the old server to the new): > config directory (/var/imap) > partition-default (/var/spool/imap) > > 2. /usr/cyrus/bin/cvt_cyrusdb /var/imap/mailboxes.db berkeley > /var/imap/mailboxes.db.new skiplist > > 3. mv /var/imap/mailboxes.db.new /var/imap/mailboxes.db > > 4. find /var/imap/user -name \*.seen -exec /usr/cyrus/bin/cvt_cyrusdb > \{\} flat \{\}.new skiplist \; -exec mv \{\}.new \{\} \; > > 5. start imapd > > Is that it? I just want to make sure I am not missing anything. > > > Thank you, > > Peter > > ---- > Cyrus Home Page: http://cyrusimap.web.cmu.edu/ > Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html Peter, You might want to use imapsync to do this. It uses the IMAP protocol, copies flags, can copy ACLs etc. What I did was to create all the INBOXes on the new server, set up large quotas on the new server, point mail delivery to the new server and then use imapsync to copy the folders and messages. People had full mail functionality right away and their folders/messages were backfilled. At the end, I set quotas back to what I really wanted them to be. If you use rsync, you have to stop everything until that finishes, possibly reconstruct all mailboxes, maybe fix some other things before giving people their mail functionality back and allowing mail delivery to resume. Also, the ACL format in the mailboxes file might be different between these 2 Cyrus versions. If you use the protocol to move the data, you don't have to worry about any data structure differences etc. You also can re-arrange your partitions and so on. Plus it re-calculates all quota usage as imapsync APPENDs the messages during the migration. You'll have to enable proxy logins on both IMAP servers to do this administratively with imapsync. I copied 1.2TB, ~65,000 users in ~28 hours by using up to 128 concurrent imapsync processes at a time this way. Ben -- Ben Carter University of Pittsburgh/CSSD bhc at pitt.edu 412-624-6470 From woods-cyrus at weird.com Fri Jul 3 01:02:35 2009 From: woods-cyrus at weird.com (Greg A. Woods) Date: Fri, 03 Jul 2009 01:02:35 -0400 Subject: Automatically moving marked mails? In-Reply-To: References: <4A4B5EDF.9050300@glendown.de> <4A4B6BCF.9040006@ofd-sth.niedersachsen.de> <4A4B7423.7000007@glendown.de> Message-ID: At Wed, 01 Jul 2009 21:26:16 -0000, "julian at precisium.com" wrote: Subject: Re: Automatically moving marked mails? > > In the present commercial environment - they are more likely to "learn" > (with the not so subtle help of certain consultants), > that their MUA works perfectly well with an Exchange server - and that > their current server provider is probably using some dodgy free system... > so the client should change email providers. It's not always easy to > counter that sort of thing. I really don't know anyone, neither amongst home-based users nor corporate e-mail users, who truly believe they're better off with an MS-Exchange server handling their e-mail, especially if they've previously used a decent IMAP client connected to a Cyrus server. Most folks put up with it because they don't have any choice and that's because their IT guy got a good free game of golf or similar from the sales guy who sold him up the creek on using Exchange. BTW, I find telling folks that Cyrus was built to satisfy the needs and demands of tens of thousands of picky but highly intelligent users in an academic environment where e-mail is arguably even more important than it often is in corporate circles, and where the developers really couldn't pull the wool over anyone's eyes usually makes the nay-sayers think twice, or at least hopefully shows them one tiny inkling of a clue that their own experience may not be at the true centre of the e-mail universe. > Switching to thunderbird is likely to be a > harder change for some departments or companies than changing service > providers. (especially if they have existing business processes or > integration with other office products etc) Well, as many have said, Thunderbird is hardly the pinnacle of perfection when it comes to IMAP clients. Sadly many of the other common, and especially other free ones, are not ideal on all fronts either. For me Apple OS X Mail has been better than some, but it also has some very annoying traits, and it lacks the one feature I earlier suggested is ideal for handling IMAP 2-phase deletion and expunge. Mulberry mail was on the right track, but it seems to have died. Maybe the Qualcomm folks will do something better with Thunderbird with their Penelope extensions. As always, the best thing is to choose the right tool for the job. > It can hardly be accidental that Microsoft's flagship email clients don't > quite interoperate nicely with standards based IMAP servers. > Seems to me it's a driver towards sales of Exchange server services. Indeed -- it is no accident, and it's not just about MS-Exchange, it's a whole philosophy and business methodology engineered to put the screws to open standards and open source. -- Greg A. Woods +1 416 218-0098 VE3TCP RoboHack Planix, Inc. Secrets of the Weird From iane at sussex.ac.uk Fri Jul 3 06:00:20 2009 From: iane at sussex.ac.uk (Ian Eiloart) Date: Fri, 03 Jul 2009 11:00:20 +0100 Subject: Automatically moving marked mails? In-Reply-To: References: <4A4B5EDF.9050300@glendown.de> <4A4B6BCF.9040006@ofd-sth.niedersachsen.de> <4A4B7423.7000007@glendown.de> Message-ID: <9D0AFFF5DC118E3B5802AFDD@seana-imac.staff.uscs.susx.ac.uk> --On 3 July 2009 01:02:35 -0400 "Greg A. Woods" wrote: > At Wed, 01 Jul 2009 21:26:16 -0000, "julian at precisium.com" > wrote: Subject: Re: Automatically moving marked > mails? >> >> In the present commercial environment - they are more likely to "learn" >> (with the not so subtle help of certain consultants), >> that their MUA works perfectly well with an Exchange server - and that >> their current server provider is probably using some dodgy free >> system... so the client should change email providers. It's not always >> easy to counter that sort of thing. > > I really don't know anyone, neither amongst home-based users nor > corporate e-mail users, who truly believe they're better off with an > MS-Exchange server handling their e-mail, Outlook users here don't like the fact that some of their MUA functionality is greyed out. I'd like to hear of some OSS solution. We're currently using Cyrus-IMAP and Meeting Maker with an Outlook connector. Unfortunately, the types of recurring meeting that you can create don't overlap - both Exchange and Outlook support types that don't map to the other software. There's pressure here to move to Exchange because it supports Outlook better. > especially if they've > previously used a decent IMAP client connected to a Cyrus server. Most > folks put up with it because they don't have any choice and that's > because their IT guy got a good free game of golf or similar from the > sales guy who sold him up the creek on using Exchange. > > BTW, I find telling folks that Cyrus was built to satisfy the needs and > demands of tens of thousands of picky but highly intelligent users in an > academic environment where e-mail is arguably even more important than > it often is in corporate circles, and where the developers really > couldn't pull the wool over anyone's eyes usually makes the nay-sayers > think twice, or at least hopefully shows them one tiny inkling of a clue > that their own experience may not be at the true centre of the e-mail > universe. > >> Switching to thunderbird is likely to be a >> harder change for some departments or companies than changing service >> providers. (especially if they have existing business processes or >> integration with other office products etc) > > Well, as many have said, Thunderbird is hardly the pinnacle of > perfection when it comes to IMAP clients. Sadly many of the other > common, and especially other free ones, are not ideal on all fronts > either. > > For me Apple OS X Mail has been better than some, but it also has some > very annoying traits, My biggest annoyance is that it creates non-compliant message headers when mailing to Address Book groups. I use Mulberry at work, and Apple Mail on my laptop. > and it lacks the one feature I earlier suggested > is ideal for handling IMAP 2-phase deletion and expunge. Mulberry mail > was on the right track, but it seems to have died. Yes, I'm convinced that's for the absence of a simple user interface. 90% of it's features should be hidden from 90% of users. The cross-platform thing doesn't seem to work very well, either. > Maybe the Qualcomm folks will do something better with Thunderbird with > their Penelope extensions. > > As always, the best thing is to choose the right tool for the job. > > >> It can hardly be accidental that Microsoft's flagship email clients >> don't quite interoperate nicely with standards based IMAP servers. >> Seems to me it's a driver towards sales of Exchange server services. > > Indeed -- it is no accident, and it's not just about MS-Exchange, it's a > whole philosophy and business methodology engineered to put the screws > to open standards and open source. -- Ian Eiloart IT Services, University of Sussex 01273-873148 x3148 For new support requests, see http://www.sussex.ac.uk/its/help/ From arbatovevgeniy at gmail.com Fri Jul 3 08:55:55 2009 From: arbatovevgeniy at gmail.com (Evgeniy Arbatov) Date: Fri, 3 Jul 2009 15:55:55 +0300 Subject: Cyrus IMAP mailboxes with LDAP Message-ID: <56c989d50907030555j7a7ef95fj99ed6c4763dae973@mail.gmail.com> Hello, I am looking for a way to store mailbox quotas and ACLs for Cyrus IMAP in LDAP. Is there a ready made solution for this purpose? If not, how can it be possibly done? Thank you! Regards, Evgeniy -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20090703/66c0c8db/attachment.html From paul at vandervlis.nl Fri Jul 3 10:20:34 2009 From: paul at vandervlis.nl (Paul van der Vlis) Date: Fri, 03 Jul 2009 16:20:34 +0200 Subject: Db4 problems In-Reply-To: References: <4A4B46F5.30109@vandervlis.nl> Message-ID: <4A4E13B2.40909@vandervlis.nl> Andrew Morgan schreef: > Here's what I recommend - get rid of Berkeley DB in Cyrus and use > skiplist instead. :) Thanks for your help. I tested it and it seemed to work. Now it's running in production for a few hours too, and I have seen no errors anymore ;-) With regards, Paul van der Vlis. -- http://www.vandervlis.nl/ From mills at cc.umanitoba.ca Fri Jul 3 10:25:06 2009 From: mills at cc.umanitoba.ca (Gary Mills) Date: Fri, 3 Jul 2009 09:25:06 -0500 Subject: Automatically moving marked mails? In-Reply-To: References: <4A4B5EDF.9050300@glendown.de> <4A4B6BCF.9040006@ofd-sth.niedersachsen.de> <4A4B7423.7000007@glendown.de> Message-ID: <20090703142506.GA7573@cc.umanitoba.ca> On Fri, Jul 03, 2009 at 01:02:35AM -0400, Greg A. Woods wrote: > > I really don't know anyone, neither amongst home-based users nor > corporate e-mail users, who truly believe they're better off with an > MS-Exchange server handling their e-mail, especially if they've > previously used a decent IMAP client connected to a Cyrus server. Most > folks put up with it because they don't have any choice and that's > because their IT guy got a good free game of golf or similar from the > sales guy who sold him up the creek on using Exchange. There's pressure here too to move from Cyrus to Microsoft Exchange. It seems to be coming from administrators rather than students. Is there someplace an unbiased comparison of the two? I see lots of negative reports about Exchange, but they mostly come from people who are using another product based on open standards. -- -Gary Mills- -Unix Support- -U of M Academic Computing and Networking- From iane at sussex.ac.uk Fri Jul 3 11:02:54 2009 From: iane at sussex.ac.uk (Ian Eiloart) Date: Fri, 03 Jul 2009 16:02:54 +0100 Subject: Automatically moving marked mails? In-Reply-To: <20090703142506.GA7573@cc.umanitoba.ca> References: <4A4B5EDF.9050300@glendown.de> <4A4B6BCF.9040006@ofd-sth.niedersachsen.de> <4A4B7423.7000007@glendown.de> <20090703142506.GA7573@cc.umanitoba.ca> Message-ID: --On 3 July 2009 09:25:06 -0500 Gary Mills wrote: > On Fri, Jul 03, 2009 at 01:02:35AM -0400, Greg A. Woods wrote: >> >> I really don't know anyone, neither amongst home-based users nor >> corporate e-mail users, who truly believe they're better off with an >> MS-Exchange server handling their e-mail, especially if they've >> previously used a decent IMAP client connected to a Cyrus server. Most >> folks put up with it because they don't have any choice and that's >> because their IT guy got a good free game of golf or similar from the >> sales guy who sold him up the creek on using Exchange. > > There's pressure here too to move from Cyrus to Microsoft Exchange. > It seems to be coming from administrators rather than students. > > Is there someplace an unbiased comparison of the two? I see lots of > negative reports about Exchange, but they mostly come from people who > are using another product based on open standards. I was speaking to a friend who provides Exchange servers for small businesses locally. He says that the most important thing is to have a really good (fast, available and accurate) disaster recovery procedure, because you need it a lot. -- Ian Eiloart IT Services, University of Sussex 01273-873148 x3148 For new support requests, see http://www.sussex.ac.uk/its/help/ From Pascal.Gienger at uni-konstanz.de Fri Jul 3 11:11:46 2009 From: Pascal.Gienger at uni-konstanz.de (Pascal Gienger) Date: Fri, 03 Jul 2009 17:11:46 +0200 Subject: Automatically moving marked mails? In-Reply-To: References: <4A4B5EDF.9050300@glendown.de> <4A4B6BCF.9040006@ofd-sth.niedersachsen.de> <4A4B7423.7000007@glendown.de> <20090703142506.GA7573@cc.umanitoba.ca> Message-ID: <4A4E1FB2.2080306@uni-konstanz.de> Ian Eiloart wrote: > I was speaking to a friend who provides Exchange servers for small > businesses locally. He says that the most important thing is to have a > really good (fast, available and accurate) disaster recovery procedure, > because you need it a lot. > Here in Germany we have a bigger pressure. Microsoft offers university to "get Exchange for free for the whole campus at Microsoft's cloud", so they want to offer a complete outsourcing. Sure, they don't have any procedure how to get all data out of Exchange after this "for free" period but they get very aggressive, writing directory to the board of directors of the university. Whilst it is complete nonsense that an internet cut results in non-mail-connectivity between one office to the other (how dumb is that, to write to your room neighbour, you have to go to via a remote exchange cloud...). Things are getting hard. We believe in open standards, we want to have our mails and appointments in a system which is at every time perfectly changeable. We don't want a "data dead end" resulting in a complete dependency on one manufacturer. Zimbra is another show stopper here. Many want "Zimbra" because it is soo cool and blah blah blah. But with 14,000 accounts, our central LDAP infrastructure and the Solaris 10 servers with ZFS, running Cyrus IMAP, there is no really good reason to migrate all to Zimbra just to have CalDAV calendaring. Zimbra means endless redo logs, bad performance with many accounts, ... ... I don't like these "all in one solutions", but the people here LIKE THEIR OUTLOOK! Everybody wants to use Outlook and our students want Google, they like Gooooogle! Safe harbour for personal data? not interesting to this youth which even posts pictures of their drunk parties on facebook :-\ From adam at morrison-ind.com Fri Jul 3 12:42:53 2009 From: adam at morrison-ind.com (Adam Tauno Williams) Date: Fri, 03 Jul 2009 12:42:53 -0400 Subject: Automatically moving marked mails? In-Reply-To: <20090703142506.GA7573@cc.umanitoba.ca> References: <4A4B5EDF.9050300@glendown.de> <4A4B6BCF.9040006@ofd-sth.niedersachsen.de> <4A4B7423.7000007@glendown.de> <20090703142506.GA7573@cc.umanitoba.ca> Message-ID: <1246639373.5552.5.camel@linux-m3mt> On Fri, 2009-07-03 at 09:25 -0500, Gary Mills wrote: > On Fri, Jul 03, 2009 at 01:02:35AM -0400, Greg A. Woods wrote: > > I really don't know anyone, neither amongst home-based users nor > > corporate e-mail users, who truly believe they're better off with an > > MS-Exchange server handling their e-mail, especially if they've > > previously used a decent IMAP client connected to a Cyrus server. Most > > folks put up with it because they don't have any choice and that's > > because their IT guy got a good free game of golf or similar from the > > sales guy who sold him up the creek on using Exchange. > There's pressure here too to move from Cyrus to Microsoft Exchange. > It seems to be coming from administrators rather than students. > Is there someplace an unbiased comparison of the two? No, I don't think the two are even comparable; not because Exchange is so terrible but because Cyrus is an IMAP server and Exchange is a Mail Server & a collaboration platform (aka "groupware", which is a terrible term). > I see lots of > negative reports about Exchange, but they mostly come from people who > are using another product based on open standards. I'm always amused at tech conferences how many of the pitches are for products for or relating to dealing with Exchange and keeping it running. From adam at morrison-ind.com Fri Jul 3 12:46:01 2009 From: adam at morrison-ind.com (Adam Tauno Williams) Date: Fri, 03 Jul 2009 12:46:01 -0400 Subject: Automatically moving marked mails? In-Reply-To: <4A4E1FB2.2080306@uni-konstanz.de> References: <4A4B5EDF.9050300@glendown.de> <4A4B6BCF.9040006@ofd-sth.niedersachsen.de> <4A4B7423.7000007@glendown.de> <20090703142506.GA7573@cc.umanitoba.ca> <4A4E1FB2.2080306@uni-konstanz.de> Message-ID: <1246639561.5552.7.camel@linux-m3mt> > I don't like these "all in one solutions", but the people here LIKE > THEIR OUTLOOK! Everybody wants to use Outlook and our students want > Google, they like Gooooogle! Safe harbour for personal data? not > interesting to this youth which even posts pictures of their drunk > parties on facebook :-\ Have you looked at the ZideOne plugin? That provides pretty darn good functionality and works with a variety of Open servers (via CardDAV, CalDAV, and GroupDAV). It will even work with straight up apache. But storing contacts in LDAP is something nothing is every going to support as LDAP schema is just a mess. From woods-cyrus at weird.com Fri Jul 3 13:48:00 2009 From: woods-cyrus at weird.com (Greg A. Woods) Date: Fri, 03 Jul 2009 13:48:00 -0400 Subject: Automatically moving marked mails? In-Reply-To: <20090703142506.GA7573@cc.umanitoba.ca> References: <4A4B5EDF.9050300@glendown.de> <4A4B6BCF.9040006@ofd-sth.niedersachsen.de> <4A4B7423.7000007@glendown.de> <20090703142506.GA7573@cc.umanitoba.ca> Message-ID: At Fri, 3 Jul 2009 09:25:06 -0500, Gary Mills wrote: Subject: Re: Automatically moving marked mails? > > There's pressure here too to move from Cyrus to Microsoft Exchange. > It seems to be coming from administrators rather than students. > > Is there someplace an unbiased comparison of the two? I see lots of > negative reports about Exchange, but they mostly come from people who > are using another product based on open standards. The thing to do, perhaps, is as good a cost-benefit analysis of various features against licensing, hardware, and support costs. A somewhat useful example of such analysis, though quite a bit has to be inferred because of the nature of its authorship, and it is somewhat dated now, is the report about the conversion away from FreeBSD when Hotmail was taken over by Microsoft and (eventually) moved onto Microsoft products. I suspect this venture cost Microsoft much more than they were even able to admit to themselves, let alone what we as outsiders can guess. Personally I believe that Microsoft knew it would be critical for them to acquire a large Unix-based internet service and convert it over to M$ products just to prove to the world (and perhaps themselves) that it could be done, and the fact that many of the documents about this conversion were leaked and/or published is in fact evidence supporting my theory. This Hotmail conversion process now provides the background material for all the current conversion guides M$ uses to sell customers and potential customers on the idea that it is feasible to convert from open (and "free") systems to closed, licensed, systems. If M$'s documents about their Hotmail conversion actually sway you toward using M$ solutions, perhaps you should also read the famous "Microsoft Halloween Papers". I suppose for folks without reasonably extensive systems programming experience the value of an open-source based system is much more difficult to assess. Part the question is about control, and part of it is about capitalism and profiteering (which of course usually requires control to be taken away from users and held tightly by those hoping to profit from the services and/or products they sell). Can the elephantine behemoth of Microsoft really provide cost advantages to all their users because of their size and control, or is it just evidence of how well they are able to control the market and profit from it? -- Greg A. Woods +1 416 218-0098 VE3TCP RoboHack Planix, Inc. Secrets of the Weird From nic at onlight.com Fri Jul 3 13:59:40 2009 From: nic at onlight.com (Nic Bernstein) Date: Fri, 03 Jul 2009 12:59:40 -0500 Subject: Cyrus IMAP mailboxes with LDAP In-Reply-To: <56c989d50907030555j7a7ef95fj99ed6c4763dae973@mail.gmail.com> References: <56c989d50907030555j7a7ef95fj99ed6c4763dae973@mail.gmail.com> Message-ID: <4A4E470C.2050105@onlight.com> On 07/03/2009 07:55 AM, Evgeniy Arbatov wrote: > I am looking for a way to store mailbox quotas and ACLs for Cyrus IMAP > in LDAP. Is there a ready made solution for this purpose? If not, how > can it be possibly done? Thank you! > Attached is a tar file with the tools we use for exactly this purpose. The files are: * cyrus_get_quota.pl: a perl script to generate an LDIF file suitable for import into an LDAP directory with the current user quotas from Cyrus. This is to bootstrap the directory. You must already have the appropriate schema in place. * cyrus_ldap_quota.pl: a perl script to be run periodically from cron to search the directory for modified quotas and push those into cyrus. * cyrus-utils.conf: a configuration file for the above scripts. The schema used is the Srivastava Draft described here: http://www.watersprings.org/pub/id/draft-srivastava-ldap-mail-00.txt You can download the schema here: http://www.netfrag.org/webnews/article.php?id=89&group=nfo.links.computing The code is well documented, but feel free to ask if you have any questions. Best regards, -nic -- Nic Bernstein nic at onlight.com Onlight llc. www.onlight.com 219 N. Milwaukee St., Ste. 2A v. 414.272.4477 Milwaukee, Wisconsin 53202 f. 414.290.0335 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20090703/4d96311f/attachment.html -------------- next part -------------- A non-text attachment was scrubbed... Name: cyrus-ldap-quota.tar.gz Type: application/x-gzip Size: 3079 bytes Desc: not available Url : http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20090703/4d96311f/attachment.bin From woods-cyrus at weird.com Fri Jul 3 14:09:19 2009 From: woods-cyrus at weird.com (Greg A. Woods) Date: Fri, 03 Jul 2009 14:09:19 -0400 Subject: Automatically moving marked mails? In-Reply-To: <9D0AFFF5DC118E3B5802AFDD@seana-imac.staff.uscs.susx.ac.uk> References: <4A4B5EDF.9050300@glendown.de> <4A4B6BCF.9040006@ofd-sth.niedersachsen.de> <4A4B7423.7000007@glendown.de> <9D0AFFF5DC118E3B5802AFDD@seana-imac.staff.uscs.susx.ac.uk> Message-ID: At Fri, 03 Jul 2009 11:00:20 +0100, Ian Eiloart wrote: Subject: Re: Automatically moving marked mails? > > Outlook users here don't like the fact that some of their MUA functionality > is greyed out. I suppose that's evidence of part of the problem -- what's greyed out is (IIUC) actually _not_ "MUA" functionality! > There's pressure here to move to Exchange because it supports Outlook > better. Take away Outlook in effect by giving them better and different open source and open standards tools and that pressure is sure to go away. Part of that might best be done by getting rid of the underlying M$ platform on the desktop too of course! Seriously -- moving desktops from M$ to something else that's free and easy to run (both administratively and for users) is definitely a strategy to think about. Many have already made the move to good success and the WWW is full of their stories. -- Greg A. Woods +1 416 218-0098 VE3TCP RoboHack Planix, Inc. Secrets of the Weird From carson at taltos.org Fri Jul 3 16:00:19 2009 From: carson at taltos.org (Carson Gaspar) Date: Fri, 03 Jul 2009 13:00:19 -0700 Subject: Upgrade and Migration In-Reply-To: <4A4D2069.80408@pitt.edu> References: <4A4D17DD.5040903@mtmary.edu> <4A4D2069.80408@pitt.edu> Message-ID: <4A4E6353.8040100@taltos.org> Ben Carter wrote: > If you use rsync, you have to stop everything until that finishes, > possibly reconstruct all mailboxes, maybe fix some other things before > giving people their mail functionality back and allowing mail delivery > to resume. That's just silly. If you're going to use rsync to migrate data, you do at least one rsync while the source data is live. More than one if the initial sync takes a long time. Then you go offline, do a final sync (which should be very fast), and bring the new data store online. You have to do the _exact_ same thing with imapsync, unless you want to lose email. > Also, the ACL format in the mailboxes file might be different between > these 2 Cyrus versions. Might be, but I don't think it is. > If you use the protocol to move the data, you don't have to worry > about any data structure differences etc. You also can re-arrange > your partitions and so on. Plus it re-calculates all quota usage as > imapsync APPENDs the messages during the migration. All true, except to the best of my knowledge none of this (except repartitioning, which the OP didn't mention) matters for cyrus imapd - it will Just Work(tm) on your old data store. The only exceptions are database format changes (if you use bdb and you've revved the library version, for example), and sieve compiled bytecode. And why do you care about quota re-calculation? The existing quota data should be correct. -- Carson From dave64 at andrew.cmu.edu Sat Jul 4 15:12:00 2009 From: dave64 at andrew.cmu.edu (Dave McMurtrie) Date: Sat, 04 Jul 2009 15:12:00 -0400 Subject: Upgrade and Migration In-Reply-To: <4A4E6353.8040100@taltos.org> References: <4A4D17DD.5040903@mtmary.edu> <4A4D2069.80408@pitt.edu> <4A4E6353.8040100@taltos.org> Message-ID: <4A4FA980.6090807@andrew.cmu.edu> Carson Gaspar wrote: > Ben Carter wrote: > >> If you use rsync, you have to stop everything until that finishes, >> possibly reconstruct all mailboxes, maybe fix some other things before >> giving people their mail functionality back and allowing mail delivery >> to resume. > > That's just silly. If you're going to use rsync to migrate data, you do > at least one rsync while the source data is live. More than one if the > initial sync takes a long time. Then you go offline, do a final sync > (which should be very fast), and bring the new data store online. > Running rsync prior to shutting down so it only has to copy incremental changes once you shut down will be faster than not doing so, but calling stat() for millions of files may not be very fast. If you're not worried about the duration of your downtime, this doesn't matter to you. > You have to do the _exact_ same thing with imapsync, unless you want to > lose email. > Not true. Read the original response again. No downtime was incurred and no mail was lost using imapsync. >> Also, the ACL format in the mailboxes file might be different between >> these 2 Cyrus versions. > > Might be, but I don't think it is. > As of the 2.3 code, Cyrus supports rfc4314 acls. That said, I believe the 2.3.14 code will do the right thing if it encounters the old-style acls. >> If you use the protocol to move the data, you don't have to worry >> about any data structure differences etc. You also can re-arrange >> your partitions and so on. Plus it re-calculates all quota usage as >> imapsync APPENDs the messages during the migration. > > All true, except to the best of my knowledge none of this (except > repartitioning, which the OP didn't mention) matters for cyrus imapd - > it will Just Work(tm) on your old data store. The only exceptions are > database format changes (if you use bdb and you've revved the library > version, for example), and sieve compiled bytecode. > Standard advice, with Cyrus being a sealed-server design, is usually to use IMAP protocol to accomplish whatever it is you're trying to do and to not muck with what's in the filesystem. In this case, imapsync would do everything via protocol so you don't have to muck around in the filesystem. Regarding the original question, however, what you're proposing to do with rsync should work with some caveats. As Carson mentioned above, if you have a different version of bdb on the new machine, that could give you headaches. If your new machine is 64 bit and the old machine was 32 bit, I think that could also cause you problems. Also, check your imapd.conf to make sure you have all the correct database formats specified since you're copying over the old imapd.conf to the new server and you're changing formats on the new server. Rather than trust me or anyone else who tells you this should just work, you should test it first. If it causes you problems, try imapsync. > And why do you care about quota re-calculation? The existing quota > data should be correct. Technically, quota is calculated differently in 2.3.14 than it was in 2.1.16. At the very least, it now ignores things that aren't in cyrus.index when calculating quota and it didn't used to do that. hth, Dave -- Dave McMurtrie, SPE Email Systems Team Leader Carnegie Mellon University, Computing Services From garry at glendown.de Sat Jul 4 16:04:07 2009 From: garry at glendown.de (Garry Glendown) Date: Sat, 04 Jul 2009 22:04:07 +0200 Subject: Upgrade and Migration In-Reply-To: <4A4FA980.6090807@andrew.cmu.edu> References: <4A4D17DD.5040903@mtmary.edu> <4A4D2069.80408@pitt.edu> <4A4E6353.8040100@taltos.org> <4A4FA980.6090807@andrew.cmu.edu> Message-ID: <4A4FB5B7.2000704@glendown.de> I've been following this thread, I will be doing an IMAP migration from an older to a more current version (albeit, not the newest). I was wondering - is imapsync (or IMAP for that matter) able to copy all the folders, permissions etc. by using the cyrus admin user instead of all the separate users? That would save a lot of work ... Tnx, -garry From nic at onlight.com Sat Jul 4 16:14:37 2009 From: nic at onlight.com (Nic Bernstein) Date: Sat, 04 Jul 2009 15:14:37 -0500 Subject: Upgrade and Migration In-Reply-To: <4A4FB5B7.2000704@glendown.de> References: <4A4D17DD.5040903@mtmary.edu> <4A4D2069.80408@pitt.edu> <4A4E6353.8040100@taltos.org> <4A4FA980.6090807@andrew.cmu.edu> <4A4FB5B7.2000704@glendown.de> Message-ID: <4A4FB82D.1040406@onlight.com> On 07/04/2009 03:04 PM, Garry Glendown wrote: > I've been following this thread, I will be doing an IMAP migration from > an older to a more current version (albeit, not the newest). I was > wondering - is imapsync (or IMAP for that matter) able to copy all the > folders, permissions etc. by using the cyrus admin user instead of all > the separate users? That would save a lot of work ... > > Yes, it is, if you first grant the admin account all rights to all mailboxes, which is kind of a pain. My preferred approach, if you can afford to have the mailstore off line for the duration, is to simply bulk-change the passwords to some known value prior to commencing the transfer. For example, if you are using unix system passwords, change the /etc/shadow (or whatever) file. If you are using LDAP change the userPassword attributes, etc. You can stash away a copy of the originals and restore them later. Then I would run a script, written in your favorite scripting language, to walk through a list of users and initiate the transfers. You can run multiple transfers at once, just keep an eye on your I/O loads to make sure you aren't just loading down the systems too much. Cheers, -nic -- Nic Bernstein nic at onlight.com Onlight llc. www.onlight.com 219 N. Milwaukee St., Ste. 2A v. 414.272.4477 Milwaukee, Wisconsin 53202 f. 414.290.0335 From simon.matter at invoca.ch Sat Jul 4 16:23:37 2009 From: simon.matter at invoca.ch (Simon Matter) Date: Sat, 4 Jul 2009 22:23:37 +0200 Subject: Upgrade and Migration In-Reply-To: <4A4FB82D.1040406@onlight.com> References: <4A4D17DD.5040903@mtmary.edu> <4A4D2069.80408@pitt.edu> <4A4E6353.8040100@taltos.org> <4A4FA980.6090807@andrew.cmu.edu> <4A4FB5B7.2000704@glendown.de> <4A4FB82D.1040406@onlight.com> Message-ID: <9d4429efb7d24c1b15381a7f5a18addf.squirrel@webmail.bi.corp.invoca.ch> > On 07/04/2009 03:04 PM, Garry Glendown wrote: >> I've been following this thread, I will be doing an IMAP migration from >> an older to a more current version (albeit, not the newest). I was >> wondering - is imapsync (or IMAP for that matter) able to copy all the >> folders, permissions etc. by using the cyrus admin user instead of all >> the separate users? That would save a lot of work ... >> >> > Yes, it is, if you first grant the admin account all rights to all > mailboxes, which is kind of a pain. My preferred approach, if you can > afford to have the mailstore off line for the duration, is to simply > bulk-change the passwords to some known value prior to commencing the > transfer. For example, if you are using unix system passwords, change > the /etc/shadow (or whatever) file. If you are using LDAP change the > userPassword attributes, etc. You can stash away a copy of the > originals and restore them later. > > Then I would run a script, written in your favorite scripting language, > to walk through a list of users and initiate the transfers. You can run > multiple transfers at once, just keep an eye on your I/O loads to make > sure you aren't just loading down the systems too much. I think an easier way is to use the 'proxyservers' option to declare a proxy user allowed to access all mailboxes. This user can then be used by imapsync. I'm quite sure the archives hold detailed information on this as I don't remember all the details. Regards, Simon From alessandro.oliveira at me.com Sat Jul 4 16:26:15 2009 From: alessandro.oliveira at me.com (Alessandro Oliveira) Date: Sat, 04 Jul 2009 17:26:15 -0300 Subject: subscription test Message-ID: hi, I'm just testing if the subscription is ok, I tried to unsubscribe sometime ago, but I'm still receiving messages. Best Regards, Alessandro Oliveira Celular: +55 (11) 9909-4069 Sun Java Programmer 5.0 Certified ITIL - IT Infrastructure Library - v3 Certified -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20090704/dcf0546c/attachment.html -------------- next part -------------- A non-text attachment was scrubbed... Name: btn_viewmy_160x25.gif Type: image/gif Size: 1440 bytes Desc: not available Url : http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20090704/dcf0546c/attachment.gif From garry at glendown.de Sat Jul 4 17:06:36 2009 From: garry at glendown.de (Garry) Date: Sat, 04 Jul 2009 23:06:36 +0200 Subject: Upgrade and Migration In-Reply-To: <9d4429efb7d24c1b15381a7f5a18addf.squirrel@webmail.bi.corp.invoca.ch> References: <4A4D17DD.5040903@mtmary.edu> <4A4D2069.80408@pitt.edu> <4A4E6353.8040100@taltos.org> <4A4FA980.6090807@andrew.cmu.edu> <4A4FB5B7.2000704@glendown.de> <4A4FB82D.1040406@onlight.com> <9d4429efb7d24c1b15381a7f5a18addf.squirrel@webmail.bi.corp.invoca.ch> Message-ID: <4A4FC45C.6070507@glendown.de> Simon Matter wrote: > I think an easier way is to use the 'proxyservers' option to declare a > proxy user allowed to access all mailboxes. This user can then be used by > imapsync. I'm quite sure the archives hold detailed information on this as > I don't remember all the details. > Cool! Works, at least accessing the user mail directories ... guess I will still have to figure out the best way of transferring all the access rights to the new server, but this should at least get the mails copied more easily ... -garry From alessandro.oliveira at me.com Sat Jul 4 17:09:15 2009 From: alessandro.oliveira at me.com (Alessandro Oliveira) Date: Sat, 04 Jul 2009 18:09:15 -0300 Subject: subscription test In-Reply-To: References: Message-ID: <06677CEE-32D5-4D85-84E3-5F3F073CF1B3@me.com> tried to unsubscribe again... Alessandro Oliveira Celular: +55 (11) 9909-4069 Sun Java Programmer 5.0 Certified ITIL - IT Infrastructure Library - v3 Certified Em 04/07/2009, ?s 17:26, Alessandro Oliveira escreveu: > hi, > > I'm just testing if the subscription is ok, I tried to unsubscribe > sometime ago, but I'm still receiving messages. > > Best Regards, > > Alessandro Oliveira > Celular: +55 (11) 9909-4069 > Sun Java Programmer 5.0 Certified > ITIL - IT Infrastructure Library - v3 Certified > > > > ---- > Cyrus Home Page: http://cyrusimap.web.cmu.edu/ > Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20090704/0a49a818/attachment.html -------------- next part -------------- A non-text attachment was scrubbed... Name: btn_viewmy_160x25.gif Type: image/gif Size: 1440 bytes Desc: not available Url : http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20090704/0a49a818/attachment.gif From iane at sussex.ac.uk Mon Jul 6 05:40:44 2009 From: iane at sussex.ac.uk (Ian Eiloart) Date: Mon, 06 Jul 2009 10:40:44 +0100 Subject: Automatically moving marked mails? In-Reply-To: References: <4A4B5EDF.9050300@glendown.de> <4A4B6BCF.9040006@ofd-sth.niedersachsen.de> <4A4B7423.7000007@glendown.de> <9D0AFFF5DC118E3B5802AFDD@seana-imac.staff.uscs.susx.ac.uk> Message-ID: <38F2B7E7DF7019FD6425412C@seana-imac.staff.uscs.susx.ac.uk> --On 3 July 2009 14:09:19 -0400 "Greg A. Woods" wrote: > >> There's pressure here to move to Exchange because it supports Outlook >> better. > > Take away Outlook in effect by giving them better and different open > source and open standards tools and that pressure is sure to go away. Suggestions? For an integrated email and calendar tool? > Part of that might best be done by getting rid of the underlying M$ > platform on the desktop too of course! > > Seriously -- moving desktops from M$ to something else that's free and > easy to run (both administratively and for users) is definitely a > strategy to think about. Many have already made the move to good > success and the WWW is full of their stories. > -- Ian Eiloart IT Services, University of Sussex 01273-873148 x3148 For new support requests, see http://www.sussex.ac.uk/its/help/ From torlasz at xenia.sote.hu Mon Jul 6 06:43:37 2009 From: torlasz at xenia.sote.hu (Tornoci Laszlo) Date: Mon, 06 Jul 2009 12:43:37 +0200 Subject: Automatically moving marked mails? In-Reply-To: <38F2B7E7DF7019FD6425412C@seana-imac.staff.uscs.susx.ac.uk> References: <4A4B5EDF.9050300@glendown.de> <4A4B6BCF.9040006@ofd-sth.niedersachsen.de> <4A4B7423.7000007@glendown.de> <9D0AFFF5DC118E3B5802AFDD@seana-imac.staff.uscs.susx.ac.uk> <38F2B7E7DF7019FD6425412C@seana-imac.staff.uscs.susx.ac.uk> Message-ID: <4A51D559.1020000@xenia.sote.hu> Ian Eiloart wrote: > > --On 3 July 2009 14:09:19 -0400 "Greg A. Woods" > wrote: > >>> There's pressure here to move to Exchange because it supports Outlook >>> better. >> Take away Outlook in effect by giving them better and different open >> source and open standards tools and that pressure is sure to go away. > > Suggestions? For an integrated email and calendar tool? > The current version of Horde/IMP is a capable groupware system, especially if coupled by cyrus-imapd. However, I don't think it is something that can lure away an established outlook/exchange user. Yours: Laszlo From ludovic at Sophos.ca Mon Jul 6 07:54:15 2009 From: ludovic at Sophos.ca (Ludovic Marcotte) Date: Mon, 06 Jul 2009 07:54:15 -0400 Subject: Automatically moving marked mails? In-Reply-To: <38F2B7E7DF7019FD6425412C@seana-imac.staff.uscs.susx.ac.uk> References: <4A4B5EDF.9050300@glendown.de> <4A4B6BCF.9040006@ofd-sth.niedersachsen.de> <4A4B7423.7000007@glendown.de> <9D0AFFF5DC118E3B5802AFDD@seana-imac.staff.uscs.susx.ac.uk> <38F2B7E7DF7019FD6425412C@seana-imac.staff.uscs.susx.ac.uk> Message-ID: <4A51E5E7.4070704@Sophos.ca> Ian Eiloart wrote: > --On 3 July 2009 14:09:19 -0400 "Greg A. Woods" > wrote: > > >>> There's pressure here to move to Exchange because it supports Outlook >>> better. >>> >> Take away Outlook in effect by giving them better and different open >> source and open standards tools and that pressure is sure to go away. >> > > Suggestions? For an integrated email and calendar tool? > You could have a look at SOGo: http://www.scalableogo.org SOGo is a groupware server with a focus on components reusability (IMAP, LDAP, SMTP and database servers) and open standards (CalDAV, CardDAV, GroupDAV, etc.). It has a very nice web interface (http://www.scalableogo.org/tour/screenshots.html) that mimics the look and feel of Mozilla Thunderbird and Mozilla Lightning. It also has excellent integration with Mozilla Thunderbird / Lightning as it shares look and feel, functionality but more importantly data, with those applications. There is even a Microsoft Outlook plugin available (http://www.zideone.com) and synchronization with mobile devices is possible as there is a Funambol connector available. You can try it out on our demo server: http://sogo-demo.inverse.ca A new version will be available this week which will feature tons of improvements. Thanks, -- Ludovic Marcotte lmarcotte at inverse.ca :: +1.514.755.3630 :: http://www.inverse.ca -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20090706/7a9972b2/attachment.html From awilliam at whitemice.org Mon Jul 6 08:18:50 2009 From: awilliam at whitemice.org (Adam Tauno Williams) Date: Mon, 06 Jul 2009 08:18:50 -0400 Subject: Automatically moving marked mails? In-Reply-To: <38F2B7E7DF7019FD6425412C@seana-imac.staff.uscs.susx.ac.uk> References: <4A4B5EDF.9050300@glendown.de> <4A4B6BCF.9040006@ofd-sth.niedersachsen.de> <4A4B7423.7000007@glendown.de> <9D0AFFF5DC118E3B5802AFDD@seana-imac.staff.uscs.susx.ac.uk> <38F2B7E7DF7019FD6425412C@seana-imac.staff.uscs.susx.ac.uk> Message-ID: <1246882730.5649.2.camel@linux-m3mt> On Mon, 2009-07-06 at 10:40 +0100, Ian Eiloart wrote: > --On 3 July 2009 14:09:19 -0400 "Greg A. Woods" > wrote: > >> There's pressure here to move to Exchange because it supports Outlook > >> better. > > Take away Outlook in effect by giving them better and different open > > source and open standards tools and that pressure is sure to go away. > Suggestions? For an integrated email and calendar tool? We use OpenGroupware (OGo) for our groupware backend. It integrates with Cyrus IMAP. OGo serves as the backend for our corporate CRM and the task workflow is used across the corporation for task management. -- OpenGroupware developer: awilliam at whitemice.org OpenGroupare & Cyrus IMAPd documenation @ From bhc at pitt.edu Mon Jul 6 10:00:51 2009 From: bhc at pitt.edu (Ben Carter) Date: Mon, 06 Jul 2009 10:00:51 -0400 Subject: Upgrade and Migration In-Reply-To: <4A4E6353.8040100@taltos.org> References: <4A4D17DD.5040903@mtmary.edu> <4A4D2069.80408@pitt.edu> <4A4E6353.8040100@taltos.org> Message-ID: <4A520393.3060001@pitt.edu> Carson Gaspar wrote: > Ben Carter wrote: > >> If you use rsync, you have to stop everything until that finishes, >> possibly reconstruct all mailboxes, maybe fix some other things before >> giving people their mail functionality back and allowing mail delivery >> to resume. > > That's just silly. If you're going to use rsync to migrate data, you do > at least one rsync while the source data is live. More than one if the > initial sync takes a long time. Then you go offline, do a final sync > (which should be very fast), and bring the new data store online. > The longer you wait to upgrade, the less silly it gets. In the case of a move to completely new servers, doing a migration using the protocol can be much more appealing. Also, we did what you suggest with rsync on our previous upgrade and we did an rsync every night leading up to the upgrade night, so the last rsync copied only a day's worth of changes. The last rsync took hours even though we ran multiple rsyncs concurrently. I think it may have taken as long as 6-8 hours, but I don't remember the exact timing. > You have to do the _exact_ same thing with imapsync, unless you want to > lose email. > As has already been pointed out, you are incorrect. The order is: [Pre-create inboxes with large quotas on new server] 1. Shut off mail delivery to old server 2. Shut off imapd on old server. 3. Bring up new server with imapd running 4. Start mail delivery to new server. 5. Start imapd on old server with a new IP address or bound to a nonstandard port so MUAs will not get to it. 6. Migrate data using imapsync. And your service can be down literally for only a few minutes if you plan correctly. >> Also, the ACL format in the mailboxes file might be different between >> these 2 Cyrus versions. > > Might be, but I don't think it is. > >> If you use the protocol to move the data, you don't have to worry >> about any data structure differences etc. You also can re-arrange >> your partitions and so on. Plus it re-calculates all quota usage as >> imapsync APPENDs the messages during the migration. > > All true, except to the best of my knowledge none of this (except > repartitioning, which the OP didn't mention) matters for cyrus imapd - > it will Just Work(tm) on your old data store. The only exceptions are > database format changes (if you use bdb and you've revved the library > version, for example), and sieve compiled bytecode. Yes, but that's the point: you can fix all those things that you always wanted to fix. Spin out the mailboxes evenly again across partitions, change DB formats, use fulldirhash, go to fewer, larger partitions, leave unused mailboxes behind, etc. Not to mention that the years of RENAME operations you did to move mailboxes left garbage behind that rsync would blindly copy over. > > And why do you care about quota re-calculation? The existing quota data > should be correct. > In our case, the problem was that the old code used 32-bit integers to track quota/usage so we had to have a cron job that zeroed usage on the old server for large mailboxes every once in a while. Ben -- Ben Carter University of Pittsburgh/CSSD bhc at pitt.edu 412-624-6470 From bhc at pitt.edu Mon Jul 6 10:22:44 2009 From: bhc at pitt.edu (Ben Carter) Date: Mon, 06 Jul 2009 10:22:44 -0400 Subject: Upgrade and Migration In-Reply-To: <4A4FC45C.6070507@glendown.de> References: <4A4D17DD.5040903@mtmary.edu> <4A4D2069.80408@pitt.edu> <4A4E6353.8040100@taltos.org> <4A4FA980.6090807@andrew.cmu.edu> <4A4FB5B7.2000704@glendown.de> <4A4FB82D.1040406@onlight.com> <9d4429efb7d24c1b15381a7f5a18addf.squirrel@webmail.bi.corp.invoca.ch> <4A4FC45C.6070507@glendown.de> Message-ID: <4A5208B4.3050507@pitt.edu> Garry wrote: > Simon Matter wrote: >> I think an easier way is to use the 'proxyservers' option to declare a >> proxy user allowed to access all mailboxes. This user can then be used by >> imapsync. I'm quite sure the archives hold detailed information on this as >> I don't remember all the details. >> > Cool! Works, at least accessing the user mail directories ... guess I > will still have to figure out the best way of transferring all the > access rights to the new server, but this should at least get the mails > copied more easily ... > > -garry > ---- > Cyrus Home Page: http://cyrusimap.web.cmu.edu/ > Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html Yes, the proxy login worked for us. If by "access rights" you mean IMAP ACLs, the imapsync option for this is "--syncacls". Ben -- Ben Carter University of Pittsburgh/CSSD bhc at pitt.edu 412-624-6470 From tof at raceme.org Mon Jul 6 12:05:30 2009 From: tof at raceme.org (Christophe Boyanique) Date: Mon, 06 Jul 2009 18:05:30 +0200 Subject: DBERROR with Cyrus 2.2.12 Message-ID: <4A5220CA.9020201@raceme.org> Hello, I've got a problem with an old Cyrus installation: it is a 2.2.12 version on RedHat AS3 server which used to work correctly. It seems that after a power failure, some mailboxes have been corrupted. On 1000 mailboxes, 5 seem to be unreachable (for imap reads or lmtp deliveries) with this message in the log: DBERROR: error fetching user.foobar: cyrusdb error I tried without success (with cyrus started or stopped) to reconstruct the boxes with: su - cyrus -c "/usr/lib/cyrus-imapd/reconstruct -fr user/foobar" I also tried to stop the server, delete all the cyrus.* files in the user mailbox, reconstruct it and start again cyrus. But i always get the same errors... I also tried to regenerate the mailbox file without success with: /etc/init.d/cyrus-imapd stop cp /var/lib/imap/mailboxes.db /var/lib/imap/mailboxes.db.orig su -c '/usr/lib/cyrus-imapd/ctl_mboxlist -d > /tmp/mailboxes_dmp.txt' cyrus su -c '/usr/lib/cyrus-imapd/cvt_cyrusdb /tmp/mailboxes_dmp.txt flat /tmp/mailboxes.db skiplist' cyrus cp /tmp/mailboxes.db /var/lib/imap/mailboxes.db chown cyrus:mail /var/lib/imap/mailboxes.db /etc/init.d/cyrus-imapd start But Cyrus does not accept the new file so I add to revert back: for all users I had these errors: imap[27307]: user.foobar: can't find partition master[27006]: service imap pid 27532 in BUSY state: terminated abnormally Does anyone have an idea of what is the problem ? Is the mailboxes file corrupted or ma I in a dead end ? Is there a better way to generate a fresh mailboxes file ? I also have these kinds of error messages: lmtpunix[28440]: DBERROR db4: 23 lockers Christophe. From michael.menge at zdv.uni-tuebingen.de Mon Jul 6 12:30:06 2009 From: michael.menge at zdv.uni-tuebingen.de (Michael Menge) Date: Mon, 06 Jul 2009 18:30:06 +0200 Subject: DBERROR with Cyrus 2.2.12 In-Reply-To: <4A5220CA.9020201@raceme.org> References: <4A5220CA.9020201@raceme.org> Message-ID: <20090706183006.53622tcms9ifsj2m@webmail.uni-tuebingen.de> Quoting Christophe Boyanique : > > Hello, > > I've got a problem with an old Cyrus installation: it is a 2.2.12 > version on RedHat AS3 server which used to work correctly. It seems that > after a power failure, some mailboxes have been corrupted. > > On 1000 mailboxes, 5 seem to be unreachable (for imap reads or lmtp > deliveries) with this message in the log: > > DBERROR: error fetching user.foobar: cyrusdb error > > I tried without success (with cyrus started or stopped) to reconstruct > the boxes with: > > su - cyrus -c "/usr/lib/cyrus-imapd/reconstruct -fr user/foobar" > > I also tried to stop the server, delete all the cyrus.* files in the > user mailbox, reconstruct it and start again cyrus. But i always get the > same errors... > > > I also tried to regenerate the mailbox file without success with: > > /etc/init.d/cyrus-imapd stop > cp /var/lib/imap/mailboxes.db /var/lib/imap/mailboxes.db.orig > su -c '/usr/lib/cyrus-imapd/ctl_mboxlist -d > /tmp/mailboxes_dmp.txt' cyrus > su -c '/usr/lib/cyrus-imapd/cvt_cyrusdb /tmp/mailboxes_dmp.txt flat > /tmp/mailboxes.db skiplist' cyrus > cp /tmp/mailboxes.db /var/lib/imap/mailboxes.db > chown cyrus:mail /var/lib/imap/mailboxes.db > /etc/init.d/cyrus-imapd start > > But Cyrus does not accept the new file so I add to revert back: for all > users I had these errors: > Did you have a look at the mailboxes_dmp.txt file? Maybe it is corrupt? I would search for user.foobar > imap[27307]: user.foobar: can't find partition > master[27006]: service imap pid 27532 in BUSY state: terminated abnormally > -------------------------------------------------------------------------------- M.Menge Tel.: (49) 7071/29-70316 Universit?t T?bingen Fax.: (49) 7071/29-5912 Zentrum f?r Datenverarbeitung mail: michael.menge at zdv.uni-tuebingen.de W?chterstra?e 76 72074 T?bingen -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 5339 bytes Desc: S/MIME krytographische Unterschrift Url : http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20090706/04aa4471/attachment.bin From carson at taltos.org Mon Jul 6 15:35:39 2009 From: carson at taltos.org (Carson Gaspar) Date: Mon, 06 Jul 2009 12:35:39 -0700 Subject: Upgrade and Migration In-Reply-To: <4A520393.3060001@pitt.edu> References: <4A4D17DD.5040903@mtmary.edu> <4A4D2069.80408@pitt.edu> <4A4E6353.8040100@taltos.org> <4A520393.3060001@pitt.edu> Message-ID: <4A52520B.8060802@taltos.org> Ben Carter wrote: > Carson Gaspar wrote: >> Ben Carter wrote: >> >> You have to do the _exact_ same thing with imapsync, unless you want >> to lose email. > > As has already been pointed out, you are incorrect. The order is: > > [Pre-create inboxes with large quotas on new server] > > 1. Shut off mail delivery to old server > 2. Shut off imapd on old server. > 3. Bring up new server with imapd running > 4. Start mail delivery to new server. > 5. Start imapd on old server with a new IP address or bound to a > nonstandard port so MUAs will not get to it. > 6. Migrate data using imapsync. > > And your service can be down literally for only a few minutes if you > plan correctly. You have chosen to have users see missing data. You have made a tradeoff between correctness and length of downtime by bringing up your new server in a client visible way before you sync your data. I (foolishly, it seems) assumed that you wouldn't want your users to log in to empty mailboxes, and would leave your new server non-user-visible until your sync completed. -- Carson From woods-cyrus at weird.com Mon Jul 6 17:42:04 2009 From: woods-cyrus at weird.com (Greg A. Woods) Date: Mon, 06 Jul 2009 17:42:04 -0400 Subject: Automatically moving marked mails? In-Reply-To: <38F2B7E7DF7019FD6425412C@seana-imac.staff.uscs.susx.ac.uk> References: <4A4B5EDF.9050300@glendown.de> <4A4B6BCF.9040006@ofd-sth.niedersachsen.de> <4A4B7423.7000007@glendown.de> <9D0AFFF5DC118E3B5802AFDD@seana-imac.staff.uscs.susx.ac.uk> <38F2B7E7DF7019FD6425412C@seana-imac.staff.uscs.susx.ac.uk> Message-ID: At Mon, 06 Jul 2009 10:40:44 +0100, Ian Eiloart wrote: Subject: Re: Automatically moving marked mails? > > Suggestions? The answers will depend entirely on what platform one chooses and what requirements one has for e-mail use. Personally I'd suggest Mac OSX and Apple Mail as a first cut for anyone who wants an easy-to-manage and easy-to-use, and half-decent MUA. It doesn't do everything I want to do as a hyper-experienced e-mail user, nor is it apparently easy to write proper extensions for, but it certainly does cover all the main requirements the average user has. Equally I'm sure Thunderbird works well for many people too. > For an integrated email and calendar tool? After all these years I still fail to see what e-mail and calendar keeping have to do with each other. It's lunacy to put them in the same tool. Use the right tool for the job. Yes, doing scheduling and calendar maintenance requires communicating between multiple parties, but e-mail is _not_ the right tool for this kind of communications! Personally I'm still a big fan of centralization wherever it makes sense, and it especially makes sense when the model one is using to design an implement solutions to a given problem requires shared access to unified data. Perhaps Google Apps calendaring is the right tool for some folks. Perhaps Apple OSX iCal works well enough (and for those who insist on using e-mail to communicate calendaring information, well it just so happens that iCal does integrate with your mail reader to send and receive notifications and facilitates some basic ability to "share" events, but of course iCal also supports full management of proper central calendars too, as well as read-only subscriptions to centrally maintained calendars, etc.). Perhaps Mozilla's answers to calendar management would work for many folks too. Mozilla even cater to those who can't seem to separate calendar management from e-mail in their minds with Lightning, but personally I'd stick with Sunbird if I were to use Mozilla's tools. -- Greg A. Woods +1 416 218-0098 VE3TCP RoboHack Planix, Inc. Secrets of the Weird From iane at sussex.ac.uk Tue Jul 7 05:07:22 2009 From: iane at sussex.ac.uk (Ian Eiloart) Date: Tue, 07 Jul 2009 10:07:22 +0100 Subject: Automatically moving marked mails? In-Reply-To: References: <4A4B5EDF.9050300@glendown.de> <4A4B6BCF.9040006@ofd-sth.niedersachsen.de> <4A4B7423.7000007@glendown.de> <9D0AFFF5DC118E3B5802AFDD@seana-imac.staff.uscs.susx.ac.uk> <38F2B7E7DF7019FD6425412C@seana-imac.staff.uscs.susx.ac.uk> Message-ID: --On 6 July 2009 17:42:04 -0400 "Greg A. Woods" wrote: > At Mon, 06 Jul 2009 10:40:44 +0100, Ian Eiloart wrote: > Subject: Re: Automatically moving marked mails? >> >> Suggestions? > > The answers will depend entirely on what platform one chooses and what > requirements one has for e-mail use. > > Personally I'd suggest Mac OSX and Apple Mail as a first cut for anyone > who wants an easy-to-manage and easy-to-use, and half-decent MUA. > > It doesn't do everything I want to do as a hyper-experienced e-mail > user, nor is it apparently easy to write proper extensions for, but it > certainly does cover all the main requirements the average user has. > > Equally I'm sure Thunderbird works well for many people too. > > >> For an integrated email and calendar tool? > > After all these years I still fail to see what e-mail and calendar > keeping have to do with each other. It's lunacy to put them in the same > tool. Use the right tool for the job. I guess people organise lots of meeting invitations by email. We use Meeting Maker, which uses synchronous server/client communications to pop up invitation alerts, reminders, and so on. However, many of our Meeting Maker accounts are used rarely. The mailbox is the only place you can be sure that a meeting invitation will be found, so even a Meeting Maker invitation has to be backed up with an email invitation. > Yes, doing scheduling and calendar maintenance requires communicating > between multiple parties, but e-mail is _not_ the right tool for this > kind of communications! I tend to agree, and that's part of the reason that we use Meeting Maker. However, it still requires use of email to organise meetings when some participants don't have diaries on the Meeting Maker server. I guess that Outlook users regard email and calendaring as belonging in one tool because that's what they're used to. Even Apple Mail - with its data detectors - makes a nod in this direction. Of course, what Mail should do is create an ics file an import it into your preferred calendar tool. > Personally I'm still a big fan of centralization wherever it makes > sense, and it especially makes sense when the model one is using to > design an implement solutions to a given problem requires shared access > to unified data. > > Perhaps Google Apps calendaring is the right tool for some folks. > > Perhaps Apple OSX iCal works well enough (and for those who insist on > using e-mail to communicate calendaring information, well it just so > happens that iCal does integrate with your mail reader to send and > receive notifications and facilitates some basic ability to "share" > events, but of course iCal also supports full management of proper > central calendars too, as well as read-only subscriptions to centrally > maintained calendars, etc.). > > Perhaps Mozilla's answers to calendar management would work for many > folks too. Mozilla even cater to those who can't seem to separate > calendar management from e-mail in their minds with Lightning, but > personally I'd stick with Sunbird if I were to use Mozilla's tools. I think Mozilla have abandoned Sunbird. They haven't the resources for both projects, and Lightning is easier to develop because it has access to Thunderbird's email functionality. -- Ian Eiloart IT Services, University of Sussex 01273-873148 x3148 For new support requests, see http://www.sussex.ac.uk/its/help/ From D.J.Mayo at bath.ac.uk Tue Jul 7 05:34:27 2009 From: D.J.Mayo at bath.ac.uk (David Mayo) Date: Tue, 07 Jul 2009 10:34:27 +0100 Subject: DBERROR with Cyrus 2.2.12 In-Reply-To: <4A5220CA.9020201@raceme.org> References: <4A5220CA.9020201@raceme.org> Message-ID: <4A5316A3.5010002@bath.ac.uk> Christophe, Christophe Boyanique wrote: > I've got a problem with an old Cyrus installation: it is a 2.2.12 > version on RedHat AS3 server which used to work correctly. It seems that > after a power failure, some mailboxes have been corrupted. > > On 1000 mailboxes, 5 seem to be unreachable (for imap reads or lmtp > deliveries) with this message in the log: > > DBERROR: error fetching user.foobar: cyrusdb error I may be way off the mark here, but have you run the Berkeley DB recovery program? /etc/init.d/cyrus-imapd stop cd /var/lib/imap /path/to/berkeley/bin/db_recover ? Regards, Dave. David Mayo Networks/Systems Administrator University of Bath Computing Services, UK From awilliam at whitemice.org Tue Jul 7 08:58:37 2009 From: awilliam at whitemice.org (Adam Tauno Williams) Date: Tue, 07 Jul 2009 08:58:37 -0400 Subject: Automatically moving marked mails? In-Reply-To: References: <4A4B5EDF.9050300@glendown.de> <4A4B6BCF.9040006@ofd-sth.niedersachsen.de> <4A4B7423.7000007@glendown.de> <9D0AFFF5DC118E3B5802AFDD@seana-imac.staff.uscs.susx.ac.uk> <38F2B7E7DF7019FD6425412C@seana-imac.staff.uscs.susx.ac.uk> Message-ID: <1246971517.7078.14.camel@linux-m3mt> > > For an integrated email and calendar tool? > After all these years I still fail to see what e-mail and calendar > keeping have to do with each other. It's lunacy to put them in the same > tool. Use the right tool for the job. Because they are both about collaboration (communication) so users, correctly, put them in the same bucket conceptually. And clients have been bundling this functionality for ages. > Yes, doing scheduling and calendar maintenance requires communicating > between multiple parties, but e-mail is _not_ the right tool for this > kind of communications! > Personally I'm still a big fan of centralization wherever it makes > sense, and it especially makes sense when the model one is using to > design an implement solutions to a given problem requires shared access > to unified data. A unified client makes sense because both mail and calendering require an address book. But the backends do not need to be so unified; OpenGroupware [for example] delegates mail to IMAP/SMTP (Cyrus/any-MTA) just about everything else is managed over GroupDAV/CalDAV/CardDAV (HTTP) or some combination. And vCards/vEvents/vToDos typically use e-mail addresses as the identifiers of contacts/participants/executors. This is a pretty typically arrangement. > Perhaps Google Apps calendaring is the right tool for some folks. > Perhaps Apple OSX iCal works well enough (and for those who insist on > using e-mail to communicate calendaring information, well it just so > happens that iCal does integrate with your mail reader to send and > receive notifications and facilitates some basic ability to "share" > events, but of course iCal also supports full management of proper > central calendars too, as well as read-only subscriptions to centrally > maintained calendars, etc.). No, iCAL doesn't support "full management of proper central calendars". CalDAV does, or GroupDAV. Straight iCalendar is pretty useless as a groupware solution as you can only operate on a calendar and not just an event. > Perhaps Mozilla's answers to calendar management would work for many > folks too. Mozilla even cater to those who can't seem to separate > calendar management from e-mail in their minds with Lightning, but > personally I'd stick with Sunbird if I were to use Mozilla's tools. Lightning and Sunbird are identical. From bhc at pitt.edu Tue Jul 7 09:04:00 2009 From: bhc at pitt.edu (Ben Carter) Date: Tue, 07 Jul 2009 09:04:00 -0400 Subject: Upgrade and Migration In-Reply-To: <4A52520B.8060802@taltos.org> References: <4A4D17DD.5040903@mtmary.edu> <4A4D2069.80408@pitt.edu> <4A4E6353.8040100@taltos.org> <4A520393.3060001@pitt.edu> <4A52520B.8060802@taltos.org> Message-ID: <4A5347C0.1000406@pitt.edu> Carson Gaspar wrote: > Ben Carter wrote: >> Carson Gaspar wrote: >>> Ben Carter wrote: >>> >>> You have to do the _exact_ same thing with imapsync, unless you want >>> to lose email. >> >> As has already been pointed out, you are incorrect. The order is: >> >> [Pre-create inboxes with large quotas on new server] >> >> 1. Shut off mail delivery to old server >> 2. Shut off imapd on old server. >> 3. Bring up new server with imapd running >> 4. Start mail delivery to new server. >> 5. Start imapd on old server with a new IP address or bound to a >> nonstandard port so MUAs will not get to it. >> 6. Migrate data using imapsync. >> >> And your service can be down literally for only a few minutes if you >> plan correctly. > > You have chosen to have users see missing data. You have made a tradeoff You can't see missing data ;) > between correctness and length of downtime by bringing up your new > server in a client visible way before you sync your data. I (foolishly, > it seems) assumed that you wouldn't want your users to log in to empty > mailboxes, and would leave your new server non-user-visible until your > sync completed. > Yes, that's the trade-off, obviously. We forewarned our users a week or 2 ahead of time though, and let's face it: a lot of retained e-mail just spins around out there, never to be accessed again. This is something done on the weekend and/or at night too, remember. Also, in addition to being forewarned, each user got a start-of-migration message and an end-of-migration message so they knew exactly what was happening and they knew when their migration was complete. So, migrating like this, the users can send and receive mail with almost no interruption, and ours seemed to be quite happy with this. We didn't hear a peep, and we have a lot of users. I think that it's much more important to them to be able to send and receive e-mail without interruption than to have their old mail present immediately. And, their old mail shows up just as it was in a relatively short period of time. Ben -- Ben Carter University of Pittsburgh/CSSD bhc at pitt.edu 412-624-6470 From list at joreybump.com Tue Jul 7 09:57:23 2009 From: list at joreybump.com (Jorey Bump) Date: Tue, 07 Jul 2009 09:57:23 -0400 Subject: Automatically moving marked mails? In-Reply-To: References: <4A4B5EDF.9050300@glendown.de> <4A4B6BCF.9040006@ofd-sth.niedersachsen.de> <4A4B7423.7000007@glendown.de> <9D0AFFF5DC118E3B5802AFDD@seana-imac.staff.uscs.susx.ac.uk> <38F2B7E7DF7019FD6425412C@seana-imac.staff.uscs.susx.ac.uk> Message-ID: <4A535443.3060802@joreybump.com> Greg A. Woods wrote, at 07/06/2009 05:42 PM: > Personally I'd suggest Mac OSX and Apple Mail as a first cut for anyone > who wants an easy-to-manage and easy-to-use, and half-decent MUA. > > It doesn't do everything I want to do as a hyper-experienced e-mail > user, nor is it apparently easy to write proper extensions for, but it > certainly does cover all the main requirements the average user has. I disagree. Apple Mail has some fundamental usability issues that need to be addressed. Every time I try it out, I can't get past the fact that there's no easy way to step through all unread messages in a mailbox. How do people quickly read new mail with Apple Mail? > Equally I'm sure Thunderbird works well for many people too. This is currently my preferred client, although it has its own flaws. However, it has some of the best thread handling and allows me to move to the next unread message with a single keypress: 'n'. The message filters are also pretty nice, if you don't have access to server-side filtering. Finally, its support for multiple accounts seems to be superior to any other client I've tested. > After all these years I still fail to see what e-mail and calendar > keeping have to do with each other. It's lunacy to put them in the same > tool. Use the right tool for the job. Agreed. It's bizarre that this is exactly what gets people addicted to Exchange, when separate protocols offer more flexibility and opportunities for improved integration. I find Outlook/Exchange calendaring to be incredibly underfeatured, yet it's wrapped up in a tidy package with email, so people feel like they're killing two birds with one stone. > Yes, doing scheduling and calendar maintenance requires communicating > between multiple parties, but e-mail is _not_ the right tool for this > kind of communications! Well, it can be, but so can IRC, IM, SMS, etc. From iane at sussex.ac.uk Tue Jul 7 12:20:11 2009 From: iane at sussex.ac.uk (Ian Eiloart) Date: Tue, 07 Jul 2009 17:20:11 +0100 Subject: Automatically moving marked mails? In-Reply-To: <4A535443.3060802@joreybump.com> References: <4A4B5EDF.9050300@glendown.de> <4A4B6BCF.9040006@ofd-sth.niedersachsen.de> <4A4B7423.7000007@glendown.de> <9D0AFFF5DC118E3B5802AFDD@seana-imac.staff.uscs.susx.ac.uk> <38F2B7E7DF7019FD6425412C@seana-imac.staff.uscs.susx.ac.uk> <4A535443.3060802@joreybump.com> Message-ID: <91F080F2C514A246DC388073@lewes.staff.uscs.susx.ac.uk> --On 7 July 2009 09:57:23 -0400 Jorey Bump wrote: >> Personally I'd suggest Mac OSX and Apple Mail as a first cut for anyone >> who wants an easy-to-manage and easy-to-use, and half-decent MUA. >> >> It doesn't do everything I want to do as a hyper-experienced e-mail >> user, nor is it apparently easy to write proper extensions for, but it >> certainly does cover all the main requirements the average user has. > > I disagree. Apple Mail has some fundamental usability issues that need > to be addressed. Every time I try it out, I can't get past the fact that > there's no easy way to step through all unread messages in a mailbox. > How do people quickly read new mail with Apple Mail? I have a smart mailbox which shows me only the "unread messages" in a collection of mailboxes. What I don't like is that it constructs RFC ignorant headers when sending messages to people in Address Book groups. It's a bug that I've repeatedly reported with every version of OSX since the public Betas. I think the current version of this bug (it's their third attempt at fixing it), is that it creates a TO header like: To: undisclosed recipients : <>; Which is so close to being right that it makes me want to cry. Previously, it would read: To: Group Name (where "Group Name" is the name of the group, and happens to be the default group name in Apple's address book). The best solution would be say To: Group Name:; and revert to "undisclosed recipients:;" if the group name has any syntax problems. -- Ian Eiloart IT Services, University of Sussex 01273-873148 x3148 For new support requests, see http://www.sussex.ac.uk/its/help/ From list at joreybump.com Tue Jul 7 13:42:49 2009 From: list at joreybump.com (Jorey Bump) Date: Tue, 07 Jul 2009 13:42:49 -0400 Subject: Automatically moving marked mails? In-Reply-To: <91F080F2C514A246DC388073@lewes.staff.uscs.susx.ac.uk> References: <4A4B5EDF.9050300@glendown.de> <4A4B6BCF.9040006@ofd-sth.niedersachsen.de> <4A4B7423.7000007@glendown.de> <9D0AFFF5DC118E3B5802AFDD@seana-imac.staff.uscs.susx.ac.uk> <38F2B7E7DF7019FD6425412C@seana-imac.staff.uscs.susx.ac.uk> <4A535443.3060802@joreybump.com> <91F080F2C514A246DC388073@lewes.staff.uscs.susx.ac.uk> Message-ID: <4A538919.4020505@joreybump.com> Ian Eiloart wrote, at 07/07/2009 12:20 PM: > > --On 7 July 2009 09:57:23 -0400 Jorey Bump wrote: > >> I disagree. Apple Mail has some fundamental usability issues that need >> to be addressed. Every time I try it out, I can't get past the fact that >> there's no easy way to step through all unread messages in a mailbox. >> How do people quickly read new mail with Apple Mail? > > I have a smart mailbox which shows me only the "unread messages" in a > collection of mailboxes. I tried that, but it fell short for me. I want to stay in a mailbox and progress through all the unread messages in it. A smart mailbox still doesn't provide the behaviour I want (you just end up with a mixture of read and unread messages out of context, with still no way to advance to the next unread one using a single keypress). It seems like a glaring omission to leave out this simple usability feature (for how long, now?). > What I don't like is that it constructs RFC ignorant headers when > sending messages to people in Address Book groups. It's a bug that I've > repeatedly reported with every version of OSX since the public Betas. I > think the current version of this bug (it's their third attempt at > fixing it), is that it creates a TO header like: > > To: undisclosed recipients : <>; > > Which is so close to being right that it makes me want to cry. > Previously, it would read: > > To: Group Name > > (where "Group Name" is the name of the group, and happens to be the > default group name in Apple's address book). > > The best solution would be say > > To: Group Name:; > > and revert to "undisclosed recipients:;" if the group name has any > syntax problems. I feel your pain. From Nikolaus at rath.org Tue Jul 7 20:37:02 2009 From: Nikolaus at rath.org (Nikolaus Rath) Date: Tue, 07 Jul 2009 20:37:02 -0400 Subject: Security impact of lmtpd with pre-auth Message-ID: <87ab3gko29.fsf@vostro.rath.org> Hello, Apparently (http://wiki.exim.org/CyrusImap) I need to let lmtpd accept connections from localhost as pre-authenticated to make cyrus and exim work nicely together. Can someone explain what this actually means security wise? I.e. what could a malicious user on localhost do with a pre-authed connection? Unfortunately the lmtpd manpage does not say anything about for which operations an authorization is required. Thanks, -Nikolaus -- ?Time flies like an arrow, fruit flies like a Banana.? PGP fingerprint: 5B93 61F8 4EA2 E279 ABF6 02CF A9AD B7F8 AE4E 425C From Pascal.Gienger at uni-konstanz.de Wed Jul 8 02:02:19 2009 From: Pascal.Gienger at uni-konstanz.de (Pascal Gienger) Date: Wed, 08 Jul 2009 08:02:19 +0200 Subject: Security impact of lmtpd with pre-auth In-Reply-To: <87ab3gko29.fsf@vostro.rath.org> References: <87ab3gko29.fsf@vostro.rath.org> Message-ID: <4A54366B.4050106@uni-konstanz.de> Nikolaus Rath schrieb: > Hello, > > Apparently (http://wiki.exim.org/CyrusImap) I need to let lmtpd accept > connections from localhost as pre-authenticated to make cyrus and exim > work nicely together. > > Can someone explain what this actually means security wise? I.e. what > could a malicious user on localhost do with a pre-authed connection? He can put/deliver mail in whatever mailbox. The other side: If you have a "malicious unix user" on your Cyrus Box, you'll have a bunch of another problems, far aside from delivering mails to every mailbox... Delivering mails from localhost to localhost via lmtp with authentication has the problem that the sending side does need to now the credential. If the sending side knows that credential, a "malicious user" does have access to it because the sending side is on the same box, the same container, ... Just my $0.02, Pascal -- Pascal Gienger University of Konstanz, IT Services Department ("Rechenzentrum") Electronic Communications and Web Services Building V, Room V404, Phone +49 7531 88 5048, Fax +49 7531 88 3739 From sbingram at gmail.com Wed Jul 8 02:23:28 2009 From: sbingram at gmail.com (Steven Ingram) Date: Tue, 7 Jul 2009 23:23:28 -0700 Subject: sync_client connect fails - Invalid argument Message-ID: <6f26b03c0907072323w578f02a6gdaf4914cbb427681@mail.gmail.com> I am trying to perform manual (and eventually automatic) replication with Centos 5.3 package (2.3.7-2.el5_3.2). Following the suggestions of other posts, I have tested with synctest and imtest. Although both of these work (they connect and authenticate), sync_client always yields: Can not connect to server 'sm1.4test.net', retrying in 15 seconds. The message logged is "imap1 sync_client[25737]: connect(sm1.4test.net) failed: Invalid argument". I've run several commands all with the same result: /usr/lib/cyrus-imapd/sync_client -v -r, /usr/lib/cyrus-imapd/sync_client -r, /usr/lib/cyrus-imapd/sync_client -m user.steve Looking at the replica (sync_server), no packets make it to that box. Looking at the error message there should be some argument of sync_client that is not correct. Here is the sync portion of the imap.conf: sync_host: sm1.4test.net sync_authname: cyrus sync_password: secret sync_log: 1 As there aren't that many options for sync_client, I'm not really sure what's incorrect or missing. Is replication broken in this version? Everything else seems to work perfectly. Steve From morgan at orst.edu Wed Jul 8 03:06:47 2009 From: morgan at orst.edu (Andrew Morgan) Date: Wed, 8 Jul 2009 00:06:47 -0700 (PDT) Subject: Security impact of lmtpd with pre-auth In-Reply-To: <4A54366B.4050106@uni-konstanz.de> References: <87ab3gko29.fsf@vostro.rath.org> <4A54366B.4050106@uni-konstanz.de> Message-ID: On Wed, 8 Jul 2009, Pascal Gienger wrote: > Nikolaus Rath schrieb: >> Hello, >> >> Apparently (http://wiki.exim.org/CyrusImap) I need to let lmtpd accept >> connections from localhost as pre-authenticated to make cyrus and exim >> work nicely together. >> >> Can someone explain what this actually means security wise? I.e. what >> could a malicious user on localhost do with a pre-authed connection? > > He can put/deliver mail in whatever mailbox. > > The other side: If you have a "malicious unix user" on your Cyrus Box, > you'll have a bunch of another problems, far aside from delivering mails > to every mailbox... > > Delivering mails from localhost to localhost via lmtp with > authentication has the problem that the sending side does need to now > the credential. If the sending side knows that credential, a "malicious > user" does have access to it because the sending side is on the same > box, the same container, ... For an entertaining read (which also contains instructions on configuring exim to do lmtp auth): http://lkcl.net/reports/cyrus-configs/SIMPLEHOWTO.txt The author has some wonderful comments about software and managers. :) Pascal is right though - you may end up with the lmtp auth password stored in plaintext in a config file that end users can read. Still, lmtp auth is probably a smarter way to go than pre-auth. You may be able to make the necessary exim config file not readable by your users. I'm not that familiar with exim myself. Andy From tof at raceme.org Wed Jul 8 05:47:57 2009 From: tof at raceme.org (Christophe Boyanique) Date: Wed, 08 Jul 2009 11:47:57 +0200 Subject: DBERROR with Cyrus 2.2.12 In-Reply-To: <20090706183006.53622tcms9ifsj2m@webmail.uni-tuebingen.de> References: <4A5220CA.9020201@raceme.org> <20090706183006.53622tcms9ifsj2m@webmail.uni-tuebingen.de> Message-ID: <4A546B4D.7030002@raceme.org> Hello Michael Menge, you wrote: > Did you have a look at the mailboxes_dmp.txt file? Maybe it is corrupt? > I would search for user.foobar At first (quick) sight the file seemed to be correct. Here is an extract of a box which had the problem (I added the blank lines and replaced tabs by spaces): --- cut --- user.catherine^cudorge default catherine.cudorge lrswipcda user.catherine^cudorge.&AMk-l&AOk-ments envoy&AOk-s default catherine.cudorge lrswipcda cyrus lrswipcda catherine^cudorge lrswipcda user.catherine^cudorge.Brouillons default catherine.cudorge lrswipcda cyrus lrswipcda user.catherine^cudorge.Courriers non d&AOk-sir&AOk-s default catherine.cudorge lrs cyrus lrs user.catherine^cudorge.Courriers non d&AOk-sir&AOk-s.A recevoir default catherine.cudorge lrswipcd cyrus lrswipcd user.catherine^cudorge.Courriers non d&AOk-sir&AOk-s.A rejeter default catherine.cudorge lrswipcd cyrus lrswipcd user.catherine^cudorge.Courriers non d&AOk-sir&AOk-s.D&AOk-tection automatique default catherine.cudorge lrswipcd cyrus lrs user.catherine^cudorge.El&AOk-ments envoy&AOk-s default catherine.cudorge lrswipcda cyrus lrswipcda user.catherine^cudorge.INBOX default catherine.cudorge lrswipcda cyrus lrswipcda user.catherine^cudorge.Trash default catherine.cudorge lrswipcda cyrus lrswipcda user.catherine^cudorge.archives default catherine.cudorge lrswipcda cyrus lrswipcda catherine^cudorge lrswipcda --- cut --- Except a weird "catherine^cudorge lrswipcd" for two mailboxes in the acl, entries seems to be normal. In fact I managaged to solve the problem by removing the quota file in /var/lib/imap/quota/x// and using "quota -f" on the mailboxes. But I still get repeating error messages like this: Jul 7 14:58:51 mail7702 lmtpunix[8988]: DBERROR db4: 9 lockers Jul 7 15:04:24 mail7702 lmtpunix[9249]: DBERROR db4: 11 lockers Should I be worried by these messages ? Regards, Christophe. From woods-cyrus at weird.com Wed Jul 8 12:04:05 2009 From: woods-cyrus at weird.com (Greg A. Woods) Date: Wed, 08 Jul 2009 12:04:05 -0400 Subject: Automatically moving marked mails? In-Reply-To: <4A535443.3060802@joreybump.com> References: <4A4B5EDF.9050300@glendown.de> <4A4B6BCF.9040006@ofd-sth.niedersachsen.de> <4A4B7423.7000007@glendown.de> <9D0AFFF5DC118E3B5802AFDD@seana-imac.staff.uscs.susx.ac.uk> <38F2B7E7DF7019FD6425412C@seana-imac.staff.uscs.susx.ac.uk> <4A535443.3060802@joreybump.com> Message-ID: This is getting way off topic now, but I'm not sure how best to reply privately to you. At Tue, 07 Jul 2009 09:57:23 -0400, Jorey Bump wrote: Subject: Re: Automatically moving marked mails? > > I disagree. Apple Mail has some fundamental usability issues that need > to be addressed. Every time I try it out, I can't get past the fact that > there's no easy way to step through all unread messages in a mailbox. > How do people quickly read new mail with Apple Mail? Just like you can in many other MUAs (GUI and non-GUI): click on the header to sort by flag, scroll down to the first unread message, then read the successive ones by pressing the cursor-down key. It can't get much more intuitive, but of course you have to understand that sorting and re-sorting the message display is a fundamental feature that needs to be actively used in order to take full advantage of pretty much any modern MUA (even Pine). I'm sure there's a trivial way to bind a keyboard shortcut to jump to the next unread message, but I'm no OSX expert by any means and the most I've done with keyboard shortcuts is rebind the quit sequence so that it isn't quite so easy to hit (since it doesn't confirm in most apps, nor should it ever, really). Personally I don't like the way threads are visualized in Apple Mail, but that's hardly a show-stopper. > [[about Thunderbird]] The message > filters are also pretty nice, if you don't have access to server-side > filtering. I would have said Apple Mail's rules were better, but I don't really use them so I can't say for sure. What would be better for any and all IMAP MUAs would be a rules editor to write and edit Sieve rules and which would work with Cyrus IMAP for managing server-side filtering (but I personally wouldn't use it either -- I'd just edit the source :-)) This is the one place where IMAP as a protocol fails miserably -- sieve rule management should be integrated into it as otherwise server-side filtering will never become usable by the average person. > Finally, its support for multiple accounts seems to be > superior to any other client I've tested. Again I would have said Apple Mail's ability to handle multiple accounts is better. I liked Mulberry, but without ongoing development it cannot be recommended any more. I tried Opera Mail the other day, but I didn't like it much (though it seemed very complete) and I couldn't get over the fact that it was integrated right into the browser as an extension and my mailbox summary could be just another tab in my browser window. That's way too scary for me. I'd hate to think what the security implications might be, and I suspect there are many, but that they'll be a lot harder to find and fix than they would be if one used an integrated web browser and mail reader in Emacs (or a Smalltalk environment, for that matter). -- Greg A. Woods +1 416 218-0098 VE3TCP RoboHack Planix, Inc. Secrets of the Weird From nybbles2byte at gmail.com Wed Jul 8 12:23:31 2009 From: nybbles2byte at gmail.com (Nybbles2Byte) Date: Wed, 8 Jul 2009 09:23:31 -0700 Subject: Cyrus Imap final setup problems Message-ID: <189608145.20090708092331@gmail.com> Hello , I have a setup with the following: OpenSuSE 11.0 (x86_64) Postfix 2.5.1-28.5 (x86_64) Cyrus SASL 2.1.22-140.1 (x86_64) Cyrus Imap 2.3.11-31.1 (x86_64) MySQL 5.1.35-34.1 All of these are on the same computer. I've tested SASL with the four main types (plain, login & the two md5 types) and it worked fine. Postfix works fine and I made sure it worked before even working on Imap and SASL. Cyrus Imap goes through SASL to MySQL but Postfix goes directly to MySQL for now. Postfix accesses the same MySQL data as Imap for its domain and user tests so they should always be in sync on authentication. Postfix communicates with Imap through LMTP. I've done the tests in the documention step by step and Cyrus Imap passes. I created a user with cyradm and successfully sent and received a message from my email client (The Bat!) using the the imap protocol with that user from a different computer. So far so good. However, it stopped receiving messages after two tests and looking at the logs it said it was at it's quota limit so I went back to cyradm to set the quota (I didn't bother the first time so it was at zero) and I got a "quota permission denied" error. This was from the same admin, I created the user with and it showed that the admin had all rights. I then used the admin to create another user and immediately tried to set the quota of that new user and got the same permission denied error. I could however remove the user that I could no set the quota for. That is my first problem but I have two other as follow: Sieve is not working when I try to telnet to it and I get this error: neutrino:~ # telnet mydomain.com sieve Trying nnn.nn.nn.nn... telnet: connect to address nnn.nn.nn.nn: Connection refused This may be that it needs to be compiled and installed but I am not sure. Is it automatically installed with Cyrus Imap? I did however as per the instructions set the /etc/services for it and I commented out the other service (cisco something) that it conflicted with for port 2000. The last thing is I am getting a "badlogin" error in my cyrus log as you can see below: Jul 8 08:12:00 neutrino SeoWS/imap[20686]: badlogin: localhost [127.0.0.1] CRAM-MD5 [SASL(-13): user not found: no secret in database] Jul 8 08:12:00 neutrino SeoWS/imap[20694]: sql auxprop plugin using mysql engine Jul 8 08:12:03 neutrino SeoWS/imap[20686]: sql plugin Parse the username reg Jul 8 08:12:03 neutrino SeoWS/imap[20686]: sql plugin try and connect to a host Jul 8 08:12:03 neutrino SeoWS/imap[20686]: sql plugin trying to open db 'mail' on host 'localhost' Jul 8 08:12:03 neutrino SeoWS/imap[20686]: sql plugin Parse the username reg Jul 8 08:12:03 neutrino SeoWS/imap[20686]: sql plugin try and connect to a host Jul 8 08:12:03 neutrino SeoWS/imap[20686]: sql plugin trying to open db 'mail' on host 'localhost' Jul 8 08:12:03 neutrino SeoWS/imap[20686]: sql plugin Parse the username reg Jul 8 08:12:03 neutrino SeoWS/imap[20686]: sql plugin try and connect to a host Jul 8 08:12:03 neutrino SeoWS/imap[20686]: sql plugin trying to open db 'mail' on host 'localhost' Jul 8 08:12:03 neutrino SeoWS/imap[20686]: begin transaction Jul 8 08:12:03 neutrino SeoWS/imap[20686]: sql plugin create statement from userPassword reg neutrino Jul 8 08:12:03 neutrino SeoWS/imap[20686]: sql plugin doing query SELECT `password` FROM `accounts` WHERE `user`='reg' AND `realm`='neutrino' AND `virtual` != 0; Jul 8 08:12:03 neutrino SeoWS/imap[20686]: sql plugin: no result found Jul 8 08:12:03 neutrino SeoWS/imap[20686]: sql plugin create statement from cmusaslsecretPLAIN reg neutrino Jul 8 08:12:03 neutrino SeoWS/imap[20686]: sql plugin doing query SELECT `password` FROM `accounts` WHERE `user`='reg' AND `realm`='neutrino' AND `virtual` != 0; Jul 8 08:12:03 neutrino SeoWS/imap[20686]: sql plugin: no result found Jul 8 08:12:03 neutrino SeoWS/imap[20686]: commit transaction Jul 8 08:12:03 neutrino SeoWS/imap[20686]: sql plugin Parse the username reg Jul 8 08:12:03 neutrino SeoWS/imap[20686]: sql plugin try and connect to a host Jul 8 08:12:03 neutrino SeoWS/imap[20686]: sql plugin trying to open db 'mail' on host 'localhost' Jul 8 08:12:03 neutrino SeoWS/imap[20686]: badlogin: localhost [127.0.0.1] plaintext reg SASL(-13): user not found: checkpass failed Jul 8 08:12:15 neutrino SeoWS/imap[20694]: accepted connection Jul 8 08:13:39 neutrino SeoWS/imap[20707]: executed Jul 8 08:13:39 neutrino SeoWS/imap[20707]: sql auxprop plugin using mysql engine Jul 8 08:14:33 neutrino SeoWS/ctl_cyrusdb[20708]: checkpointing cyrus databases Jul 8 08:14:33 neutrino SeoWS/ctl_cyrusdb[20708]: archiving log file: /var/lib/imap/db/log.0000000001 Jul 8 08:14:33 neutrino SeoWS/ctl_cyrusdb[20708]: archiving log file: /var/lib/imap/db/log.0000000001 Jul 8 08:14:33 neutrino SeoWS/ctl_cyrusdb[20708]: archiving database file: /var/lib/imap/annotations.db Jul 8 08:14:33 neutrino SeoWS/ctl_cyrusdb[20708]: archiving database file: /var/lib/imap/mailboxes.db Jul 8 08:14:33 neutrino SeoWS/ctl_cyrusdb[20708]: archiving log file: /var/lib/imap/db/log.0000000001 Jul 8 08:14:33 neutrino SeoWS/ctl_cyrusdb[20708]: done checkpointing cyrus databases Jul 8 08:15:00 neutrino SeoWS/imap[20707]: accepted connection Jul 8 08:15:00 neutrino SeoWS/imap[20712]: executed Jul 8 08:15:00 neutrino SeoWS/imap[20712]: sql auxprop plugin using mysql engine Jul 8 08:17:15 neutrino SeoWS/imap[20712]: accepted connection Jul 8 08:17:15 neutrino SeoWS/imap[20756]: executed Jul 8 08:17:15 neutrino SeoWS/imap[20756]: sql auxprop plugin using mysql engine This makes no sense to me because I don't know where it could get the user "reg" from to do any logging in with in the first place, let alone what it is logging in for since I not receiving or sending emails right now. I also noticed, but don't know if it is a problem or just how Imap works that the user I created showed up in two places in the cyrus store. Once in a path like ..../domain/m/mydomain.com/r/user/root/user^sales and once in a path like ..../domain/m/mydomain.com/s/user/sales. I suspect this is just the way Cyrus works but I mention it just in case it's important to know. Help will be greatly appreciated! While I am relatively new to Linux as I have had my own Linux box for only about 6 months, I am a seasoned programmer so I'm pick up technical things quick given a pointer or two and certainly don't mind "digging around" until a problem is solved. Below are my cyrus.conf & imap.conf files: # standard standalone server implementation CYRUS.CONF START { # recover - do not delete this entry! # idled - this is only necessary if using idled for IMAP IDLE recover cmd="ctl_cyrusdb -r" idled cmd="idled" } # UNIX sockets start with a slash and are put into /var/lib/imap/socket SERVICES { # DEFAULT DOMAIN imap cmd="imapd" listen="imap" prefork=0 # imaps cmd="imapd -s" listen="imaps" prefork=0 # pop3 cmd="pop3d" listen="pop3" prefork=0 # pop3s cmd="pop3d -s" listen="pop3s" prefork=0 sieve cmd="timsieved" listen="sieve" prefork=0 lmtpunix cmd="lmtpd" listen="/var/lib/imap/socket/lmtp" prefork=0 notify cmd="notifyd" listen="/var/lib/imap/socket/notify" proto="udp" prefork=0 } EVENTS { checkpoint cmd="ctl_cyrusdb -c" period=30 delprune cmd="cyr_expire -E 3" at=0400 tlsprune cmd="tls_prune" at=0400 # cleanup cmd="ipurge -d 30 -f" period=60 } IMAPD.CONF sasl_auxprop_plugin: sql sasl_log_level: 7 sasl_mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5 sasl_pwcheck_method: auxprop sasl_sql_hostnames: localhost sasl_sql_user: cyrus sasl_sql_passwd: XXX sasl_sql_database: mail sasl_sql_select: SELECT `password` FROM `accounts` WHERE `user`='%u' AND `realm`='%r' AND `virtual` != 0 sasl_sql_insert: INSERT INTO `accounts` (`user`, `realm`, `password`) VALUES ('%u', '%r', '%v') sasl_sql_update: UPDATE `accounts` SET `user`='%u',`realm`='%r',`password`='%v' WHERE `user`='%u' AND `realm`='%r' admins: cyrus root allowplaintext: 1 altnamespace: 1 anyoneuseracl: 0 auth_mech: unix autocreatequota: 5 configdirectory: /var/lib/imap drachost: localhost dracinterval: 0 foolstupidclients: 1 hashimapspool: 1 improved_mboxlist_sort: 1 lmtp_downcase_rcpt: 1 lmtp_strict_quota: 1 logtimestamps: 1 partition-default: /var/mail/cyrus popsubfolders: 1 poptimeout: 10 sendmail: /usr/sbin/sendmail sievedir: /var/mail/sieve syslog_prefix: SeoWS unixhierarchysep: 1 virtdomains: on -- Reggie mailto:nybbles2byte at gmail.com -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20090708/5f8faf6d/attachment.html From woods-cyrus at weird.com Wed Jul 8 12:36:04 2009 From: woods-cyrus at weird.com (Greg A. Woods) Date: Wed, 08 Jul 2009 12:36:04 -0400 Subject: Automatically moving marked mails? In-Reply-To: <1246971517.7078.14.camel@linux-m3mt> References: <4A4B5EDF.9050300@glendown.de> <4A4B6BCF.9040006@ofd-sth.niedersachsen.de> <4A4B7423.7000007@glendown.de> <9D0AFFF5DC118E3B5802AFDD@seana-imac.staff.uscs.susx.ac.uk> <38F2B7E7DF7019FD6425412C@seana-imac.staff.uscs.susx.ac.uk> <1246971517.7078.14.camel@linux-m3mt> Message-ID: At Tue, 07 Jul 2009 08:58:37 -0400, Adam Tauno Williams wrote: Subject: Re: Automatically moving marked mails? > > Because they are both about collaboration (communication) so users, > correctly, put them in the same bucket conceptually. And clients have > been bundling this functionality for ages. Well, OK, yes I integrate all these features in my editor for various reasons, not all of which have to do with usability, but from a user's point of view, at least on a platform with a complete and consistent GUI, it really doesn't matter if they're separate applications or not since it's just a bunch of different windows for the user anyway. > A unified client makes sense because both mail and calendering require > an address book. Well, perhaps that would make sense to a really junior developer who also doesn't understand that an address book application is also a separate tool, and also one which perhaps is going to be using centralized, and multiple separate, remote shared data sources..... :-) > But the backends do not need to be so unified; Exactly. Thus the front-ends don't need to be unified either. > No, iCAL doesn't support "full management of proper central calendars". > CalDAV does, or GroupDAV. Straight iCalendar is pretty useless as a > groupware solution as you can only operate on a calendar and not just an > event. I'm not sure what you're talking about. I think you're confusing protocols and applications. I think you're also confusing how some of these protocols, such as RFC 2445 iCalendar can be used. Apple iCal is an application. It can subscribe to remote calendars and it can publish to a remote calendar in standard RFC 2445 format. It can also use CalDAV as a protocol to connect to a calendar server supporting that protocol. I agree though that iCal without using either CalDAV or e-mail to share events is still not as advanced as it could be when it comes to managing remote calendars that could be shared. However with CalDAV the use of e-mail to share events can mostly be avoided (except of course for those who somehow cannot use an RFC2445 or RFC47921 server but can use e-mail). > Lightning and Sunbird are identical. No, they're not (though their shared functionality may be close to identical). One is an integrated app bundle, the other is more stand-alone. -- Greg A. Woods +1 416 218-0098 VE3TCP RoboHack Planix, Inc. Secrets of the Weird From dwhite at olp.net Wed Jul 8 13:18:28 2009 From: dwhite at olp.net (Dan White) Date: Wed, 08 Jul 2009 12:18:28 -0500 Subject: Cyrus Imap final setup problems In-Reply-To: <189608145.20090708092331@gmail.com> References: <189608145.20090708092331@gmail.com> Message-ID: <4A54D4E4.2000203@olp.net> Nybbles2Byte wrote: > However, it stopped receiving messages after two tests and looking at > the logs it said it was at it's quota limit so I went back to cyradm > to set the quota (I didn't bother the first time so it was at zero) > and I got a "quota permission denied" error. This was from the same > admin, I created the user with and it showed that the admin had all > rights. > > I then used the admin to create another user and immediately tried to > set the quota of that new user and got the same permission denied > error. I could however remove the user that I could no set the quota for. > Below, you've specified 'altnamespace: 1'. When connecting via an admin user, altnamespace is ignored, which may complicate what you're expecting to see. Also, you've specified 'autocreatequota: 5', which limits the user to 5KBs of space. What do your cyradm createmailbox and setquota commands look like? You have 'virtdomains: on'. Personally, I prefer configuring 'virtdomains: userid'. 'doc/install-virtdomains.html' within the source documents the difference. It might matter when connecting as an admin user (without specifying a domain name). > That is my first problem but I have two other as follow: > > Sieve is not working when I try to telnet to it and I get this error: > > neutrino:~ # telnet mydomain.com sieve > Trying nnn.nn.nn.nn... > telnet: connect to address nnn.nn.nn.nn: Connection refused > Your sieve entry in cyrus.conf looks correct. Verify that the service is running with 'fuser 2000/tcp' or 'netstat -an | grep LISTEN | grep 2000'. If not, there should be something in syslog about why it couldn't start. Locate where your cyrus binaries are installed (/usr/sbin ?) and verify there's a timesieved binary located there. Also, stop cyrus, and make sure something else isn't already listening on port 2000, like inetd or xinetd. If it is starting, but crashing somewhere, you can use the debug_command (in imapd.conf) to trouble shoot. See: https://langhorst.com/cgi-bin/dwww//usr/share/doc/cyrus21-common/README.Debian.debug.gz for some usage scenarios. > The last thing is I am getting a "badlogin" error in my cyrus log as > you can see below: > > Jul 8 08:12:00 neutrino SeoWS/imap[20686]: badlogin: localhost > [127.0.0.1] CRAM-MD5 [SASL(-13): user not found: no secret in database] > Jul 8 08:12:00 neutrino SeoWS/imap[20694]: sql auxprop plugin using > mysql engine > Jul 8 08:12:03 neutrino SeoWS/imap[20686]: sql plugin Parse the > username reg > I don't know what that could be. - Dan > # UNIX sockets start with a slash and are put into /var/lib/imap/socket > SERVICES { > # DEFAULT DOMAIN > imap cmd="imapd" listen="imap" > prefork=0 > # imaps cmd="imapd -s" listen="imaps" > prefork=0 > # pop3 cmd="pop3d" listen="pop3" prefork=0 > # pop3s cmd="pop3d -s" listen="pop3s" > prefork=0 > sieve cmd="timsieved" listen="sieve" > prefork=0 > lmtpunix cmd="lmtpd" > listen="/var/lib/imap/socket/lmtp" prefork=0 > notify cmd="notifyd" > listen="/var/lib/imap/socket/notify" proto="udp" prefork=0 > } > > *IMAPD.CONF > *altnamespace: 1 > autocreatequota: 5 > unixhierarchysep: 1 > virtdomains: on > From josh at endries.org Wed Jul 8 13:58:38 2009 From: josh at endries.org (josh at endries.org) Date: Wed, 08 Jul 2009 13:58:38 -0400 Subject: Please change the DNS lookup = defaultdomain process, and use defaultdomain as the default domain. Message-ID: <20090708135838.14132g4appt1vaz4@www.endries.org> I fixed this issue, created this patch: mail# cat patch-imap::global.c --- imap/global.c.orig 2009-07-08 13:41:29.000000000 -0400 +++ imap/global.c 2009-07-08 13:41:36.000000000 -0400 @@ -391,7 +391,8 @@ !(config_defdomain && !strcasecmp(config_defdomain, domain+1))) { /* append the domain from our IP */ snprintf(buf, sizeof(buf), "%s@%s", user, domain+1); - user = buf; +// Added by Josh to prevent appending DNS domain on unqualified user IDs. +// user = buf; if (domain_from_ip) *domain_from_ip = 1; } This effectively prevents Cyrus from appending the domain name from DNS on to the user ID if the ID is unqualified. I tested it and it works for me, other virtual domain accounts (user at domain) are unaffected. Josh From toomas.aas at raad.tartu.ee Wed Jul 8 13:59:08 2009 From: toomas.aas at raad.tartu.ee (Toomas Aas) Date: Wed, 08 Jul 2009 20:59:08 +0300 Subject: DBERROR with Cyrus 2.2.12 In-Reply-To: <4A546B4D.7030002@raceme.org> References: <4A5220CA.9020201@raceme.org> <20090706183006.53622tcms9ifsj2m@webmail.uni-tuebingen.de> <4A546B4D.7030002@raceme.org> Message-ID: <4A54DE6C.3050506@raad.tartu.ee> Christophe Boyanique wrote: > > But I still get repeating error messages like this: > > Jul 7 14:58:51 mail7702 lmtpunix[8988]: DBERROR db4: 9 lockers > Jul 7 15:04:24 mail7702 lmtpunix[9249]: DBERROR db4: 11 lockers > > Should I be worried by these messages ? I am not the greatest Cyrus or Berkeley expert out there, but from long time lurking on this list I remember that these messages can be ignored. I have done so for years, and nothing bad seems to have happened. -- Toomas ... I went to a general store, but they wouldn't let me buy anything specific. From Nikolaus at rath.org Wed Jul 8 18:48:49 2009 From: Nikolaus at rath.org (Nikolaus Rath) Date: Wed, 08 Jul 2009 18:48:49 -0400 Subject: Security impact of lmtpd with pre-auth References: <87ab3gko29.fsf@vostro.rath.org> <4A54366B.4050106@uni-konstanz.de> Message-ID: <87y6qyzt7y.fsf@vostro.rath.org> Andrew Morgan writes: > On Wed, 8 Jul 2009, Pascal Gienger wrote: > >> Nikolaus Rath schrieb: >>> Hello, >>> >>> Apparently (http://wiki.exim.org/CyrusImap) I need to let lmtpd accept >>> connections from localhost as pre-authenticated to make cyrus and exim >>> work nicely together. >>> >>> Can someone explain what this actually means security wise? I.e. what >>> could a malicious user on localhost do with a pre-authed connection? >> >> He can put/deliver mail in whatever mailbox. But unless I have some exotic filtering and/or rate limiting configured, he can do exactly the same thing by connecting to localhost:smtp, or invoking sendmail directy, can't he? So why the additional protection for lmtp? >> The other side: If you have a "malicious unix user" on your Cyrus Box, >> you'll have a bunch of another problems, far aside from delivering mails >> to every mailbox... Of course. >> Delivering mails from localhost to localhost via lmtp with >> authentication has the problem that the sending side does need to now >> the credential. If the sending side knows that credential, a "malicious >> user" does have access to it because the sending side is on the same >> box, the same container, ... > > For an entertaining read (which also contains instructions on configuring > exim to do lmtp auth): > > http://lkcl.net/reports/cyrus-configs/SIMPLEHOWTO.txt > > The author has some wonderful comments about software and managers. :) Seems to be offline right now. But I'll check it out again later. > Pascal is right though - you may end up with the lmtp auth password stored > in plaintext in a config file that end users can read. Still, lmtp auth > is probably a smarter way to go than pre-auth. You may be able to make > the necessary exim config file not readable by your users. I'm not that > familiar with exim myself. Keeping the password secret from users isn't the problem. But for some reason exim does not do authentication when checking if a user/mailbox-name is valid (and if I turn off the verification, I end up with thousands of undeliverable mails in my spool that exim accepted but cannot deliver to cyrus). So I really have to stick with pre-auth. I was just curious what exactly I'm getting into with that. Best, -Nikolaus -- ?Time flies like an arrow, fruit flies like a Banana.? PGP fingerprint: 5B93 61F8 4EA2 E279 ABF6 02CF A9AD B7F8 AE4E 425C From support at harmsconsulting.com Wed Jul 8 20:34:43 2009 From: support at harmsconsulting.com (Harms Consulting IT support desk) Date: Thu, 09 Jul 2009 10:34:43 +1000 Subject: DBERROR with Cyrus 2.2.12 In-Reply-To: <4A54DE6C.3050506@raad.tartu.ee> References: <4A5220CA.9020201@raceme.org> <20090706183006.53622tcms9ifsj2m@webmail.uni-tuebingen.de> <4A546B4D.7030002@raceme.org> <4A54DE6C.3050506@raad.tartu.ee> Message-ID: <4A553B23.1050903@harmsconsulting.com> Toomas Aas wrote: > Christophe Boyanique wrote: > > >> But I still get repeating error messages like this: >> >> Jul 7 14:58:51 mail7702 lmtpunix[8988]: DBERROR db4: 9 lockers >> Jul 7 15:04:24 mail7702 lmtpunix[9249]: DBERROR db4: 11 lockers >> >> Should I be worried by these messages ? >> > > I am not the greatest Cyrus or Berkeley expert out there, but from long > time lurking on this list I remember that these messages can be ignored. I > have done so for years, and nothing bad seems to have happened. > > -- > Toomas > > ... I went to a general store, but they wouldn't let me buy anything specific. > ---- > Cyrus Home Page: http://cyrusimap.web.cmu.edu/ > Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html > I'm also not an expert but I had these messages early on with my setup and the resolution was to switch from Berkeley DB to the native skiplist format. This was covered a couple of weeks ago on this list. Search the list archives for subject: Db4 problems. I highly recommend reading this page from the Cyrus wiki: http://cyrusimap.web.cmu.edu/twiki/bin/view/Cyrus/WhatDatabaseBackend Good luck, Josh From Pascal.Gienger at uni-konstanz.de Thu Jul 9 01:05:16 2009 From: Pascal.Gienger at uni-konstanz.de (Pascal Gienger) Date: Thu, 09 Jul 2009 07:05:16 +0200 Subject: Security impact of lmtpd with pre-auth In-Reply-To: <87y6qyzt7y.fsf@vostro.rath.org> References: <87ab3gko29.fsf@vostro.rath.org> <4A54366B.4050106@uni-konstanz.de> <87y6qyzt7y.fsf@vostro.rath.org> Message-ID: <4A557A8C.4010001@uni-konstanz.de> Nikolaus Rath schrieb: > But unless I have some exotic filtering and/or rate limiting configured, > he can do exactly the same thing by connecting to localhost:smtp, or > invoking sendmail directy, can't he? So why the additional protection > for lmtp? Imagine a Cyrus Box only accepting LMTP connections, no sendmail, no Postfix, no other SMTP MTA running on it. Then imagine a frontend smtp relay delivering directly via LMTP over TCP to your Cyrus box. You can use lmtp auth then to prevent other machines from directly delivering mails via lmtp. Pascal -- Pascal Gienger University of Konstanz, IT Services Department ("Rechenzentrum") Electronic Communications and Web Services Building V, Room V404, Phone +49 7531 88 5048, Fax +49 7531 88 3739 From Pascal.Gienger at uni-konstanz.de Thu Jul 9 01:13:55 2009 From: Pascal.Gienger at uni-konstanz.de (Pascal Gienger) Date: Thu, 09 Jul 2009 07:13:55 +0200 Subject: DBERROR with Cyrus 2.2.12 In-Reply-To: <4A546B4D.7030002@raceme.org> References: <4A5220CA.9020201@raceme.org> <20090706183006.53622tcms9ifsj2m@webmail.uni-tuebingen.de> <4A546B4D.7030002@raceme.org> Message-ID: <4A557C93.1090301@uni-konstanz.de> Christophe Boyanique schrieb: > In fact I managaged to solve the problem by removing the quota file in > /var/lib/imap/quota/x// and using "quota -f" on the mailboxes. So the quota file was corrupt. Ok. Do you really use DB4 quota files? > But I still get repeating error messages like this: > > Jul 7 14:58:51 mail7702 lmtpunix[8988]: DBERROR db4: 9 lockers > Jul 7 15:04:24 mail7702 lmtpunix[9249]: DBERROR db4: 11 lockers > > Should I be worried by these messages ? No. In fact they are not errors but informational messages, so in newer versions of cyrus imapd you will see Jul 8 15:39:28 atlanta lmtpunix[29159]: [ID 366844 local6.info] DBMSG: 2279 lockers Jul 8 15:51:34 atlanta lmtpunix[29077]: [ID 366844 local6.info] DBMSG: 2249 lockers Jul 8 18:12:14 atlanta lmtpunix[4289]: [ID 366844 local6.info] DBMSG: 1583 lockers lmtpunix wants to open delivery.db which normally is a DB4 backed database unless you have changed the default in imapd.conf. Some old DB4 version had the problem of not releasing these locks so there was an overflow after some time. If the number of lockers keep growing without every becoming smaller from time to time you are running in this bug. -- Pascal Gienger University of Konstanz, IT Services Department ("Rechenzentrum") Electronic Communications and Web Services Building V, Room V404, Phone +49 7531 88 5048, Fax +49 7531 88 3739 From schweizer.martin at gmail.com Thu Jul 9 04:05:53 2009 From: schweizer.martin at gmail.com (Martin Schweizer) Date: Thu, 9 Jul 2009 10:05:53 +0200 Subject: tls_sessions.db will not created Message-ID: <380ccfd60907090105r1ddd47f1t973f75270fef1bbd@mail.gmail.com> Hello I have the following system FreeBSD acsvfbsd06.acutronic.ch 7.2-RELEASE FreeBSD 7.2-RELEASE #1: Thu Jun 11 16:16:57 CEST 2009 martin at acsvfbsd06.acutronic.ch:/usr/obj/usr/src/sys/GENERIC amd64 and I fresh installed Cyrus IMAPD v2.3.14. In my /var/imap directory the file annotations.db will create automaticly at each restart from Cyrus (if it's not there) but not tls_sessions.db. My compile options are: $ ./configure --sysconfdir=/usr/local/etc --with-cyrus-prefix=/usr/local/cyrus --with-cyrus-user=cyrus --with-cyrus-group=cyrus --with-tls-db=skiplist --wit h-sasl=/usr/local --with-bdb=db41 --with-com_err --with-openssl=/usr --with-perl=/usr/local/bin/perl5.8.9 --with-bdb-incdir=/usr/local/include/db41 --with-bdb -libdir=/usr/local/lib --with-snmp=no --prefix=/usr/local --mandir=/usr/local/man --infodir=/usr/local/info/ --build=amd64-portbld-freebsd7.2 I also checked the installation documentation and I find the switch --with-tls-db=DB but this switch is not supported by autoconfigure: Optional Packages: --with-PACKAGE[=ARG] use PACKAGE [ARG=yes] --without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no) --with-extraident=STRING use STRING as extra version information --with-cyrus-prefix=DIR use DIR as cyrus server install directory --with-service-path=DIR use DIR as service install directory --with-cyrus-user=USERID use USERID cyrus userid --with-cyrus-group=GROUPID use GROUPID cyrus group --with-bdb=DIR use Berkeley DB (in DIR) [yes] --with-bdb-libdir=DIR Berkeley DB lib files are in DIR --with-bdb-incdir=DIR Berkeley DB include files are in DIR --with-mysql=PATH use MySQL from PATH [no] --with-pgsql=PATH use PostgreSQL from PATH [no] --with-sqlite=PATH use SQLite from PATH [no] --with-lock=METHOD force use of METHOD for locking (flock or fcntl) --with-afs=PATH use AFS libraries from PATH --with-ldap=DIR use LDAP (in DIR) (experimental) /usr/local --with-krb=PATH use Kerberos from PATH --with-krbimpl=\kth|mit\ assume Kerberos 4 from KTH or MIT --with-krbdes use Kerberos DES implementation [yes] --with-openssl=PATH use OpenSSL from PATH --with-egd-socket=FILE Entropy Gathering Daemon socket pathname for systems without /dev/urandom --with-zephyr=PATH enable Zephyr notification (installed on PATH) --with-pidfile=PATH pidfile in PATH (/var/run/cyrus-master.pid) --with-com_err=PATH use com_err from path -- includes in PATH/include, libs in PATH/lib, and compile_et in PATH/bin --with-syslogfacility=FACILITY set the syslog facility to use (default LOCAL6) --with-gss_impl={heimdal|mit|cybersafe|seam|auto} choose specific GSSAPI implementation [[auto]] --with-sasl=DIR Compile with libsasl2 in --with-staticsasl=DIR Compile with staticly linked libsasl2 in --with-perl=PERL use PERL for perl --with-lib-subdir=DIR Find libraries in DIR instead of lib --with-libwrap=DIR use libwrap (rooted in DIR) yes --with-snmp=DIR use ucd|net snmp (rooted in DIR) yes Is that the problem? Kind regards, -- Martin Schweizer schweizer.martin at gmail.com Tel.: +41 32 512 48 54 (VoIP) Fax: +1 619 3300587 From Pascal.Gienger at uni-konstanz.de Thu Jul 9 04:25:09 2009 From: Pascal.Gienger at uni-konstanz.de (Pascal Gienger) Date: Thu, 09 Jul 2009 10:25:09 +0200 Subject: tls_sessions.db will not created In-Reply-To: <380ccfd60907090105r1ddd47f1t973f75270fef1bbd@mail.gmail.com> References: <380ccfd60907090105r1ddd47f1t973f75270fef1bbd@mail.gmail.com> Message-ID: <4A55A965.60208@uni-konstanz.de> Martin Schweizer schrieb: > Hello > > I have the following system > FreeBSD acsvfbsd06.acutronic.ch 7.2-RELEASE FreeBSD 7.2-RELEASE #1: > Thu Jun 11 16:16:57 CEST 2009 > martin at acsvfbsd06.acutronic.ch:/usr/obj/usr/src/sys/GENERIC amd64 > > and I fresh installed Cyrus IMAPD v2.3.14. > In my /var/imap directory the file annotations.db will create > automaticly at each restart from Cyrus (if it's not there) but not > tls_sessions.db. My compile options are: > > $ ./configure --sysconfdir=/usr/local/etc > --with-cyrus-prefix=/usr/local/cyrus --with-cyrus-user=cyrus > --with-cyrus-group=cyrus --with-tls-db=skiplist --wit > h-sasl=/usr/local --with-bdb=db41 --with-com_err --with-openssl=/usr > --with-perl=/usr/local/bin/perl5.8.9 > --with-bdb-incdir=/usr/local/include/db41 --with-bdb > -libdir=/usr/local/lib --with-snmp=no --prefix=/usr/local > --mandir=/usr/local/man --infodir=/usr/local/info/ > --build=amd64-portbld-freebsd7.2 a) Is SSL enabled? Did you try a connect via imaps or imap/starttls? b) what's in the log after this connect? c) is the tls_session.db there after your tls connect? The --with-tls-db-Switch should just define the default database backend for that database. It can be overriden at any time via imapd.conf. Pascal -- Pascal Gienger University of Konstanz, IT Services Department ("Rechenzentrum") Electronic Communications and Web Services Building V, Room V404, Phone +49 7531 88 5048, Fax +49 7531 88 3739 From schweizer.martin at gmail.com Thu Jul 9 04:37:11 2009 From: schweizer.martin at gmail.com (Martin Schweizer) Date: Thu, 9 Jul 2009 10:37:11 +0200 Subject: tls_sessions.db will not created In-Reply-To: <4A55A965.60208@uni-konstanz.de> References: <380ccfd60907090105r1ddd47f1t973f75270fef1bbd@mail.gmail.com> <4A55A965.60208@uni-konstanz.de> Message-ID: <380ccfd60907090137vb61cceekec261df7f462456d@mail.gmail.com> Hello Pascal 2009/7/9 Pascal Gienger : > Martin Schweizer schrieb: >> >> Hello >> >> I have the following system >> FreeBSD acsvfbsd06.acutronic.ch 7.2-RELEASE FreeBSD 7.2-RELEASE #1: >> Thu Jun 11 16:16:57 CEST 2009 >> martin at acsvfbsd06.acutronic.ch:/usr/obj/usr/src/sys/GENERIC ?amd64 >> >> and I fresh installed ?Cyrus IMAPD v2.3.14. >> In my /var/imap directory the file annotations.db will create >> automaticly at each restart from Cyrus (if it's not there) but not >> tls_sessions.db. My compile options are: >> >> ?$ ./configure --sysconfdir=/usr/local/etc >> --with-cyrus-prefix=/usr/local/cyrus --with-cyrus-user=cyrus >> --with-cyrus-group=cyrus --with-tls-db=skiplist --wit >> h-sasl=/usr/local --with-bdb=db41 --with-com_err --with-openssl=/usr >> --with-perl=/usr/local/bin/perl5.8.9 >> --with-bdb-incdir=/usr/local/include/db41 --with-bdb >> -libdir=/usr/local/lib --with-snmp=no --prefix=/usr/local >> --mandir=/usr/local/man --infodir=/usr/local/info/ >> --build=amd64-portbld-freebsd7.2 > > a) Is SSL enabled? Did you try a connect via imaps or imap/starttls? Since I do not need imaps so I did not activated this option. > b) what's in the log ?after this connect? > c) is the tls_session.db there after your tls connect? This means if I didn't activate SSL Cyrus will not create tls_sessions.db a the start? > The --with-tls-db-Switch should just define the default database backend for > that database. It can be overriden at any time via imapd.conf. OK. Kind regards, -- Martin Schweizer schweizer.martin at gmail.com Tel.: +41 32 512 48 54 (VoIP) Fax: +1 619 3300587 From michael.menge at zdv.uni-tuebingen.de Thu Jul 9 04:44:25 2009 From: michael.menge at zdv.uni-tuebingen.de (Michael Menge) Date: Thu, 09 Jul 2009 10:44:25 +0200 Subject: tls_sessions.db will not created In-Reply-To: <380ccfd60907090137vb61cceekec261df7f462456d@mail.gmail.com> References: <380ccfd60907090105r1ddd47f1t973f75270fef1bbd@mail.gmail.com> <4A55A965.60208@uni-konstanz.de> <380ccfd60907090137vb61cceekec261df7f462456d@mail.gmail.com> Message-ID: <20090709104425.12204g044objkd0p@webmail.uni-tuebingen.de> Quoting Martin Schweizer : > Hello Pascal > > 2009/7/9 Pascal Gienger : >> Martin Schweizer schrieb: >> a) Is SSL enabled? Did you try a connect via imaps or imap/starttls? > > Since I do not need imaps so I did not activated this option. > >> b) what's in the log ?after this connect? >> c) is the tls_session.db there after your tls connect? > > This means if I didn't activate SSL Cyrus will not create > tls_sessions.db a the start? > No, it means cyrus will create the db if it is needed, which will be by the time the first tls or ssl connection is made. -------------------------------------------------------------------------------- M.Menge Tel.: (49) 7071/29-70316 Universit?t T?bingen Fax.: (49) 7071/29-5912 Zentrum f?r Datenverarbeitung mail: michael.menge at zdv.uni-tuebingen.de W?chterstra?e 76 72074 T?bingen -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 5339 bytes Desc: S/MIME krytographische Unterschrift Url : http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20090709/d6fc04f5/attachment.bin From iane at sussex.ac.uk Thu Jul 9 05:39:54 2009 From: iane at sussex.ac.uk (Ian Eiloart) Date: Thu, 09 Jul 2009 10:39:54 +0100 Subject: Automatically moving marked mails? In-Reply-To: References: <4A4B5EDF.9050300@glendown.de> <4A4B6BCF.9040006@ofd-sth.niedersachsen.de> <4A4B7423.7000007@glendown.de> <9D0AFFF5DC118E3B5802AFDD@seana-imac.staff.uscs.susx.ac.uk> <38F2B7E7DF7019FD6425412C@seana-imac.staff.uscs.susx.ac.uk> <4A535443.3060802@joreybump.com> Message-ID: <3CCE216C9F566B96C67D1D91@lewes.staff.uscs.susx.ac.uk> --On 8 July 2009 12:04:05 -0400 "Greg A. Woods" wrote: > > What would be better for any and all IMAP MUAs would be a rules editor > to write and edit Sieve rules and which would work with Cyrus IMAP for > managing server-side filtering (but I personally wouldn't use it either > -- I'd just edit the source :-)) This is the one place where IMAP as a > protocol fails miserably -- sieve rule management should be integrated > into it as otherwise server-side filtering will never become usable by > the average person. Except that the sieve server ought to be on the border MTA, so that the user can tell the server to reject the message at SMTP time. -- Ian Eiloart IT Services, University of Sussex 01273-873148 x3148 For new support requests, see http://www.sussex.ac.uk/its/help/ From list at joreybump.com Thu Jul 9 09:15:32 2009 From: list at joreybump.com (Jorey Bump) Date: Thu, 09 Jul 2009 09:15:32 -0400 Subject: Automatically moving marked mails? In-Reply-To: <3CCE216C9F566B96C67D1D91@lewes.staff.uscs.susx.ac.uk> References: <4A4B5EDF.9050300@glendown.de> <4A4B6BCF.9040006@ofd-sth.niedersachsen.de> <4A4B7423.7000007@glendown.de> <9D0AFFF5DC118E3B5802AFDD@seana-imac.staff.uscs.susx.ac.uk> <38F2B7E7DF7019FD6425412C@seana-imac.staff.uscs.susx.ac.uk> <4A535443.3060802@joreybump.com> <3CCE216C9F566B96C67D1D91@lewes.staff.uscs.susx.ac.uk> Message-ID: <4A55ED74.6020908@joreybump.com> Ian Eiloart wrote, at 07/09/2009 05:39 AM: > Except that the sieve server ought to be on the border MTA, so that the > user can tell the server to reject the message at SMTP time. That's not feasible for mail with multiple recipients. From iane at sussex.ac.uk Thu Jul 9 09:35:04 2009 From: iane at sussex.ac.uk (Ian Eiloart) Date: Thu, 09 Jul 2009 14:35:04 +0100 Subject: Automatically moving marked mails? In-Reply-To: <4A55ED74.6020908@joreybump.com> References: <4A4B5EDF.9050300@glendown.de> <4A4B6BCF.9040006@ofd-sth.niedersachsen.de> <4A4B7423.7000007@glendown.de> <9D0AFFF5DC118E3B5802AFDD@seana-imac.staff.uscs.susx.ac.uk> <38F2B7E7DF7019FD6425412C@seana-imac.staff.uscs.susx.ac.uk> <4A535443.3060802@joreybump.com> <3CCE216C9F566B96C67D1D91@lewes.staff.uscs.susx.ac.uk> <4A55ED74.6020908@joreybump.com> Message-ID: --On 9 July 2009 09:15:32 -0400 Jorey Bump wrote: > Ian Eiloart wrote, at 07/09/2009 05:39 AM: > >> Except that the sieve server ought to be on the border MTA, so that the >> user can tell the server to reject the message at SMTP time. > > That's not feasible for mail with multiple recipients. > It is if your rule is to reject all email from a specific sender. -- Ian Eiloart IT Services, University of Sussex 01273-873148 x3148 For new support requests, see http://www.sussex.ac.uk/its/help/ From adam at morrison-ind.com Thu Jul 9 09:54:31 2009 From: adam at morrison-ind.com (Adam Tauno Williams) Date: Thu, 09 Jul 2009 09:54:31 -0400 Subject: Automatically moving marked mails? In-Reply-To: References: <4A4B5EDF.9050300@glendown.de> <4A4B6BCF.9040006@ofd-sth.niedersachsen.de> <4A4B7423.7000007@glendown.de> <9D0AFFF5DC118E3B5802AFDD@seana-imac.staff.uscs.susx.ac.uk> <38F2B7E7DF7019FD6425412C@seana-imac.staff.uscs.susx.ac.uk> <4A535443.3060802@joreybump.com> <3CCE216C9F566B96C67D1D91@lewes.staff.uscs.susx.ac.uk> <4A55ED74.6020908@joreybump.com> Message-ID: <20090709095431.63bv4p81s00wswk4@tyr.mormail.com> >> Ian Eiloart wrote, at 07/09/2009 05:39 AM: >>> Except that the sieve server ought to be on the border MTA, so that the >>> user can tell the server to reject the message at SMTP time. >> That's not feasible for mail with multiple recipients. > It is if your rule is to reject all email from a specific sender. No, because the MTA either accepts or rejects a message [in connection]. If a message is sent to userX and userY and userX has SIEVE set to reject the message and userY does not then the MTA has to receive the message in order to deliver it to userY. And the MTA would have to check every recipient's SIEVE script. Then what about delivery to an alias that expands to multiple users? Mail delivery just isn't that simple. From iane at sussex.ac.uk Thu Jul 9 10:46:42 2009 From: iane at sussex.ac.uk (Ian Eiloart) Date: Thu, 09 Jul 2009 15:46:42 +0100 Subject: Automatically moving marked mails? In-Reply-To: <20090709095431.63bv4p81s00wswk4@tyr.mormail.com> References: <4A4B5EDF.9050300@glendown.de> <4A4B6BCF.9040006@ofd-sth.niedersachsen.de> <4A4B7423.7000007@glendown.de> <9D0AFFF5DC118E3B5802AFDD@seana-imac.staff.uscs.susx.ac.uk> <38F2B7E7DF7019FD6425412C@seana-imac.staff.uscs.susx.ac.uk> <4A535443.3060802@joreybump.com> <3CCE216C9F566B96C67D1D91@lewes.staff.uscs.susx.ac.uk> <4A55ED74.6020908@joreybump.com> <20090709095431.63bv4p81s00wswk4@tyr.mormail.com> Message-ID: <52ACA620B9066D4C3A5C35D3@lewes.staff.uscs.susx.ac.uk> --On 9 July 2009 09:54:31 -0400 Adam Tauno Williams wrote: >>> Ian Eiloart wrote, at 07/09/2009 05:39 AM: >>>> Except that the sieve server ought to be on the border MTA, so that the >>>> user can tell the server to reject the message at SMTP time. >>> That's not feasible for mail with multiple recipients. >> It is if your rule is to reject all email from a specific sender. > > No, because the MTA either accepts or rejects a message [in > connection]. Not true. The MTA can decide *per recipient* whether to accept mail from a specific sender. It's true that the MTA hasn't seen the message content at this point, but it does have enough information to determine - for example - whether the sender is a member of a mailing list, or is on a recipient's blacklist or whitelist. We do a lot of that. Exim, for example, can do this in its ACLs. It doesn't have a built in SIEVE facility at this stage, but certainly can consult recipient specific blacklists. It can even be built with a perl interpreter, so you could check for sender conditions in SEIVE scripts. > If a message is sent to userX and userY and userX has > SIEVE set to reject the message and userY does not then the MTA has to > receive the message in order to deliver it to userY. And the MTA > would have to check every recipient's SIEVE script. Sure, there are some content dependent conditions that could not be tested at this stage. In principle, they could be ignored for the moment. There probably aren't any SIEVE implementations that do what I suggest, and the implementations wouldn't be simple, but there's no principled reason that it shouldn't. > Then what about > delivery to an alias that expands to multiple users? > Mail delivery > just isn't that simple. -- Ian Eiloart IT Services, University of Sussex 01273-873148 x3148 For new support requests, see http://www.sussex.ac.uk/its/help/ From list at joreybump.com Thu Jul 9 11:27:55 2009 From: list at joreybump.com (Jorey Bump) Date: Thu, 09 Jul 2009 11:27:55 -0400 Subject: Automatically moving marked mails? In-Reply-To: <52ACA620B9066D4C3A5C35D3@lewes.staff.uscs.susx.ac.uk> References: <4A4B5EDF.9050300@glendown.de> <4A4B6BCF.9040006@ofd-sth.niedersachsen.de> <4A4B7423.7000007@glendown.de> <9D0AFFF5DC118E3B5802AFDD@seana-imac.staff.uscs.susx.ac.uk> <38F2B7E7DF7019FD6425412C@seana-imac.staff.uscs.susx.ac.uk> <4A535443.3060802@joreybump.com> <3CCE216C9F566B96C67D1D91@lewes.staff.uscs.susx.ac.uk> <4A55ED74.6020908@joreybump.com> <20090709095431.63bv4p81s00wswk4@tyr.mormail.com> <52ACA620B9066D4C3A5C35D3@lewes.staff.uscs.susx.ac.uk> Message-ID: <4A560C7B.7020301@joreybump.com> Ian Eiloart wrote, at 07/09/2009 10:46 AM: > > --On 9 July 2009 09:54:31 -0400 Adam Tauno Williams > wrote: > >>>> Ian Eiloart wrote, at 07/09/2009 05:39 AM: >>>>> Except that the sieve server ought to be on the border MTA, so that the >>>>> user can tell the server to reject the message at SMTP time. >>>> That's not feasible for mail with multiple recipients. >>> It is if your rule is to reject all email from a specific sender. >> No, because the MTA either accepts or rejects a message [in >> connection]. > > Not true. The MTA can decide *per recipient* whether to accept mail from a > specific sender. How? > It's true that the MTA hasn't seen the message content at > this point, but it does have enough information to determine - for example > - whether the sender is a member of a mailing list, or is on a recipient's > blacklist or whitelist. We do a lot of that. Please elaborate. What kind of feedback does the sender get when you reject a message during the SMTP transaction for one recipient, but deliver it for others? From woods-cyrus at weird.com Thu Jul 9 11:31:20 2009 From: woods-cyrus at weird.com (Greg A. Woods) Date: Thu, 09 Jul 2009 11:31:20 -0400 Subject: Automatically moving marked mails? In-Reply-To: <3CCE216C9F566B96C67D1D91@lewes.staff.uscs.susx.ac.uk> References: <4A4B5EDF.9050300@glendown.de> <4A4B6BCF.9040006@ofd-sth.niedersachsen.de> <4A4B7423.7000007@glendown.de> <9D0AFFF5DC118E3B5802AFDD@seana-imac.staff.uscs.susx.ac.uk> <38F2B7E7DF7019FD6425412C@seana-imac.staff.uscs.susx.ac.uk> <4A535443.3060802@joreybump.com> <3CCE216C9F566B96C67D1D91@lewes.staff.uscs.susx.ac.uk> Message-ID: At Thu, 09 Jul 2009 10:39:54 +0100, Ian Eiloart wrote: Subject: Re: Automatically moving marked mails? > > Except that the sieve server ought to be on the border MTA, so that the > user can tell the server to reject the message at SMTP time. Except that's not what Sieve is for. Sieve should _NEVER_ be used to reject or bounce e-mail. It becomes a DoS reflector when so configured. (even use of the vacation feature is questionable, especially since it's not usually configured in the proper way) -- Greg A. Woods +1 416 218-0098 VE3TCP RoboHack Planix, Inc. Secrets of the Weird From mikeegg1 at mac.com Thu Jul 9 11:39:28 2009 From: mikeegg1 at mac.com (Mike Eggleston) Date: Thu, 9 Jul 2009 10:39:28 -0500 Subject: sieve configuration (was Automatically moving marked mails?) In-Reply-To: References: <9D0AFFF5DC118E3B5802AFDD@seana-imac.staff.uscs.susx.ac.uk> <38F2B7E7DF7019FD6425412C@seana-imac.staff.uscs.susx.ac.uk> <4A535443.3060802@joreybump.com> <3CCE216C9F566B96C67D1D91@lewes.staff.uscs.susx.ac.uk> Message-ID: <20090709153928.GB8473@mail.mac.com> On Thu, 09 Jul 2009, Greg A. Woods might have said: > (even use of the vacation feature is questionable, especially since it's > not usually configured in the proper way) And what is the proper way to configure Sieve and vacation? Mike From woods-cyrus at weird.com Thu Jul 9 11:51:32 2009 From: woods-cyrus at weird.com (Greg A. Woods) Date: Thu, 09 Jul 2009 11:51:32 -0400 Subject: Automatically moving marked mails? In-Reply-To: <52ACA620B9066D4C3A5C35D3@lewes.staff.uscs.susx.ac.uk> References: <4A4B5EDF.9050300@glendown.de> <4A4B6BCF.9040006@ofd-sth.niedersachsen.de> <4A4B7423.7000007@glendown.de> <9D0AFFF5DC118E3B5802AFDD@seana-imac.staff.uscs.susx.ac.uk> <38F2B7E7DF7019FD6425412C@seana-imac.staff.uscs.susx.ac.uk> <4A535443.3060802@joreybump.com> <3CCE216C9F566B96C67D1D91@lewes.staff.uscs.susx.ac.uk> <4A55ED74.6020908@joreybump.com> <20090709095431.63bv4p81s00wswk4@tyr.mormail.com> <52ACA620B9066D4C3A5C35D3@lewes.staff.uscs.susx.ac.uk> Message-ID: At Thu, 09 Jul 2009 15:46:42 +0100, Ian Eiloart wrote: Subject: Re: Automatically moving marked mails? > > There > probably aren't any SIEVE implementations that do what I suggest, and the > implementations wouldn't be simple, but there's no principled reason that > it shouldn't. Yes, I suppose something like Sieve could be used by an MTA, and it could be used in a per-recipient manner. Personally I've found it best though to leave management of MTA level controls to system managers. However Sieve in the context of this mailing list is the one inside Cyrus IMAP, i.e. the local delivery agent, and it confusing it with anything that could happen beforehand in the MTA would be very wrong. I my very strong opinion the "reject" and "redirect" actions should not be a part of any valid Sieve implementation. Luckily the RFC 5228 removed "reject" as a directly mentioned feature (leaving it only as an optional extension). They probably should have done the same to "redirect", and it certainly should not be required to be implemented, but luckily implementations are required to provide a means of limiting the number of redirects a script can perform (as well as other required controls). -- Greg A. Woods +1 416 218-0098 VE3TCP RoboHack Planix, Inc. Secrets of the Weird From mikeegg1 at mac.com Thu Jul 9 11:58:32 2009 From: mikeegg1 at mac.com (Mike Eggleston) Date: Thu, 9 Jul 2009 10:58:32 -0500 Subject: DBERROR with Cyrus 2.2.12 In-Reply-To: <4A553B23.1050903@harmsconsulting.com> References: <4A5220CA.9020201@raceme.org> <20090706183006.53622tcms9ifsj2m@webmail.uni-tuebingen.de> <4A546B4D.7030002@raceme.org> <4A54DE6C.3050506@raad.tartu.ee> <4A553B23.1050903@harmsconsulting.com> Message-ID: <20090709155832.GD8473@mail.mac.com> On Thu, 09 Jul 2009, Harms Consulting IT support desk might have said: > I'm also not an expert but I had these messages early on with my setup > and the resolution was to switch from Berkeley DB to the native skiplist > format. This was covered a couple of weeks ago on this list. Search the > list archives for subject: Db4 problems. > > I highly recommend reading this page from the Cyrus wiki: > > http://cyrusimap.web.cmu.edu/twiki/bin/view/Cyrus/WhatDatabaseBackend > > Good luck, > > Josh List: Would it be helpful to others, it is to me, to include the cited list message below on that same wiki page telling others how to convert from one backend to another? Mike ---------------------------------------- On Wed, 1 Jul 2009, Paul van der Vlis wrote: > Hello! > > I have errors in my log, and sometimes Cyrus crashes and I have to > reboot the server because restarting gives this error: > > mail:~# /etc/init.d/cyrus2.2 restart > Stopping Cyrus IMAPd: cyrmaster. > Waiting for complete shutdown........ > fatal: incomplete shutdown detected, aborting. > > In the log I see all the time errors like: > ------ > Jul 1 10:35:27 mail cyrus/imap[16841]: DBERROR db4: Database handles > open during environment close > Jul 1 10:35:27 mail cyrus/imap[16841]: DBERROR: error exiting > application: Invalid argument > ------ > > When Cyrus stops working I see this in the logs: > ------- > Jul 1 10:40:04 mail cyrus/imap[16920]: DBERROR db4: Logging region out > of memory; you may need to increase its size > Jul 1 10:40:04 mail cyrus/imap[16920]: DBERROR: opening > /var/lib/cyrus/tls_sessions.db: Cannot allocate memory > Jul 1 10:40:04 mail cyrus/imap[16920]: DBERROR: opening > /var/lib/cyrus/tls_sessions.db: cyrusdb error > --------- > > I am not sure what's the problem here. > > Do I need to increase the memory size of the Berkeley database? > and where can I do that? > > Can I remove /var/lib/cyrus/tls_sessions.db? > (I have the same problem with deliver.db.) > > What will be that "Databases handles open during environment close", can > that give this problem? Here's what I recommend - get rid of Berkeley DB in Cyrus and use skiplist instead. :) Change your backend database formats to skiplist in imapd.conf, something like: # Backend database formats to use annotation_db: skiplist duplicate_db: skiplist mboxlist_db: skiplist quota_db: quotalegacy seenstate_db: skiplist statuscache_db: skiplist subscription_db: flat tlscache_db: skiplist A lot of us got tired of messing around with Berkeley DB and switched to skiplist. If you decide to change formats, make sure you stop Cyrus and remove the contents of the {configdirectory}/db/ directory. You'll also want to delete the deliver.db and tls_sessions.db files, assuming those are the ones you change. tls_sessions.db does not contain any information that needs to persist between Cyrus restarts. deliver.db contains duplicate messsage suppression information and is also used for vacation reply tracking. The worst that will happen if you delete deliver.db is that someone may get a second vacation reply message sent out. Andy ---- Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html ---------------------------------------- From awilliam at whitemice.org Thu Jul 9 12:09:30 2009 From: awilliam at whitemice.org (Adam Tauno Williams) Date: Thu, 09 Jul 2009 12:09:30 -0400 Subject: DBERROR with Cyrus 2.2.12 In-Reply-To: <20090709155832.GD8473@mail.mac.com> References: <4A5220CA.9020201@raceme.org> <20090706183006.53622tcms9ifsj2m@webmail.uni-tuebingen.de> <4A546B4D.7030002@raceme.org> <4A54DE6C.3050506@raad.tartu.ee> <4A553B23.1050903@harmsconsulting.com> <20090709155832.GD8473@mail.mac.com> Message-ID: <1247155770.6185.89.camel@linux-m3mt> > Would it be helpful to others, it is to me, to include the cited list message below on that same wiki page telling others how to convert from one backend to another? Page 120 - 121 of my 'book' has an example of cvt_cyrusdb Except I just noticed the statement "the server must be online when" should be "there server must be offline when". BUG! -- OpenGroupware developer: awilliam at whitemice.org OpenGroupare & Cyrus IMAPd documenation @ From reinaldoc at gmail.com Thu Jul 9 12:31:56 2009 From: reinaldoc at gmail.com (Reinaldo de Carvalho) Date: Thu, 9 Jul 2009 13:31:56 -0300 Subject: Security impact of lmtpd with pre-auth In-Reply-To: <4A557A8C.4010001@uni-konstanz.de> References: <87ab3gko29.fsf@vostro.rath.org> <4A54366B.4050106@uni-konstanz.de> <87y6qyzt7y.fsf@vostro.rath.org> <4A557A8C.4010001@uni-konstanz.de> Message-ID: <4a5881460907090931h10be4325j4be3f50cfd539167@mail.gmail.com> On Thu, Jul 9, 2009 at 2:05 AM, Pascal Gienger wrote: > > Imagine a Cyrus Box only accepting LMTP connections, no sendmail, no > Postfix, no other SMTP MTA running on it. > Then imagine a frontend smtp relay delivering directly via LMTP over TCP > to your Cyrus box. You can use lmtp auth then to prevent other machines > from directly delivering mails via lmtp. > > Pascal Set a firewall. -- Reinaldo de Carvalho http://korreio.sf.net http://python-cyrus.sf.net "If !programmer, then don't try to adapt the software to the way you work, but rather yourself to the way the software works" (myself) From woods-cyrus at weird.com Thu Jul 9 12:56:24 2009 From: woods-cyrus at weird.com (Greg A. Woods) Date: Thu, 09 Jul 2009 12:56:24 -0400 Subject: sieve configuration (was Automatically moving marked mails?) In-Reply-To: <20090709153928.GB8473@mail.mac.com> References: <9D0AFFF5DC118E3B5802AFDD@seana-imac.staff.uscs.susx.ac.uk> <38F2B7E7DF7019FD6425412C@seana-imac.staff.uscs.susx.ac.uk> <4A535443.3060802@joreybump.com> <3CCE216C9F566B96C67D1D91@lewes.staff.uscs.susx.ac.uk> <20090709153928.GB8473@mail.mac.com> Message-ID: At Thu, 9 Jul 2009 10:39:28 -0500, Mike Eggleston wrote: Subject: sieve configuration (was Automatically moving marked mails?) > > On Thu, 09 Jul 2009, Greg A. Woods might have said: > > > > (even use of the vacation feature is questionable, especially since it's > > not usually configured in the proper way) > > And what is the proper way to configure Sieve and vacation? Perhaps the best way to explain is to point you at my BSD Vacation v2 project: http://www.planix.com/~woods/projects/BSD-vacation-v2.html It's far from perfect, stale due to lack of Round Tuits, etc., but it's also, IMHO, orders of magnitude better than the original BSD/Sendmail version too. :-) -- Greg A. Woods +1 416 218-0098 VE3TCP RoboHack Planix, Inc. Secrets of the Weird From woods-cyrus at weird.com Thu Jul 9 12:58:22 2009 From: woods-cyrus at weird.com (Greg A. Woods) Date: Thu, 09 Jul 2009 12:58:22 -0400 Subject: Automatically moving marked mails? In-Reply-To: <4A560C7B.7020301@joreybump.com> References: <4A4B5EDF.9050300@glendown.de> <4A4B6BCF.9040006@ofd-sth.niedersachsen.de> <4A4B7423.7000007@glendown.de> <9D0AFFF5DC118E3B5802AFDD@seana-imac.staff.uscs.susx.ac.uk> <38F2B7E7DF7019FD6425412C@seana-imac.staff.uscs.susx.ac.uk> <4A535443.3060802@joreybump.com> <3CCE216C9F566B96C67D1D91@lewes.staff.uscs.susx.ac.uk> <4A55ED74.6020908@joreybump.com> <20090709095431.63bv4p81s00wswk4@tyr.mormail.com> <52ACA620B9066D4C3A5C35D3@lewes.staff.uscs.susx.ac.uk> <4A560C7B.7020301@joreybump.com> Message-ID: At Thu, 09 Jul 2009 11:27:55 -0400, Jorey Bump wrote: Subject: Re: Automatically moving marked mails? > > Ian Eiloart wrote, at 07/09/2009 10:46 AM: > > > > Not true. The MTA can decide *per recipient* whether to accept mail from a > > specific sender. > > How? just return a 4xx or 5xx response to fewer than all of the RCPT TO: commands..... > Please elaborate. What kind of feedback does the sender get when you > reject a message during the SMTP transaction for one recipient, but > deliver it for others? That will depend entirely on what MTA is attempting to make the delivery. -- Greg A. Woods +1 416 218-0098 VE3TCP RoboHack Planix, Inc. Secrets of the Weird From morgan at orst.edu Thu Jul 9 13:35:04 2009 From: morgan at orst.edu (Andrew Morgan) Date: Thu, 9 Jul 2009 10:35:04 -0700 (PDT) Subject: DBERROR with Cyrus 2.2.12 In-Reply-To: <1247155770.6185.89.camel@linux-m3mt> References: <4A5220CA.9020201@raceme.org> <20090706183006.53622tcms9ifsj2m@webmail.uni-tuebingen.de> <4A546B4D.7030002@raceme.org> <4A54DE6C.3050506@raad.tartu.ee> <4A553B23.1050903@harmsconsulting.com> <20090709155832.GD8473@mail.mac.com> <1247155770.6185.89.camel@linux-m3mt> Message-ID: On Thu, 9 Jul 2009, Adam Tauno Williams wrote: >> Would it be helpful to others, it is to me, to include the cited list >> message below on that same wiki page telling others how to convert from >> one backend to another? > > Page 120 - 121 of my 'book' has an example of cvt_cyrusdb > > > Except I just noticed the statement "the server must be online when" > should be "there server must be offline when". BUG! Wow, that's some very nice documentation! I suggest including Adam's detailed instructions in the wiki, rather than my rather vague instructions. :) Andy From morgan at orst.edu Thu Jul 9 13:36:57 2009 From: morgan at orst.edu (Andrew Morgan) Date: Thu, 9 Jul 2009 10:36:57 -0700 (PDT) Subject: Security impact of lmtpd with pre-auth In-Reply-To: <4a5881460907090931h10be4325j4be3f50cfd539167@mail.gmail.com> References: <87ab3gko29.fsf@vostro.rath.org> <4A54366B.4050106@uni-konstanz.de> <87y6qyzt7y.fsf@vostro.rath.org> <4A557A8C.4010001@uni-konstanz.de> <4a5881460907090931h10be4325j4be3f50cfd539167@mail.gmail.com> Message-ID: On Thu, 9 Jul 2009, Reinaldo de Carvalho wrote: > On Thu, Jul 9, 2009 at 2:05 AM, Pascal > Gienger wrote: >> >> Imagine a Cyrus Box only accepting LMTP connections, no sendmail, no >> Postfix, no other SMTP MTA running on it. >> Then imagine a frontend smtp relay delivering directly via LMTP over TCP >> to your Cyrus box. You can use lmtp auth then to prevent other machines >> from directly delivering mails via lmtp. >> >> Pascal > > Set a firewall. Cyrus (and lmtpd) support tcp-wrappers, so it is trivial to allow connections from only your trusted MTA hosts. Still, using lmtp auth is not a bad idea, and it is required in a Cyrus murder environment. Andy From gibblertron at gmail.com Thu Jul 9 19:01:12 2009 From: gibblertron at gmail.com (patrick) Date: Thu, 9 Jul 2009 16:01:12 -0700 Subject: Puzzling error with fresh install of 2.3.14 Message-ID: I've just installed Cyrus IMAP 2.3.14 on a fresh FreeBSD 7.2 machine, and I'm getting some puzzling errors when I start up: Jul 9 15:40:19 marzipan ctl_cyrusdb[11648]: archiving database file: /var/imap/annotations.db Jul 9 15:40:19 marzipan ctl_cyrusdb[11648]: DBERROR: error listing log files: DB_NOTFOUND: No matching key/data pair found Jul 9 15:40:19 marzipan ctl_cyrusdb[11648]: DBERROR: archive /var/imap/db: cyrusdb error Jul 9 15:40:19 marzipan ctl_cyrusdb[11648]: DBERROR: error listing log files: DB_NOTFOUND: No matching key/data pair found Jul 9 15:40:19 marzipan ctl_cyrusdb[11648]: DBERROR: archive /var/imap/db: cyrusdb error Jul 9 15:40:19 marzipan ctl_cyrusdb[11648]: archiving database file: /var/imap/mailboxes.db Jul 9 15:40:19 marzipan ctl_cyrusdb[11648]: DBERROR: error listing log files: DB_NOTFOUND: No matching key/data pair found Jul 9 15:40:19 marzipan ctl_cyrusdb[11648]: DBERROR: archive /var/imap/db: cyrusdb error Jul 9 15:40:19 marzipan ctl_cyrusdb[11648]: DBERROR: error listing log files: DB_NOTFOUND: No matching key/data pair found Jul 9 15:40:19 marzipan ctl_cyrusdb[11648]: DBERROR: archive /var/imap/db: cyrusdb error I've read some suggestions to change the DB format to skiplist for everything (and I know this will get around this error), but I'd really like to figure out what's actually wrong with my setup here. I installed 2.3.13 on a FreeBSD 7.2 system a few months ago, and didn't have any problems at all with the exact same settings. Has anyone seen this before? Thanks, Patrick From gibblertron at gmail.com Thu Jul 9 19:17:01 2009 From: gibblertron at gmail.com (patrick) Date: Thu, 9 Jul 2009 16:17:01 -0700 Subject: Puzzling error with fresh install of 2.3.14 In-Reply-To: References: Message-ID: Okay, I spotted the difference between my two systems. The first one running 2.3.13 has BDB 4.2 installed. The second had BDB 4.1, which is I guess what FreeBSD Ports uses by default if not specified. I upgraded to 4.2 and compiled Cyrus. All is well. Patrick On Thu, Jul 9, 2009 at 4:01 PM, patrick wrote: > I've just installed Cyrus IMAP 2.3.14 on a fresh FreeBSD 7.2 machine, > and I'm getting some puzzling errors when I start up: > > Jul ?9 15:40:19 marzipan ctl_cyrusdb[11648]: archiving database file: > /var/imap/annotations.db > Jul ?9 15:40:19 marzipan ctl_cyrusdb[11648]: DBERROR: error listing > log files: DB_NOTFOUND: No matching key/data pair found > Jul ?9 15:40:19 marzipan ctl_cyrusdb[11648]: DBERROR: archive > /var/imap/db: cyrusdb error > Jul ?9 15:40:19 marzipan ctl_cyrusdb[11648]: DBERROR: error listing > log files: DB_NOTFOUND: No matching key/data pair found > Jul ?9 15:40:19 marzipan ctl_cyrusdb[11648]: DBERROR: archive > /var/imap/db: cyrusdb error > Jul ?9 15:40:19 marzipan ctl_cyrusdb[11648]: archiving database file: > /var/imap/mailboxes.db > Jul ?9 15:40:19 marzipan ctl_cyrusdb[11648]: DBERROR: error listing > log files: DB_NOTFOUND: No matching key/data pair found > Jul ?9 15:40:19 marzipan ctl_cyrusdb[11648]: DBERROR: archive > /var/imap/db: cyrusdb error > Jul ?9 15:40:19 marzipan ctl_cyrusdb[11648]: DBERROR: error listing > log files: DB_NOTFOUND: No matching key/data pair found > Jul ?9 15:40:19 marzipan ctl_cyrusdb[11648]: DBERROR: archive > /var/imap/db: cyrusdb error > > I've read some suggestions to change the DB format to skiplist for > everything (and I know this will get around this error), but I'd > really like to figure out what's actually wrong with my setup here. I > installed 2.3.13 on a FreeBSD 7.2 system a few months ago, and didn't > have any problems at all with the exact same settings. > > Has anyone seen this before? > > Thanks, > > Patrick > From nybbles2byte at gmail.com Thu Jul 9 19:21:18 2009 From: nybbles2byte at gmail.com (Nybbles2Byte) Date: Thu, 9 Jul 2009 16:21:18 -0700 Subject: Cyrus Imap final setup problems In-Reply-To: <4A54D4E4.2000203@olp.net> References: <189608145.20090708092331@gmail.com> <4A54D4E4.2000203@olp.net> Message-ID: <1059572599.20090709162118@gmail.com> Thanks Dan, You hit the nail on the head with the virtual domains. I had someone come in to set this up for me and when I found out they knew as little as I did I took it over. There was a lot to do and moving over to vitual domains I was originally going to do immediatly but later decided to make it a second step. However, I didn't realise that I had left virtualdomains set to true. So, I removed all the data files (since there was no live data yet), turned off virtualdomains (and autocreatequota since it's not needed) and then reran mkimap. With all the data and structures recreated from scratch all the problem seem to have gone away. Now I'll setup the Virtual domains as you suggested and I'll bet it will all be fine. Thanks again! -Reg Wednesday, July 8, 2009, 10:18:28 AM, you wrote: > Nybbles2Byte wrote: >> However, it stopped receiving messages after two tests and looking at >> the logs it said it was at it's quota limit so I went back to cyradm >> to set the quota (I didn't bother the first time so it was at zero) >> and I got a "quota permission denied" error. This was from the same >> admin, I created the user with and it showed that the admin had all >> rights. >> I then used the admin to create another user and immediately tried to >> set the quota of that new user and got the same permission denied >> error. I could however remove the user that I could no set the quota for. > Below, you've specified 'altnamespace: 1'. When connecting via an admin > user, altnamespace is ignored, which may complicate what you're > expecting to see. > Also, you've specified 'autocreatequota: 5', which limits the user to > 5KBs of space. > What do your cyradm createmailbox and setquota commands look like? > You have 'virtdomains: on'. Personally, I prefer configuring > 'virtdomains: userid'. 'doc/install-virtdomains.html' within the source > documents the difference. It might matter when connecting as an admin > user (without specifying a domain name). >> That is my first problem but I have two other as follow: >> Sieve is not working when I try to telnet to it and I get this error: >> neutrino:~ # telnet mydomain.com sieve >> Trying nnn.nn.nn.nn... >> telnet: connect to address nnn.nn.nn.nn: Connection refused > Your sieve entry in cyrus.conf looks correct. Verify that the service is > running with 'fuser 2000/tcp' or 'netstat -an | grep LISTEN | grep > 2000'. If not, there should be something in syslog about why it couldn't > start. Locate where your cyrus binaries are installed (/usr/sbin ?) and > verify there's a timesieved binary located there. > Also, stop cyrus, and make sure something else isn't already listening > on port 2000, like inetd or xinetd. > If it is starting, but crashing somewhere, you can use the debug_command > (in imapd.conf) to trouble shoot. See: > https://langhorst.com/cgi-bin/dwww//usr/share/doc/cyrus21-common/README.Debian.debug.gz > for some usage scenarios. >> The last thing is I am getting a "badlogin" error in my cyrus log as >> you can see below: >> Jul 8 08:12:00 neutrino SeoWS/imap[20686]: badlogin: localhost >> [127.0.0.1] CRAM-MD5 [SASL(-13): user not found: no secret in database] >> Jul 8 08:12:00 neutrino SeoWS/imap[20694]: sql auxprop plugin using >> mysql engine >> Jul 8 08:12:03 neutrino SeoWS/imap[20686]: sql plugin Parse the >> username reg > I don't know what that could be. > - Dan >> # UNIX sockets start with a slash and are put into /var/lib/imap/socket >> SERVICES { >> # DEFAULT DOMAIN >> imap cmd="imapd" listen="imap" >> prefork=0 >> # imaps cmd="imapd -s" listen="imaps" >> prefork=0 >> # pop3 cmd="pop3d" listen="pop3" prefork=0 >> # pop3s cmd="pop3d -s" listen="pop3s" >> prefork=0 >> sieve cmd="timsieved" listen="sieve" >> prefork=0 >> lmtpunix cmd="lmtpd" >> listen="/var/lib/imap/socket/lmtp" prefork=0 >> notify cmd="notifyd" >> listen="/var/lib/imap/socket/notify" proto="udp" prefork=0 >> } >> *IMAPD.CONF >> *altnamespace: 1 >> autocreatequota: 5 >> unixhierarchysep: 1 >> virtdomains: on -- Nybbles2Byte mailto:nybbles2byte at gmail.com -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20090709/9b4e7253/attachment.html From nybbles2byte at gmail.com Fri Jul 10 05:00:49 2009 From: nybbles2byte at gmail.com (Nybbles2Byte) Date: Fri, 10 Jul 2009 02:00:49 -0700 Subject: Cyrus Imap final setup problems In-Reply-To: <4A54D4E4.2000203@olp.net> References: <189608145.20090708092331@gmail.com> <4A54D4E4.2000203@olp.net> Message-ID: <1126126120.20090710020049@gmail.com> Hello Dan, I just wanted to clarify one thing so no one gets the wrong idea. When I rebuilt the data there was still one problem and that was the "badlogin" I was getting. I tracked it down just now to fetchmail polling Cyrus. This must have been a leftover from the guy before because I have never touched fetchmail and don't know anything about it except what I read in the last 30mins. From what I can see it is meant to strengthen the communication between two other parts of a mail system. However, my Postfix and Cyrus are on the same computer so as I see it Fetchmail could do little more than be an overhead. Would you happen to know if that is a fair assessment because I really am very new to all this and I noticed that Fetchmail is not mentioned in either the Postfix or the Cyrus documentation or books I have gathered. Thanks, -Reg Wednesday, July 8, 2009, 10:18:28 AM, you wrote: > Nybbles2Byte wrote: >> However, it stopped receiving messages after two tests and looking at >> the logs it said it was at it's quota limit so I went back to cyradm >> to set the quota (I didn't bother the first time so it was at zero) >> and I got a "quota permission denied" error. This was from the same >> admin, I created the user with and it showed that the admin had all >> rights. >> I then used the admin to create another user and immediately tried to >> set the quota of that new user and got the same permission denied >> error. I could however remove the user that I could no set the quota for. > Below, you've specified 'altnamespace: 1'. When connecting via an admin > user, altnamespace is ignored, which may complicate what you're > expecting to see. > Also, you've specified 'autocreatequota: 5', which limits the user to > 5KBs of space. > What do your cyradm createmailbox and setquota commands look like? > You have 'virtdomains: on'. Personally, I prefer configuring > 'virtdomains: userid'. 'doc/install-virtdomains.html' within the source > documents the difference. It might matter when connecting as an admin > user (without specifying a domain name). >> That is my first problem but I have two other as follow: >> Sieve is not working when I try to telnet to it and I get this error: >> neutrino:~ # telnet mydomain.com sieve >> Trying nnn.nn.nn.nn... >> telnet: connect to address nnn.nn.nn.nn: Connection refused > Your sieve entry in cyrus.conf looks correct. Verify that the service is > running with 'fuser 2000/tcp' or 'netstat -an | grep LISTEN | grep > 2000'. If not, there should be something in syslog about why it couldn't > start. Locate where your cyrus binaries are installed (/usr/sbin ?) and > verify there's a timesieved binary located there. > Also, stop cyrus, and make sure something else isn't already listening > on port 2000, like inetd or xinetd. > If it is starting, but crashing somewhere, you can use the debug_command > (in imapd.conf) to trouble shoot. See: > https://langhorst.com/cgi-bin/dwww//usr/share/doc/cyrus21-common/README.Debian.debug.gz > for some usage scenarios. >> The last thing is I am getting a "badlogin" error in my cyrus log as >> you can see below: >> Jul 8 08:12:00 neutrino SeoWS/imap[20686]: badlogin: localhost >> [127.0.0.1] CRAM-MD5 [SASL(-13): user not found: no secret in database] >> Jul 8 08:12:00 neutrino SeoWS/imap[20694]: sql auxprop plugin using >> mysql engine >> Jul 8 08:12:03 neutrino SeoWS/imap[20686]: sql plugin Parse the >> username reg > I don't know what that could be. > - Dan >> # UNIX sockets start with a slash and are put into /var/lib/imap/socket >> SERVICES { >> # DEFAULT DOMAIN >> imap cmd="imapd" listen="imap" >> prefork=0 >> # imaps cmd="imapd -s" listen="imaps" >> prefork=0 >> # pop3 cmd="pop3d" listen="pop3" prefork=0 >> # pop3s cmd="pop3d -s" listen="pop3s" >> prefork=0 >> sieve cmd="timsieved" listen="sieve" >> prefork=0 >> lmtpunix cmd="lmtpd" >> listen="/var/lib/imap/socket/lmtp" prefork=0 >> notify cmd="notifyd" >> listen="/var/lib/imap/socket/notify" proto="udp" prefork=0 >> } >> *IMAPD.CONF >> *altnamespace: 1 >> autocreatequota: 5 >> unixhierarchysep: 1 >> virtdomains: on -- Nybbles2Byte mailto:nybbles2byte at gmail.com -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20090710/36226d2e/attachment-0001.html From hans.moser at ofd-sth.niedersachsen.de Fri Jul 10 07:05:24 2009 From: hans.moser at ofd-sth.niedersachsen.de (Marc Patermann) Date: Fri, 10 Jul 2009 13:05:24 +0200 Subject: Cyrus Imap final setup problems In-Reply-To: <189608145.20090708092331@gmail.com> References: <189608145.20090708092331@gmail.com> Message-ID: <4A572074.4010605@ofd-sth.niedersachsen.de> Hi, Nybbles2Byte schrieb: > I have a setup with the following: > > OpenSuSE 11.0 (x86_64) > Postfix 2.5.1-28.5 (x86_64) > Cyrus SASL 2.1.22-140.1 (x86_64) > Cyrus Imap 2.3.11-31.1 (x86_64) > MySQL 5.1.35-34.1 > All of these are on the same computer. Yuo can have "newer" version, if you look at http://software.opensuse.org/search I.e. cyrus-imapd-2.3.14-12.1 http://download.opensuse.org/repositories/home:/Marcus_H/openSUSE_11.0/x86_64/cyrus-imapd-2.3.14-12.1.x86_64.rpm I also have an LDAP enabled version for SuSE here. Marc From mills at cc.umanitoba.ca Fri Jul 10 08:33:47 2009 From: mills at cc.umanitoba.ca (Gary Mills) Date: Fri, 10 Jul 2009 07:33:47 -0500 Subject: IOERROR: opening quota file: File name too long Message-ID: <20090710123346.GA3696@cc.umanitoba.ca> We're running cyrus-imapd-2.3.8 on Solaris 10. Recently, the `quota' command failed with this error in syslog: Jun 29 19:58:49 castor quota[27067]: [ID 240394 local6.error] IOERROR: opening quota file /imap/conf/quota/N/user._______.INBOX.INBOX.INBOX.INBOX.INBOX.INBOX.INBOX.INBOX.INBOX.INBOX.INBOX.INBOX.INBOX.INBOX.INBOX.INBOX.INBOX.INBOX.INBOX.INBOX.INBOX.INBOX.INBOX.INBOX.INBOX.INBOX.INBOX.INBOX.INBOX.INBOX.INBOX.INBOX.INBOX.INBOX.INBOX.INBOX.INBOX.INBOX.INBOX.Deleted Messages: File name too long Running it by hand resulted in this error: # /usr/local/cyrus/bin/quota > /var/tmp/1.quota failed building quota list for '*': System I/O error: %m The deeply-nested folder seems to be created by Apple Mail. I could delete it with `cyradm', but the user kept recreating it. Is there a fix for this problem, perhaps in later Cyrus versions? We use the `quota' command to generate over-quota warnings automatically. -- -Gary Mills- -Unix Support- -U of M Academic Computing and Networking- From dwhite at olp.net Fri Jul 10 09:24:59 2009 From: dwhite at olp.net (Dan White) Date: Fri, 10 Jul 2009 08:24:59 -0500 Subject: Cyrus Imap final setup problems In-Reply-To: <1126126120.20090710020049@gmail.com> References: <189608145.20090708092331@gmail.com> <4A54D4E4.2000203@olp.net> <1126126120.20090710020049@gmail.com> Message-ID: <4A57412B.2030704@olp.net> Nybbles2Byte wrote: > Hello Dan, > > I just wanted to clarify one thing so no one gets the wrong idea. When I > rebuilt the data there was still one problem and that was the > "badlogin" I > was getting. I tracked it down just now to fetchmail polling Cyrus. This > must have been a leftover from the guy before because I have never > touched fetchmail and don't know anything about it except what I read > in the last 30mins. > > From what I can see it is meant to strengthen the communication between > two other parts of a mail system. However, my Postfix and Cyrus are on > the same computer so as I see it Fetchmail could do little more than > be an > overhead. Would you happen to know if that is a fair assessment because > I really am very new to all this and I noticed that Fetchmail is not > mentioned in either the Postfix or the Cyrus documentation or books I > have gathered. > > Thanks, > -Reg Reg, Fetchmail's documentation is located here: http://fetchmail.berlios.de/ When I did use fetchmail, it was to download a copy of my email from another provider's POP3 mailserver down into my own personal IMAP server (via local SMTP). I'm not sure why one would configure fetchmail to connect to an IMAP server running on local host. - Dan From tom at thomas-harding.name Fri Jul 10 11:28:28 2009 From: tom at thomas-harding.name (Thomas Harding) Date: Fri, 10 Jul 2009 17:28:28 +0200 Subject: How to _mandatory upgrade to TLS_ with sieve or other cyrus services? Message-ID: <4A575E1C.10406@thomas-harding.name> Hello, I use imaps with a single CA (home made), which make me able to filter users basing on trusted-CA signed certificates. This allows me to restrict user's login on their ability to present a certificate signed by my CA, and only by it (that's what I hope), as I disabled all services but imaps and sieve. However, I can't find how to obtain the same behavior with sieve : it still allows non-encrypted sessions. My version is a Debian packaged one: ii cyrus-imapd-2.2 2.2.13-14+b3 Here the relevant lines of my /etc/imapd.conf : tls_cert_file: /etc/ssl/certs/xxxxxxxxxxx.pem tls_key_file: /etc/ssl/private/xxxxxxxxxxxxxx.key.pem tls_ca_file: /etc/ssl/certs/xxxxxxxxxxxx.pem tls_require_cert: true How to disable non-TLS sessions on sieve, and more generally for any cyrus service? T.Harding From morgan at orst.edu Fri Jul 10 12:02:31 2009 From: morgan at orst.edu (Andrew Morgan) Date: Fri, 10 Jul 2009 09:02:31 -0700 (PDT) Subject: How to _mandatory upgrade to TLS_ with sieve or other cyrus services? In-Reply-To: <4A575E1C.10406@thomas-harding.name> References: <4A575E1C.10406@thomas-harding.name> Message-ID: On Fri, 10 Jul 2009, Thomas Harding wrote: > Hello, > I use imaps with a single CA (home made), which make me able to filter > users basing on trusted-CA signed certificates. > > This allows me to restrict user's login on their ability to present > a certificate signed by my CA, and only by it (that's what I hope), > as I disabled all services but imaps and sieve. > > However, I can't find how to obtain the same behavior with sieve : > it still allows non-encrypted sessions. > > My version is a Debian packaged one: > ii cyrus-imapd-2.2 2.2.13-14+b3 > > > Here the relevant lines of my /etc/imapd.conf : > tls_cert_file: /etc/ssl/certs/xxxxxxxxxxx.pem > tls_key_file: /etc/ssl/private/xxxxxxxxxxxxxx.key.pem > tls_ca_file: /etc/ssl/certs/xxxxxxxxxxxx.pem > tls_require_cert: true > > How to disable non-TLS sessions on sieve, and more generally for any > cyrus service? I can't remember if this setting was in Cyrus 2.2 versions, but have you tried setting: allowplaintext: 0 in your imapd.conf? Andy From tom at thomas-harding.name Fri Jul 10 13:30:54 2009 From: tom at thomas-harding.name (Thomas Harding) Date: Fri, 10 Jul 2009 19:30:54 +0200 Subject: How to _mandatory upgrade to TLS_ with sieve or other cyrus services? In-Reply-To: <4A575E1C.10406@thomas-harding.name> References: <4A575E1C.10406@thomas-harding.name> Message-ID: <4A577ACE.70507@thomas-harding.name> Thomas Harding wrote: > I use imaps with a single CA (home made), which make me able to filter > users basing on trusted-CA signed certificates. > How to disable non-TLS sessions on sieve, and more generally for any > cyrus service? > Answering to my own question: by reading carefully imapd.conf man page :) combining: sasl_mech_list: PLAIN LOGIN with: allowplaintext: no will do the trick. From nybbles2byte at gmail.com Sat Jul 11 07:35:41 2009 From: nybbles2byte at gmail.com (Nybbles2Byte) Date: Sat, 11 Jul 2009 04:35:41 -0700 Subject: Cyrus + Postfix through LMTP problem Message-ID: <817565545.20090711043541@gmail.com> Hello, I seem to have one nagging problem in getting my Cyrus to work in that it won't talk with Postfix. They are on the same computer and are connected through LMTP. I use MySQL for authentication, directly through Postfix and via SASL for Cyrus. I can connect to Cyrus through my email client on another computer to the same email address that Postfix is having a problem with. From the detailed debug log from Postfix it seems to me that Cyrus is rejecting the email but all the detail in the log suggests that Postfix is passing Cyrus the correct information. Being a newbie on Linux and all the components in this setup I could very well be wrong in this conclusion so I am hoping someone much more experienced can shed some light on this problem. Below is all the outputs I could create from sending an email to and from the same account as a test plus all the setup information to go with it - with comments and some other irrelevancies stripped to make a little as possible to look through. I know this is my last problem but I've run out of ideas on where to look to solve it so help would be greatly appreciated! -Reggie ----------------------------------------------------------------------------------------------------- - VERSIONS OF SOFTWARE (all x86_64) ----------------------------------------------------------------------------------------------------- Cyrus-IMAP 2.3.11- 31.1 Cyrus-SASL 2.1.22-140.2 Postfix 2.5. 1- 28.5 ----------------------------------------------------------------------------------------------------- - PROOF OF EXISTENCE OF MAILBOXES ----------------------------------------------------------------------------------------------------- neutrino:/var/mail # cyradm -u root at localhost localhost Password: localhost> lm *@stuv.com user.sales at stuv.com (\HasNoChildren) localhost> ----------------------------------------------------------------------------------------------------- - ADDITIONAL VERIFICATION OF MAILBOXES -> OUTPUT FROM "tree -Ad" on Cyrus data (mailboxes) directory ----------------------------------------------------------------------------------------------------- . ??? domain ? ??? s ? ??? stuv.com ? ??? u ? ??? user^sales ??? stage. ??? sync. ----------------------------------------------------------------------------------------------------- - CYRUS SETUP File: "cyrus.conf" ----------------------------------------------------------------------------------------------------- START { recover cmd="ctl_cyrusdb -r" idled cmd="idled" } SERVICES { imap cmd="imapd" listen="imap" prefork=0 sieve cmd="timsieved" listen="sieve" prefork=0 lmtpunix cmd="lmtpd" listen="/var/lib/imap/socket/lmtp" prefork=0 notify cmd="notifyd" listen="/var/lib/imap/socket/notify" proto="udp" prefork=0 } EVENTS { checkpoint cmd="ctl_cyrusdb -c" period=30 delprune cmd="cyr_expire -E 3" at=0400 tlsprune cmd="tls_prune" at=0400 } ----------------------------------------------------------------------------------------------------- - CYRUS SETUP File: "imap.conf" ----------------------------------------------------------------------------------------------------- sasl_auxprop_plugin: sql sasl_log_level: 7 sasl_mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5 sasl_pwcheck_method: auxprop sasl_sql_hostnames: localhost sasl_sql_user: cyrus sasl_sql_passwd: XXXXXXXXXXXX sasl_sql_database: mail sasl_sql_select: SELECT `password` FROM `accounts` WHERE `user`='%u' AND `realm`='%r' AND `virtual` != 0 sasl_sql_insert: INSERT INTO `accounts` (`user`, `realm`, `password`) VALUES ('%u', '%r', '%v') sasl_sql_update: UPDATE `accounts` SET `user`='%u',`realm`='%r',`password`='%v' WHERE `user`='%u' AND `realm`='%r' admins: cyrus root allowplaintext: 1 altnamespace: 1 anyoneuseracl: 0 auth_mech: unix configdirectory: /var/lib/imap defaultdomain: localhost drachost: localhost dracinterval: 0 foolstupidclients: 1 hashimapspool: 1 improved_mboxlist_sort: 1 lmtp_downcase_rcpt: 1 lmtp_strict_quota: 1 logtimestamps: 1 partition-default: /var/mail/cyrus popsubfolders: 1 poptimeout: 10 sendmail: /usr/sbin/sendmail sievedir: /var/mail/sieve syslog_prefix: SeoWS unixhierarchysep: 1 virtdomains: 1 ----------------------------------------------------------------------------------------------------- - POSTFIX SETUP File: "master.cf" (relevant lines only) ----------------------------------------------------------------------------------------------------- virtual unix - n n - - virtual lmtp unix - - n - - lmtp -v cyrus unix - n n - - pipe user=cyrus argv=/usr/lib/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user} ----------------------------------------------------------------------------------------------------- - POSTFIX SETUP File: "main.cf" ----------------------------------------------------------------------------------------------------- alias_maps = hash:/etc/aliases, mysql:/etc/postfix/mysql-local-aliases.cf command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/lib/postfix debug_peer_level = 7 home_mailbox = Maildir/ html_directory = /usr/share/doc/packages/postfix24/html inet_protocols = all local_destination_concurrency_limit = 5 local_destination_recipient_limit = 300 mail_owner = postfix mailq_path = /usr/bin/mailq manpage_directory = /usr/share/man mydestination = mydomain = stuv.com myhostname = neutrino.stuv.com mynetworks = 192.168.17.0/24, 173.11.84.1, 173.11.84.2, 127.0.0.0/8 myorigin = $mydomain newaliases_path = /usr/bin/newaliases queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/packages/postfix24/README_FILES sample_directory = /usr/share/doc/packages/postfix24/samples sendmail_path = /usr/sbin/sendmail setgid_group = maildrop smtpd_recipient_restrictions = permit_mynetworks, permit_auth_destination, permit_sasl_authenticated, reject_unauth_destination soft_bounce = yes unknown_local_recipient_reject_code = 550 virtual_alias_maps = mysql:/etc/postfix/mysql-virtual-aliases.cf virtual_gid_maps = static:124 virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual-mailbox-domains.cf virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual-mailboxes.cf virtual_transport = lmtp:unix:/var/lib/imap/socket/lmtp virtual_uid_maps = static:1002 ----------------------------------------------------------------------------------------------------- - SASL OUTPUT - File: "auth.log" ----------------------------------------------------------------------------------------------------- Jul 11 03:39:24 neutrino SeoWS/lmtpunix[11084]: sql auxprop plugin using mysql engine ----------------------------------------------------------------------------------------------------- - MySQL QUERY OUTPUT - File: "mysqld-query.log" ----------------------------------------------------------------------------------------------------- 090711 3:39:2414254 Connect postfix at localhost on mail 14254 Query SELECT `send_to` FROM `aliases` WHERE `alias`='stuv.com' AND `virtual` != 0 14255 Connect postfix at localhost on mail 14255 Query SELECT realm FROM accounts WHERE realm='stuv.com' AND `virtual` != 0 LIMIT 1 14256 Connect postfix at localhost on mail 14256 Query SELECT `send_to` FROM `aliases` WHERE `alias`='sales at stuv.com' AND `virtual` != 0 14256 Query SELECT `send_to` FROM `aliases` WHERE `alias`='sales' AND `virtual` != 0 14256 Query SELECT `send_to` FROM `aliases` WHERE `alias`='@stuv.com' AND `virtual` != 0 14257 Connect postfix at localhost on mail 14257 Query SELECT CONCAT(`realm`, '/user.', `user`) AS maildir FROM accounts WHERE CONCAT_WS('@', `user`, `realm`)='sales at stuv.com' AND `virtual` != 0 14258 Connect postfix at localhost on mail 14258 Query SELECT `send_to` FROM `aliases` WHERE `alias`='sales at stuv.com' AND `virtual` != 0 14258 Query SELECT `send_to` FROM `aliases` WHERE `alias`='sales' AND `virtual` != 0 14258 Query SELECT `send_to` FROM `aliases` WHERE `alias`='@stuv.com' AND `virtual` != 0 ----------------------------------------------------------------------------------------------------- - POSTFIX DEBUG LEVEL ON LMTP OUTPUT - File: "mail" ----------------------------------------------------------------------------------------------------- Jul 11 03:39:24 neutrino postfix/lmtp[11083]: smtp_connect_unix: trying: /var/lib/imap/socket/lmtp... Jul 11 03:39:24 neutrino postfix/lmtp[11083]: global TLS level: none Jul 11 03:39:24 neutrino postfix/lmtp[11083]: < neutrino.stuv.com[/var/lib/imap/socket/lmtp]: 220 neutrino LMTP Cyrus v2.3.11 ready Jul 11 03:39:24 neutrino postfix/lmtp[11083]: > neutrino.stuv.com[/var/lib/imap/socket/lmtp]: LHLO neutrino.stuv.com Jul 11 03:39:24 neutrino postfix/lmtp[11083]: < neutrino.stuv.com[/var/lib/imap/socket/lmtp]: 250-neutrino Jul 11 03:39:24 neutrino postfix/lmtp[11083]: < neutrino.stuv.com[/var/lib/imap/socket/lmtp]: 250-8BITMIME Jul 11 03:39:24 neutrino postfix/lmtp[11083]: < neutrino.stuv.com[/var/lib/imap/socket/lmtp]: 250-ENHANCEDSTATUSCODES Jul 11 03:39:24 neutrino postfix/lmtp[11083]: < neutrino.stuv.com[/var/lib/imap/socket/lmtp]: 250-PIPELINING Jul 11 03:39:24 neutrino postfix/lmtp[11083]: < neutrino.stuv.com[/var/lib/imap/socket/lmtp]: 250-SIZE Jul 11 03:39:24 neutrino postfix/lmtp[11083]: < neutrino.stuv.com[/var/lib/imap/socket/lmtp]: 250-AUTH EXTERNAL Jul 11 03:39:24 neutrino postfix/lmtp[11083]: < neutrino.stuv.com[/var/lib/imap/socket/lmtp]: 250 IGNOREQUOTA Jul 11 03:39:24 neutrino postfix/lmtp[11083]: server features: 0xf size 0 Jul 11 03:39:24 neutrino postfix/lmtp[11083]: Using LMTP PIPELINING, TCP send buffer size is 4096 Jul 11 03:39:24 neutrino postfix/lmtp[11083]: > neutrino.stuv.com[/var/lib/imap/socket/lmtp]: MAIL FROM: SIZE=1520 Jul 11 03:39:24 neutrino postfix/lmtp[11083]: > neutrino.stuv.com[/var/lib/imap/socket/lmtp]: RCPT TO: Jul 11 03:39:24 neutrino postfix/lmtp[11083]: > neutrino.stuv.com[/var/lib/imap/socket/lmtp]: DATA Jul 11 03:39:24 neutrino postfix/lmtp[11083]: < neutrino.stuv.com[/var/lib/imap/socket/lmtp]: 250 2.1.0 ok Jul 11 03:39:24 neutrino postfix/lmtp[11083]: < neutrino.stuv.com[/var/lib/imap/socket/lmtp]: 550-Mailbox unknown. Either there is no mailbox associated with this Jul 11 03:39:24 neutrino postfix/lmtp[11083]: < neutrino.stuv.com[/var/lib/imap/socket/lmtp]: 550-name or you do not have authorization to see it. Jul 11 03:39:24 neutrino postfix/lmtp[11083]: < neutrino.stuv.com[/var/lib/imap/socket/lmtp]: 550 5.1.1 User unknown Jul 11 03:39:24 neutrino postfix/lmtp[11083]: connect to subsystem private/defer Jul 11 03:39:24 neutrino postfix/lmtp[11083]: send attr nrequest = 0 Jul 11 03:39:24 neutrino postfix/lmtp[11083]: send attr flags = 0 Jul 11 03:39:24 neutrino postfix/lmtp[11083]: send attr queue_id = 1E8E1D67BB Jul 11 03:39:24 neutrino postfix/lmtp[11083]: send attr original_recipient = sales at stuv.com Jul 11 03:39:24 neutrino postfix/lmtp[11083]: send attr recipient = sales at stuv.com Jul 11 03:39:24 neutrino postfix/lmtp[11083]: send attr offset = 498 Jul 11 03:39:24 neutrino postfix/lmtp[11083]: send attr dsn_orig_rcpt = rfc822;sales at stuv.com Jul 11 03:39:24 neutrino postfix/lmtp[11083]: send attr notify_flags = 0 Jul 11 03:39:24 neutrino postfix/lmtp[11083]: send attr status = 4.1.1 Jul 11 03:39:24 neutrino postfix/lmtp[11083]: send attr diag_type = smtp Jul 11 03:39:24 neutrino postfix/lmtp[11083]: send attr diag_text = 550-Mailbox unknown. Either there is no mailbox associated with this 550-name or you do not have authorization to see it. 550 5.1.1 User unknown Jul 11 03:39:24 neutrino postfix/lmtp[11083]: send attr mta_type = dns Jul 11 03:39:24 neutrino postfix/lmtp[11083]: send attr mta_mname = neutrino.stuv.com Jul 11 03:39:24 neutrino postfix/lmtp[11083]: send attr action = delayed Jul 11 03:39:24 neutrino postfix/lmtp[11083]: send attr reason = host neutrino.stuv.com[/var/lib/imap/socket/lmtp] said: 550-Mailbox unknown. Either there is no mailbox associated with this 550-name or you do not have authorization to see it. 550 5.1.1 User unknown (in reply to RCPT TO command) Jul 11 03:39:24 neutrino postfix/smtpd[11074]: disconnect from unknown[192.168.17.1] Jul 11 03:39:24 neutrino postfix/lmtp[11083]: private/defer socket: wanted attribute: status Jul 11 03:39:24 neutrino postfix/lmtp[11083]: input attribute name: status Jul 11 03:39:24 neutrino postfix/lmtp[11083]: input attribute value: 0 Jul 11 03:39:24 neutrino postfix/lmtp[11083]: private/defer socket: wanted attribute: (list terminator) Jul 11 03:39:24 neutrino postfix/lmtp[11083]: input attribute name: (end) Jul 11 03:39:24 neutrino postfix/lmtp[11083]: 1E8E1D67BB: to=, relay=neutrino.stuv.com[/var/lib/imap/socket/lmtp], delay=0.09, delays=0.03/0.02/0.01/0.04, dsn=4.1.1, status=SOFTBOUNCE (host neutrino.stuv.com[/var/lib/imap/socket/lmtp] said: 550-Mailbox unknown. Either there is no mailbox associated with this 550-name or you do not have authorization to see it. 550 5.1.1 User unknown (in reply to RCPT TO command)) Jul 11 03:39:24 neutrino postfix/lmtp[11083]: < neutrino.stuv.com[/var/lib/imap/socket/lmtp]: 503 5.5.1 No recipients Jul 11 03:39:24 neutrino postfix/lmtp[11083]: > neutrino.stuv.com[/var/lib/imap/socket/lmtp]: RSET Jul 11 03:39:24 neutrino postfix/lmtp[11083]: > neutrino.stuv.com[/var/lib/imap/socket/lmtp]: QUIT Jul 11 03:39:24 neutrino postfix/lmtp[11083]: < neutrino.stuv.com[/var/lib/imap/socket/lmtp]: 250 2.0.0 ok Jul 11 03:39:24 neutrino postfix/lmtp[11083]: name_mask: resource Jul 11 03:39:24 neutrino postfix/lmtp[11083]: name_mask: software Jul 11 03:39:24 neutrino postfix/lmtp[11083]: deliver_request_final: send: "" -1 Jul 11 03:39:24 neutrino postfix/lmtp[11083]: send attr status = Jul 11 03:39:24 neutrino postfix/lmtp[11083]: send attr diag_type = Jul 11 03:39:24 neutrino postfix/lmtp[11083]: send attr diag_text = Jul 11 03:39:24 neutrino postfix/lmtp[11083]: send attr mta_type = Jul 11 03:39:24 neutrino postfix/lmtp[11083]: send attr mta_mname = Jul 11 03:39:24 neutrino postfix/lmtp[11083]: send attr action = Jul 11 03:39:24 neutrino postfix/lmtp[11083]: send attr reason = Jul 11 03:39:24 neutrino postfix/lmtp[11083]: send attr status = 4294967295 Jul 11 03:39:24 neutrino postfix/lmtp[11083]: master_notify: status 1 Jul 11 03:39:24 neutrino postfix/lmtp[11083]: connection closed ----------------------------------------------------------------------------------------------------- - END POSTFIX OUTPUT ----------------------------------------------------------------------------------------------------- -- Reg mailto:nybbles2byte at gmail.com -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20090711/061798fc/attachment-0001.html From michael.menge at zdv.uni-tuebingen.de Sat Jul 11 09:41:53 2009 From: michael.menge at zdv.uni-tuebingen.de (Michael Menge) Date: Sat, 11 Jul 2009 15:41:53 +0200 Subject: Cyrus + Postfix through LMTP problem In-Reply-To: <817565545.20090711043541@gmail.com> References: <817565545.20090711043541@gmail.com> Message-ID: <20090711154153.553376bugzehu6qp@webmail.uni-tuebingen.de> Hi, Quoting Nybbles2Byte : > From the detailed debug log from Postfix it seems to me that Cyrus > is rejecting the email but > all the detail in the log suggests that Postfix is passing Cyrus the > correct information. Being > a newbie on Linux and all the components in this setup I could very > well be wrong in this > conclusion so I am hoping someone much more experienced can shed > some light on this problem. > You created the wrong mailbox, using unixhierarchysep: 1 you need the user/sales at stuv.com > > - PROOF OF EXISTENCE OF MAILBOXES > ----------------------------------------------------------------------------------------------------- > neutrino:/var/mail # cyradm -u root at localhost localhost > Password: > localhost> lm *@stuv.com > user.sales at stuv.com (HasNoChildren) > localhost> > > > ----------------------------------------------------------------------------------------------------- > - ADDITIONAL VERIFICATION OF MAILBOXES -> OUTPUT FROM "tree -Ad" on > Cyrus data (mailboxes) directory > ----------------------------------------------------------------------------------------------------- > . > ??? domain > ? ??? s > ? ??? stuv.com > ? ??? u > ? ??? user^sales > ??? stage. > ??? sync. > > > ----------------------------------------------------------------------------------------------------- > - CYRUS SETUP File: "imap.conf" > ----------------------------------------------------------------------------------------------------- > unixhierarchysep: 1 -------------------------------------------------------------------------------- M.Menge Tel.: (49) 7071/29-70316 Universit?t T?bingen Fax.: (49) 7071/29-5912 Zentrum f?r Datenverarbeitung mail: michael.menge at zdv.uni-tuebingen.de W?chterstra?e 76 72074 T?bingen -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 5339 bytes Desc: S/MIME krytographische Unterschrift Url : http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20090711/cbaf6ee1/attachment.bin From jpb at bordengrammar.kent.sch.uk Sat Jul 11 18:30:08 2009 From: jpb at bordengrammar.kent.sch.uk (J. Pilfold-Bagwell) Date: Sat, 11 Jul 2009 23:30:08 +0100 Subject: Can't log into IMAP but pop3 works Message-ID: <4A591270.70206@bordengrammar.kent.sch.uk> Hi All, I have a problem where I can log into cyrus using POP3 but can't with imap. Telnet sessions return the following: sysadmin at smbserver:~$ telnet localhost 110 Trying 127.0.0.1... Connected to localhost.localdomain. Escape character is '^]'. +OK smbserver Cyrus POP3 v2.2.13-Debian-2.2.13-13ubuntu3 server ready <545339973.1247349499 at smbserver> quit +OK Connection closed by foreign host. sysadmin at smbserver:~$ telnet localhost 143 Trying 127.0.0.1... Connected to localhost.localdomain. Escape character is '^]'. /etc/imap.conf configdirectory: /var/lib/cyrus defaultpartition: default partition-default: /var/spool/cyrus/mail partition-news: /var/spool/cyrus/news newsspool: /var/spool/news altnamespace: no unixhierarchysep: no lmtp_downcase_rcpt: yes admins: cyrus allowanonymouslogin: no popminpoll: 1 autocreatequota: 0 umask: 077 sieveusehomedir: false sievedir: /var/spool/sieve hashimapspool: true allowplaintext: yes sasl_mech_list: PLAIN sasl_pwcheck_method: saslauthd sasl_auto_transition: no tls_ca_path: /etc/ssl/certs tls_session_timeout: 1440 tls_cipher_list: TLSv1+HIGH:!aNULL:@STRENGTH lmtpsocket: /var/run/cyrus/socket/lmtp idlemethod: poll idlesocket: /var/run/cyrus/socket/idle notifysocket: /var/run/cyrus/socket/notify syslog_prefix: cyrus /etc/cyrus.conf START { recover cmd="/usr/sbin/ctl_cyrusdb -r" delprune cmd="/usr/sbin/cyr_expire -E 3" tlsprune cmd="/usr/sbin/tls_prune" } SERVICES { imap cmd="imapd -U 30" listen="imap" prefork=0 maxchild=100 pop3 cmd="pop3d -U 30" listen="pop3" prefork=0 maxchild=50 nntp cmd="nntpd -U 30" listen="nntp" prefork=0 maxchild=100 lmtpunix cmd="lmtpd" listen="/var/run/cyrus/socket/lmtp" prefork=0 maxchild=20 sieve cmd="timsieved" listen="localhost:sieve" prefork=0 maxchild=100 notify cmd="notifyd" listen="/var/run/cyrus/socket/notify" proto="udp" prefork=1 } EVENTS { checkpoint cmd="/usr/sbin/ctl_cyrusdb -c" period=30 delprune cmd="/usr/sbin/cyr_expire -E 3" at=0401 tlsprune cmd="/usr/sbin/tls_prune" at=0401 } Aside from this it works fine. Mail gets delivered to mailboxes etc. just can't use imap. Thanks, Jools From dwhite at olp.net Sat Jul 11 19:14:12 2009 From: dwhite at olp.net (Dan White) Date: Sat, 11 Jul 2009 18:14:12 -0500 Subject: Can't log into IMAP but pop3 works In-Reply-To: <4A591270.70206@bordengrammar.kent.sch.uk> References: <4A591270.70206@bordengrammar.kent.sch.uk> Message-ID: <4A591CC4.1030403@olp.net> J. Pilfold-Bagwell wrote: > Hi All, > > I have a problem where I can log into cyrus using POP3 but can't with > imap. Telnet sessions return the following: > > sysadmin at smbserver:~$ telnet localhost 110 > Trying 127.0.0.1... > Connected to localhost.localdomain. > Escape character is '^]'. > +OK smbserver Cyrus POP3 v2.2.13-Debian-2.2.13-13ubuntu3 server ready > <545339973.1247349499 at smbserver> > quit > +OK > Connection closed by foreign host. > > > sysadmin at smbserver:~$ telnet localhost 143 > Trying 127.0.0.1... > Connected to localhost.localdomain. > Escape character is '^]'. > > Are there any hints in your syslog that something is going awry? - Dan From nybbles2byte at gmail.com Sun Jul 12 01:05:11 2009 From: nybbles2byte at gmail.com (Nybbles2Byte) Date: Sat, 11 Jul 2009 22:05:11 -0700 Subject: Cyrus + Postfix through LMTP problem Message-ID: <144455375.20090711220511@gmail.com> Thanks Michael, That was it. Now it sends, receive and so on, just as it should. I came across a weird global admin problem but I think I'll put this in another post since it is a completely separate issue. -Reg Saturday, July 11, 2009, 6:41:53 AM, you wrote: > Hi, > Quoting Nybbles2Byte : >> From the detailed debug log from Postfix it seems to me that Cyrus >> is rejecting the email but >> all the detail in the log suggests that Postfix is passing Cyrus the >> correct information. Being >> a newbie on Linux and all the components in this setup I could very >> well be wrong in this >> conclusion so I am hoping someone much more experienced can shed >> some light on this problem. > You created the wrong mailbox, using unixhierarchysep: 1 > you need the user/sales at stuv.com >> - PROOF OF EXISTENCE OF MAILBOXES >> ----------------------------------------------------------------------------------------------------- >> neutrino:/var/mail # cyradm -u root at localhost localhost >> Password: >> localhost> lm *@stuv.com >> user.sales at stuv.com (HasNoChildren) >> localhost> >> ----------------------------------------------------------------------------------------------------- >> - ADDITIONAL VERIFICATION OF MAILBOXES -> OUTPUT FROM "tree -Ad" on >> Cyrus data (mailboxes) directory >> ----------------------------------------------------------------------------------------------------- >> . >> ??? domain >> ? ??? s >> ? ??? stuv.com >> ? ??? u >> ? ??? user^sales >> ??? stage. >> ??? sync. >> ----------------------------------------------------------------------------------------------------- >> - CYRUS SETUP File: "imap.conf" >> ----------------------------------------------------------------------------------------------------- >> unixhierarchysep: 1 > -------------------------------------------------------------------------------- > M.Menge Tel.: (49) 7071/29-70316 > Universit?t T?bingen Fax.: (49) 7071/29-5912 > Zentrum f?r Datenverarbeitung mail: > michael.menge at zdv.uni-tuebingen.de > W?chterstra?e 76 > 72074 T?bingen -- Nybbles2Byte mailto:nybbles2byte at gmail.com -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20090711/1e5d720f/attachment.html -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20090711/1e5d720f/attachment-0001.html From garry at glendown.de Mon Jul 13 02:18:46 2009 From: garry at glendown.de (Garry) Date: Mon, 13 Jul 2009 08:18:46 +0200 Subject: Authenticating with LDAP tree ... Message-ID: <4A5AD1C6.6080702@glendown.de> Hi, I'm trying to authenticate users against an LDAP database ... now, I already have that running on several servers that use the "normal" tree setup, something like "cn=username,ou=somebranch,ou=domain,ou=tld", with a search_base of ou=domain,ou=tld. The place I'm trying to configure it for now is using a - AFAICT - rather unusal schema, as they have a tree that uses multiple top level o=, and start underneath there, so there may by user entries like cn=user1,ou=USERS,o=branch1 and cn=user2,ou=USERS,o=branch2 (historically, ldap trees from several locations were just merged together, which led to this) How can I get SASL to search in such a configuration? I already tried a "ou=USERS,o=*" syntax, which I didn't expect to work (and it didn't) Also, I know that saslauthd or other apps will need to check the resulting username/pw, so I tried binding with the DN and PW of an account, resulting in a "Confidentiality required" ... using ldaps:// notation didn't work, as the remote server (Novell eDirectory) probably isn't configured for that, and -Z for TLS also fails with ldap_start_tls: Server is unavailable (52) additional info: TLS services are not available >From what I can find, the message should come up if the server is configured for requiring secure queries, but then I would expect it to also be configured to SUPPORT either one of the methods ... Help appreciated, -garry From iane at sussex.ac.uk Mon Jul 13 05:40:18 2009 From: iane at sussex.ac.uk (Ian Eiloart) Date: Mon, 13 Jul 2009 10:40:18 +0100 Subject: Automatically moving marked mails? In-Reply-To: <4A560C7B.7020301@joreybump.com> References: <4A4B5EDF.9050300@glendown.de> <4A4B6BCF.9040006@ofd-sth.niedersachsen.de> <4A4B7423.7000007@glendown.de> <9D0AFFF5DC118E3B5802AFDD@seana-imac.staff.uscs.susx.ac.uk> <38F2B7E7DF7019FD6425412C@seana-imac.staff.uscs.susx.ac.uk> <4A535443.3060802@joreybump.com> <3CCE216C9F566B96C67D1D91@lewes.staff.uscs.susx.ac.uk> <4A55ED74.6020908@joreybump.com> <20090709095431.63bv4p81s00wswk4@tyr.mormail.com> <52ACA620B9066D4C3A5C35D3@lewes.staff.uscs.susx.ac.uk> <4A560C7B.7020301@joreybump.com> Message-ID: <7EE07C6B74CA48C9B6D404C2@lewes.staff.uscs.susx.ac.uk> --On 9 July 2009 11:27:55 -0400 Jorey Bump wrote: > Ian Eiloart wrote, at 07/09/2009 10:46 AM: >> >> --On 9 July 2009 09:54:31 -0400 Adam Tauno Williams >> wrote: >> >>>>> Ian Eiloart wrote, at 07/09/2009 05:39 AM: >>>>>> Except that the sieve server ought to be on the border MTA, so that >>>>>> the user can tell the server to reject the message at SMTP time. >>>>> That's not feasible for mail with multiple recipients. >>>> It is if your rule is to reject all email from a specific sender. >>> No, because the MTA either accepts or rejects a message [in >>> connection]. >> >> Not true. The MTA can decide *per recipient* whether to accept mail from >> a specific sender. > > How? Well, you have to have the right software to begin with. Some MTA software simply accepts all email, then decides what to do with it. You don't want that type. To understand how this works, you need to understand the SMTP protocol. Perhaps info-cyrus isn't the right place to be explaining that, but read through the example at . Imagine that theboss has blacklisted Bob, but Alice hasn't. -- Ian Eiloart IT Services, University of Sussex 01273-873148 x3148 For new support requests, see http://www.sussex.ac.uk/its/help/ From iane at sussex.ac.uk Mon Jul 13 05:51:59 2009 From: iane at sussex.ac.uk (Ian Eiloart) Date: Mon, 13 Jul 2009 10:51:59 +0100 Subject: Automatically moving marked mails? In-Reply-To: References: <4A4B5EDF.9050300@glendown.de> <4A4B6BCF.9040006@ofd-sth.niedersachsen.de> <4A4B7423.7000007@glendown.de> <9D0AFFF5DC118E3B5802AFDD@seana-imac.staff.uscs.susx.ac.uk> <38F2B7E7DF7019FD6425412C@seana-imac.staff.uscs.susx.ac.uk> <4A535443.3060802@joreybump.com> <3CCE216C9F566B96C67D1D91@lewes.staff.uscs.susx.ac.uk> <4A55ED74.6020908@joreybump.com> <20090709095431.63bv4p81s00wswk4@tyr.mormail.com> <52ACA620B9066D4C3A5C35D3@lewes.staff.uscs.susx.ac.uk> Message-ID: --On 9 July 2009 11:51:32 -0400 "Greg A. Woods" wrote: > At Thu, 09 Jul 2009 15:46:42 +0100, Ian Eiloart wrote: > Subject: Re: Automatically moving marked mails? >> >> There >> probably aren't any SIEVE implementations that do what I suggest, and >> the implementations wouldn't be simple, but there's no principled >> reason that it shouldn't. > > Yes, I suppose something like Sieve could be used by an MTA, and it > could be used in a per-recipient manner. Personally I've found it best > though to leave management of MTA level controls to system managers. We let people create Exim filters at the MTA level, but they operate on delivery not as messages are accepted. They don't have access to all the functionality that a system filter does, but Exim filters have more functionality than Sieve filters. > However Sieve in the context of this mailing list is the one inside > Cyrus IMAP, i.e. the local delivery agent, and it confusing it with > anything that could happen beforehand in the MTA would be very wrong. > > I my very strong opinion the "reject" and "redirect" actions should not > be a part of any valid Sieve implementation. We don't like that much, either. However, I'd be happy to allow users to reject specific senders (a) at SMTP time, or (b) in the event that a positive SPF or DKIM match were found. I don't know of any Sieve implementations that meet those conditions, though. > Luckily the RFC 5228 > removed "reject" as a directly mentioned feature (leaving it only as an > optional extension). They probably should have done the same to > "redirect", and it certainly should not be required to be implemented, > but luckily implementations are required to provide a means of limiting > the number of redirects a script can perform (as well as other required > controls). -- Ian Eiloart IT Services, University of Sussex 01273-873148 x3148 For new support requests, see http://www.sussex.ac.uk/its/help/ From iane at sussex.ac.uk Mon Jul 13 05:54:58 2009 From: iane at sussex.ac.uk (Ian Eiloart) Date: Mon, 13 Jul 2009 10:54:58 +0100 Subject: sieve configuration (was Automatically moving marked mails?) In-Reply-To: References: <9D0AFFF5DC118E3B5802AFDD@seana-imac.staff.uscs.susx.ac.uk> <38F2B7E7DF7019FD6425412C@seana-imac.staff.uscs.susx.ac.uk> <4A535443.3060802@joreybump.com> <3CCE216C9F566B96C67D1D91@lewes.staff.uscs.susx.ac.uk> <20090709153928.GB8473@mail.mac.com> Message-ID: --On 9 July 2009 12:56:24 -0400 "Greg A. Woods" wrote: > At Thu, 9 Jul 2009 10:39:28 -0500, Mike Eggleston > wrote: Subject: sieve configuration (was Automatically moving marked > mails?) >> >> On Thu, 09 Jul 2009, Greg A. Woods might have said: >> > >> > (even use of the vacation feature is questionable, especially since >> > it's not usually configured in the proper way) >> >> And what is the proper way to configure Sieve and vacation? > > Perhaps the best way to explain is to point you at my BSD Vacation v2 > project: > > http://www.planix.com/~woods/projects/BSD-vacation-v2.html > > It's far from perfect, stale due to lack of Round Tuits, etc., but it's > also, IMHO, orders of magnitude better than the original BSD/Sendmail > version too. :-) It sounds a lot like the Exim filter "vacation" implementation. -- Ian Eiloart IT Services, University of Sussex 01273-873148 x3148 For new support requests, see http://www.sussex.ac.uk/its/help/ From Hagedorn at uni-koeln.de Mon Jul 13 06:30:37 2009 From: Hagedorn at uni-koeln.de (Sebastian Hagedorn) Date: Mon, 13 Jul 2009 12:30:37 +0200 Subject: squatter exits with "fatal error: Virtual memory exhausted" on huge mailbox Message-ID: <50DC2A25D0EC9B4E89FB320B@tyrion.rrz.uni-koeln.de> Hi, we run 2.3.14 and we have one user with an enormous mailbox (not his INBOX!). It contains around 230,000 messages. We run squatter with a cronjob on all mailboxes. Recently this one mailbox has apparently become too big for squatter. When I try to squat it in verbose mode, it ends like this: ... Skipping tiny document part 'b563140' (size 0) Opening document part 's563140' Processing index character 7, 5 total words, temp file size is 35 Processing index character 10, 152 total words, temp file size is 1064 Processing index character 13, 152 total words, temp file size is 1064 Processing index character 15, 3 total words, temp file size is 21 Processing index character 23, 5 total words, temp file size is 35 Processing index character 27, 5 total words, temp file size is 35 Processing index character 30, 3 total words, temp file size is 21 Processing index character 32, 12938 total words, temp file size is 66346 Processing index character 33, 2692 total words, temp file size is 11856 Processing index character 39, 12553 total words, temp file size is 57119 Processing index character 40, 60791 total words, temp file size is 203723 Processing index character 41, 57972 total words, temp file size is 195005 Processing index character 42, 20959 total words, temp file size is 68807 Processing index character 43, 51335 total words, temp file size is 172871 Processing index character 44, 78879 total words, temp file size is 270078 Processing index character 45, 183196 total words, temp file size is 588133 Processing index character 46, 233839 total words, temp file size is 756846 Processing index character 47, 56284 total words, temp file size is 195995 Processing index character 48, 226012 total words, temp file size is 701263 Processing index character 49, 168692 total words, temp file size is 530284 Processing index character 50, 153898 total words, temp file size is 487575 Processing index character 51, 122957 total words, temp file size is 391515 Processing index character 52, 100478 total words, temp file size is 322795 Processing index character 53, 81760 total words, temp file size is 265813 Processing index character 54, 78645 total words, temp file size is 258465 Processing index character 55, 83934 total words, temp file size is 272204 Processing index character 56, 82022 total words, temp file size is 266903 Processing index character 57, 76410 total words, temp file size is 250698 Processing index character 58, 135314 total words, temp file size is 437180 Processing index character 59, 44962 total words, temp file size is 151528 Processing index character 60, 49223 total words, temp file size is 197205 Processing index character 61, 39112 total words, temp file size is 133934 Processing index character 62, 110296 total words, temp file size is 363204 Processing index character 63, 3887 total words, temp file size is 18737 Processing index character 64, 60070 total words, temp file size is 233407 Processing index character 88, 238 total words, temp file size is 770 Processing index character 91, 22210 total words, temp file size is 88887 Processing index character 92, 1490 total words, temp file size is 6242 Processing index character 93, 17768 total words, temp file size is 75520 Processing index character 94, 226 total words, temp file size is 962 Processing index character 95, 54059 total words, temp file size is 179583 Processing index character 96, 106 total words, temp file size is 506 Processing index character 97, 389316 total words, temp file size is 1227616 Processing index character 98, 140247 total words, temp file size is 457214 Processing index character 99, 243003 total words, temp file size is 782841 Processing index character 100, 262183 total words, temp file size is 833170 Processing index character 101, 681642 total words, temp file size is 2107147 fatal error: Virtual memory exhausted We will try to get this user to split this mailbox or to clean it up, but I wondered if there is something else we can do. The machine has ample amounts of memory, so I'm unsure why the call to malloc would fail ... -- .:.Sebastian Hagedorn - RZKR-R1 (Geb?ude 52), Zimmer 18.:. .:.Regionales Rechenzentrum (RRZK).:. .:.Universit?t zu K?ln / Cologne University - ? +49-221-478-5587.:. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 194 bytes Desc: not available Url : http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20090713/8c50e2e4/attachment.bin From Pascal.Gienger at uni-konstanz.de Mon Jul 13 07:20:42 2009 From: Pascal.Gienger at uni-konstanz.de (Pascal Gienger) Date: Mon, 13 Jul 2009 13:20:42 +0200 Subject: squatter exits with "fatal error: Virtual memory exhausted" on huge mailbox In-Reply-To: <50DC2A25D0EC9B4E89FB320B@tyrion.rrz.uni-koeln.de> References: <50DC2A25D0EC9B4E89FB320B@tyrion.rrz.uni-koeln.de> Message-ID: <4A5B188A.7010806@uni-konstanz.de> Sebastian Hagedorn schrieb: > Processing index character 101, 681642 total words, temp file size is > 2107147 > fatal error: Virtual memory exhausted 4 GB limit of 32 bit binaries? How much RAM does squatter allocate before it dies? -- Pascal Gienger University of Konstanz, IT Services Department ("Rechenzentrum") Electronic Communications and Web Services Building V, Room V404, Phone +49 7531 88 5048, Fax +49 7531 88 3739 From Hagedorn at uni-koeln.de Mon Jul 13 08:09:40 2009 From: Hagedorn at uni-koeln.de (Sebastian Hagedorn) Date: Mon, 13 Jul 2009 14:09:40 +0200 Subject: squatter exits with "fatal error: Virtual memory exhausted" on huge mailbox In-Reply-To: <4A5B188A.7010806@uni-konstanz.de> References: <50DC2A25D0EC9B4E89FB320B@tyrion.rrz.uni-koeln.de> <4A5B188A.7010806@uni-konstanz.de> Message-ID: --On 13. Juli 2009 13:20:42 +0200 Pascal Gienger wrote: > Sebastian Hagedorn schrieb: >> Processing index character 101, 681642 total words, temp file size is >> 2107147 >> fatal error: Virtual memory exhausted > > 4 GB limit of 32 bit binaries? Perhaps, although I haven't seen it. > How much RAM does squatter allocate before it dies? I monitored the process like this: # while true; do grep VmSize /proc/16815/status; sleep 1; done; The last lines are: VmSize: 2453772 kB VmSize: 2454608 kB VmSize: 2454608 kB VmSize: 2454884 kB VmSize: 2192664 kB VmSize: 2192664 kB Of course it's possible that it then tried to allocate one huge chunk, but I can't see that. Are there better tools to monitor the memory allocation of a process? Thanks! -- .:.Sebastian Hagedorn - RZKR-R1 (Geb?ude 52), Zimmer 18.:. .:.Regionales Rechenzentrum (RRZK).:. .:.Universit?t zu K?ln / Cologne University - ? +49-221-478-5587.:. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 194 bytes Desc: not available Url : http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20090713/67eb9b64/attachment-0001.bin From Pascal.Gienger at uni-konstanz.de Mon Jul 13 08:53:31 2009 From: Pascal.Gienger at uni-konstanz.de (Pascal Gienger) Date: Mon, 13 Jul 2009 14:53:31 +0200 Subject: squatter exits with "fatal error: Virtual memory exhausted" on huge mailbox In-Reply-To: References: <50DC2A25D0EC9B4E89FB320B@tyrion.rrz.uni-koeln.de> <4A5B188A.7010806@uni-konstanz.de> Message-ID: <4A5B2E4B.1030907@uni-konstanz.de> Sebastian Hagedorn schrieb: >>> fatal error: Virtual memory exhausted > Of course it's possible that it then tried to allocate one huge chunk, > but I can't see that. Are there better tools to monitor the memory > allocation of a process? Swap file/partition full? Background: I think the message "Virtual memory exhausted" is coming from your operating system and not from the squatter process. Squatter would have been said switch (err) { case SQUAT_ERR_OUT_OF_MEMORY: fprintf(stderr, "SQUAT: Out of memory (%s)\n", s); break; So I think it is a Virtual Memory/Swap problem in your OS. -- Pascal Gienger University of Konstanz, IT Services Department ("Rechenzentrum") Electronic Communications and Web Services Building V, Room V404, Phone +49 7531 88 5048, Fax +49 7531 88 3739 From Hagedorn at uni-koeln.de Mon Jul 13 09:17:13 2009 From: Hagedorn at uni-koeln.de (Sebastian Hagedorn) Date: Mon, 13 Jul 2009 15:17:13 +0200 Subject: squatter exits with "fatal error: Virtual memory exhausted" on huge mailbox In-Reply-To: <4A5B2E4B.1030907@uni-konstanz.de> References: <50DC2A25D0EC9B4E89FB320B@tyrion.rrz.uni-koeln.de> <4A5B188A.7010806@uni-konstanz.de> <4A5B2E4B.1030907@uni-konstanz.de> Message-ID: <519A6608DF12D452BA1E8080@tyrion.rrz.uni-koeln.de> --On 13. Juli 2009 14:53:31 +0200 Pascal Gienger wrote: > Sebastian Hagedorn schrieb: >>>> fatal error: Virtual memory exhausted > >> Of course it's possible that it then tried to allocate one huge chunk, >> but I can't see that. Are there better tools to monitor the memory >> allocation of a process? > > Swap file/partition full? Unlikely. > Background: > I think the message "Virtual memory exhausted" is coming from your > operating system and not from the squatter process. I disagree. > Squatter would have been said > > switch (err) { > case SQUAT_ERR_OUT_OF_MEMORY: > fprintf(stderr, "SQUAT: Out of memory (%s)\n", s); > break; But: lib/xmalloc.c: fatal("Virtual memory exhausted", EC_TEMPFAIL); This code actually can't be reached: b->buf = (char*)xrealloc(b->buf, len); if (b->buf == NULL) { squat_set_last_error(SQUAT_ERR_OUT_OF_MEMORY); return NULL; } If the xrealloc fails, the "fatal" above is called within that routine. -- .:.Sebastian Hagedorn - RZKR-R1 (Geb?ude 52), Zimmer 18.:. .:.Regionales Rechenzentrum (RRZK).:. .:.Universit?t zu K?ln / Cologne University - ? +49-221-478-5587.:. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 194 bytes Desc: not available Url : http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20090713/f59936cc/attachment.bin From gombasg at sztaki.hu Mon Jul 13 09:36:07 2009 From: gombasg at sztaki.hu (Gabor Gombas) Date: Mon, 13 Jul 2009 15:36:07 +0200 Subject: squatter exits with "fatal error: Virtual memory exhausted" on huge mailbox In-Reply-To: References: <50DC2A25D0EC9B4E89FB320B@tyrion.rrz.uni-koeln.de> <4A5B188A.7010806@uni-konstanz.de> Message-ID: <20090713133607.GA2859@boogie.lpds.sztaki.hu> On Mon, Jul 13, 2009 at 02:09:40PM +0200, Sebastian Hagedorn wrote: > >4 GB limit of 32 bit binaries? > > Perhaps, although I haven't seen it. That's only 3GB by default, 1GB of address space is reserved for the kernel. Also, the stack, the executable, and all the shared libraries the executable uses also occupy some address space. > Of course it's possible that it then tried to allocate one huge > chunk, but I can't see that. Are there better tools to monitor the > memory allocation of a process? strace -e trace=brk,mmap,munmap (well, this actually traces glibc's memory management, but it should show the failure). Gabor -- --------------------------------------------------------- MTA SZTAKI Computer and Automation Research Institute Hungarian Academy of Sciences --------------------------------------------------------- From Hagedorn at uni-koeln.de Mon Jul 13 10:01:36 2009 From: Hagedorn at uni-koeln.de (Sebastian Hagedorn) Date: Mon, 13 Jul 2009 16:01:36 +0200 Subject: squatter exits with "fatal error: Virtual memory exhausted" on huge mailbox In-Reply-To: <20090713133607.GA2859@boogie.lpds.sztaki.hu> References: <50DC2A25D0EC9B4E89FB320B@tyrion.rrz.uni-koeln.de> <4A5B188A.7010806@uni-konstanz.de> <20090713133607.GA2859@boogie.lpds.sztaki.hu> Message-ID: --On 13. Juli 2009 15:36:07 +0200 Gabor Gombas wrote: > On Mon, Jul 13, 2009 at 02:09:40PM +0200, Sebastian Hagedorn wrote: > >> > 4 GB limit of 32 bit binaries? >> >> Perhaps, although I haven't seen it. > > That's only 3GB by default, 1GB of address space is reserved for the > kernel. Also, the stack, the executable, and all the shared libraries > the executable uses also occupy some address space. Good to know. >> Of course it's possible that it then tried to allocate one huge >> chunk, but I can't see that. Are there better tools to monitor the >> memory allocation of a process? > > strace -e trace=brk,mmap,munmap (well, this actually traces glibc's > memory management, but it should show the failure). You. I had to specify mmap2, but then I see this: mmap2(NULL, 267374592, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2218b000 mmap2(NULL, 858675, PROT_READ, MAP_SHARED, 43, 0) = 0x220b9000 munmap(0x220b9000, 858675) = 0 munmap(0x2218b000, 267374592) = 0 mmap2(NULL, 682827776, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) brk(0) = 0x993d000 brk(0x32483000) = 0x993d000 mmap2(NULL, 682962944, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) mmap2(NULL, 2097152, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_NORESERVE, -1, 0) = 0x337c1000 munmap(0x337c1000, 258048) = 0 munmap(0x33900000, 790528) = 0 mmap2(NULL, 682827776, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = -1 ENOMEM (Cannot allocate memory) fatal error: Virtual memory exhausted So it really tries to allocate a rather large chunk! I guess that's one more reason to switch to 64-bit when we make he move to RHEL 5. Thanks! -- .:.Sebastian Hagedorn - RZKR-R1 (Geb?ude 52), Zimmer 18.:. .:.Regionales Rechenzentrum (RRZK).:. .:.Universit?t zu K?ln / Cologne University - ? +49-221-478-5587.:. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 194 bytes Desc: not available Url : http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20090713/9249615c/attachment.bin From craigwhite at azapple.com Mon Jul 13 12:42:36 2009 From: craigwhite at azapple.com (Craig White) Date: Mon, 13 Jul 2009 09:42:36 -0700 Subject: Authenticating with LDAP tree ... In-Reply-To: <4A5AD1C6.6080702@glendown.de> References: <4A5AD1C6.6080702@glendown.de> Message-ID: <1247503356.3032.69.camel@lin-workstation.azapple.com> On Mon, 2009-07-13 at 08:18 +0200, Garry wrote: > Hi, > > I'm trying to authenticate users against an LDAP database ... now, I > already have that running on several servers that use the "normal" tree > setup, something like "cn=username,ou=somebranch,ou=domain,ou=tld", with > a search_base of ou=domain,ou=tld. The place I'm trying to configure it > for now is using a - AFAICT - rather unusal schema, as they have a tree > that uses multiple top level o=, and start underneath there, so there > may by user entries like > > cn=user1,ou=USERS,o=branch1 > and cn=user2,ou=USERS,o=branch2 > > (historically, ldap trees from several locations were just merged > together, which led to this) > > How can I get SASL to search in such a configuration? I already tried a > "ou=USERS,o=*" syntax, which I didn't expect to work (and it didn't) > > Also, I know that saslauthd or other apps will need to check the > resulting username/pw, so I tried binding with the DN and PW of an > account, resulting in a "Confidentiality required" ... using ldaps:// > notation didn't work, as the remote server (Novell eDirectory) probably > isn't configured for that, and -Z for TLS also fails with > > ldap_start_tls: Server is unavailable (52) > additional info: TLS services are not available > > >From what I can find, the message should come up if the server is > configured for requiring secure queries, but then I would expect it to > also be configured to SUPPORT either one of the methods ... > > Help appreciated, ---- I believe that to use ldap_tls, you have to configure the certs properly. If you need to use sasl and not passwords embedded in ldap, then this may not be of much use but you should be able to set ldap_filter: (|(cn=%s,ou=USERS,o=branch1)(cn=%s,ou=USERS,o=branch2)) and leave the search base blank for multiple locations of users Craig -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From nodens2099 at gmail.com Mon Jul 13 13:00:11 2009 From: nodens2099 at gmail.com (=?UTF-8?Q?Cl=C3=A9ment_Hermann_=28nodens=29?=) Date: Mon, 13 Jul 2009 19:00:11 +0200 Subject: Automatically moving marked mails? In-Reply-To: References: <4A4B5EDF.9050300@glendown.de> <4A535443.3060802@joreybump.com> <3CCE216C9F566B96C67D1D91@lewes.staff.uscs.susx.ac.uk> <4A55ED74.6020908@joreybump.com> <20090709095431.63bv4p81s00wswk4@tyr.mormail.com> <52ACA620B9066D4C3A5C35D3@lewes.staff.uscs.susx.ac.uk> Message-ID: <73c61560907131000wb1fea1di30f386f3c046bee0@mail.gmail.com> A milter such as mimedefang could allow you to do filtering on a per-user basis on the mta level, if you are willing to write a lot of (perl in case of mimedefang) code. Actually, this is implemented in the commercial solution based on mimedefang, canit-pro (roaringpenguin.com) : each user can have his own "flow" and trigger filtering, including spf or greylisting if the administrator allows it. Nothing to do with cyrus, or even sieve, though ;-) (Please excuse top posting, gmail android client is suboptimal) -- Clement Hermann On 7 13, 2009 11:54 AM, "Ian Eiloart" wrote: --On 9 July 2009 11:51:32 -0400 "Greg A. Woods" wrote: > At Thu, 09 Jul 2009 15:46:42 +0100, Ian Eiloart wrote: > Subject: Re: Automat... We let people create Exim filters at the MTA level, but they operate on delivery not as messages are accepted. They don't have access to all the functionality that a system filter does, but Exim filters have more functionality than Sieve filters. > However Sieve in the context of this mailing list is the one inside > Cyrus IMAP, i.e. the local ... We don't like that much, either. However, I'd be happy to allow users to reject specific senders (a) at SMTP time, or (b) in the event that a positive SPF or DKIM match were found. I don't know of any Sieve implementations that meet those conditions, though. > Luckily the RFC 5228 > removed "reject" as a directly mentioned feature (leaving it only as an > ... Ian Eiloart IT Services, University of Sussex 01273-873148 x3148 For new support requests, see http:... Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki Li... -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20090713/37b18358/attachment.html From sbingram at gmail.com Mon Jul 13 16:07:51 2009 From: sbingram at gmail.com (Steven Ingram) Date: Mon, 13 Jul 2009 13:07:51 -0700 Subject: cyrus-imapd replication configuration options Message-ID: <6f26b03c0907131307m49239656t3142f58a6e654e90@mail.gmail.com> Are there any configuration options that cannot be present in the imapd.conf file when using replication? I am running the CentOS 5.3 version of cyrus-imapd (2.3.7-2.el5_3.2) and receive the error "imap1 sync_client[25737]: connect(sm1.4test.net) failed: Invalid argument" every time I attempt a manual sync. While I believe that this version has a bug that prevents replication, I want to make sure I don't have extraneous options in my imapd.conf file that could be causing this error before I submit a bug report. imapd.conf: configdirectory: /var/lib/imap partition-default: /var/spool/imap admins: cyrus lmtp_admins: lmtp altnamespace: yes sievedir: /var/lib/imap/sieve sendmail: /usr/sbin/sendmail autocreateinboxfolders: Sent|Trash|Drafts|Junk autocreatequota: 1048576 hashimapspool: true sasl_pwcheck_method: saslauthd sasl_mech_list: PLAIN sasl_minimum_layer: 0 allowplaintext: 0 tls_cert_file: /etc/pki/cyrus-imapd/imap1.4test.net.crt tls_key_file: /etc/pki/cyrus-imapd/imap1.4test.net.key tls_ca_file: /etc/pki/cyrus-imapd/ca-bundle.crt tls_require_cert: 0 virtdomains: on defaultdomain: 4test.net lmtp_downcase_rcpt: true sync_host: sm1.4test.net sync_authname: cyrus sync_realm: 4test.net sync_password: secret sync_log: 1 From ngatsis at qbit.gr Tue Jul 14 02:47:18 2009 From: ngatsis at qbit.gr (Nikos Gatsis) Date: Tue, 14 Jul 2009 09:47:18 +0300 Subject: SAM need help Message-ID: <4A5C29F6.9090400@qbit.gr> Hello list. I need some help for setaclmailbox. For example, I want info user to be able to append fax user's emails. I give: > sam user.fax user.info append > lam user.fax_wwide > user.info lrsip > fax lrswipkxtecda Now, the question is how to see fax emails from info account. I user windows thunderbird, last edition. I make imap connection for info user and In subscribe menu I should see fax users folders (inbox, trash etc) but I dont. What I'm doing wrong? Thank you in advance Nikos From Hagedorn at uni-koeln.de Tue Jul 14 03:42:49 2009 From: Hagedorn at uni-koeln.de (Sebastian Hagedorn) Date: Tue, 14 Jul 2009 09:42:49 +0200 Subject: SAM need help In-Reply-To: <4A5C29F6.9090400@qbit.gr> References: <4A5C29F6.9090400@qbit.gr> Message-ID: <0CFF65387DA5D42ECAC05067@tyrion.rrz.uni-koeln.de> --On 14. Juli 2009 09:47:18 +0300 Nikos Gatsis wrote: > I need some help for setaclmailbox. > For example, I want info user to be able to append fax user's emails. > I give: > >> sam user.fax user.info append >> lam user.fax_wwide >> user.info lrsip >> fax lrswipkxtecda > > Now, the question is how to see fax emails from info account. > I user windows thunderbird, last edition. > I make imap connection for info user and In subscribe menu I should see > fax users folders (inbox, trash etc) but I dont. > What I'm doing wrong? You are giving the right to a mailbox, not a user. I think you want: sam user.fax info append The first argument (user.fax) is a mailbox, the second argument (info) is a user. -- .:.Sebastian Hagedorn - RZKR-R1 (Geb?ude 52), Zimmer 18.:. .:.Regionales Rechenzentrum (RRZK).:. .:.Universit?t zu K?ln / Cologne University - ? +49-221-478-5587.:. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 194 bytes Desc: not available Url : http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20090714/8b87406d/attachment.bin From ngatsis at qbit.gr Tue Jul 14 04:44:48 2009 From: ngatsis at qbit.gr (Nikos Gatsis) Date: Tue, 14 Jul 2009 11:44:48 +0300 Subject: SAM need help In-Reply-To: <0CFF65387DA5D42ECAC05067@tyrion.rrz.uni-koeln.de> References: <4A5C29F6.9090400@qbit.gr> <0CFF65387DA5D42ECAC05067@tyrion.rrz.uni-koeln.de> Message-ID: <4A5C4580.7010907@qbit.gr> Sebastian Hagedorn wrote: > --On 14. Juli 2009 09:47:18 +0300 Nikos Gatsis wrote: > >> I need some help for setaclmailbox. >> For example, I want info user to be able to append fax user's emails. >> I give: >> >>> sam user.fax user.info append >>> lam user.fax_wwide >>> user.info lrsip >>> fax lrswipkxtecda >> >> Now, the question is how to see fax emails from info account. >> I user windows thunderbird, last edition. >> I make imap connection for info user and In subscribe menu I should see >> fax users folders (inbox, trash etc) but I dont. >> What I'm doing wrong? > > You are giving the right to a mailbox, not a user. I think you want: > > sam user.fax info append > > The first argument (user.fax) is a mailbox, the second argument (info) > is a user. It works! Thank you very much! -- ------------------------------------------------------------------------ *?????? ????? - Gatsis Nikos* Web developer tel.: 2108256721 - 2108256722 fax: 2108256712 email: ngatsis at qbit.gr http://www.qbit.gr -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20090714/150ea870/attachment.html From baconm at email.unc.edu Tue Jul 14 13:45:08 2009 From: baconm at email.unc.edu (Michael Bacon) Date: Tue, 14 Jul 2009 13:45:08 -0400 Subject: Strange LMTP crash Message-ID: <999E581CA3A45CFAE15EEC68@dhcp00032.its.unc.edu> Hi, all, I'm working through a bizarre segfault from lmtpd that occurs following a rcpt to: command. The best I can describe what's going on is that somehow the NULL value stored in the authstate pointer is getting changed to 0x1010101 when passed to the verify_user function. Here's a relevant GDB snippet: #5 0x00025950 in process_recipient (addr=0x172fbf "", namespace=0x162610, ignorequota=0, verify_user=0x21310 , msg=0x179c08) at /opt/local/src/cyrus-imapd-2.3.14/imap/lmtpengine.c:901 901 in /opt/local/src/cyrus-imapd-2.3.14/imap/lmtpengine.c (gdb) print msg->authstate $7 = (struct auth_state *) 0x0 (gdb) print *msg $8 = {data = 0x0, f = 0x0, id = 0x0, size = 0, return_path = 0x172f58 "", rcpt = 0x172188, rcpt_num = 0, authuser = 0x0, authstate = 0x0, rock = 0x0, hdrcache = 0x17dda0} (gdb) down #4 0x0002163c in verify_user (user=0x16f950 "baconm", domain=0x0, mailbox=0x0, quotacheck=0, authstate=0x1010101) at /opt/local/src/cyrus-imapd-2.3.14/imap/lmtpd.c:1037 So process_recipient is calling verify_user with the correct value from msg->authstate (0x0, although this is odd, since by this point I should be authenticated, but whatever...). Once the process enters verify_user, however, gdb shows that value as 0x1010101. At some point down the line, the code checks to see if there's a value in the pointer, and because there is, it proceeds to try to dereference 0x1010101 (in strcmp), resulting in the SEGV. I'm still looking, but has anyone seen anything like this before? -Michael Backtrace below: #0 0xfec31b60 in strcmp () from /lib/libc.so.1 #1 0x000a1a94 in mymemberof (auth_state=0x1010101, identifier=0x172ff8 "baconm") at /opt/local/src/cyrus-imapd-2.3.14/lib/auth_unix.c:84 #2 0x000a18d0 in auth_memberof (auth_state=0x1010101, identifier=0x172ff8 "baconm") at /opt/local/src/cyrus-imapd-2.3.14/lib/auth.c:94 #3 0x000a1110 in cyrus_acl_myrights (auth_state=0x1010101, acl=0x172ff8 "baconm") at /opt/local/src/cyrus-imapd-2.3.14/lib/acl_afs.c:91 #4 0x0002163c in verify_user (user=0x16f950 "baconm", domain=0x0, mailbox=0x0, quotacheck=0, authstate=0x1010101) at /opt/local/src/cyrus-imapd-2.3.14/imap/lmtpd.c:1037 #5 0x00025950 in process_recipient (addr=0x172fbf "", namespace=0x162610, ignorequota=0, verify_user=0x21310 , msg=0x179c08) at /opt/local/src/cyrus-imapd-2.3.14/imap/lmtpengine.c:901 #6 0x0002801c in lmtpmode (func=0x158024, pin=0x179a38, pout=0x179ab0, fd=0) at /opt/local/src/cyrus-imapd-2.3.14/imap/lmtpengine.c:1534 #7 0x0001ec3c in service_main (argc=1, argv=0x16f618, envp=0xffbffcd4) at /opt/local/src/cyrus-imapd-2.3.14/imap/lmtpd.c:299 #8 0x0001e610 in main (argc=1, argv=0xffbffccc, envp=0xffbffcd4) at /opt/local/src/cyrus-imapd-2.3.14/master/service.c:540 From bhc at pitt.edu Tue Jul 14 13:51:17 2009 From: bhc at pitt.edu (Ben Carter) Date: Tue, 14 Jul 2009 13:51:17 -0400 Subject: Strange LMTP crash In-Reply-To: <999E581CA3A45CFAE15EEC68@dhcp00032.its.unc.edu> References: <999E581CA3A45CFAE15EEC68@dhcp00032.its.unc.edu> Message-ID: <4A5CC595.8050104@pitt.edu> Michael Bacon wrote: > Hi, all, > > I'm working through a bizarre segfault from lmtpd that occurs following a > rcpt to: command. The best I can describe what's going on is that somehow > the NULL value stored in the authstate pointer is getting changed to > 0x1010101 when passed to the verify_user function. Here's a relevant GDB > snippet: > > #5 0x00025950 in process_recipient (addr=0x172fbf "", namespace=0x162610, > ignorequota=0, verify_user=0x21310 , msg=0x179c08) > at /opt/local/src/cyrus-imapd-2.3.14/imap/lmtpengine.c:901 > 901 in /opt/local/src/cyrus-imapd-2.3.14/imap/lmtpengine.c > (gdb) print msg->authstate > $7 = (struct auth_state *) 0x0 > (gdb) print *msg > $8 = {data = 0x0, f = 0x0, id = 0x0, size = 0, > return_path = 0x172f58 "", rcpt = 0x172188, > rcpt_num = 0, authuser = 0x0, authstate = 0x0, rock = 0x0, > hdrcache = 0x17dda0} > (gdb) down > #4 0x0002163c in verify_user (user=0x16f950 "baconm", domain=0x0, > mailbox=0x0, quotacheck=0, authstate=0x1010101) > at /opt/local/src/cyrus-imapd-2.3.14/imap/lmtpd.c:1037 > > > So process_recipient is calling verify_user with the correct value from > msg->authstate (0x0, although this is odd, since by this point I should be > authenticated, but whatever...). Once the process enters verify_user, > however, gdb shows that value as 0x1010101. > > At some point down the line, the code checks to see if there's a value in > the pointer, and because there is, it proceeds to try to dereference > 0x1010101 (in strcmp), resulting in the SEGV. > > I'm still looking, but has anyone seen anything like this before? > > -Michael > > Backtrace below: > > > > #0 0xfec31b60 in strcmp () from /lib/libc.so.1 > #1 0x000a1a94 in mymemberof (auth_state=0x1010101, > identifier=0x172ff8 "baconm") > at /opt/local/src/cyrus-imapd-2.3.14/lib/auth_unix.c:84 > #2 0x000a18d0 in auth_memberof (auth_state=0x1010101, > identifier=0x172ff8 "baconm") > at /opt/local/src/cyrus-imapd-2.3.14/lib/auth.c:94 > #3 0x000a1110 in cyrus_acl_myrights (auth_state=0x1010101, > acl=0x172ff8 "baconm") > at /opt/local/src/cyrus-imapd-2.3.14/lib/acl_afs.c:91 > #4 0x0002163c in verify_user (user=0x16f950 "baconm", domain=0x0, > mailbox=0x0, quotacheck=0, authstate=0x1010101) > at /opt/local/src/cyrus-imapd-2.3.14/imap/lmtpd.c:1037 > #5 0x00025950 in process_recipient (addr=0x172fbf "", namespace=0x162610, > ignorequota=0, verify_user=0x21310 , msg=0x179c08) > at /opt/local/src/cyrus-imapd-2.3.14/imap/lmtpengine.c:901 > #6 0x0002801c in lmtpmode (func=0x158024, pin=0x179a38, pout=0x179ab0, > fd=0) > at /opt/local/src/cyrus-imapd-2.3.14/imap/lmtpengine.c:1534 > #7 0x0001ec3c in service_main (argc=1, argv=0x16f618, envp=0xffbffcd4) > at /opt/local/src/cyrus-imapd-2.3.14/imap/lmtpd.c:299 > #8 0x0001e610 in main (argc=1, argv=0xffbffccc, envp=0xffbffcd4) > at /opt/local/src/cyrus-imapd-2.3.14/master/service.c:540 > > ---- > Cyrus Home Page: http://cyrusimap.web.cmu.edu/ > Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html I already found this. The quota that is passed to verify_user() by process_recipient() has to be a quota_t, not an int. A patch was already submitted. Ben -- Ben Carter University of Pittsburgh/CSSD bhc at pitt.edu 412-624-6470 From baconm at email.unc.edu Tue Jul 14 14:33:17 2009 From: baconm at email.unc.edu (Michael Bacon) Date: Tue, 14 Jul 2009 14:33:17 -0400 Subject: Strange LMTP crash In-Reply-To: <4A5CC595.8050104@pitt.edu> References: <999E581CA3A45CFAE15EEC68@dhcp00032.its.unc.edu> <4A5CC595.8050104@pitt.edu> Message-ID: <82A28E8CBB300DF0899E4C37@dhcp00032.its.unc.edu> --On July 14, 2009 1:51:17 PM -0400 Ben Carter wrote: > Michael Bacon wrote: >> Hi, all, >> >> I'm working through a bizarre segfault from lmtpd that occurs following >> a rcpt to: command. The best I can describe what's going on is that >> somehow the NULL value stored in the authstate pointer is getting >> changed to 0x1010101 when passed to the verify_user function. Here's a >> relevant GDB snippet: > > > > I already found this. The quota that is passed to verify_user() by > process_recipient() has to be a quota_t, not an int. A patch was already > submitted. > > Ben > > -- > Ben Carter > University of Pittsburgh/CSSD > bhc at pitt.edu > 412-624-6470 Thank you! Just for the record, was this essentially your patch? Index: lmtpengine.c =================================================================== RCS file: /cvs/src/cyrus/imap/lmtpengine.c,v retrieving revision 1.129 diff -u -r1.129 lmtpengine.c --- lmtpengine.c 8 Oct 2008 15:47:08 -0000 1.129 +++ lmtpengine.c 14 Jul 2009 18:32:16 -0000 @@ -809,7 +809,7 @@ static int process_recipient(char *addr, struct namespace *namespace, int ignorequota, int (*verify_user)(const char *, const char *, - char *, long, + char *, quota_t, struct auth_state *), message_data_t *msg) { From simon.matter at invoca.ch Tue Jul 14 14:49:00 2009 From: simon.matter at invoca.ch (Simon Matter) Date: Tue, 14 Jul 2009 20:49:00 +0200 Subject: Strange LMTP crash In-Reply-To: <82A28E8CBB300DF0899E4C37@dhcp00032.its.unc.edu> References: <999E581CA3A45CFAE15EEC68@dhcp00032.its.unc.edu> <4A5CC595.8050104@pitt.edu> <82A28E8CBB300DF0899E4C37@dhcp00032.its.unc.edu> Message-ID: <612d0c258e2cea88e10bf904a1e0f714.squirrel@webmail.bi.corp.invoca.ch> > --On July 14, 2009 1:51:17 PM -0400 Ben Carter wrote: > >> Michael Bacon wrote: >>> Hi, all, >>> >>> I'm working through a bizarre segfault from lmtpd that occurs following >>> a rcpt to: command. The best I can describe what's going on is that >>> somehow the NULL value stored in the authstate pointer is getting >>> changed to 0x1010101 when passed to the verify_user function. Here's >>> a >>> relevant GDB snippet: >> >> >> >> I already found this. The quota that is passed to verify_user() by >> process_recipient() has to be a quota_t, not an int. A patch was >> already >> submitted. >> >> Ben >> >> -- >> Ben Carter >> University of Pittsburgh/CSSD >> bhc at pitt.edu >> 412-624-6470 > > > Thank you! Just for the record, was this essentially your patch? I think you are looking for this one: http://github.com/brong/cyrus-imapd/commit/ec1bfcf6a1db9c86cbf55b9c25d7eb044dbbe51b#diff-0 Question to the official maintainers: Wouldn't it make sense to release a 2.3.15 just to get rid of those issues? Regards, Simon From brong at fastmail.fm Wed Jul 15 09:10:09 2009 From: brong at fastmail.fm (Bron Gondwana) Date: Wed, 15 Jul 2009 23:10:09 +1000 Subject: Strange LMTP crash In-Reply-To: <612d0c258e2cea88e10bf904a1e0f714.squirrel@webmail.bi.corp.invoca.ch> References: <999E581CA3A45CFAE15EEC68@dhcp00032.its.unc.edu> <4A5CC595.8050104@pitt.edu> <82A28E8CBB300DF0899E4C37@dhcp00032.its.unc.edu> <612d0c258e2cea88e10bf904a1e0f714.squirrel@webmail.bi.corp.invoca.ch> Message-ID: <20090715131009.GB17189@brong.net> On Tue, Jul 14, 2009 at 08:49:00PM +0200, Simon Matter wrote: > I think you are looking for this one: > http://github.com/brong/cyrus-imapd/commit/ec1bfcf6a1db9c86cbf55b9c25d7eb044dbbe51b#diff-0 > > Question to the official maintainers: Wouldn't it make sense to release a > 2.3.15 just to get rid of those issues? I'm on holiday at the moment, but I have a small list of things to look at in Cyrus soon after I get back (in particular, we got some strangeness after what looks like it was an INBOX.sub => INBOX.sub.other rename, and I want to double check exactly what happened) But yeah, I agree that it's definitely time for 2.3.15 with all the stable patches we have floating around. Bron ( by the way, it's probably worth CCing Ken directly if you want his input - he often doesn't get time to read all of info-cyrus ) From dbecker at cpicorp.com Wed Jul 15 10:23:31 2009 From: dbecker at cpicorp.com (Derek Chen-Becker) Date: Wed, 15 Jul 2009 09:23:31 -0500 Subject: Lockers keeps going higher... Message-ID: <4A5DE663.7020508@cpicorp.com> This morning mail delivery via lmtp was slowing to a crawl. When I look in the logs, the only unusual thing that I see are the lines: Jul 13 15:32:13 ssmail lmtpunix[24474]: [ID 366844 local6.info] DBMSG: 27 lockers Jul 15 00:00:48 ssmail lmtpunix[4411]: [ID 366844 local6.info] DBMSG: 148 lockers Jul 15 00:10:48 ssmail lmtpunix[22170]: [ID 366844 local6.info] DBMSG: 618 lockers Jul 15 00:30:49 ssmail lmtpunix[3294]: [ID 366844 local6.info] DBMSG: 680 lockers Jul 15 08:10:58 ssmail lmtpunix[4002]: [ID 366844 local6.info] DBMSG: 1642 lockers It just keeps going up and up. Eventually I restarted master and then things went back down to about 20-25 lockers and my postfix delivery queue emptied from about 2500 queued messages to 50 in about 3 minutes. Is this related, or is this just a red herring? Thanks, Derek -- ---------------------------------------------------------------------- Derek Chen-Becker Senior Network Engineer, Security Architect CPI Corp, Inc. 1706 Washington Ave St. Louis, MO 63103 Phone: 314-231-7711 x6455 Fax: 314-613-6724 dbecker at cpicorp.com PGP Key available from public key servers Fingerprint: E4C4 26C0 8588 E80A C29F 636D 1FBE 0FE3 2871 4AE8 ---------------------------------------------------------------------- From Eric.Luyten at vub.ac.be Wed Jul 15 10:32:43 2009 From: Eric.Luyten at vub.ac.be (Eric Luyten) Date: Wed, 15 Jul 2009 16:32:43 +0200 (CEST) Subject: Lockers keeps going higher... In-Reply-To: <4A5DE663.7020508@cpicorp.com> References: <4A5DE663.7020508@cpicorp.com> Message-ID: <65180.134.184.15.103.1247668363.squirrel@nuts.vub.ac.be> On Wed, July 15, 2009 4:23 pm, Derek Chen-Becker wrote: > This morning mail delivery via lmtp was slowing to a crawl. When I look > in the logs, the only unusual thing that I see are the lines: > > Jul 13 15:32:13 ssmail lmtpunix[24474]: [ID 366844 local6.info] DBMSG: > 27 lockers > Jul 15 00:00:48 ssmail lmtpunix[4411]: [ID 366844 local6.info] DBMSG: > 148 lockers > Jul 15 00:10:48 ssmail lmtpunix[22170]: [ID 366844 local6.info] DBMSG: > 618 lockers > Jul 15 00:30:49 ssmail lmtpunix[3294]: [ID 366844 local6.info] DBMSG: > 680 lockers > Jul 15 08:10:58 ssmail lmtpunix[4002]: [ID 366844 local6.info] DBMSG: > 1642 lockers > > > It just keeps going up and up. Eventually I restarted master and then > things went back down to about 20-25 lockers and my postfix delivery queue > emptied from about 2500 queued messages to 50 in about 3 minutes. Is this > related, or is this just a red herring? Derek, If I were you I'd start by checking the Postfix logs to see whether the server had to process an abnormally high number of new message deliveries in a given timeframe. You may also learn something from the "delay=xxx" part of your Postfix/lmtp log lines. Compare to last week's and last month's figures. Regards, Eric Luyten, Computing Centre, db3 locker number rarely going above 10 From simon.matter at invoca.ch Wed Jul 15 10:52:20 2009 From: simon.matter at invoca.ch (Simon Matter) Date: Wed, 15 Jul 2009 16:52:20 +0200 Subject: Lockers keeps going higher... In-Reply-To: <4A5DE663.7020508@cpicorp.com> References: <4A5DE663.7020508@cpicorp.com> Message-ID: <9ea764d85c391bef465140a99d4c2f1a.squirrel@webmail.bi.corp.invoca.ch> > This morning mail delivery via lmtp was slowing to a crawl. When I look > in the logs, the only unusual thing that I see are the lines: > > Jul 13 15:32:13 ssmail lmtpunix[24474]: [ID 366844 local6.info] DBMSG: > 27 lockers > Jul 15 00:00:48 ssmail lmtpunix[4411]: [ID 366844 local6.info] DBMSG: > 148 lockers > Jul 15 00:10:48 ssmail lmtpunix[22170]: [ID 366844 local6.info] DBMSG: > 618 lockers > Jul 15 00:30:49 ssmail lmtpunix[3294]: [ID 366844 local6.info] DBMSG: > 680 lockers > Jul 15 08:10:58 ssmail lmtpunix[4002]: [ID 366844 local6.info] DBMSG: > 1642 lockers > > It just keeps going up and up. Eventually I restarted master and then > things went back down to about 20-25 lockers and my postfix delivery > queue emptied from about 2500 queued messages to 50 in about 3 minutes. > Is this related, or is this just a red herring? My suggestion would be to switch to skiplist and get rid of those "lockers". I never heard anyone complaining after switching to skiplist. The listarchives can tell you more about it. Regards, Simon From baconm at email.unc.edu Wed Jul 15 11:37:10 2009 From: baconm at email.unc.edu (Michael Bacon) Date: Wed, 15 Jul 2009 11:37:10 -0400 Subject: Solaris, SEAM krb5, and com_err Message-ID: <62F029689923897905E063C6@dhcp00032.its.unc.edu> This is not so much a problem with Cyrus but a cautionary tale about using Solaris's SEAM implementation of com_err. I'd be curious if anyone else has run into the same problem. After building it in initially and designing our new murder cluster to use GSSAPI for all inter-host communication, catastrophically bad performance on the part of the krb5 authorization module when built with SEAM caused us to abandon it for PLAIN+TLS for now. However, I still had the krb5 code built into the binaries. On these builds, everything worked properly, except that our error codes didn't work right -- at the successful completion of a command, we'd get " OK Unknown code 54" and so forth. This drove me crazy trying to debug, before I finally realized that while autoconf had built everything using the Cyrus com_err distribution, Sun, in their infinite wisdom, put a partial, broken version of com_err directly into libkrb5.so. I'm not sure why the linker didn't catch the multiple versions of com_err and error_message (perhaps because one was dynamic and one was static). However, the result is that while the error tables were generated to the Cyrus com_err spec, functions like error_message were getting overridden by the ghost versions in libkrb5. Is anyone successfully using Solaris 10+SEAM for krb5? Thanks, Michael Bacon ITS Messaging UNC Chapel Hill From dbecker at cpicorp.com Wed Jul 15 15:20:52 2009 From: dbecker at cpicorp.com (Derek Chen-Becker) Date: Wed, 15 Jul 2009 14:20:52 -0500 Subject: Lockers keeps going higher... In-Reply-To: <9ea764d85c391bef465140a99d4c2f1a.squirrel@webmail.bi.corp.invoca.ch> References: <4A5DE663.7020508@cpicorp.com> <9ea764d85c391bef465140a99d4c2f1a.squirrel@webmail.bi.corp.invoca.ch> Message-ID: <4A5E2C14.2090302@cpicorp.com> > > My suggestion would be to switch to skiplist and get rid of those > "lockers". I never heard anyone complaining after switching to skiplist. > The listarchives can tell you more about it. > > Regards, > Simon > As far as I know I did switch to skiplist. I upgraded to 2.3 from a 2.1 install and one of the steps was: rm -f /var/imap/db/* cp /var/imap/mailboxes.db /var/imap/mailboxes.db.old cvt_cyrusdb /var/imap/mailboxes.db berkeley /var/imap/mailboxes.db.new skiplist mv /var/imap/mailboxes.db.new /var/imap/mailboxes.db rm -f /var/imap/db/* touch /var/imap/db/skipstamp chown -R cyrus:other /var/imap for fl in `find /var/imap/user name \*.seen`; do /usr/cyrus/bin/cvt_cyrusdb $fl flat ${fl}.new skiplist; mv ${fl}.new $fl; done Is there something besides mailboxes.db and the user .seen files that should be converted? Also, the load on the box in terms of connections and messages is roughly equivalent as other days when this doesn't happen. I looked through postfix and I noticed these errors: Jul 15 08:10:58 ssmail postfix/lmtp[23685]: [ID 197553 mail.info] 10C722DB6E0: to=, relay=cpimail.cpicorp.com[/var/imap/socket/lmtp], delay=29096, delays=19403/5509/3583/600, dsn=4.4.2, status=deferred (conversation with cpimail.cpicorp.com[/var/imap/socket/lmtp] timed out while sending end of data -- message may be sent more than once) Jul 15 08:10:58 ssmail postfix/lmtp[23915]: [ID 197553 mail.info] 1D1AA2DB845: to=, relay=cpimail.cpicorp.com[/var/imap/socket/lmtp], delay=29038, delays=19345/6092/3001/600, dsn=4.4.2, status=deferred (conversation with cpimail.cpicorp.com[/var/imap/socket/lmtp] timed out while sending end of data -- message may be sent more than once) Postfix is configured with a hard limit of 10 concurrent lmtp processes. Is that too high? If it happens again, does anyone have some dtrace scripts for figuring out what lmtpd is doing? Thanks, Derek -- ---------------------------------------------------------------------- Derek Chen-Becker Senior Network Engineer, Security Architect CPI Corp, Inc. 1706 Washington Ave St. Louis, MO 63103 Phone: 314-231-7711 x6455 Fax: 314-613-6724 dbecker at cpicorp.com PGP Key available from public key servers Fingerprint: E4C4 26C0 8588 E80A C29F 636D 1FBE 0FE3 2871 4AE8 ---------------------------------------------------------------------- From simon.matter at invoca.ch Wed Jul 15 16:21:09 2009 From: simon.matter at invoca.ch (Simon Matter) Date: Wed, 15 Jul 2009 22:21:09 +0200 Subject: Lockers keeps going higher... In-Reply-To: <4A5E2C14.2090302@cpicorp.com> References: <4A5DE663.7020508@cpicorp.com> <9ea764d85c391bef465140a99d4c2f1a.squirrel@webmail.bi.corp.invoca.ch> <4A5E2C14.2090302@cpicorp.com> Message-ID: <11aa4d1edc1c12da08540cb34c53acb6.squirrel@webmail.bi.corp.invoca.ch> >> >> My suggestion would be to switch to skiplist and get rid of those >> "lockers". I never heard anyone complaining after switching to skiplist. >> The listarchives can tell you more about it. >> >> Regards, >> Simon >> > > As far as I know I did switch to skiplist. I upgraded to 2.3 from a 2.1 > install and one of the steps was: > > rm -f /var/imap/db/* > cp /var/imap/mailboxes.db /var/imap/mailboxes.db.old > cvt_cyrusdb /var/imap/mailboxes.db berkeley /var/imap/mailboxes.db.new > skiplist > mv /var/imap/mailboxes.db.new /var/imap/mailboxes.db > rm -f /var/imap/db/* > touch /var/imap/db/skipstamp > chown -R cyrus:other /var/imap > for fl in `find /var/imap/user name \*.seen`; do > /usr/cyrus/bin/cvt_cyrusdb $fl flat ${fl}.new skiplist; mv ${fl}.new > $fl; done > > Is there something besides mailboxes.db and the user .seen files that I'm quite sure in your case the problem is with duplicate_db (deliver.db). Otherwise you wouldn't see those locker errors because they are not coming from skiplist. So I suggest to convert deliver.db the same way to skiplist. > should be converted? Also, the load on the box in terms of connections > and messages is roughly equivalent as other days when this doesn't > happen. I looked through postfix and I noticed these errors: > > Jul 15 08:10:58 ssmail postfix/lmtp[23685]: [ID 197553 mail.info] > 10C722DB6E0: to=, > relay=cpimail.cpicorp.com[/var/imap/socket/lmtp], delay=29096, > delays=19403/5509/3583/600, dsn=4.4.2, status=deferred (conversation > with cpimail.cpicorp.com[/var/imap/socket/lmtp] timed out while sending > end of data -- message may be sent more than once) > > Jul 15 08:10:58 ssmail postfix/lmtp[23915]: [ID 197553 mail.info] > 1D1AA2DB845: to=, > relay=cpimail.cpicorp.com[/var/imap/socket/lmtp], delay=29038, > delays=19345/6092/3001/600, dsn=4.4.2, status=deferred (conversation > with cpimail.cpicorp.com[/var/imap/socket/lmtp] timed out while sending > end of data -- message may be sent more than once) > > Postfix is configured with a hard limit of 10 concurrent lmtp processes. > Is that too high? If it happens again, does anyone have some dtrace > scripts for figuring out what lmtpd is doing? I don't even remember how I configured the postfix limits on larger systems but 10 concurrent lmtp connections doesn't seem bad. I'm quite sure that should not be a problem. Simon From dbecker at cpicorp.com Wed Jul 15 17:23:12 2009 From: dbecker at cpicorp.com (Derek Chen-Becker) Date: Wed, 15 Jul 2009 16:23:12 -0500 Subject: Lockers keeps going higher... In-Reply-To: <11aa4d1edc1c12da08540cb34c53acb6.squirrel@webmail.bi.corp.invoca.ch> References: <4A5DE663.7020508@cpicorp.com> <9ea764d85c391bef465140a99d4c2f1a.squirrel@webmail.bi.corp.invoca.ch> <4A5E2C14.2090302@cpicorp.com> <11aa4d1edc1c12da08540cb34c53acb6.squirrel@webmail.bi.corp.invoca.ch> Message-ID: <4A5E48C0.2020405@cpicorp.com> Simon Matter wrote: > I'm quite sure in your case the problem is with duplicate_db (deliver.db). > Otherwise you wouldn't see those locker errors because they are not coming > from skiplist. So I suggest to convert deliver.db the same way to > skiplist. This thread seems to indicate that using skiplist for deliver.db isn't optimal: http://lists.andrew.cmu.edu/pipermail/info-cyrus/2005-September/019694.html My question would be, if I can only ever have 10 concurrent lmtpd processes running (based on my postfix config), how can I possibly have 1600+ lockers on the database? Is there some code path that isn't releasing the lock on deliver.db? Thanks, Derek -- ---------------------------------------------------------------------- Derek Chen-Becker Senior Network Engineer, Security Architect CPI Corp, Inc. 1706 Washington Ave St. Louis, MO 63103 Phone: 314-231-7711 x6455 Fax: 314-613-6724 dbecker at cpicorp.com PGP Key available from public key servers Fingerprint: E4C4 26C0 8588 E80A C29F 636D 1FBE 0FE3 2871 4AE8 ---------------------------------------------------------------------- From brong at fastmail.fm Wed Jul 15 19:44:16 2009 From: brong at fastmail.fm (Bron Gondwana) Date: Thu, 16 Jul 2009 09:44:16 +1000 Subject: Lockers keeps going higher... In-Reply-To: <4A5E48C0.2020405@cpicorp.com> References: <4A5DE663.7020508@cpicorp.com> <9ea764d85c391bef465140a99d4c2f1a.squirrel@webmail.bi.corp.invoca.ch> <4A5E2C14.2090302@cpicorp.com> <11aa4d1edc1c12da08540cb34c53acb6.squirrel@webmail.bi.corp.invoca.ch> <4A5E48C0.2020405@cpicorp.com> Message-ID: <20090715234415.GA5295@brong.net> On Wed, Jul 15, 2009 at 04:23:12PM -0500, Derek Chen-Becker wrote: > Simon Matter wrote: > > I'm quite sure in your case the problem is with duplicate_db (deliver.db). > > Otherwise you wouldn't see those locker errors because they are not coming > > from skiplist. So I suggest to convert deliver.db the same way to > > skiplist. > > This thread seems to indicate that using skiplist for deliver.db isn't > optimal: > > http://lists.andrew.cmu.edu/pipermail/info-cyrus/2005-September/019694.html It may be a little bit faster, but we haven't noticed any difference when we switched to using skiplist about a month ago. In the past when the skiplist backend was as buggy as whatever, it probably would have caused some pain - but it's had a LOT of polishing done on it. There might still be bugs of course, but it's had stacks of testing. > My question would be, if I can only ever have 10 concurrent lmtpd > processes running (based on my postfix config), how can I possibly have > 1600+ lockers on the database? Is there some code path that isn't > releasing the lock on deliver.db? I really don't know, I haven't dug deeply into the Berkeley backend. I suspect Cyrus must be doing _something_ wrong, becase it seems to have more BDB issues than any other software that uses it (note: "wrong" could just mean exercising bits of the API that other software doesn't, and that aren't tested as well.) Bron. From gavin.gray at ed.ac.uk Thu Jul 16 05:21:40 2009 From: gavin.gray at ed.ac.uk (Gavin Gray) Date: Thu, 16 Jul 2009 10:21:40 +0100 Subject: upgrading a 2.2.12 murder to 2.3.14 Message-ID: <20090716102140.87nwvnbxgkk8kcck@www.staffmail.ed.ac.uk> We are planning towards upgrading our existing murder. The murder has four front ends, three backends and separate mupdate and lmtp servers. We want to move from version 2.2.12 to 2.3.14 so that we can make use of delayed expunge an possible replication. We have several thousand users currently having 4 TB of mail. Any comments on the following would be welcome: 1. We plan to gradually migrate users from the existing backend machines to new backend servers running 2.3.14 that have been integrated into our murder. We plan to do this using xfer. Although this is very time consuming we are under the impression that cyrus recommends using imap itself to do migrations rather than trying underlying filesystem copies of some kind. 2. We should end up then with our existing murder but with three backends running 2.3.14. We then plan to upgrade the other machines in the murder to 2.3.14 in the following order: frontends then lmtp and finally the mupdate server. Does this make sense? 3. As part of our preparation for this work we have been experimenting with cyrus replication. The replication protocol seems pretty solid, however we have some concerns about how to make use of it in our upgrade. We are considering having a replicant machine for each of the new backends. But this makes the migration even slower. In our tests, if we migrate users via xfer to a machine that is doing rolling replication, the replication takes around three times as long to complete as the xfer. Does anyone have any experience of migrating to a replicating environment? many thanks, Gavin Gray -- Gavin Gray Edinburgh University Information Services Rm 2013 JCMB Kings Buildings Edinburgh EH9 3JZ UK tel +44 (0)131 650 5987 email gavin.gray at ed.ac.uk -- The University of Edinburgh is a charitable body, registered in Scotland, with registration number SC005336. -- The University of Edinburgh is a charitable body, registered in Scotland, with registration number SC005336. From dave64 at andrew.cmu.edu Thu Jul 16 07:42:46 2009 From: dave64 at andrew.cmu.edu (Dave McMurtrie) Date: Thu, 16 Jul 2009 07:42:46 -0400 Subject: upgrading a 2.2.12 murder to 2.3.14 In-Reply-To: <20090716102140.87nwvnbxgkk8kcck@www.staffmail.ed.ac.uk> References: <20090716102140.87nwvnbxgkk8kcck@www.staffmail.ed.ac.uk> Message-ID: <4A5F1236.8060505@andrew.cmu.edu> Gavin Gray wrote: > We are planning towards upgrading our existing murder. The murder has > four front ends, three backends and separate mupdate and lmtp servers. > We want to move from version 2.2.12 to 2.3.14 so that we can make use > of delayed expunge an possible replication. > > We have several thousand users currently having 4 TB of mail. > > Any comments on the following would be welcome: > > 1. We plan to gradually migrate users from the existing backend > machines to new backend servers running 2.3.14 that have been > integrated into our murder. We plan to do this using xfer. Although > this is very time consuming we are under the impression that cyrus > recommends using imap itself to do migrations rather than trying > underlying filesystem copies of some kind. > That sounds fine. > 2. We should end up then with our existing murder but with three > backends running 2.3.14. We then plan to upgrade the other machines in > the murder to 2.3.14 in the following order: frontends then lmtp and > finally the mupdate server. Does this make sense? > I can't think of anything that would make the order matter, so this also is fine. > 3. As part of our preparation for this work we have been experimenting > with cyrus replication. The replication protocol seems pretty solid, > however we have some concerns about how to make use of it in our > upgrade. We are considering having a replicant machine for each of the > new backends. But this makes the migration even slower. In our tests, > if we migrate users via xfer to a machine that is doing rolling > replication, the replication takes around three times as long to > complete as the xfer. Does anyone have any experience of migrating to > a replicating environment? Perhaps consider treating the migration and replication as two separate things. It's not that you have to for technical reasons, but it will probably make your life less complicated. Nothing stops you from enabling replication once you're all done with the upgrade. Thanks, Dave -- Dave McMurtrie, SPE Email Systems Team Leader Carnegie Mellon University, Computing Services From gavin.gray at ed.ac.uk Thu Jul 16 09:22:34 2009 From: gavin.gray at ed.ac.uk (Gavin Gray) Date: Thu, 16 Jul 2009 14:22:34 +0100 Subject: upgrading a 2.2.12 murder to 2.3.14 In-Reply-To: <4A5F1236.8060505@andrew.cmu.edu> References: <20090716102140.87nwvnbxgkk8kcck@www.staffmail.ed.ac.uk> <4A5F1236.8060505@andrew.cmu.edu> Message-ID: <20090716142234.qzikvm0tckgscw4g@www.staffmail.ed.ac.uk> Quoting Dave McMurtrie : >> 3. As part of our preparation for this work we have been experimenting >> with cyrus replication. The replication protocol seems pretty solid, >> however we have some concerns about how to make use of it in our >> upgrade. We are considering having a replicant machine for each of the >> new backends. But this makes the migration even slower. In our tests, >> if we migrate users via xfer to a machine that is doing rolling >> replication, the replication takes around three times as long to >> complete as the xfer. Does anyone have any experience of migrating to >> a replicating environment? > > Perhaps consider treating the migration and replication as two separate > things. It's not that you have to for technical reasons, but it will > probably make your life less complicated. Nothing stops you from > enabling replication once you're all done with the upgrade. > Hi, thanks for getting back to me... Assuming we do do the migration first, how would you suggest we subsequently enable replication? Can we just start the sync_client doing rolling replication, or should we do an initial replication of all users by running sync_client manually with a list of users? -- Gavin Gray Edinburgh University Information Services Rm 2013 JCMB Kings Buildings Edinburgh EH9 3JZ UK tel +44 (0)131 650 5987 email gavin.gray at ed.ac.uk -- The University of Edinburgh is a charitable body, registered in Scotland, with registration number SC005336. -- The University of Edinburgh is a charitable body, registered in Scotland, with registration number SC005336. From dave64 at andrew.cmu.edu Thu Jul 16 09:24:56 2009 From: dave64 at andrew.cmu.edu (Dave McMurtrie) Date: Thu, 16 Jul 2009 09:24:56 -0400 Subject: upgrading a 2.2.12 murder to 2.3.14 In-Reply-To: <20090716142234.qzikvm0tckgscw4g@www.staffmail.ed.ac.uk> References: <20090716102140.87nwvnbxgkk8kcck@www.staffmail.ed.ac.uk> <4A5F1236.8060505@andrew.cmu.edu> <20090716142234.qzikvm0tckgscw4g@www.staffmail.ed.ac.uk> Message-ID: <4A5F2A28.8060506@andrew.cmu.edu> Gavin Gray wrote: > Assuming we do do the migration first, how would you suggest we > subsequently enable replication? Can we just start the sync_client doing > rolling replication, or should we do an initial replication of all users > by running sync_client manually with a list of users? We enabled it by first doing a manual sync with a list of users, then turning on rolling replication. Thanks, Dave -- Dave McMurtrie, SPE Email Systems Team Leader Carnegie Mellon University, Computing Services From michael.menge at zdv.uni-tuebingen.de Thu Jul 16 09:45:08 2009 From: michael.menge at zdv.uni-tuebingen.de (Michael Menge) Date: Thu, 16 Jul 2009 15:45:08 +0200 Subject: upgrading a 2.2.12 murder to 2.3.14 In-Reply-To: <20090716142234.qzikvm0tckgscw4g@www.staffmail.ed.ac.uk> References: <20090716102140.87nwvnbxgkk8kcck@www.staffmail.ed.ac.uk> <4A5F1236.8060505@andrew.cmu.edu> <20090716142234.qzikvm0tckgscw4g@www.staffmail.ed.ac.uk> Message-ID: <20090716154508.763620r8objc7l5w@webmail.uni-tuebingen.de> Quoting Gavin Gray : > > Assuming we do do the migration first, how would you suggest we > subsequently enable replication? Can we just start the sync_client > doing rolling replication, or should we do an initial replication of > all users by running sync_client manually with a list of users? > > Hi, You need both rolling replication and one replication of all users. The rolling replication will only sync what has changed. So if a user recieves new mail, rolling replication will sync the mailbox, but not the sieve scripts or the subscribtion list. It does not matter if you do the sync of all users befor running rolling replication or while running rolling replication. While the initial replication is not complete the synclog may grow, but cyrus will catch up. -------------------------------------------------------------------------------- M.Menge Tel.: (49) 7071/29-70316 Universit?t T?bingen Fax.: (49) 7071/29-5912 Zentrum f?r Datenverarbeitung mail: michael.menge at zdv.uni-tuebingen.de W?chterstra?e 76 72074 T?bingen -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 5339 bytes Desc: S/MIME krytographische Unterschrift Url : http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20090716/b743aa60/attachment.bin From rudy.gevaert at ugent.be Thu Jul 16 09:53:14 2009 From: rudy.gevaert at ugent.be (Rudy Gevaert) Date: Thu, 16 Jul 2009 15:53:14 +0200 Subject: upgrading a 2.2.12 murder to 2.3.14 In-Reply-To: <20090716154508.763620r8objc7l5w@webmail.uni-tuebingen.de> References: <20090716102140.87nwvnbxgkk8kcck@www.staffmail.ed.ac.uk> <4A5F1236.8060505@andrew.cmu.edu> <20090716142234.qzikvm0tckgscw4g@www.staffmail.ed.ac.uk> <20090716154508.763620r8objc7l5w@webmail.uni-tuebingen.de> Message-ID: <20090716155314.17353hjpd4uzvaa2@langoest.ugent.be> Hi, Citeren Michael Menge : > You need both rolling replication and one replication of all users. > The rolling replication will only sync what has changed. So if a user > recieves new mail, rolling replication will sync the mailbox, but not > the sieve scripts or the subscribtion list. It does not matter if you do > the sync of all users befor running rolling replication or while > running rolling replication. > > While the initial replication is not complete the synclog may grow, > but cyrus will catch up. I wonder if it is possible to run sync to two different servers. Anyone? -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- Rudy Gevaert Rudy.Gevaert at UGent.be tel:+32 9 264 4734 Directie ICT, afd. Infrastructuur Direction ICT, Infrastructure dept. Groep Systemen Systems group Universiteit Gent Ghent University Krijgslaan 281, gebouw S9, 9000 Gent, Belgie www.UGent.be -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- From bawood at umich.edu Thu Jul 16 10:55:57 2009 From: bawood at umich.edu (Brian Awood) Date: Thu, 16 Jul 2009 10:55:57 -0400 Subject: upgrading a 2.2.12 murder to 2.3.14 In-Reply-To: <20090716102140.87nwvnbxgkk8kcck@www.staffmail.ed.ac.uk> References: <20090716102140.87nwvnbxgkk8kcck@www.staffmail.ed.ac.uk> Message-ID: <200907161055.58059.bawood@umich.edu> On Thursday 16 July 2009 @ 05:21, Gavin Gray wrote: > 2. We should end up then with our existing murder but with three > backends running 2.3.14. We then plan to upgrade the other machines > in the murder to 2.3.14 in the following order: frontends then lmtp > and finally the mupdate server. Does this make sense? This is the order we did our 2.2->2.3 migration in, although technically it shouldn't make much difference. We ran a mixed environment for quite a while (2.2 frontends and 2.3 backends) because we wanted to enable unified murder on the 2.3 frontends so they wouldn't ask mupdate for a mailbox location on every connection. We had a separate patch that gave us this behavior in 2.2. > 3. As part of our preparation for this work we have been > experimenting with cyrus replication. The replication protocol > seems pretty solid, however we have some concerns about how to make > use of it in our upgrade. We are considering having a replicant > machine for each of the new backends. But this makes the migration > even slower. In our tests, if we migrate users via xfer to a > machine that is doing rolling replication, the replication takes > around three times as long to complete as the xfer. Does anyone > have any experience of migrating to a replicating environment? replication is significantly slower than xfer, but it shouldn't affect the speed of xfer. We wrote some scripts to prevent xfer from getting too far ahead of replication. Since our replicas are a key part of our DR/backup strategy, we never would want to get in a situation where a large amount of data wasn't replicated. In your situation it shouldn't matter since the data is not replicated currently, you should just be able to enable rolling replication and let it catch up. If you still would like to keep xfer from getting too far ahead of replication, I can probably post the scripts we use for this. -Brian From nic at onlight.com Thu Jul 16 11:05:56 2009 From: nic at onlight.com (Nic Bernstein) Date: Thu, 16 Jul 2009 10:05:56 -0500 Subject: upgrading a 2.2.12 murder to 2.3.14 In-Reply-To: <200907161055.58059.bawood@umich.edu> References: <20090716102140.87nwvnbxgkk8kcck@www.staffmail.ed.ac.uk> <200907161055.58059.bawood@umich.edu> Message-ID: <4A5F41D4.8010607@onlight.com> On 07/16/2009 09:55 AM, Brian Awood wrote: > On Thursday 16 July 2009 @ 05:21, Gavin Gray wrote: > > replication is significantly slower than xfer, but it shouldn't affect > the speed of xfer. We wrote some scripts to prevent xfer from > getting too far ahead of replication. Since our replicas are a key > part of our DR/backup strategy, we never would want to get in a > situation where a large amount of data wasn't replicated. In your > situation it shouldn't matter since the data is not replicated > currently, you should just be able to enable rolling replication and > let it catch up. If you still would like to keep xfer from getting > too far ahead of replication, I can probably post the scripts we use > for this. > > -Brian > Brian, I certainly would be interested in seeing those. Please post them here, or to the Wiki. Best regards, -nic -- Nic Bernstein nic at onlight.com Onlight llc. www.onlight.com 219 N. Milwaukee St., Suite 2a v. 414.272.4477 Milwaukee, Wisconsin 53202 From bawood at umich.edu Thu Jul 16 11:15:17 2009 From: bawood at umich.edu (Brian Awood) Date: Thu, 16 Jul 2009 11:15:17 -0400 Subject: upgrading a 2.2.12 murder to 2.3.14 In-Reply-To: <20090716155314.17353hjpd4uzvaa2@langoest.ugent.be> References: <20090716102140.87nwvnbxgkk8kcck@www.staffmail.ed.ac.uk> <20090716154508.763620r8objc7l5w@webmail.uni-tuebingen.de> <20090716155314.17353hjpd4uzvaa2@langoest.ugent.be> Message-ID: <200907161115.17783.bawood@umich.edu> On Thursday 16 July 2009 @ 09:53, Rudy Gevaert wrote: > > I wonder if it is possible to run sync to two different servers. > > Anyone? AFAIK, Not easily. We considered trying to do this when we moved from tape backup to disk based backup. We decided on an out of band process to replicate to our third level machines, basically a script that runs rsync on a regular basis. -Brian From dbucherml at hsolutions.ch Thu Jul 16 12:45:50 2009 From: dbucherml at hsolutions.ch (Denis BUCHER) Date: Thu, 16 Jul 2009 18:45:50 +0200 Subject: Architectural mistake in cyrus ? In-Reply-To: <4A1EF8B7.6000307@hsolutions.ch> References: <4A1EF8B7.6000307@hsolutions.ch> Message-ID: <4A5F593E.1060705@hsolutions.ch> Hello everyone, I already asked this question as an help request here some time ago, but noone was able to solve this "bug" in cyrus, and I think this issue should be addressed : 1] Problem : How to set quota for a user being in another domain than the "main" domain ?? 2] More precisely : How to access "other" (virtual) domains in cyradm : > su - cyrus > cyradm --user cyrus localhost > lm Here I see all mailboxes from our main domain, for example : > user.dbucherml.ML (\HasChildren) > user.dbucherml.ML.Fournisseurs (\HasChildren) > user.dbucherml.ML.Fournisseurs.Acer (\HasNoChildren) > user.dbucherml.ML.Fournisseurs.Microsoft (\HasChildren) > user.dbucherml.ML.Fournisseurs.Microsoft.MSPRP (\HasNoChildren) But as you can see I don't have any "@hsolutions.ch" or "@anything.else" 3] Global admin : Some people said my cyrus user is maybe not a global admin, but noone was able to help me make it global. I mean, some people and some web page gave me some techniques to make it global, but none worked. 4] Cyrus contains mailboxes that are not accessible from cyradm : Therefore, there is really a huge problem in cyrus, we have mailboxes that we can't access ! For example we have user dbucherml at mydomain3.com, with path : /var/spool/imap/domain/m/mydomain3.com/d/user/dbucherml/ This user cannot be accessed in cyradm ! Any help would be greatly appreciated, I found a "quick and dirty" solution which was to modify some internal cyrus database file, which is highly a temporary and dirty "solution"... Denis From morgan at orst.edu Thu Jul 16 12:49:41 2009 From: morgan at orst.edu (Andrew Morgan) Date: Thu, 16 Jul 2009 09:49:41 -0700 (PDT) Subject: upgrading a 2.2.12 murder to 2.3.14 In-Reply-To: <20090716102140.87nwvnbxgkk8kcck@www.staffmail.ed.ac.uk> References: <20090716102140.87nwvnbxgkk8kcck@www.staffmail.ed.ac.uk> Message-ID: On Thu, 16 Jul 2009, Gavin Gray wrote: > We are planning towards upgrading our existing murder. The murder has > four front ends, three backends and separate mupdate and lmtp servers. > We want to move from version 2.2.12 to 2.3.14 so that we can make use > of delayed expunge an possible replication. > > We have several thousand users currently having 4 TB of mail. > > Any comments on the following would be welcome: > > 1. We plan to gradually migrate users from the existing backend > machines to new backend servers running 2.3.14 that have been > integrated into our murder. We plan to do this using xfer. Although > this is very time consuming we are under the impression that cyrus > recommends using imap itself to do migrations rather than trying > underlying filesystem copies of some kind. > > 2. We should end up then with our existing murder but with three > backends running 2.3.14. We then plan to upgrade the other machines in > the murder to 2.3.14 in the following order: frontends then lmtp and > finally the mupdate server. Does this make sense? Whatever you do, don't upgrade any of your frontends while you have older backends. The 2.3 code uses new IMAP calls that don't exist in 2.2. Quoting myself from a couple years ago: I proceeded assuming I could have a v2.3.10 frontend with older v2.2.13 backends. However, I was unable to get the APPEND command to work. With telemetry logging enabled, I discovered that a 2.3 frontend issues the IMAP command "Localappend" to a backend. However, my v2.2.13 backend does not recognize "Localappend" as a valid command (and it is not present in the source code). Andy From morgan at orst.edu Thu Jul 16 12:52:08 2009 From: morgan at orst.edu (Andrew Morgan) Date: Thu, 16 Jul 2009 09:52:08 -0700 (PDT) Subject: Architectural mistake in cyrus ? In-Reply-To: <4A5F593E.1060705@hsolutions.ch> References: <4A1EF8B7.6000307@hsolutions.ch> <4A5F593E.1060705@hsolutions.ch> Message-ID: On Thu, 16 Jul 2009, Denis BUCHER wrote: > Hello everyone, > > I already asked this question as an help request here some time ago, but > noone was able to solve this "bug" in cyrus, and I think this issue > should be addressed : > > 1] Problem : > How to set quota for a user being in another domain than the "main" > domain ?? > > 2] More precisely : > How to access "other" (virtual) domains in cyradm : > >> su - cyrus >> cyradm --user cyrus localhost >> lm > > Here I see all mailboxes from our main domain, for example : > >> user.dbucherml.ML (\HasChildren) >> user.dbucherml.ML.Fournisseurs (\HasChildren) >> user.dbucherml.ML.Fournisseurs.Acer (\HasNoChildren) >> user.dbucherml.ML.Fournisseurs.Microsoft (\HasChildren) >> user.dbucherml.ML.Fournisseurs.Microsoft.MSPRP (\HasNoChildren) > > But as you can see I don't have any "@hsolutions.ch" or "@anything.else" > > 3] Global admin : > Some people said my cyrus user is maybe not a global admin, but noone > was able to help me make it global. > I mean, some people and some web page gave me some techniques to make it > global, but none worked. What are your current settings in imapd.conf for: servername: admins: defaultdomain: sasl_pwcheck_method: virtdomains: Andy From dbucherml at hsolutions.ch Thu Jul 16 13:08:32 2009 From: dbucherml at hsolutions.ch (Denis BUCHER) Date: Thu, 16 Jul 2009 19:08:32 +0200 Subject: Architectural mistake in cyrus ? In-Reply-To: References: <4A1EF8B7.6000307@hsolutions.ch> <4A5F593E.1060705@hsolutions.ch> Message-ID: <4A5F5E90.8080009@hsolutions.ch> Hello Andrew, Andrew Morgan a ?crit : >> I already asked this question as an help request here some time ago, but >> noone was able to solve this "bug" in cyrus, and I think this issue >> should be addressed : >> >> 1] Problem : >> How to set quota for a user being in another domain than the "main" >> domain ?? >> >> 2] More precisely : >> How to access "other" (virtual) domains in cyradm : >> >>> su - cyrus >>> cyradm --user cyrus localhost >>> lm >> >> Here I see all mailboxes from our main domain, for example : >> >>> user.dbucherml.ML (\HasChildren) >>> user.dbucherml.ML.Fournisseurs (\HasChildren) >>> user.dbucherml.ML.Fournisseurs.Acer (\HasNoChildren) >>> user.dbucherml.ML.Fournisseurs.Microsoft (\HasChildren) >>> user.dbucherml.ML.Fournisseurs.Microsoft.MSPRP (\HasNoChildren) >> >> But as you can see I don't have any "@hsolutions.ch" or "@anything.else" >> >> 3] Global admin : >> Some people said my cyrus user is maybe not a global admin, but noone >> was able to help me make it global. >> I mean, some people and some web page gave me some techniques to make it >> global, but none worked. > > What are your current settings in imapd.conf for: > > servername: > admins: > defaultdomain: > sasl_pwcheck_method: > virtdomains: servername: . (replaced with real values) admins: cyrus cyrus@ sasl_pwcheck_method: saslauthd sasl_mech_list: PLAIN virtdomains: on hashimapspool: true => I don't have any defaultdomain: but I already tried with main domain, or with alternative domain, it never solved the problem... => authentification is based on LDAP Denis From mcnutt at buffalo.edu Thu Jul 16 15:07:50 2009 From: mcnutt at buffalo.edu (James M McNutt) Date: Thu, 16 Jul 2009 15:07:50 -0400 (EDT) Subject: replication In-Reply-To: <4A5F2A28.8060506@andrew.cmu.edu> Message-ID: We are running Cyrus IMAP v2.3.12p2 with replication. after a initial replication of all users. we turned on rolling replication. and then did another replication of all users. but when comparing some users not all is of the replication is complete. I have been running manual replication of all users on a regular basis and wonder what other do to make sure the replica is keep current. Thanks, -jim James McNutt Senior Unix Engineer mcnutt at buffalo.edu From dwhite at olp.net Thu Jul 16 15:30:21 2009 From: dwhite at olp.net (Dan White) Date: Thu, 16 Jul 2009 14:30:21 -0500 Subject: Architectural mistake in cyrus ? In-Reply-To: <4A5F5E90.8080009@hsolutions.ch> References: <4A1EF8B7.6000307@hsolutions.ch> <4A5F593E.1060705@hsolutions.ch> <4A5F5E90.8080009@hsolutions.ch> Message-ID: <4A5F7FCD.9020409@olp.net> Denis BUCHER wrote: > Hello Andrew, > > Andrew Morgan a ?crit : > >>> I already asked this question as an help request here some time ago, but >>> noone was able to solve this "bug" in cyrus, and I think this issue >>> should be addressed : >>> >>> 1] Problem : >>> How to set quota for a user being in another domain than the "main" >>> domain ?? >>> >>> 2] More precisely : >>> How to access "other" (virtual) domains in cyradm : >>> >>> >>>> su - cyrus >>>> cyradm --user cyrus localhost >>>> lm >>>> >>> Here I see all mailboxes from our main domain, for example : >>> >>> >>>> user.dbucherml.ML (\HasChildren) >>>> user.dbucherml.ML.Fournisseurs (\HasChildren) >>>> user.dbucherml.ML.Fournisseurs.Acer (\HasNoChildren) >>>> user.dbucherml.ML.Fournisseurs.Microsoft (\HasChildren) >>>> user.dbucherml.ML.Fournisseurs.Microsoft.MSPRP (\HasNoChildren) >>>> >>> But as you can see I don't have any "@hsolutions.ch" or "@anything.else" >>> >>> 3] Global admin : >>> Some people said my cyrus user is maybe not a global admin, but noone >>> was able to help me make it global. >>> I mean, some people and some web page gave me some techniques to make it >>> global, but none worked. >>> >> What are your current settings in imapd.conf for: >> >> servername: >> admins: >> defaultdomain: >> sasl_pwcheck_method: >> virtdomains: >> > > servername: . (replaced with real values) > admins: cyrus cyrus@ > sasl_pwcheck_method: saslauthd > sasl_mech_list: PLAIN > virtdomains: on > hashimapspool: true > > => I don't have any defaultdomain: but I already tried with main domain, > or with alternative domain, it never solved the problem... > > => authentification is based on LDAP > > See: http://cyrusimap.web.cmu.edu/imapd/install-virtdomains.html In particular, the 'Administration' section. - Dan From morgan at orst.edu Thu Jul 16 15:41:01 2009 From: morgan at orst.edu (Andrew Morgan) Date: Thu, 16 Jul 2009 12:41:01 -0700 (PDT) Subject: Architectural mistake in cyrus ? In-Reply-To: <4A5F5E90.8080009@hsolutions.ch> References: <4A1EF8B7.6000307@hsolutions.ch> <4A5F593E.1060705@hsolutions.ch> <4A5F5E90.8080009@hsolutions.ch> Message-ID: On Thu, 16 Jul 2009, Denis BUCHER wrote: > servername: . (replaced with real values) > admins: cyrus cyrus@ > sasl_pwcheck_method: saslauthd > sasl_mech_list: PLAIN > virtdomains: on > hashimapspool: true > > => I don't have any defaultdomain: but I already tried with main domain, > or with alternative domain, it never solved the problem... > > => authentification is based on LDAP You must define defaultdomain. As the docs say: * Everyone is in a domain - It's best to think of every user as existing inside a domain. Unqualified users are technically inside the defaultdomain. * Global and Domain admins - The Cyrus virtual domains implementation supports per-domain administrators as well as global (inter-domain) administrators. Domain-specific administrators are specified with a fully qualified userid in the admins option (e.g., admin at example.net) and only have access to mailboxes in the associated domain. Global administrators are specified with unqualified userids. * Global administrators are specified with an unqualified userid in the admins option and have access to any mailbox on the server. Because global admins use unqualified userids, they belong to the defaultdomain. As a result, you CANNOT have a global admin without specifying a defaultdomain. Note that when trying to login as a global admin to a multi-homed server from a remote machine, it might be necessary to fully qualify the userid with the defaultdomain. Personally, I have only test virtual domains using the sasldb auxprop plugin. I don't know how saslauthd with ldap will interact with unqualified userid authentication. Perhaps the solution is to login as cyrus@. Andy From Gary at primeexalia.com Thu Jul 16 20:13:30 2009 From: Gary at primeexalia.com (Gary Smith) Date: Thu, 16 Jul 2009 17:13:30 -0700 Subject: Permissions question In-Reply-To: <417DD550405AF84F95040DA44520C8E5051934@pxtbenexd02.pxt.primeexalia.com> References: <417DD550405AF84F95040DA44520C8E5051934@pxtbenexd02.pxt.primeexalia.com> Message-ID: <5017258D295FBE41917880488689F7B80FABD948C9@VCSSBS.visionarycs.local> I know this is a thread from last year that I posted, but I'm still needing clarification as I can't find the answer in the documentation (or google searches for that matter). Unlike the last one, this is not autocreate. I am creating these accounts through perl using IMAP::Admin. When I create an account, they seem to default with permissions lrswipkxtecda. My I can't find any information in k, x, t, or e. What do these guys mean/do? Are these defaults safe or should I be worried. In the create script, I create the account and immediately change the permissions to lrswipcda, but the ones below are still show. I assume that it automatically adds the other ones as dependents but since I don't know what they are, I'm just guessing. I don't want to guess though. sam user/webmaster at domain.tld cyrus all localhost.localdomain> lam * user/ruscica at domain.tld: ruscica at domain.tld lrswipkxtecda cyrus kxc user/webmaster at domain.tld: webmaster at domain.tld lrswipkxtecda cyrus lrswipkxtecda ________________________________ From: info-cyrus-bounces+gary=primeexalia.com at lists.andrew.cmu.edu [info-cyrus-bounces+gary=primeexalia.com at lists.andrew.cmu.edu] On Behalf Of Gary W. Smith [gary at primeexalia.com] Sent: Friday, December 12, 2008 4:46 PM To: info-cyrus at lists.andrew.cmu.edu Subject: Permissions question autocreatequota: (off top of head, forgive me if this is wrong) lrswipcda cm user/mailbox at whatever lrswipkxtecda Why does autocreatequota enabled boxes have a different security than boxes created with cm? Also, where do I find more information on the flags? which should I be using for normal user email accounts (for imap/pop3 -- no shared boxes). Gary -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20090716/24808cc0/attachment-0001.html From simon.matter at invoca.ch Fri Jul 17 02:52:54 2009 From: simon.matter at invoca.ch (Simon Matter) Date: Fri, 17 Jul 2009 08:52:54 +0200 Subject: Permissions question In-Reply-To: <5017258D295FBE41917880488689F7B80FABD948C9@VCSSBS.visionarycs.local> References: <417DD550405AF84F95040DA44520C8E5051934@pxtbenexd02.pxt.primeexalia.com> <5017258D295FBE41917880488689F7B80FABD948C9@VCSSBS.visionarycs.local> Message-ID: <003e14170a85225e91ca76b946b6ac04.squirrel@webmail.bi.corp.invoca.ch> > I know this is a thread from last year that I posted, but I'm still > needing clarification as I can't find the answer in the documentation (or > google searches for that matter). Unlike the last one, this is not > autocreate. I am creating these accounts through perl using IMAP::Admin. > When I create an account, they seem to default with permissions > lrswipkxtecda. My I can't find any information in k, x, t, or e. What do > these guys mean/do? Are these defaults safe or should I be worried. In I think the overview document of Cyrus hasn't been updated. You may look at the RFC http://tools.ietf.org/html/rfc4314 I think there is some mapping of older ACLs to newer ones in Cyrus. Regards, Simon > the create script, I create the account and immediately change the > permissions to lrswipcda, but the ones below are still show. I assume > that it automatically adds the other ones as dependents but since I don't > know what they are, I'm just guessing. I don't want to guess though. > > > sam user/webmaster at domain.tld cyrus all > localhost.localdomain> lam * > user/ruscica at domain.tld: > ruscica at domain.tld lrswipkxtecda > cyrus kxc > user/webmaster at domain.tld: > webmaster at domain.tld lrswipkxtecda > cyrus lrswipkxtecda > > > ________________________________ > From: info-cyrus-bounces+gary=primeexalia.com at lists.andrew.cmu.edu > [info-cyrus-bounces+gary=primeexalia.com at lists.andrew.cmu.edu] On Behalf > Of Gary W. Smith [gary at primeexalia.com] > Sent: Friday, December 12, 2008 4:46 PM > To: info-cyrus at lists.andrew.cmu.edu > Subject: Permissions question > > autocreatequota: (off top of head, forgive me if this is wrong) > > lrswipcda > > cm user/mailbox at whatever > lrswipkxtecda > > Why does autocreatequota enabled boxes have a different security than > boxes created with cm? Also, where do I find more information on the > flags? which should I be using for normal user email accounts (for > imap/pop3 -- no shared boxes). > > Gary > ---- > Cyrus Home Page: http://cyrusimap.web.cmu.edu/ > Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html From mliebherr99 at googlemail.com Fri Jul 17 05:52:44 2009 From: mliebherr99 at googlemail.com (ml ml) Date: Fri, 17 Jul 2009 11:52:44 +0200 Subject: Set Folder Permissions Message-ID: Hello List, i have about 10 Users that access IMPA Mailboxes. Unfortunatelly they keep deleting, moving and renameing folders by accident. Is there a way to not allow the users to do this with the imap folders? Thanks, mario From iane at sussex.ac.uk Fri Jul 17 06:43:08 2009 From: iane at sussex.ac.uk (Ian Eiloart) Date: Fri, 17 Jul 2009 11:43:08 +0100 Subject: Set Folder Permissions In-Reply-To: References: Message-ID: <679CA2F0A26B14555CDBC8A4@lewes.staff.uscs.susx.ac.uk> --On 17 July 2009 11:52:44 +0200 ml ml wrote: > Hello List, > > i have about 10 Users that access IMPA Mailboxes. Unfortunatelly they > keep deleting, moving and renameing folders by accident. Is there a > way to not allow the users to do this with the imap folders? Yes, there is. But, it's probably better to train them to use it properly, and make sure you can do restores when necessary. You should also take a look at the client software that they're using to see whether that's causing a problem. We have 15,000 users, and perhaps two or three restore requests a week. At that rate, you'd be seeing a request every five or ten years. Anyway, if your users really are too dumb to learn (tell me that's 10 users out of hundreds, not 10 out of 10!), then you can set fine grained permissions on mailboxes using cyradm, using 'lam' and 'sam'. Read the man page for cyradm. Or, create a service description that gives you - say - a week to handle a restore request. That'll learn 'em. > Thanks, > mario > ---- > Cyrus Home Page: http://cyrusimap.web.cmu.edu/ > Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html -- Ian Eiloart IT Services, University of Sussex 01273-873148 x3148 For new support requests, see http://www.sussex.ac.uk/its/help/ From D.J.Mayo at bath.ac.uk Fri Jul 17 09:06:24 2009 From: D.J.Mayo at bath.ac.uk (David Mayo) Date: Fri, 17 Jul 2009 14:06:24 +0100 Subject: upgrading a 2.2.12 murder to 2.3.14 In-Reply-To: References: <20090716102140.87nwvnbxgkk8kcck@www.staffmail.ed.ac.uk> Message-ID: <4A607750.1080105@bath.ac.uk> Andrew Morgan wrote: > On Thu, 16 Jul 2009, Gavin Gray wrote: > >> We are planning towards upgrading our existing murder. The murder has >> four front ends, three backends and separate mupdate and lmtp servers. >> We want to move from version 2.2.12 to 2.3.14 so that we can make use >> of delayed expunge an possible replication. >> >> 2. We should end up then with our existing murder but with three >> backends running 2.3.14. We then plan to upgrade the other machines in >> the murder to 2.3.14 in the following order: frontends then lmtp and >> finally the mupdate server. Does this make sense? > > Whatever you do, don't upgrade any of your frontends while you have older > backends. The 2.3 code uses new IMAP calls that don't exist in 2.2. > Quoting myself from a couple years ago: > > I proceeded assuming I could have a v2.3.10 frontend with older v2.2.13 > backends. However, I was unable to get the APPEND command to work. > With telemetry logging enabled, I discovered that a 2.3 frontend issues > the IMAP command "Localappend" to a backend. However, my v2.2.13 > backend does not recognize "Localappend" as a valid command (and it is > not present in the source code). We are in a very similar position to the Edinburgh guys except we have a single IMAP server running 2.2.12. Our plan was to set up our new 2.3.13 back-end, use a 2.3.13 front-end, add the existing back-end to the new Murder, then transfer our mail using xfer. Would it be more sensible to use a 2.2 front-end, move our mail to the new back-end and upgrade the front-end to 2.3? Presumably there is no "compatibility mode" for 2.3 that would make it issue only 2.2-compatible commands? I'm surprised it can't work this out for itself. Regards, Dave. David Mayo Networks/Systems Administrator University of Bath Computing Services, UK From webmaster at computational-chemistry.org Fri Jul 17 11:59:29 2009 From: webmaster at computational-chemistry.org (Alexander =?iso-8859-1?q?Schr=F6ter?=) Date: Fri, 17 Jul 2009 17:59:29 +0200 Subject: Saving mail on an imap account Message-ID: <200907171759.29374.webmaster@computational-chemistry.org> Hi I am looking for a way to save my mail not in a local folder but on an remote imap account. The problem is that I don't have access to this server other than via imap. Is there a module that offers such a behavior? For example like in the imapd.conf -> "partition-default imap:User:Password at Domain"? Any other Tips on how to accomplish this I am thankful for. Maybe some Forwarding Options with Procmail or even mounting an imap account into the local filesystem were ideas of mine. Thanks for the Help. From morgan at orst.edu Fri Jul 17 13:20:25 2009 From: morgan at orst.edu (Andrew Morgan) Date: Fri, 17 Jul 2009 10:20:25 -0700 (PDT) Subject: upgrading a 2.2.12 murder to 2.3.14 In-Reply-To: <4A607750.1080105@bath.ac.uk> References: <20090716102140.87nwvnbxgkk8kcck@www.staffmail.ed.ac.uk> <4A607750.1080105@bath.ac.uk> Message-ID: On Fri, 17 Jul 2009, David Mayo wrote: > > Andrew Morgan wrote: > >> On Thu, 16 Jul 2009, Gavin Gray wrote: >> >>> We are planning towards upgrading our existing murder. The murder has >>> four front ends, three backends and separate mupdate and lmtp servers. >>> We want to move from version 2.2.12 to 2.3.14 so that we can make use >>> of delayed expunge an possible replication. >>> >>> 2. We should end up then with our existing murder but with three >>> backends running 2.3.14. We then plan to upgrade the other machines in >>> the murder to 2.3.14 in the following order: frontends then lmtp and >>> finally the mupdate server. Does this make sense? >> >> Whatever you do, don't upgrade any of your frontends while you have older >> backends. The 2.3 code uses new IMAP calls that don't exist in 2.2. >> Quoting myself from a couple years ago: >> >> I proceeded assuming I could have a v2.3.10 frontend with older v2.2.13 >> backends. However, I was unable to get the APPEND command to work. >> With telemetry logging enabled, I discovered that a 2.3 frontend issues >> the IMAP command "Localappend" to a backend. However, my v2.2.13 >> backend does not recognize "Localappend" as a valid command (and it is >> not present in the source code). > > We are in a very similar position to the Edinburgh guys except we have a > single IMAP server running 2.2.12. Our plan was to set up our new 2.3.13 > back-end, use a 2.3.13 front-end, add the existing back-end to the new > Murder, then transfer our mail using xfer. > > Would it be more sensible to use a 2.2 front-end, move our mail to the new > back-end and upgrade the front-end to 2.3? Presumably there is no > "compatibility mode" for 2.3 that would make it issue only 2.2-compatible > commands? I'm surprised it can't work this out for itself. Unless some special backwards compatibility was added since 2.3.10, you'll want to keep your frontend at 2.2.x until all your backends are upgraded to 2.3. Andy From simon.matter at invoca.ch Fri Jul 17 14:15:21 2009 From: simon.matter at invoca.ch (Simon Matter) Date: Fri, 17 Jul 2009 20:15:21 +0200 Subject: Saving mail on an imap account In-Reply-To: <200907171759.29374.webmaster@computational-chemistry.org> References: <200907171759.29374.webmaster@computational-chemistry.org> Message-ID: > Hi I am looking for a way to save my mail not in a local folder but on an You didn't tell us what you mean by "mail in a local folder". That can mean thousand things. But, maybe offlineimap http://software.complete.org/software/projects/show/offlineimap could help you? Regards, Simon > remote imap account. The problem is that I don't have access to this > server > other than via imap. Is there a module that offers such a behavior? > For example like in the imapd.conf -> "partition-default > imap:User:Password at Domain"? > > Any other Tips on how to accomplish this I am thankful for. Maybe some > Forwarding Options with Procmail or even mounting an imap account into the > local filesystem were ideas of mine. > > Thanks for the Help. > ---- > Cyrus Home Page: http://cyrusimap.web.cmu.edu/ > Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html > From MatzeGuentert at gmx.de Sat Jul 18 07:56:22 2009 From: MatzeGuentert at gmx.de (=?iso-8859-1?Q?=22Matthias_G=FCntert=22?=) Date: Sat, 18 Jul 2009 13:56:22 +0200 Subject: restore a permission messed up backup Message-ID: <20090718115622.78960@gmx.net> hello guys I have created a backup of my running IMAP server (cyrus-imapd version 2.3.11-1) and followed the official guide on [1]. Unfortunately I forgot to preserve the permission and owner:group information while creating the backup. Now I would like to restore the server on a Fedora 11 system running cyrus-imapd version 2.3.14-1. The steps I did so far $ mv /var/spool/imap /var/spool/imap.old $ mv /var/lib/imap /var/lib/imap.old $ cp -R backup/var/spool/imap /var/spool/imap $ chown -R cyrus:mail /var/spool/imap $ cp -R backup/var/lib/imap /var/lib/imap $ chown -R cyrus:mail /var/lib/imap This is what my /var/log/maillog yells after starting the server with /etc/init.d/cyrus-imap start ------------------------------------ Jul 18 13:48:27 celsius cvt_cyrusdb[10228]: mystore: reusing txn 2147483654 [...] Jul 18 13:48:27 celsius cvt_cyrusdb[10228]: mycommit: committing txn 2147483654 Jul 18 13:48:27 celsius master[10239]: process started Jul 18 13:48:27 celsius master[10241]: about to exec /usr/lib/cyrus-imapd/ctl_cyrusdb Jul 18 13:48:27 celsius ctl_cyrusdb[10241]: recovering cyrus databases Jul 18 13:48:27 celsius ctl_cyrusdb[10241]: skiplist: recovered /var/lib/imap/mailboxes.db (36 records, 14104 bytes) in 0 seconds Jul 18 13:48:27 celsius ctl_cyrusdb[10241]: skiplist: recovered /var/lib/imap/annotations.db (0 records, 144 bytes) in 0 seconds Jul 18 13:48:27 celsius ctl_cyrusdb[10241]: done recovering cyrus databases Jul 18 13:48:27 celsius master[10242]: about to exec /usr/lib/cyrus-imapd/idled Jul 18 13:48:27 celsius master[10239]: unable to create sieve listener socket: Permission denied Jul 18 13:48:27 celsius master[10239]: ready for work Jul 18 13:48:27 celsius master[10244]: about to exec /usr/lib/cyrus-imapd/ctl_cyrusdb Jul 18 13:48:27 celsius master[10246]: about to exec /usr/lib/cyrus-imapd/imapd Jul 18 13:48:27 celsius imap[10246]: executed Jul 18 13:48:27 celsius master[10248]: about to exec /usr/lib/cyrus-imapd/lmtpd Jul 18 13:48:27 celsius master[10249]: about to exec /usr/lib/cyrus-imapd/imapd Jul 18 13:48:27 celsius imap[10249]: executed Jul 18 13:48:27 celsius lmtpunix[10248]: executed Jul 18 13:48:27 celsius ctl_cyrusdb[10244]: checkpointing cyrus databases Jul 18 13:48:28 celsius ctl_cyrusdb[10244]: archiving log file: /var/lib/imap/db/log.0000000001 Jul 18 13:48:28 celsius ctl_cyrusdb[10244]: archiving log file: /var/lib/imap/db/log.0000000001 Jul 18 13:48:28 celsius ctl_cyrusdb[10244]: archiving log file: /var/lib/imap/db/log.0000000001 Jul 18 13:48:28 celsius ctl_cyrusdb[10244]: archiving database file: /var/lib/imap/annotations.db Jul 18 13:48:28 celsius ctl_cyrusdb[10244]: archiving database file: /var/lib/imap/mailboxes.db Jul 18 13:48:28 celsius ctl_cyrusdb[10244]: archiving log file: /var/lib/imap/db/log.0000000001 Jul 18 13:48:28 celsius ctl_cyrusdb[10244]: done checkpointing cyrus databases Jul 18 13:48:28 celsius master[10239]: process 10244 exited, status 0 Jul 18 13:48:28 celsius master[10250]: about to exec /usr/lib/cyrus-imapd/imapd Jul 18 13:48:28 celsius master[10251]: about to exec /usr/lib/cyrus-imapd/imapd Jul 18 13:48:28 celsius imap[10250]: executed Jul 18 13:48:28 celsius imap[10251]: executed Jul 18 13:48:30 celsius master[10255]: about to exec /usr/lib/cyrus-imapd/imapd Jul 18 13:48:30 celsius imap[10255]: executed Jul 18 13:48:30 celsius master[10256]: about to exec /usr/lib/cyrus-imapd/imapd Jul 18 13:48:30 celsius master[10257]: about to exec /usr/lib/cyrus-imapd/imapd Jul 18 13:48:30 celsius imap[10257]: executed Jul 18 13:48:30 celsius imap[10256]: executed Jul 18 13:48:30 celsius master[10258]: about to exec /usr/lib/cyrus-imapd/imapd Jul 18 13:48:30 celsius master[10259]: about to exec /usr/lib/cyrus-imapd/imapd Jul 18 13:48:30 celsius imap[10258]: executed Jul 18 13:48:30 celsius imap[10259]: executed Jul 18 13:48:30 celsius master[10260]: about to exec /usr/lib/cyrus-imapd/imapd Jul 18 13:48:30 celsius imap[10260]: executed Jul 18 13:48:30 celsius master[10255]: about to exec /usr/lib/cyrus-imapd/imapd Jul 18 13:48:30 celsius imap[10255]: executed Jul 18 13:48:30 celsius master[10256]: about to exec /usr/lib/cyrus-imapd/imapd Jul 18 13:48:30 celsius master[10257]: about to exec /usr/lib/cyrus-imapd/imapd Jul 18 13:48:30 celsius imap[10257]: executed Jul 18 13:48:30 celsius imap[10256]: executed Jul 18 13:48:30 celsius master[10258]: about to exec /usr/lib/cyrus-imapd/imapd Jul 18 13:48:30 celsius master[10259]: about to exec /usr/lib/cyrus-imapd/imapd Jul 18 13:48:30 celsius imap[10258]: executed Jul 18 13:48:30 celsius imap[10259]: executed Jul 18 13:48:30 celsius master[10260]: about to exec /usr/lib/cyrus-imapd/imapd Jul 18 13:48:30 celsius imap[10260]: executed ------------------------------------ And then later on when trying to access my mailbox using Evolution ------------------------------------ [...] Jul 18 13:49:03 celsius imap[10249]: IOERROR: opening /var/spool/imap/s/user/sp4rc/archive/cyrus.header: Permission denied [...] ------------------------------------ I can see the messages within Evolution including date and subject line, but when clicking on a mail item I receive: ------------------------------------ Unable to retrieve message IMAP command failed: Please select a mailbox first ------------------------------------ So I am little stuck here and would really be happy if someone could give me a helping hand on this... Regards, Matthias [1] http://cyrusimap.web.cmu.edu/twiki/bin/view/Cyrus/Backup -- Jetzt kostenlos herunterladen: Internet Explorer 8 und Mozilla Firefox 3 - sicherer, schneller und einfacher! http://portal.gmx.net/de/go/atbrowser From simon.matter at invoca.ch Sat Jul 18 09:37:20 2009 From: simon.matter at invoca.ch (Simon Matter) Date: Sat, 18 Jul 2009 15:37:20 +0200 Subject: restore a permission messed up backup In-Reply-To: <20090718115622.78960@gmx.net> References: <20090718115622.78960@gmx.net> Message-ID: > hello guys > > I have created a backup of my running IMAP server (cyrus-imapd version > 2.3.11-1) and followed the official guide on [1]. Unfortunately I forgot > to preserve the permission and owner:group information while creating the You should not only preserve ownership and permissions but also hardlinks to save space when using single instance store. > backup. Now I would like to restore the server on a Fedora 11 system > running cyrus-imapd version 2.3.14-1. > > The steps I did so far > > $ mv /var/spool/imap /var/spool/imap.old > $ mv /var/lib/imap /var/lib/imap.old > > $ cp -R backup/var/spool/imap /var/spool/imap > $ chown -R cyrus:mail /var/spool/imap > > $ cp -R backup/var/lib/imap /var/lib/imap > $ chown -R cyrus:mail /var/lib/imap > > This is what my /var/log/maillog yells after starting the server with > /etc/init.d/cyrus-imap start > ------------------------------------ > Jul 18 13:48:27 celsius cvt_cyrusdb[10228]: mystore: reusing txn > 2147483654 > [...] > Jul 18 13:48:27 celsius cvt_cyrusdb[10228]: mycommit: committing txn > 2147483654 > Jul 18 13:48:27 celsius master[10239]: process started > Jul 18 13:48:27 celsius master[10241]: about to exec > /usr/lib/cyrus-imapd/ctl_cyrusdb > Jul 18 13:48:27 celsius ctl_cyrusdb[10241]: recovering cyrus databases > Jul 18 13:48:27 celsius ctl_cyrusdb[10241]: skiplist: recovered > /var/lib/imap/mailboxes.db (36 records, 14104 bytes) in 0 seconds > Jul 18 13:48:27 celsius ctl_cyrusdb[10241]: skiplist: recovered > /var/lib/imap/annotations.db (0 records, 144 bytes) in 0 seconds > Jul 18 13:48:27 celsius ctl_cyrusdb[10241]: done recovering cyrus > databases > Jul 18 13:48:27 celsius master[10242]: about to exec > /usr/lib/cyrus-imapd/idled > Jul 18 13:48:27 celsius master[10239]: unable to create sieve listener > socket: Permission denied see below... > Jul 18 13:48:27 celsius master[10239]: ready for work > Jul 18 13:48:27 celsius master[10244]: about to exec > /usr/lib/cyrus-imapd/ctl_cyrusdb > Jul 18 13:48:27 celsius master[10246]: about to exec > /usr/lib/cyrus-imapd/imapd > Jul 18 13:48:27 celsius imap[10246]: executed > Jul 18 13:48:27 celsius master[10248]: about to exec > /usr/lib/cyrus-imapd/lmtpd > Jul 18 13:48:27 celsius master[10249]: about to exec > /usr/lib/cyrus-imapd/imapd > Jul 18 13:48:27 celsius imap[10249]: executed > Jul 18 13:48:27 celsius lmtpunix[10248]: executed > Jul 18 13:48:27 celsius ctl_cyrusdb[10244]: checkpointing cyrus databases > Jul 18 13:48:28 celsius ctl_cyrusdb[10244]: archiving log file: > /var/lib/imap/db/log.0000000001 > Jul 18 13:48:28 celsius ctl_cyrusdb[10244]: archiving log file: > /var/lib/imap/db/log.0000000001 > Jul 18 13:48:28 celsius ctl_cyrusdb[10244]: archiving log file: > /var/lib/imap/db/log.0000000001 > Jul 18 13:48:28 celsius ctl_cyrusdb[10244]: archiving database file: > /var/lib/imap/annotations.db > Jul 18 13:48:28 celsius ctl_cyrusdb[10244]: archiving database file: > /var/lib/imap/mailboxes.db > Jul 18 13:48:28 celsius ctl_cyrusdb[10244]: archiving log file: > /var/lib/imap/db/log.0000000001 > Jul 18 13:48:28 celsius ctl_cyrusdb[10244]: done checkpointing cyrus > databases > Jul 18 13:48:28 celsius master[10239]: process 10244 exited, status 0 > Jul 18 13:48:28 celsius master[10250]: about to exec > /usr/lib/cyrus-imapd/imapd > Jul 18 13:48:28 celsius master[10251]: about to exec > /usr/lib/cyrus-imapd/imapd > Jul 18 13:48:28 celsius imap[10250]: executed > Jul 18 13:48:28 celsius imap[10251]: executed > Jul 18 13:48:30 celsius master[10255]: about to exec > /usr/lib/cyrus-imapd/imapd > Jul 18 13:48:30 celsius imap[10255]: executed > Jul 18 13:48:30 celsius master[10256]: about to exec > /usr/lib/cyrus-imapd/imapd > Jul 18 13:48:30 celsius master[10257]: about to exec > /usr/lib/cyrus-imapd/imapd > Jul 18 13:48:30 celsius imap[10257]: executed > Jul 18 13:48:30 celsius imap[10256]: executed > Jul 18 13:48:30 celsius master[10258]: about to exec > /usr/lib/cyrus-imapd/imapd > Jul 18 13:48:30 celsius master[10259]: about to exec > /usr/lib/cyrus-imapd/imapd > Jul 18 13:48:30 celsius imap[10258]: executed > Jul 18 13:48:30 celsius imap[10259]: executed > Jul 18 13:48:30 celsius master[10260]: about to exec > /usr/lib/cyrus-imapd/imapd > Jul 18 13:48:30 celsius imap[10260]: executed > Jul 18 13:48:30 celsius master[10255]: about to exec > /usr/lib/cyrus-imapd/imapd > Jul 18 13:48:30 celsius imap[10255]: executed > Jul 18 13:48:30 celsius master[10256]: about to exec > /usr/lib/cyrus-imapd/imapd > Jul 18 13:48:30 celsius master[10257]: about to exec > /usr/lib/cyrus-imapd/imapd > Jul 18 13:48:30 celsius imap[10257]: executed > Jul 18 13:48:30 celsius imap[10256]: executed > Jul 18 13:48:30 celsius master[10258]: about to exec > /usr/lib/cyrus-imapd/imapd > Jul 18 13:48:30 celsius master[10259]: about to exec > /usr/lib/cyrus-imapd/imapd > Jul 18 13:48:30 celsius imap[10258]: executed > Jul 18 13:48:30 celsius imap[10259]: executed > Jul 18 13:48:30 celsius master[10260]: about to exec > /usr/lib/cyrus-imapd/imapd > Jul 18 13:48:30 celsius imap[10260]: executed > ------------------------------------ > > > And then later on when trying to access my mailbox using Evolution > ------------------------------------ > [...] > Jul 18 13:49:03 celsius imap[10249]: IOERROR: opening > /var/spool/imap/s/user/sp4rc/archive/cyrus.header: Permission denied > [...] OK, you have set file ownership as shown above but what about permissions? Check the permission of /var/lib/imap/socket /var/spool/imap/s/user/sp4rc/archive/cyrus.header Note: if you installed via RPM you could check permission of the base directories with rpm -V cyrus-imapd. Make shure you set the permissions of all cyrus-imapd files correctly. Regards, Simon From MatzeGuentert at gmx.de Sat Jul 18 09:45:10 2009 From: MatzeGuentert at gmx.de (Matthias =?ISO-8859-1?Q?G=FCntert?=) Date: Sat, 18 Jul 2009 15:45:10 +0200 Subject: restore a permission messed up backup In-Reply-To: References: <20090718115622.78960@gmx.net> Message-ID: <1247924710.4848.5.camel@celsius.pentacon.gov> Hello Simon Thanks for your quick reply, but never-mind I already got the system back up and working. A few missing selinux polices prevented the IMAPd from working correctly. The chmod -R seems to have done the trick... > You should not only preserve ownership and permissions but also hardlinks > to save space when using single instance store. But anyways, lesson learned: when doing backups always preserve the attributes! :) Regards, Matthias From bhill at physics.ucsd.edu Sat Jul 18 13:57:05 2009 From: bhill at physics.ucsd.edu (Bryan Hill) Date: Sat, 18 Jul 2009 10:57:05 -0700 Subject: Reducing log verbosity Message-ID: <094BBC90-0761-4F9A-9B3C-DDFD6125DDB0@physics.ucsd.edu> Hello! I've been Googling for an answer, but haven't come up with any working solution. I would like to turn down the verbosity of my Cyrus logs but have not been successful. I'm using the Invoca cyrus build (latest from the website) on Centos 5.3. I've tried setting the CYRUS_VERBOSE environmental variable but it seems to ignore any alue I put in. I'm doing this in the init.d script. Any hints as to what I'm doing wrong? Thanks, Bryan --- Bryan D. Hill UCSD Physics Computing Facility CTBP Systems Support 9500 Gilman Dr. # 0319 La Jolla, CA 92093 +1-858-534-5538 bhill at ucsd.edu AIM: pozvibesd Web: http://www.physics.ucsd.edu/pcf -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20090718/15466898/attachment.html From rjaffey at artic.edu Sat Jul 18 14:10:47 2009 From: rjaffey at artic.edu (Raphael Jaffey) Date: Sat, 18 Jul 2009 13:10:47 -0500 Subject: Reducing log verbosity In-Reply-To: <094BBC90-0761-4F9A-9B3C-DDFD6125DDB0@physics.ucsd.edu> References: <094BBC90-0761-4F9A-9B3C-DDFD6125DDB0@physics.ucsd.edu> Message-ID: <4A621027.1030102@artic.edu> Rebuild cyrus using a LOCAL syslog facility rather than MAIL. We use LOCAL6. Then adjust the verbosity by adjusting the log level in /etc/syslog.conf: local6.info -/var/log/imapd.log local6.debug = most verbose local6.info = less verbose local6.notice = even less verbose ... Bryan Hill wrote: > Hello! > > I've been Googling for an answer, but haven't come up with any working > solution. I would like to turn down the verbosity of my Cyrus logs but > have not been successful. > > I'm using the Invoca cyrus build (latest from the website) on Centos > 5.3. I've tried setting the CYRUS_VERBOSE environmental variable but > it seems to ignore any alue I put in. I'm doing this in the init.d script. > > Any hints as to what I'm doing wrong? > > Thanks, > Bryan > > --- > Bryan D. Hill > UCSD Physics Computing Facility > CTBP Systems Support > > 9500 Gilman Dr. # 0319 > La Jolla, CA 92093 > +1-858-534-5538 > bhill at ucsd.edu > AIM: pozvibesd > Web: http://www.physics.ucsd.edu/pcf > > > ------------------------------------------------------------------------ > > ---- > Cyrus Home Page: http://cyrusimap.web.cmu.edu/ > Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html From bhill at physics.ucsd.edu Sat Jul 18 22:45:23 2009 From: bhill at physics.ucsd.edu (Bryan Hill) Date: Sat, 18 Jul 2009 19:45:23 -0700 Subject: Reducing log verbosity In-Reply-To: <4A621027.1030102@artic.edu> References: <094BBC90-0761-4F9A-9B3C-DDFD6125DDB0@physics.ucsd.edu> <4A621027.1030102@artic.edu> Message-ID: <0A2DAB1D-E0B8-4203-BE6C-BD1169FB5B7C@physics.ucsd.edu> thanks! I figured that might be the case after looking into this in more detail. On Jul 18, 2009, at 11:10 AM, Raphael Jaffey wrote: > Rebuild cyrus using a LOCAL syslog facility rather than MAIL. We > use LOCAL6. Then adjust the verbosity by adjusting the log level > in /etc/syslog.conf: > > local6.info -/var/log/imapd.log > > local6.debug = most verbose > local6.info = less verbose > local6.notice = even less verbose > ... > > > > Bryan Hill wrote: >> Hello! >> I've been Googling for an answer, but haven't come up with any >> working solution. I would like to turn down the verbosity of my >> Cyrus logs but have not been successful. >> I'm using the Invoca cyrus build (latest from the website) on >> Centos 5.3. I've tried setting the CYRUS_VERBOSE environmental >> variable but it seems to ignore any alue I put in. I'm doing this >> in the init.d script. >> Any hints as to what I'm doing wrong? >> Thanks, >> Bryan >> --- >> Bryan D. Hill >> UCSD Physics Computing Facility >> CTBP Systems Support >> 9500 Gilman Dr. # 0319 >> La Jolla, CA 92093 >> +1-858-534-5538 >> bhill at ucsd.edu >> AIM: pozvibesd >> Web: http://www.physics.ucsd.edu/pcf >> ------------------------------------------------------------------------ >> ---- >> Cyrus Home Page: http://cyrusimap.web.cmu.edu/ >> Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki >> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html > Thanks, Bryan --- Bryan D. Hill UCSD Physics Computing Facility CTBP Systems Support 9500 Gilman Dr. # 0319 La Jolla, CA 92093 +1-858-534-5538 bhill at ucsd.edu AIM: pozvibesd Web: http://www.physics.ucsd.edu/pcf -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20090718/d2f74f0a/attachment.html From choeger at open-xchange.com Mon Jul 20 04:33:02 2009 From: choeger at open-xchange.com (Carsten Hoeger) Date: Mon, 20 Jul 2009 10:33:02 +0200 Subject: how to exclude subfolder from expiration using annotations? Message-ID: <20090720083302.GD5333@open-xchange.com> Hi, I'm currently trying to find out how to use cyr_expire in combination with annotations exluding one single subfolder per mailbox. I'm running RHEL5 with v2.3.7-Invoca-RPM-2.3.7-2.el5_3.2. What I did: . setannotation "user/test1001" "/vendor/cmu/cyrus-imapd/expire" ("value.shared" "1") . OK Completed . getannotation user/test1001 "/vendor/cmu/cyrus-imapd/expire" "value.shared" * ANNOTATION "user/test1001" "/vendor/cmu/cyrus-imapd/expire" ("value.shared" "1") . OK Completed Now I want to exclude the "Sent Items" folder from expiring, so I did . setannotation "user/test1001/Sent Items" "/vendor/cmu/cyrus-imapd/expire" ("value.shared" NIL) . OK Completed But that does not work: $ su - cyrus -c '/usr/lib/cyrus-imapd/cyr_expire -E 3 -v' expiring messages in user.test1001 older than 1 days expiring messages in user.test1001.Drafts older than 1 days expiring messages in user.test1001.Junk older than 1 days expiring messages in user.test1001.Sent Items older than 1 days expiring messages in user.test1001.Trash older than 1 days expiring messages in user.test1001.confirmed-ham older than 1 days expiring messages in user.test1001.confirmed-spam older than 1 days expiring messages in user.test1001.subfolder older than 1 days expiring messages in user.test1001.subfolder.subsubfolder older than 1 days expiring messages in user.test1001.subfolder.subsubfolder.subsubsubfolder older than 1 days In the cyr_expire manpage I read: [...] The value of the /vendor/cmu/cyrus-imapd/expire annotation is inherited by all children of the given mailbox, so an entire mailbox tree can be expired by seting a single annotation on the root of that tree. If a mailbox does not have a /vendor/cmu/cyrus-imapd/expire annotation set on it (or does not inherit then no messages are expired from the mailbox. [...] I found no further resources describing how to achieve what I want. Is that possible at all? -- With best regards, Carsten Hoeger -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20090720/f9ef5e29/attachment.bin From reinaldoc at gmail.com Mon Jul 20 07:44:08 2009 From: reinaldoc at gmail.com (Reinaldo de Carvalho) Date: Mon, 20 Jul 2009 08:44:08 -0300 Subject: how to exclude subfolder from expiration using annotations? In-Reply-To: <20090720083302.GD5333@open-xchange.com> References: <20090720083302.GD5333@open-xchange.com> Message-ID: <4a5881460907200444j348efa60ie39b769fcf6e8471@mail.gmail.com> On Mon, Jul 20, 2009 at 5:33 AM, Carsten Hoeger wrote: > Hi, > > > I'm currently trying to find out how to use cyr_expire in combination with > annotations exluding one single subfolder per mailbox. > > I'm running RHEL5 with v2.3.7-Invoca-RPM-2.3.7-2.el5_3.2. > > What I did: > > . setannotation "user/test1001" "/vendor/cmu/cyrus-imapd/expire" ("value.shared" "1") > . OK Completed > > . getannotation user/test1001 "/vendor/cmu/cyrus-imapd/expire" "value.shared" > * ANNOTATION "user/test1001" "/vendor/cmu/cyrus-imapd/expire" ("value.shared" "1") > . OK Completed > > Now I want to exclude the "Sent Items" folder from expiring, so I did > > . setannotation "user/test1001/Sent Items" "/vendor/cmu/cyrus-imapd/expire" ("value.shared" NIL) > . OK Completed > > But that does not work: > > $ su - cyrus -c '/usr/lib/cyrus-imapd/cyr_expire -E 3 -v' > expiring messages in user.test1001 older than 1 days > expiring messages in user.test1001.Drafts older than 1 days > expiring messages in user.test1001.Junk older than 1 days > expiring messages in user.test1001.Sent Items older than 1 days > expiring messages in user.test1001.Trash older than 1 days > expiring messages in user.test1001.confirmed-ham older than 1 days > expiring messages in user.test1001.confirmed-spam older than 1 days > expiring messages in user.test1001.subfolder older than 1 days > expiring messages in user.test1001.subfolder.subsubfolder older than 1 days > expiring messages in user.test1001.subfolder.subsubfolder.subsubsubfolder older than 1 days > > In the cyr_expire manpage I read: > > > [...] > > The ?value ?of ?the /vendor/cmu/cyrus-imapd/expire annotation is inherited by > all children of the given mailbox, so an entire mailbox tree can be expired by > seting a single annotation on the root of that tree. ?If a mailbox does not > have a /vendor/cmu/cyrus-imapd/expire annotation set on it (or does not > inherit then no messages are expired from the mailbox. > > [...] > > I found no further resources describing how to achieve what I want. > Is that possible at all? > Don't set expire for user (root) mailbox, only to "user/test1001/Sent Items". If you really want expire anothers mailbox with 1 day, then the easy way is set high value to "user/test1001/Sent Items". Read the cyr_expire man to learn the option to enable annotation flag. By default expire annotation is ignored. -- Reinaldo de Carvalho http://korreio.sf.net http://python-cyrus.sf.net "Don't try to adapt the software to the way you work, but rather yourself to the way the software works" (myself) From awilliam at whitemice.org Mon Jul 20 08:15:27 2009 From: awilliam at whitemice.org (Adam Tauno Williams) Date: Mon, 20 Jul 2009 08:15:27 -0400 Subject: how to exclude subfolder from expiration using annotations? In-Reply-To: <20090720083302.GD5333@open-xchange.com> References: <20090720083302.GD5333@open-xchange.com> Message-ID: <1248092127.5640.2.camel@linux-m3mt> > I'm currently trying to find out how to use cyr_expire in combination with > annotations exluding one single subfolder per mailbox. > I'm running RHEL5 with v2.3.7-Invoca-RPM-2.3.7-2.el5_3.2. > What I did: > . setannotation "user/test1001" "/vendor/cmu/cyrus-imapd/expire" ("value.shared" "1") > . OK Completed > . getannotation user/test1001 "/vendor/cmu/cyrus-imapd/expire" "value.shared" > * ANNOTATION "user/test1001" "/vendor/cmu/cyrus-imapd/expire" ("value.shared" "1") > . OK Completed > Now I want to exclude the "Sent Items" folder from expiring, so I did > . setannotation "user/test1001/Sent Items" "/vendor/cmu/cyrus-imapd/expire" ("value.shared" NIL) > . OK Completed > But that does not work: Correct. And I've been meaning to post the same question for awhile now: How to have message expiration in a folder and *not* for its subfolders - short of setting an additional annotation on each sub-folder (which in our circumstance isn't workable as the user can create additional subfolders). > $ su - cyrus -c '/usr/lib/cyrus-imapd/cyr_expire -E 3 -v' > expiring messages in user.test1001 older than 1 days > expiring messages in user.test1001.Drafts older than 1 days > expiring messages in user.test1001.Junk older than 1 days > expiring messages in user.test1001.Sent Items older than 1 days > expiring messages in user.test1001.Trash older than 1 days > expiring messages in user.test1001.confirmed-ham older than 1 days > expiring messages in user.test1001.confirmed-spam older than 1 days > expiring messages in user.test1001.subfolder older than 1 days > expiring messages in user.test1001.subfolder.subsubfolder older than 1 days > expiring messages in user.test1001.subfolder.subsubfolder.subsubsubfolder older than 1 days > In the cyr_expire manpage I read: > [...] > The value of the /vendor/cmu/cyrus-imapd/expire annotation is inherited by > all children of the given mailbox, so an entire mailbox tree can be expired by > seting a single annotation on the root of that tree. If a mailbox does not > have a /vendor/cmu/cyrus-imapd/expire annotation set on it (or does not > inherit then no messages are expired from the mailbox. > [...] > I found no further resources describing how to achieve what I want. > Is that possible at all? My guess, is no. FYI, purge exhibits the same behavior [as documented]. -- OpenGroupware developer: awilliam at whitemice.org OpenGroupare & Cyrus IMAPd documenation @ From choeger at open-xchange.com Mon Jul 20 08:54:47 2009 From: choeger at open-xchange.com (Carsten Hoeger) Date: Mon, 20 Jul 2009 14:54:47 +0200 Subject: how to exclude subfolder from expiration using annotations? In-Reply-To: <4a5881460907200444j348efa60ie39b769fcf6e8471@mail.gmail.com> References: <20090720083302.GD5333@open-xchange.com> <4a5881460907200444j348efa60ie39b769fcf6e8471@mail.gmail.com> Message-ID: <20090720125447.GC5528@open-xchange.com> On Mon, Jul 20, Reinaldo de Carvalho wrote: > > I'm currently trying to find out how to use cyr_expire in combination with > > annotations exluding one single subfolder per mailbox. [...] > Don't set expire for user (root) mailbox, only to "user/test1001/Sent Items". I want to _EXCLUDE_ user/test1001/Sent Items and not the other way around. I want to expire everything BUT user/test1001/Sent Items. -- With best regards, Carsten Hoeger -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20090720/0d27f38b/attachment.bin From reinaldoc at gmail.com Mon Jul 20 09:06:59 2009 From: reinaldoc at gmail.com (Reinaldo de Carvalho) Date: Mon, 20 Jul 2009 10:06:59 -0300 Subject: how to exclude subfolder from expiration using annotations? In-Reply-To: <20090720125447.GC5528@open-xchange.com> References: <20090720083302.GD5333@open-xchange.com> <4a5881460907200444j348efa60ie39b769fcf6e8471@mail.gmail.com> <20090720125447.GC5528@open-xchange.com> Message-ID: <4a5881460907200606j4a0a2504g696bbe98beba8051@mail.gmail.com> On Mon, Jul 20, 2009 at 9:54 AM, Carsten Hoeger wrote: > On Mon, Jul 20, Reinaldo de Carvalho wrote: > >> > I'm currently trying to find out how to use cyr_expire in combination with >> > annotations exluding one single subfolder per mailbox. > > [...] > >> Don't set expire for user (root) mailbox, only to "user/test1001/Sent Items". > > I want to _EXCLUDE_ user/test1001/Sent Items and not the other way around. > Do you try set annotattion for "user/test1001/Sent Items" with high value (not to be reached)? > I want to expire everything BUT user/test1001/Sent Items. > -- Reinaldo de Carvalho http://korreio.sf.net http://python-cyrus.sf.net "Don't try to adapt the software to the way you work, but rather yourself to the way the software works" (myself) From awilliam at whitemice.org Mon Jul 20 09:51:17 2009 From: awilliam at whitemice.org (Adam Tauno Williams) Date: Mon, 20 Jul 2009 09:51:17 -0400 Subject: Reducing log verbosity In-Reply-To: <0A2DAB1D-E0B8-4203-BE6C-BD1169FB5B7C@physics.ucsd.edu> References: <094BBC90-0761-4F9A-9B3C-DDFD6125DDB0@physics.ucsd.edu> <4A621027.1030102@artic.edu> <0A2DAB1D-E0B8-4203-BE6C-BD1169FB5B7C@physics.ucsd.edu> Message-ID: <1248097877.5640.17.camel@linux-m3mt> On Sat, 2009-07-18 at 19:45 -0700, Bryan Hill wrote: > thanks! I figured that might be the case after looking into this in > more detail. A better solution, IMHO, is to post-filter. The filtering provided by Syslog is pretty crude and requires bouncing the syslog service to change. If you use syslog-ng you can specify a pipeline as a destination, either a command or socket, etc... so you can get much more granular about what logs to keep and you can modify the logging level without effecting the service. If your mail host uses the old syslog, which ours do, you can ship the logs over the network [syslog support network logging, even the old one] to a syslog-ng log server where you can play with the logs all you want. > > Rebuild cyrus using a LOCAL syslog facility rather than MAIL. We > > use LOCAL6. Then adjust the verbosity by adjusting the log level > > in /etc/syslog.conf: > > local6.info -/var/log/imapd.log > > local6.debug = most verbose > > local6.info = less verbose > > local6.notice = even less verbose > > .. > > Bryan Hill wrote: > > > Hello! > > > I've been Googling for an answer, but haven't come up with any > > > working solution. I would like to turn down the verbosity of my > > > Cyrus logs but have not been successful. > > > I'm using the Invoca cyrus build (latest from the website) on > > > Centos 5.3. I've tried setting the CYRUS_VERBOSE environmental > > > variable but it seems to ignore any alue I put in. I'm doing this > > > in the init.d script. > > > Any hints as to what I'm doing wrong? > > > Thanks, > > > Bryan -- OpenGroupware developer: awilliam at whitemice.org OpenGroupare & Cyrus IMAPd documenation @ From choeger at open-xchange.com Mon Jul 20 12:24:45 2009 From: choeger at open-xchange.com (Carsten Hoeger) Date: Mon, 20 Jul 2009 18:24:45 +0200 Subject: how to exclude subfolder from expiration using annotations? In-Reply-To: <4a5881460907200606j4a0a2504g696bbe98beba8051@mail.gmail.com> References: <20090720083302.GD5333@open-xchange.com> <4a5881460907200444j348efa60ie39b769fcf6e8471@mail.gmail.com> <20090720125447.GC5528@open-xchange.com> <4a5881460907200606j4a0a2504g696bbe98beba8051@mail.gmail.com> Message-ID: <20090720162445.GB19307@open-xchange.com> On Mon, Jul 20, Reinaldo de Carvalho wrote: > >> > I'm currently trying to find out how to use cyr_expire in combination with > >> > annotations exluding one single subfolder per mailbox. > > > > [...] > > > >> Don't set expire for user (root) mailbox, only to "user/test1001/Sent Items". > > > > I want to _EXCLUDE_ user/test1001/Sent Items and not the other way around. > > > > Do you try set annotattion for "user/test1001/Sent Items" with high > value (not to be reached)? No. Instead I wrote a patch for ipurge to accept a regex pattern to include or NOT to include folders matching that pattern. I'll send the patch as soon as I'm done. -- With best regards, Carsten Hoeger -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20090720/9414d52e/attachment.bin From awilliam at whitemice.org Mon Jul 20 13:23:19 2009 From: awilliam at whitemice.org (Adam Tauno Williams) Date: Mon, 20 Jul 2009 13:23:19 -0400 Subject: how to exclude subfolder from expiration using annotations? In-Reply-To: <20090720162445.GB19307@open-xchange.com> References: <20090720083302.GD5333@open-xchange.com> <4a5881460907200444j348efa60ie39b769fcf6e8471@mail.gmail.com> <20090720125447.GC5528@open-xchange.com> <4a5881460907200606j4a0a2504g696bbe98beba8051@mail.gmail.com> <20090720162445.GB19307@open-xchange.com> Message-ID: <1248110599.5640.59.camel@linux-m3mt> On Mon, 2009-07-20 at 18:24 +0200, Carsten Hoeger wrote: > On Mon, Jul 20, Reinaldo de Carvalho wrote: > > >> > I'm currently trying to find out how to use cyr_expire in combination with > > >> > annotations exluding one single subfolder per mailbox. > > > [...] > > >> Don't set expire for user (root) mailbox, only to "user/test1001/Sent Items". > > > I want to _EXCLUDE_ user/test1001/Sent Items and not the other way around. > > Do you try set annotattion for "user/test1001/Sent Items" with high > > value (not to be reached)? > No. > Instead I wrote a patch for ipurge to accept a regex pattern to include or NOT > to include folders matching that pattern. > I'll send the patch as soon as I'm done. +1, that sounds fabulous. From blake at ispn.net Mon Jul 20 15:08:27 2009 From: blake at ispn.net (Blake Hudson) Date: Mon, 20 Jul 2009 14:08:27 -0500 Subject: squat file sizes Message-ID: <4A64C0AB.7010907@ispn.net> Is there a general way of estimating typical squat file usage when compared with the number of messages in a mailbox? When comparing a du of the server against quotas I noticed that some mailboxes where using almost twice as much disk space than their set quota. The culprit seems to be many small messages and large squat indexes on these mailboxes. --Blake From nybbles2byte at gmail.com Tue Jul 21 08:01:18 2009 From: nybbles2byte at gmail.com (Nybbles2Byte) Date: Tue, 21 Jul 2009 05:01:18 -0700 Subject: Help with tweaking complete mail setup based on Cyrus + Postfix + MySQL Message-ID: <633884923.20090721050118@gmail.com> Hello , Well, I finally got the whole email setup working. The system comprises of: OpenSuSE 11.0 Cyrus-Imap Cyrus-SASL Postfix MySQL Amavis SpamAssassin ClamAV setup up to work with multiple domains. I am sure that there are a bunch of little tricks that would make this system sing that an experienced administrator would know, and that would take me months to find out. So, is there someone there, knowing that all the initial setup has been done and works, that could/would shell into my server and just tweak whatever he can with his experience. While I am a single consultant working from home, I do realize that this should be paid for so a quote/estimate is welcome. I just think it would be worth it to have an expert eye fine tune the system. I'm not sure if this is the best place to ask this question and if not, a pointer to the right place would be appreciated. Cheers! -- Reg mailto:nybbles2byte at gmail.com -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20090721/07295ec2/attachment.html From awilliam at whitemice.org Tue Jul 21 08:32:51 2009 From: awilliam at whitemice.org (Adam Tauno Williams) Date: Tue, 21 Jul 2009 08:32:51 -0400 Subject: Help with tweaking complete mail setup based on Cyrus + Postfix + MySQL In-Reply-To: <633884923.20090721050118@gmail.com> References: <633884923.20090721050118@gmail.com> Message-ID: <1248179571.5510.6.camel@linux-m3mt> On Tue, 2009-07-21 at 05:01 -0700, Nybbles2Byte wrote: > Hello , > Well, I finally got the whole email setup working. The system > comprises of: > OpenSuSE 11.0 > Cyrus-Imap > Cyrus-SASL > Postfix > MySQL > Amavis > SpamAssassin > ClamAV > setup up to work with multiple domains. > I am sure that there are a bunch of little tricks that would make this > system sing that an experienced administrator would know, and that > would take me months to find out. So, is there someone there, knowing > that all the initial setup has been done and works, that could/would > shell into my server and just tweak whatever he can with his > experience. I don't know what I'd do unless there was a specific problem or issue. Of the cuff my thoughts are: 1.) Make sure you are using Skiplist and not Berkley DB for databases that default to Berkeley. 2.) Enable delayed expunge and configure a cyr_expunge job 3.) Disable, shoot, and burn SpamAssassin; that slow bloated buggy cow isn't worth the resource and maintenance cost for the very small improvement in SPAM prevention it offers over just RBLs, good MTA configuration, and greylisting. All of which are simple and low [resource] cost. Absolutely nothing else will do more to improve performance. 4.) Make sure you have directory hashing enabled 5.) Disable atime on your mail store and meta-data store filesystems. If using ext3 then investigate the data= options as well. 6.) Test your backup/restore procedure. 7.) Take a look at the Cyrus chapter of WMOGAG > While I am a single consultant working from home, I do realize that > this should be paid for so a quote/estimate is welcome. I just think > it would be worth it to have an expert eye fine tune the system. > I'm not sure if this is the best place to ask this question and if > not, a pointer to the right place would be appreciated. From simon.matter at invoca.ch Tue Jul 21 09:11:50 2009 From: simon.matter at invoca.ch (Simon Matter) Date: Tue, 21 Jul 2009 15:11:50 +0200 Subject: Help with tweaking complete mail setup based on Cyrus + Postfix + MySQL In-Reply-To: <1248179571.5510.6.camel@linux-m3mt> References: <633884923.20090721050118@gmail.com> <1248179571.5510.6.camel@linux-m3mt> Message-ID: <7094ab070b8dc514fbadc4a94f77af6a.squirrel@webmail.bi.corp.invoca.ch> > On Tue, 2009-07-21 at 05:01 -0700, Nybbles2Byte wrote: >> Hello , >> Well, I finally got the whole email setup working. The system >> comprises of: >> OpenSuSE 11.0 >> Cyrus-Imap >> Cyrus-SASL >> Postfix >> MySQL >> Amavis >> SpamAssassin >> ClamAV >> setup up to work with multiple domains. >> I am sure that there are a bunch of little tricks that would make this >> system sing that an experienced administrator would know, and that >> would take me months to find out. So, is there someone there, knowing >> that all the initial setup has been done and works, that could/would >> shell into my server and just tweak whatever he can with his >> experience. > > I don't know what I'd do unless there was a specific problem or issue. > Of the cuff my thoughts are: > > 1.) Make sure you are using Skiplist and not Berkley DB for databases > that default to Berkeley. > 2.) Enable delayed expunge and configure a cyr_expunge job > 3.) Disable, shoot, and burn SpamAssassin; that slow bloated buggy cow > isn't worth the resource and maintenance cost for the very small > improvement in SPAM prevention it offers over just RBLs, good MTA > configuration, and greylisting. All of which are simple and low > [resource] cost. Absolutely nothing else will do more to improve > performance. That's getting a bit OT but - why exactly is it so bad? Slow bloated cow - maybe, but apart from that it can be configured to run almost maintenance free. We are running it with spampd (http://www.worlddesign.com/index.cfm/rd/mta/spampd.htm) and it tags more than 99% of spam as spam and it does so for may years. Regards, Simon From choeger at open-xchange.com Tue Jul 21 10:43:46 2009 From: choeger at open-xchange.com (Carsten Hoeger) Date: Tue, 21 Jul 2009 16:43:46 +0200 Subject: Patch: add regex support to ipurge to improve folder selection Message-ID: <20090721144346.GB7271@open-xchange.com> Hi, attached the patch to add regex pattern matching to folders for ipurge. -- With best regards, Carsten Hoeger -------------- next part -------------- A non-text attachment was scrubbed... Name: ipurge.patch Type: text/x-patch Size: 4094 bytes Desc: not available Url : http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20090721/3eee3d3a/attachment-0002.bin -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20090721/3eee3d3a/attachment-0003.bin From selsky at columbia.edu Tue Jul 21 11:57:26 2009 From: selsky at columbia.edu (Matt Selsky) Date: Tue, 21 Jul 2009 11:57:26 -0400 Subject: Patch: add regex support to ipurge to improve folder selection In-Reply-To: <20090721144346.GB7271@open-xchange.com> References: <20090721144346.GB7271@open-xchange.com> Message-ID: <902EF0C4-D4B0-4244-8ABA-E3FE203A7C11@columbia.edu> On Jul 21, 2009, at 10:43 AM, Carsten Hoeger wrote: > attached the patch to add regex pattern matching to folders for > ipurge. Can you add this to bugzilla for tracking? -- Matt From bawood at umich.edu Tue Jul 21 17:40:19 2009 From: bawood at umich.edu (Brian Awood) Date: Tue, 21 Jul 2009 17:40:19 -0400 Subject: upgrading a 2.2.12 murder to 2.3.14 In-Reply-To: <4A5F41D4.8010607@onlight.com> References: <20090716102140.87nwvnbxgkk8kcck@www.staffmail.ed.ac.uk> <200907161055.58059.bawood@umich.edu> <4A5F41D4.8010607@onlight.com> Message-ID: <200907211740.20455.bawood@umich.edu> On Thursday 16 July 2009 @ 11:05, Nic Bernstein wrote: > Brian, > I certainly would be interested in seeing those. Please post them > here, or to the Wiki. > > Best regards, > -nic Our email operations group manager put together a summary of our cyrus implementation recently for a meeting we have yearly with several other Universities. It has links to the scripts we use, the caveat being they are all written for our environment and likely wouldn't run at another site the way they are currently. However, they probably wouldn't be too difficult to port. http://blackops.mail.umich.edu/cyrus -Brian From coen at netground.nl Wed Jul 22 06:44:46 2009 From: coen at netground.nl (Net Ground - Coen Greeve) Date: Wed, 22 Jul 2009 12:44:46 +0200 Subject: Mailbox unknown after update Message-ID: <3254E35374B3434BA3B65613DFCEBA047CE17269FD@srvnd002.netground.local> Today I've updated a Cyrus installation from 2.3.11 to 2.3.14. After the update the users can still login and view their current e-mail. But new messages all get bounced with an unclear message "stat=Data format error". Eventually this message can be lead back to a 'Mailbox unknown..." "User unknown" error. When I use cyradm I can view the mailbox, also with mbpath I can check the path of the mailbox. This all works ok! But when I try to use 'deliver' I get the above error message. Any ideas? I use a FreeBSD 6.4 box with Cyrus-Imapd-2.3.14_1 and Cyrus-Sasl-2.1.23! -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20090722/f76b31bf/attachment.html From bernd at firmix.at Wed Jul 22 09:22:20 2009 From: bernd at firmix.at (Bernd Petrovitsch) Date: Wed, 22 Jul 2009 15:22:20 +0200 Subject: sieve "vacation" and duplicated emails Message-ID: <1867_1248268949_n6MDMRpw030037_1248268940.29588.25.camel@spike.firmix.at> An embedded and charset-unspecified text was scrubbed... Name: not available Url: http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20090722/bf437a79/attachment.ksh From simon.matter at invoca.ch Wed Jul 22 10:49:46 2009 From: simon.matter at invoca.ch (Simon Matter) Date: Wed, 22 Jul 2009 16:49:46 +0200 Subject: sieve "vacation" and duplicated emails In-Reply-To: <1867_1248268949_n6MDMRpw030037_1248268940.29588.25.camel@spike.firmix.at> References: <1867_1248268949_n6MDMRpw030037_1248268940.29588.25.camel@spike.firmix.at> Message-ID: <73fad731c429fc3853b1592e6108f3cc.squirrel@webmail.bi.corp.invoca.ch> > Hi all! > > I'm in the process of upgrading cyrus-imapd-2.2.13 (from > Debian-3.1/Sarge) to cyrus-imapd-2.3.7 (from RHEL-5/CentOS-5) on a > system with approx. 25k mailboxes. > > We are using quite simple sieve scripts for vacation and 2.3.7 > duplicates (into the local inbox) all emails which trigger an outgoing > vacation mail. I'm not sure I completely understand your situation and what your problem is. However, you should note that the RHEL-5 system might have delayed expunge enabled which at least means that a mail delivered to an inbox and then deleted from there will still be visible on the filesystem. Do you really see the mail via IMAP or only on the filesystem? Regards, Simon > Glancing over the source diff'ing the old and new imap/lmtp_sieve.c file > (and diff'ing to 2.3.14) doesn't reveal anything remotely strange (to my > eyes - I'm not experienced with cyrus-imapd's source code. So I may well > looked into the wrong file.). > > Googling and searching in the bug/issue trackers from above also doesn't > give any useful hint - and I didn't even found someone else having that > problem. > > FWIW, we have "duplicatesuppression: false" in /etc/imapd.conf - as it > saved a lot of I/O load on the old systems (avoiding storing and > checking the for duplicates in the DB). > > Does anyone have any idea what could be wrong or what could/should be > debugged/analyzed/....? > > Bernd > -- > Firmix Software GmbH http://www.firmix.at/ > mobil: +43 664 4416156 fax: +43 1 7890849-55 > Embedded Linux Development and Services > > > ---- > Cyrus Home Page: http://cyrusimap.web.cmu.edu/ > Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html > From webmaster at computational-chemistry.org Wed Jul 22 12:00:55 2009 From: webmaster at computational-chemistry.org (Alexander =?iso-8859-1?q?Schr=F6ter?=) Date: Wed, 22 Jul 2009 18:00:55 +0200 Subject: Use a different Host to store Imap Data on Message-ID: <200907221800.55296.webmaster@computational-chemistry.org> Hello Everybody a little bit about my situation. I currently use a Kolab Server and my ISPs Mailserver. Since my ISPs Mailserver has a nearly 100% Uptime, a lot of Storage Space and Automated Backup. I want to use it as storage space for the kolab's imap data. The problem is that I only have access to my ISPs Server via Imap. So my question is: Is it possible to tell cyrus to store the mail not on the local machine but on my ISPs Imap account. I saw that it's possible to introduce a new partition to cyrus in the imapd.conf and than tell the process to use this as new storage location for certain users via "renamemailbox user.foobar.mail user.foobar.mail newpartition". You now know what I am looking for and I am open for other ideas. Regards Alexander From jblaine at kickflop.net Wed Jul 22 12:41:21 2009 From: jblaine at kickflop.net (Jeff Blaine) Date: Wed, 22 Jul 2009 12:41:21 -0400 Subject: imtest -u not what I think it is? Message-ID: <4A674131.4060202@kickflop.net> Why is 'cyrus' not being used as the user below? bin:imap> ./imtest -u cyrus -v -m login WARNING: no hostname supplied, assuming localhost S: * OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID STARTTLS AUTH=PLAIN SASL-IR] imap.foo.com Cyrus IMAP v2.x server ready Please enter your password: C: L01 LOGIN jblaine {8} <------------------------- S: + go ahead C: S: L01 NO Login failed: generic failure Authentication failed. generic failure Security strength factor: 0 ^CC: Q01 LOGOUT Connection closed. bin:imap> sudo ./imtest -u cyrus -v -m login WARNING: no hostname supplied, assuming localhost S: * OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID STARTTLS AUTH=PLAIN SASL-IR] imap.foo.com Cyrus IMAP v2.x server ready Please enter your password: C: L01 LOGIN root {8} <---------------------------- S: + go ahead C: S: L01 NO Login failed: generic failure Authentication failed. generic failure Security strength factor: 0 ^CC: Q01 LOGOUT Connection closed. From jblaine at kickflop.net Wed Jul 22 12:52:18 2009 From: jblaine at kickflop.net (Jeff Blaine) Date: Wed, 22 Jul 2009 12:52:18 -0400 Subject: imtest -u not what I think it is? In-Reply-To: <4A674131.4060202@kickflop.net> References: <4A674131.4060202@kickflop.net> Message-ID: <4A6743C2.4040604@kickflop.net> Nevermind. I get it now. Is there a known problem with @ in IMAP passwords? Jeff Blaine wrote: > Why is 'cyrus' not being used as the user below? > > bin:imap> ./imtest -u cyrus -v -m login > WARNING: no hostname supplied, assuming localhost > > S: * OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID STARTTLS AUTH=PLAIN > SASL-IR] imap.foo.com Cyrus IMAP v2.x server ready > Please enter your password: > C: L01 LOGIN jblaine {8} <------------------------- > S: + go ahead > C: > S: L01 NO Login failed: generic failure > Authentication failed. generic failure > Security strength factor: 0 > ^CC: Q01 LOGOUT > Connection closed. > bin:imap> sudo ./imtest -u cyrus -v -m login > WARNING: no hostname supplied, assuming localhost > > S: * OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID STARTTLS AUTH=PLAIN > SASL-IR] imap.foo.com Cyrus IMAP v2.x server ready > Please enter your password: > C: L01 LOGIN root {8} <---------------------------- > S: + go ahead > C: > S: L01 NO Login failed: generic failure > Authentication failed. generic failure > Security strength factor: 0 > ^CC: Q01 LOGOUT > Connection closed. > ---- > Cyrus Home Page: http://cyrusimap.web.cmu.edu/ > Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html > From bernd at firmix.at Wed Jul 22 15:14:48 2009 From: bernd at firmix.at (Bernd Petrovitsch) Date: Wed, 22 Jul 2009 21:14:48 +0200 Subject: sieve "vacation" and duplicated emails In-Reply-To: <73fad731c429fc3853b1592e6108f3cc.squirrel@webmail.bi.corp.invoca.ch> References: <1867_1248268949_n6MDMRpw030037_1248268940.29588.25.camel@spike.firmix.at> <73fad731c429fc3853b1592e6108f3cc.squirrel@webmail.bi.corp.invoca.ch> Message-ID: <1856_1248290108_n6MJF75t011454_1248290088.29588.76.camel@spike.firmix.at> An embedded and charset-unspecified text was scrubbed... Name: not available Url: http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20090722/a4185a8f/attachment.ksh From morgan at orst.edu Wed Jul 22 15:40:14 2009 From: morgan at orst.edu (Andrew Morgan) Date: Wed, 22 Jul 2009 12:40:14 -0700 (PDT) Subject: imtest -u not what I think it is? In-Reply-To: <4A674131.4060202@kickflop.net> References: <4A674131.4060202@kickflop.net> Message-ID: On Wed, 22 Jul 2009, Jeff Blaine wrote: > Why is 'cyrus' not being used as the user below? > > bin:imap> ./imtest -u cyrus -v -m login > WARNING: no hostname supplied, assuming localhost Try this: imtest -u cyrus -a cyrus localhost -u specifies the authorization identity -a specifies the authentication identity You shouldn't have to the specify the mechanism with -m. Andy From morgan at orst.edu Wed Jul 22 15:49:00 2009 From: morgan at orst.edu (Andrew Morgan) Date: Wed, 22 Jul 2009 12:49:00 -0700 (PDT) Subject: sieve "vacation" and duplicated emails In-Reply-To: <1856_1248290108_n6MJF75t011454_1248290088.29588.76.camel@spike.firmix.at> References: <1867_1248268949_n6MDMRpw030037_1248268940.29588.25.camel@spike.firmix.at> <73fad731c429fc3853b1592e6108f3cc.squirrel@webmail.bi.corp.invoca.ch> <1856_1248290108_n6MJF75t011454_1248290088.29588.76.camel@spike.firmix.at> Message-ID: On Wed, 22 Jul 2009, Bernd Petrovitsch wrote: > If I have the following sieve script, everything works fine and each > (non-Spam-)mail appears once in the INBOX (since we have the "keep" > there) > ---- snip ---- > require [ "fileinto", "vacation" ]; > if header :contains [ "X-Spam-Flag" ] [ "YES" ] { > fileinto "INBOX/Spam"; > } else { > keep; > } > ---- snip ---- > If I add a "vacation" statement (with a known working local email > address) as in > ---- snip ---- > require [ "fileinto", "vacation" ]; > vacation :days 7 :addresses [ "user at example.com" ] "Bin im Urlaub ..."; > if header :contains [ "X-Spam-Flag" ] [ "YES" ] { > fileinto "INBOX/Spam"; > } else { > keep; > } > ---- snip ---- > each (non-spam-)mail, which triggers a vacation response, is stored 2 > times in the INBOX (and not just once - from the "keep"). This does sound a bit like a bug, but I think your sieve rules are somewhat out-of-order as well. Here is how I would write it: require [ "fileinto", "vacation" ]; if header :contains "X-Spam-Flag" "YES" { fileinto "INBOX/Spam"; stop; } vacation :days 7 :addresses [ "user at example.com" ] "Bin im Urlaub ..."; "stop" tells sieve to stop processing the message. With "stop" in place, you don't need a clunky "else { keep; }" clause. There is an implicit "keep" action if a message is not fileinto'd a different mailbox. Also, you want the vacation responder to avoid processing spam emails. Andy From morgan at orst.edu Wed Jul 22 15:52:05 2009 From: morgan at orst.edu (Andrew Morgan) Date: Wed, 22 Jul 2009 12:52:05 -0700 (PDT) Subject: Use a different Host to store Imap Data on In-Reply-To: <200907221800.55296.webmaster@computational-chemistry.org> References: <200907221800.55296.webmaster@computational-chemistry.org> Message-ID: On Wed, 22 Jul 2009, Alexander Schr?ter wrote: > Hello Everybody > > a little bit about my situation. I currently use a Kolab Server and my ISPs > Mailserver. Since my ISPs Mailserver has a nearly 100% Uptime, a lot of > Storage Space and Automated Backup. I want to use it as storage space for the > kolab's imap data. > > The problem is that I only have access to my ISPs Server via Imap. So my > question is: > > Is it possible to tell cyrus to store the mail not on the local machine but on > my ISPs Imap account. > > I saw that it's possible to introduce a new partition to cyrus in the > imapd.conf and than tell the process to use this as new storage location for > certain users via "renamemailbox user.foobar.mail user.foobar.mail > newpartition". > > You now know what I am looking for and I am open for other ideas. Cyrus stores its emails on the local filesystem. It cannot store mail remotely in a separate IMAP server (Cyrus is already an IMAP server). However, it seems possible that you can reconfigure Kolab to use your ISPs IMAP server instead of the locally installed Cyrus IMAP server. I've never used Kolab, so I don't know how you might go about doing this or if Kolab supports this. Andy From D.J.Mayo at bath.ac.uk Thu Jul 23 08:35:00 2009 From: D.J.Mayo at bath.ac.uk (David Mayo) Date: Thu, 23 Jul 2009 13:35:00 +0100 Subject: Problems running ctl_mboxlist -m on 2.2 back-end Message-ID: <4A6858F4.7030903@bath.ac.uk> We are looking at upgrading our single 2.2 IMAP server to a Murder setup with a 2.3 back-end server. For the transition we will put the current IMAP server into the Murder and gradually transfer the mailboxes over to the new server using 'xfer'. I have just tested the first stage of the migration by dumping the list of mailboxes on the currently live server and importing that into our test 'currently live' server. The initial ctl_mboxlist -m transfer to the MUPDATE master took ~12 minutes for ~225,000 mail folders (skiplist format). Subsequent attempts to run ctl_mboxlist -m on the server do not work - there is a small flurry of activity at the start according to truss on the local machine and snoop on the MUPDATE server, then nothing happens for exactly 30 minutes and it finally gives up with "couldn't do LIST command on mupdate server". I have restarted the IMAP daemons on both servers and tried converting the mboxlist_db on the back-end from skiplist to berkeley - none of these steps have made any difference. I can run mupdatetest and issue a LIST command which shows plenty of mailboxes. This shouldn't be a problem in itself as long as all the mailbox operations work as expected, however it is a bit of a worry. Both machines are running Solaris 10. The back-end server is running 2.2.12 and the front-end server is running 2.2.13. Has anyone experienced this problem and is there a way round it if this command doesn't work? Regards, Dave. David Mayo Networks/Systems Administrator University of Bath Computing Services, UK From bernd at firmix.at Mon Jul 27 06:28:09 2009 From: bernd at firmix.at (Bernd Petrovitsch) Date: Mon, 27 Jul 2009 12:28:09 +0200 Subject: sieve "vacation" and duplicated emails In-Reply-To: References: <1867_1248268949_n6MDMRpw030037_1248268940.29588.25.camel@spike.firmix.at> <73fad731c429fc3853b1592e6108f3cc.squirrel@webmail.bi.corp.invoca.ch> <1856_1248290108_n6MJF75t011454_1248290088.29588.76.camel@spike.firmix.at> Message-ID: <1867_1248690500_n6RASIrb026708_1248690489.2571.21.camel@spike.firmix.at> An embedded and charset-unspecified text was scrubbed... Name: not available Url: http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20090727/7a805ab8/attachment.ksh From bernd at firmix.at Mon Jul 27 06:45:37 2009 From: bernd at firmix.at (Bernd Petrovitsch) Date: Mon, 27 Jul 2009 12:45:37 +0200 Subject: sieve "vacation" and duplicated emails In-Reply-To: <1867_1248268949_n6MDMRpw030037_1248268940.29588.25.camel@spike.firmix.at> References: <1867_1248268949_n6MDMRpw030037_1248268940.29588.25.camel@spike.firmix.at> Message-ID: <1858_1248691546_n6RAjiuK000873_1248691537.2571.40.camel@spike.firmix.at> An embedded and charset-unspecified text was scrubbed... Name: not available Url: http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20090727/ee35404c/attachment.ksh From jjneely at ncsu.edu Mon Jul 27 11:19:00 2009 From: jjneely at ncsu.edu (Jack Neely) Date: Mon, 27 Jul 2009 11:19:00 -0400 Subject: Running multiple reconstructs concurrently Message-ID: <20090727151900.GT6484@virge.linuxczar.net> Folks, I'm writing a script to migrate all the cyrus imap data from version 2.2.10 running on 32 bit RHEL 3 to version 2.3.11 on brand new servers running RHEL 5 in 64 bit mode. The data moves fairly quickly but running reconstruct over the entire server takes 3 or 4 times longer than scp'ing across the data. Is it safe to run multiple reconstructs concurrently? Provided they are not working on the same mailboxes, of course. Jack -- Jack Neely Linux Czar, OIT Campus Linux Services Office of Information Technology, NC State University GPG Fingerprint: 1917 5AC1 E828 9337 7AA4 EA6B 213B 765F 3B6A 5B89 From brong at fastmail.fm Mon Jul 27 17:40:08 2009 From: brong at fastmail.fm (Bron Gondwana) Date: Tue, 28 Jul 2009 07:40:08 +1000 Subject: Running multiple reconstructs concurrently In-Reply-To: <20090727151900.GT6484@virge.linuxczar.net> References: <20090727151900.GT6484@virge.linuxczar.net> Message-ID: <20090727214008.GA12213@brong.net> On Mon, Jul 27, 2009 at 11:19:00AM -0400, Jack Neely wrote: > Folks, > > I'm writing a script to migrate all the cyrus imap data from version > 2.2.10 running on 32 bit RHEL 3 to version 2.3.11 on brand new servers > running RHEL 5 in 64 bit mode. The data moves fairly quickly but > running reconstruct over the entire server takes 3 or 4 times longer > than scp'ing across the data. > > Is it safe to run multiple reconstructs concurrently? Provided they are > not working on the same mailboxes, of course. Yes, that's fine. There will be some lock synchronisation on the mailboxes.db, but the bulk of the time it will be fine. By the way, 2.3.11 is pretty old for a 2.3 series. There have been bugs fixed since. By the way number two, I hope you're using -G to the reconstructs so you get GUIDs calculated (that will add process use, but is worth it for integrity checking purposes...) Bron. From baconm at email.unc.edu Mon Jul 27 18:07:21 2009 From: baconm at email.unc.edu (Michael Bacon) Date: Mon, 27 Jul 2009 18:07:21 -0400 Subject: Problems running ctl_mboxlist -m on 2.2 back-end In-Reply-To: <4A6858F4.7030903@bath.ac.uk> References: <4A6858F4.7030903@bath.ac.uk> Message-ID: <36410392D4A33E293E98586A@trophic.its.unc.edu> I think I may have seen exactly what you're seeing, and it's a doozy to find, but simple to fix. If it's what I saw (and it was this EXACT symptom), you just need to rebuild your binaries with the thread-safe switch. If you're using Sun Studio (we did because of its optimization on the T2 processor), you need to pass "-mt" to the compiler at compile time (CFLAGS), or else Solaris won't set errno properly in a multi-threaded process, and non-blocking I/O will eat itself. The painful details here: http://cyrusimap.web.cmu.edu/archive/message.php?mailbox=archive.info-cyrus&msg=48912 The switch on GCC is different (I think it's -mthread), but just make sure you're specifying the thread-safe switch. Michael Bacon ITS Messaging UNC Chapel Hill --On July 23, 2009 1:35:00 PM +0100 David Mayo wrote: > > We are looking at upgrading our single 2.2 IMAP server to a Murder setup > with a 2.3 back-end server. For the transition we will put the current > IMAP server into the Murder and gradually transfer the mailboxes over to > the new server using 'xfer'. > > I have just tested the first stage of the migration by dumping the list > of mailboxes on the currently live server and importing that into our > test 'currently live' server. The initial ctl_mboxlist -m transfer to > the MUPDATE master took ~12 minutes for ~225,000 mail folders (skiplist > format). > > Subsequent attempts to run ctl_mboxlist -m on the server do not work - > there is a small flurry of activity at the start according to truss on > the local machine and snoop on the MUPDATE server, then nothing happens > for exactly 30 minutes and it finally gives up with "couldn't do LIST > command on mupdate server". > > I have restarted the IMAP daemons on both servers and tried converting > the mboxlist_db on the back-end from skiplist to berkeley - none of > these steps have made any difference. I can run mupdatetest and issue a > LIST command which shows plenty of mailboxes. > > This shouldn't be a problem in itself as long as all the mailbox > operations work as expected, however it is a bit of a worry. Both > machines are running Solaris 10. The back-end server is running 2.2.12 > and the front-end server is running 2.2.13. Has anyone experienced this > problem and is there a way round it if this command doesn't work? > > Regards, > > > Dave. > > David Mayo > Networks/Systems Administrator > University of Bath Computing Services, UK > ---- > Cyrus Home Page: http://cyrusimap.web.cmu.edu/ > Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html From jjneely at ncsu.edu Mon Jul 27 21:39:10 2009 From: jjneely at ncsu.edu (Jack Neely) Date: Mon, 27 Jul 2009 21:39:10 -0400 Subject: Running multiple reconstructs concurrently In-Reply-To: <20090727214008.GA12213@brong.net> References: <20090727151900.GT6484@virge.linuxczar.net> <20090727214008.GA12213@brong.net> Message-ID: <20090728013910.GZ6484@virge.linuxczar.net> On Tue, Jul 28, 2009 at 07:40:08AM +1000, Bron Gondwana wrote: > On Mon, Jul 27, 2009 at 11:19:00AM -0400, Jack Neely wrote: > > Folks, > > > > I'm writing a script to migrate all the cyrus imap data from version > > 2.2.10 running on 32 bit RHEL 3 to version 2.3.11 on brand new servers > > running RHEL 5 in 64 bit mode. The data moves fairly quickly but > > running reconstruct over the entire server takes 3 or 4 times longer > > than scp'ing across the data. > > > > Is it safe to run multiple reconstructs concurrently? Provided they are > > not working on the same mailboxes, of course. > > Yes, that's fine. There will be some lock synchronisation on the > mailboxes.db, but the bulk of the time it will be fine. Great! This takes my test runs from 5 hours to 3. > > By the way, 2.3.11 is pretty old for a 2.3 series. There have > been bugs fixed since. Indeed there are several relevant things in the changelog. Thanks. > > By the way number two, I hope you're using -G to the reconstructs > so you get GUIDs calculated (that will add process use, but is > worth it for integrity checking purposes...) I'm not currently using any replication so I had not planned to turn on the GUIDs. Are there any other advantages to them? Jack > > Bron. -- Jack Neely Linux Czar, OIT Campus Linux Services Office of Information Technology, NC State University GPG Fingerprint: 1917 5AC1 E828 9337 7AA4 EA6B 213B 765F 3B6A 5B89 From brong at fastmail.fm Mon Jul 27 22:35:22 2009 From: brong at fastmail.fm (Bron Gondwana) Date: Tue, 28 Jul 2009 12:35:22 +1000 Subject: Running multiple reconstructs concurrently In-Reply-To: <20090728013910.GZ6484@virge.linuxczar.net> References: <20090727151900.GT6484@virge.linuxczar.net> <20090727214008.GA12213@brong.net> <20090728013910.GZ6484@virge.linuxczar.net> Message-ID: <20090728023522.GA7934@brong.net> On Mon, Jul 27, 2009 at 09:39:10PM -0400, Jack Neely wrote: > On Tue, Jul 28, 2009 at 07:40:08AM +1000, Bron Gondwana wrote: > > On Mon, Jul 27, 2009 at 11:19:00AM -0400, Jack Neely wrote: > > > Folks, > > > > > > I'm writing a script to migrate all the cyrus imap data from version > > > 2.2.10 running on 32 bit RHEL 3 to version 2.3.11 on brand new servers > > > running RHEL 5 in 64 bit mode. The data moves fairly quickly but > > > running reconstruct over the entire server takes 3 or 4 times longer > > > than scp'ing across the data. > > > > > > Is it safe to run multiple reconstructs concurrently? Provided they are > > > not working on the same mailboxes, of course. > > > > Yes, that's fine. There will be some lock synchronisation on the > > mailboxes.db, but the bulk of the time it will be fine. > > Great! This takes my test runs from 5 hours to 3. > > > > > By the way, 2.3.11 is pretty old for a 2.3 series. There have > > been bugs fixed since. > > Indeed there are several relevant things in the changelog. Thanks. > > > > > By the way number two, I hope you're using -G to the reconstructs > > so you get GUIDs calculated (that will add process use, but is > > worth it for integrity checking purposes...) > > I'm not currently using any replication so I had not planned to turn on > the GUIDs. Are there any other advantages to them? They're the sha1 of the message file - it allows you to detect corruption. Not that we have good tools for that yet (not in Cyrus anyway - I have "audit_slot.pl" here at FastMail which can do some pretty clever stuff), but I'm hoping to build better tools in future. Of course, without replication you can't actually do much about it, but at least you notice. We've probably had about 10 cases of corrupted files in the past 6 months, to give you an idea how rare it is (that's across 12 machines and heaps of disk) Bron. From D.J.Mayo at bath.ac.uk Tue Jul 28 08:38:08 2009 From: D.J.Mayo at bath.ac.uk (David Mayo) Date: Tue, 28 Jul 2009 13:38:08 +0100 Subject: Problems running ctl_mboxlist -m on 2.2 back-end In-Reply-To: <36410392D4A33E293E98586A@trophic.its.unc.edu> References: <4A6858F4.7030903@bath.ac.uk> <36410392D4A33E293E98586A@trophic.its.unc.edu> Message-ID: <4A6EF130.8050608@bath.ac.uk> Michael, Michael Bacon wrote: > I think I may have seen exactly what you're seeing, and it's a doozy to > find, but simple to fix. If it's what I saw (and it was this EXACT > symptom), you just need to rebuild your binaries with the thread-safe > switch. If you're using Sun Studio (we did because of its optimization > on the T2 processor), you need to pass "-mt" to the compiler at compile > time (CFLAGS), or else Solaris won't set errno properly in a > multi-threaded process, and non-blocking I/O will eat itself. The > painful details here: > > http://cyrusimap.web.cmu.edu/archive/message.php?mailbox=archive.info-cyrus&msg=48912 > > The switch on GCC is different (I think it's -mthread), but just make > sure you're specifying the thread-safe switch. This was it exactly - thanks!! The agrument to gcc is in fact -pthreads. Better still, I only had to apply this to the MUPDATE server, which means I don't need to recompile imapd on the live back-end server. Allow me to buy you a beer or two if you're ever in the area! Regards, Dave. David Mayo Networks/Systems Administrator University of Bath Computing Services, UK > --On July 23, 2009 1:35:00 PM +0100 David Mayo wrote: > >> >> We are looking at upgrading our single 2.2 IMAP server to a Murder setup >> with a 2.3 back-end server. For the transition we will put the current >> IMAP server into the Murder and gradually transfer the mailboxes over to >> the new server using 'xfer'. >> >> I have just tested the first stage of the migration by dumping the list >> of mailboxes on the currently live server and importing that into our >> test 'currently live' server. The initial ctl_mboxlist -m transfer to >> the MUPDATE master took ~12 minutes for ~225,000 mail folders (skiplist >> format). >> >> Subsequent attempts to run ctl_mboxlist -m on the server do not work - >> there is a small flurry of activity at the start according to truss on >> the local machine and snoop on the MUPDATE server, then nothing happens >> for exactly 30 minutes and it finally gives up with "couldn't do LIST >> command on mupdate server". >> >> I have restarted the IMAP daemons on both servers and tried converting >> the mboxlist_db on the back-end from skiplist to berkeley - none of >> these steps have made any difference. I can run mupdatetest and issue a >> LIST command which shows plenty of mailboxes. >> >> This shouldn't be a problem in itself as long as all the mailbox >> operations work as expected, however it is a bit of a worry. Both >> machines are running Solaris 10. The back-end server is running 2.2.12 >> and the front-end server is running 2.2.13. Has anyone experienced this >> problem and is there a way round it if this command doesn't work? >> >> Regards, >> >> >> Dave. >> >> David Mayo >> Networks/Systems Administrator >> University of Bath Computing Services, UK >> ---- >> Cyrus Home Page: http://cyrusimap.web.cmu.edu/ >> Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki >> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html > > > > From osmcruzl at gmail.com Tue Jul 28 21:40:17 2009 From: osmcruzl at gmail.com (Oscar Cruz) Date: Tue, 28 Jul 2009 19:40:17 -0600 Subject: Invalid Header problems Message-ID: Hi folks i'm trying to figure out a problem with some domains when they send mails to my server *cyrus reports an error*, apparently the problem comes from an invalid header but i don't know what kind of parameter must change, cause this isn't happens with all the domains just with some ones. maybe one of you help me about it, i show the message log and the postconf -n please tell me know if i should make any change in particular in tha log, notice that message seems to be sent but seconds later a bounced message is showed ------------------------------------------------------------------------------------------------------------------------------------------- Jul 28 09:45:08 boom3 postfix/qmgr[3548]: 3337125C001: from=, size=1836, nrcpt=1 (queue active) Jul 28 09:45:08 boom3 postfix/smtpd[6976]: disconnect from unknown[192.27.1.15] Jul 28 09:45:08 boom3 amavis[5637]: (05637-16) ESMTP::10024 /var/spool/amavis/tmp/amavis-20090728T092128-05637: -> SIZE=1836 Received: from myserver ([127.0.0.1]) by localhost (myserver [127.0.0.1]) (amavisd-new, port 10024) with ESMTP for ; Tue, 28 Jul 2009 09:45:08 -0600 (CST) Jul 28 09:45:08 boom3 amavis[6937]: (06937-01) ESMTP::10024 /var/spool/amavis/tmp/amavis-20090728T094508-06937: -> SIZE=1838 Received: from myserver ([127.0.0.1]) by localhost (myserver [127.0.0.1]) (amavisd-new, port 10024) with ESMTP for ; Tue, 28 Jul 2009 09:45:08 -0600 (CST) Jul 28 09:45:08 boom3 amavis[5637]: (05637-16) Checking: XPr4Jvf1nybP -> Jul 28 09:45:08 boom3 amavis[5637]: (05637-16) p001 1 Content-Type: text/plain, size: 868 B, name: Jul 28 09:45:08 boom3 amavis[6937]: (06937-01) Checking: Wb-KS8AghfQh -> Jul 28 09:45:08 boom3 amavis[6937]: (06937-01) p001 1 Content-Type: text/plain, size: 868 B, name: Jul 28 09:45:09 boom3 postfix/smtpd[6914]: connect from unknown[192.27.1.15] Jul 28 09:45:09 boom3 postfix/smtpd[6914]: 567CD25C003: client=unknown[192.27.1.15] Jul 28 09:45:09 boom3 postfix/cleanup[6921]: 567CD25C003: message-id= Jul 28 09:45:09 boom3 postfix/qmgr[3548]: 567CD25C003: from=, size=1833, nrcpt=1 (queue active) Jul 28 09:45:09 boom3 postfix/smtpd[6914]: disconnect from unknown[192.27.1.15] Jul 28 09:45:10 boom3 postfix/smtpd[6932]: connect from localhost[127.0.0.1] Jul 28 09:45:10 boom3 postfix/smtpd[6932]: 934E325C004: client=localhost[127.0.0.1] Jul 28 09:45:10 boom3 postfix/cleanup[6984]: 934E325C004: message-id= Jul 28 09:45:10 boom3 postfix/qmgr[3548]: 934E325C004: from=, size=2274, nrcpt=1 (queue active) Jul 28 09:45:10 boom3 postfix/smtpd[6932]: disconnect from localhost[127.0.0.1] Jul 28 09:45:10 boom3 amavis[5637]: (05637-16) FWD via SMTP: -> ,BODY=7BIT 250 2.6.0 Ok, id=05637-16, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 934E325C004 Jul 28 09:45:10 booo3 amavis[5637]: (05637-16) Passed CLEAN, [10.10.10.10] -> , mail_id: XPr4Jvf1nybP, Hits: -0.699, size: 1836, queued_as: 934E325C004, 2375 ms Jul 28 09:45:10 boom3 postfix/smtp[6922]: 3337125C001: to=, relay=127.0.0.1[127.0.0.1]:10024, delay=2.5, delays=0.09/0/0/2.4, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 934E325C004) Jul 28 09:45:10 boom3 postfix/qmgr[3548]: 3337125C001: removed Jul 28 09:45:10 boom3 amavis[5637]: (05637-16) TIMING [total 2380 ms] - SMTP greeting: 2 (0%)0, SMTP EHLO: 1 (0%)0, SMTP pre-MAIL: 0 (0%)0, SMTP pre-DATA-flush: 3 (0%)0, SMTP DATA: 34 (1%)2, check_init: 1 (0%)2, digest_hdr: 1 (0%)2, digest_body: 0 (0%)2, gen_mail_id: 1 (0%)2, mime_decode: 8 (0%)2, get-file-type1: 15 (1%)3, parts_decode: 0 (0%)3, check_header: 2 (0%)3, AV-scan-1: 4 (0%)3, AV-scan-2: 1467 (62%)65, spam-wb-list: 2 (0%)65, SA msg read: 1 (0%)65, SA parse: 2 (0%)65, SA check: 739 (31%)96, update_cache: 6 (0%)96, decide_mail_destiny: 1 (0%)96, fwd-connect: 6 (0%)96, fwd-mail-pip: 13 (1%)97, fwd-rcpt-pip: 0 (0%)97, fwd-data-chkpnt: 0 (0%)97, write-header: 1 (0%)97, fwd-data-contents: 0 (0%)97, fwd-end-chkpnt: 59 (2%)99, prepare-dsn: 1 (0%)99, main_log_entry: 9 (0%)100, update_snmp: 2 (0%)100, SMTP pre-response: 0 (0%)100, SMTP response: 0 (0%)100, unlink-1-files: 0 (0%)100, rundown: 0 (0%)100 Jul 28 09:45:10 boom3 amavis[5637]: (05637-17) ESMTP::10024 /var/spool/amavis/tmp/amavis-20090728T092128-05637: -> SIZE=1833 Received: from myserver. ([127.0.0.1]) by localhost (myserver. [127.0.0.1]) (amavisd-new, port 10024) with ESMTP for ; Tue, 28 Jul 2009 09:45:10 -0600 (CST) Jul 28 09:45:10 boom3 amavis[5637]: (05637-17) Checking: wKNkVzaar0-x -> Jul 28 09:45:10 boom3 amavis[5637]: (05637-17) cached acae0dadbbcd66e7cf51eda9ae4bc2f8 from (1,1) Jul 28 09:45:10 boom3 amavis[5637]: (05637-17) p001 1 Content-Type: text/plain, size: 868 B, name: Jul 28 09:45:10 boom3 postfix/smtpd[6932]: connect from localhost[127.0.0.1] Jul 28 09:45:10 boom3 postfix/smtpd[6932]: B9A7225C001: client=localhost[127.0.0.1] Jul 28 09:45:10 boom3 postfix/cleanup[6921]: B9A7225C001: message-id= Jul 28 09:45:10 boom3 postfix/pipe[6971]: 934E325C004: to=, orig_to=, relay=cyrus, delay=0.23, delays=0.06/0/0/0.16, dsn=5.6.0, status=bounced (data format error. Command output: recipient: Message contains invalid header ) Jul 28 09:45:10 boom3 postfix/cleanup[6984]: CADF625C005: message-id=<20090728154510.CADF625C005 at myserver> Jul 28 09:45:10 boom3 postfix/smtpd[6932]: disconnect from localhost[127.0.0.1] Jul 28 09:45:10 bomm3 amavis[5637]: (05637-17) FWD via SMTP: -> ,BODY=7BIT 250 2.6.0 Ok, id=05637-17, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as B9A7225C001 Jul 28 09:45:10 bomm3 amavis[5637]: (05637-17) Passed CLEAN, [10.10.10.10] -> , mail_id: wKNkVzaar0-x, Hits: -0.699, size: 1833, queued_as: B9A7225C001, 182 ms Jul 28 09:45:10 bomm3 postfix/smtp[6989]: 567CD25C003: to=, relay=127.0.0.1[127.0.0.1]:10024, delay=1.5, delays=0.02/0.01/1.3/0.18, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as B9A7225C001) Jul 28 09:45:10 bomm3 amavis[5637]: (05637-17) TIMING [total 187 ms] - SMTP greeting: 2 (1%)1, SMTP EHLO: 0 (0%)1, SMTP pre-MAIL: 0 (0%)1, SMTP pre-DATA-flush: 2 (1%)2, SMTP DATA: 36 (19%)22, check_init: 1 (0%)22, digest_hdr: 0 (0%)22, digest_body: 0 (0%)22, gen_mail_id: 1 (0%)23, mime_decode: 8 (4%)27, get-file-type1: 11 (6%)33, parts_decode: 0 (0%)33, check_header: 2 (1%)34, spam-wb-list: 3 (2%)36, update_cache: 1 (1%)36, decide_mail_destiny: 1 (1%)37, fwd-connect: 6 (3%)40, fwd-mail-pip: 1 (1%)41, fwd-rcpt-pip: 1 (0%)41, fwd-data-chkpnt: 0 (0%)42, write-header: 2 (1%)43, fwd-data-contents: 0 (0%)43, fwd-end-chkpnt: 94 (50%)93, prepare-dsn: 1 (0%)94, main_log_entry: 9 (5%)98, update_snmp: 2 (1%)99, SMTP pre-response: 0 (0%)99, SMTP response: 0 (0%)100, unlink-1-files: 0 (0%)100, rundown: 0 (0%)100 Jul 28 09:45:10 bomm3 postfix/bounce[6974]: 934E325C004: sender non-delivery notification: CADF625C005 Jul 28 09:45:10 bomm3 postfix/qmgr[3548]: CADF625C005: from=<>, size=4225, nrcpt=1 (queue active) Jul 28 09:45:10 bomm3 postfix/qmgr[3548]: 567CD25C003: removed Jul 28 09:45:10 bomm3 postfix/qmgr[3548]: 934E325C004: removed Jul 28 09:45:10 bomm3 postfix/qmgr[3548]: B9A7225C001: from=, size=2271, nrcpt=1 (queue active) Jul 28 09:45:11 bomm3 postfix/pipe[6971]: B9A7225C001: to=, orig_to=, relay=cyrus, delay=0.24, delays=0.12/0/0/0.12, dsn=5.6.0, status=bounced (data format error. Command output: recipiet: Message contains invalid header ) Jul 28 09:45:11 bomm3 postfix/cleanup[6921]: 00D2D25C003: message-id=<20090728154511.00D2D25C003 at myserver> Jul 28 09:45:11 bomm3 postfix/bounce[6974]: B9A7225C001: sender non-delivery notification: 00D2D25C003 Jul 28 09:45:11 bomm3 postfix/qmgr[3548]: 00D2D25C003: from=<>, size=4222, nrcpt=1 (queue active) Jul 28 09:45:11 bomm3 postfix/qmgr[3548]: B9A7225C001: removed Jul 28 09:45:11 bomm3 postfix/smtpd[6932]: connect from localhost[127.0.0.1] Jul 28 09:45:11 bomm3 postfix/smtpd[6932]: E99FA25C001: client=localhost[127.0.0.1] Jul 28 09:45:11 bomm3 postfix/cleanup[6984]: E99FA25C001: message-id= Jul 28 09:45:12 bomm3 postfix/smtpd[6932]: disconnect from localhost[127.0.0.1] Jul 28 09:45:12 bomm3 postfix/qmgr[3548]: E99FA25C001: from=, size=2276, nrcpt=1 (queue active) Jul 28 09:45:12 bomm3 amavis[6937]: (06937-01) FWD via SMTP: -> ,BODY=7BIT 250 2.6.0 Ok, id=06937-01, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as E99FA25C001 Jul 28 09:45:12 bomm3 amavis[6937]: (06937-01) Passed CLEAN, [10.10.10.10] -> , mail_id: Wb-KS8AghfQh, Hits: -0.884, size: 1838, queued_as: E99FA25C001, 3710 ms Jul 28 09:45:12 bomm3 postfix/smtp[6936]: 370E125C002: to=, relay=127.0.0.1[127.0.0.1]:10024, delay=3.8, delays=0.07/0.02/0.01/3.7, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as E99FA25C001) Jul 28 09:45:12 bomm3 postfix/qmgr[3548]: 370E125C002: removed Jul 28 09:45:12 bomm3 amavis[6937]: (06937-01) TIMING [total 3716 ms] - SMTP greeting: 5 (0%)0, SMTP EHLO: 1 (0%)0, SMTP pre-MAIL: 0 (0%)0, mkdir tempdir: 0 (0%)0, create email.txt: 0 (0%)0, SMTP pre-DATA-flush: 3 (0%)0, SMTP DATA: 41 (1%)1, check_init: 1 (0%)1, digest_hdr: 1 (0%)1, digest_body: 0 (0%)1, gen_mail_id: 1 (0%)1, mkdir parts: 1 (0%)1, mime_decode: 12 (0%)2, get-file-type1: 12 (0%)2, parts_decode: 0 (0%)2, check_header: 2 (0%)2, AV-scan-1: 5 (0%)2, AV-scan-2: 1470 (40%)42, spam-wb-list: 2 (0%)42, SA msg read: 1 (0%)42, SA parse: 3 (0%)42, SA check: 2071 (56%)98, update_cache: 7 (0%)98, decide_mail_destiny: 1 (0%)98, fwd-connect: 7 (0%)98, fwd-mail-pip: 2 (0%)98, fwd-rcpt-pip: 0 (0%)98, fwd-data-chkpnt: 0 (0%)98, write-header: 1 (0%)98, fwd-data-contents: 0 (0%)98, fwd-end-chkpnt: 50 (1%)100, prepare-dsn: 1 (0%)100, main_log_entry: 11 (0%)100, update_snmp: 2 (0%)100, SMTP pre-response: 0 (0%)100, SMTP response: 0 (0%)100, unlink-1-files: 0 (0%)100, rundown: 0 (0%)100 Jul 28 09:45:12 bomm3 postfix/pipe[6971]: E99FA25C001: to=, orig_to=, relay=cyrus, delay=0.12, delays=0.05/0/0/0.06, dsn=5.6.0, status=bounced (data format error. Command output: user: Message contains invalid header ) Jul 28 09:45:12 bomm3 postfix/cleanup[6921]: 1205A25C002: message-id=<20090728154512.1205A25C002 at myserver> Jul 28 09:45:12 bomm3 postfix/qmgr[3548]: 1205A25C002: from=<>, size=4227, nrcpt=1 (queue active) Jul 28 09:45:12 bomm3 postfix/bounce[6974]: E99FA25C001: sender non-delivery notification: 1205A25C002 Jul 28 09:45:12 bomm3 postfix/qmgr[3548]: E99FA25C001: removed Jul 28 09:45:13 bomm3 postfix/smtp[6922]: CADF625C005: to=, relay=mail.sender[11.11.11.11]:25, delay=2.2, delays=0.03/0.02/0.98/1.2, dsn=2.0.0, status=sent (250 OK DE/42-05623-E222F6A4) Jul 28 09:45:13 bomm3 postfix/smtp[6989]: 00D2D25C003: to=, relay=mail.sender[11.11.11.11]:25, delay=2, delays=0.04/0/0.8/1.2, dsn=2.0.0, status=sent (250 OK CE/42-05623-E222F6A4) Jul 28 09:45:13 bomm3 postfix/qmgr[3548]: CADF625C005: removed Jul 28 09:45:13 bomm3 postfix/qmgr[3548]: 00D2D25C003: removed Jul 28 09:45:13 bomm3 postfix/smtp[6936]: 1205A25C002: to=, relay=mail.sender[11.11.11.11]:25, delay=1.6, delays=0.04/0/0.94/0.65, dsn=2.0.0, status=sent (250 OK C1/52-05623-F222F6A4) Jul 28 09:45:13 bomm3 postfix/qmgr[3548]: 1205A25C002: removed Jul 28 09:45:13 bomm3 postfix/smtp[6936]: 1205A25C002: to=, relay=mail.sender[11.11.11.11]:25, delay=1.6, delays=0.04/0/0.94/0.65, dsn=2.0.0, status=sent (250 OK C1/52-05623-F222F6A4) Jul 28 09:45:13 bomm3 postfix/qmgr[3548]: 1205A25C002: removed Jul 28 09:46:05 bomm3 postfix/smtpd[6976]: connect from unknown[192.27.1.15] Jul 28 09:46:05 bomm3 postfix/smtpd[6976]: C137325C001: client=unknown[192.27.1.15] Jul 28 09:46:05 bomm3 postfix/smtpd[6976]: disconnect from unknown[192.27.1.15] --------------------------------------------------------------------------------- Jul 28 09:45:08 boom3 amavis[5637]: (05637-16) Checking: XPr4Jvf1nybP -> Jul 28 09:45:08 boom3 amavis[6937]: (06937-01) Checking: Wb-KS8AghfQh -> Jul 28 09:45:10 boom3 amavis[5637]: (05637-16) FWD via SMTP: -> ,BODY=7BIT 250 2.6.0 Ok, id=05637-16, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 934E325C004 Jul 28 09:45:10 boom3 amavis[5637]: (05637-16) Passed CLEAN, [10.10.10.10] -> , mail_id: XPr4Jvf1nybP, Hits: -0.699, size: 1836, queued_as: 934E325C004, 2375 ms Jul 28 09:45:10 boom3 postfix/smtp[6922]: 3337125C001: to=, relay=127.0.0.1[127.0.0.1]:10024, delay=2.5, delays=0.09/0/0/2.4, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 934E325C004) Jul 28 09:45:10 boom3 amavis[5637]: (05637-17) ESMTP::10024 /var/spool/amavis/tmp/amavis-20090728T092128-05637: -> SIZE=1833 Received: from myserver. ([127.0.0.1]) by localhost (myserver. [127.0.0.1]) (amavisd-new, port 10024) with ESMTP for ; Tue, 28 Jul 2009 09:45:10 -0600 (CST) Jul 28 09:45:10 boom3 amavis[5637]: (05637-17) Checking: wKNkVzaar0-x -> Jul 28 09:45:10 boom3 postfix/pipe[6971]: 934E325C004: to=, orig_to=, relay=cyrus, delay=0.23, delays=0.06/0/0/0.16, dsn=5.6.0, status=bounced (data format error. Command output: usermyserver: Message contains invalid header ) Jul 28 09:45:10 boom3 amavis[5637]: (05637-17) FWD via SMTP: -> ,BODY=7BIT 250 2.6.0 Ok, id=05637-17, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as B9A7225C001 Jul 28 09:45:10 boom3 amavis[5637]: (05637-17) Passed CLEAN, [10.10.10.10] -> , mail_id: wKNkVzaar0-x, Hits: -0.699, size: 1833, queued_as: B9A7225C001, 182 ms Jul 28 09:45:10 boom3 postfix/smtp[6989]: 567CD25C003: to=, relay=127.0.0.1[127.0.0.1]:10024, delay=1.5, delays=0.02/0.01/1.3/0.18, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as B9A7225C001) Jul 28 09:45:11 boom3 postfix/pipe[6971]: B9A7225C001: to=, orig_to=, relay=cyrus, delay=0.24, delays=0.12/0/0/0.12, dsn=5.6.0, status=bounced (data format error. Command output: usermyserver: Message contains invalid header ) Jul 28 09:45:12 boom3 amavis[6937]: (06937-01) FWD via SMTP: -> ,BODY=7BIT 250 2.6.0 Ok, id=06937-01, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as E99FA25C001 Jul 28 09:45:12 boom3 amavis[6937]: (06937-01) Passed CLEAN, [10.10.10.10] -> , mail_id: Wb-KS8AghfQh, Hits: -0.884, size: 1838, queued_as: E99FA25C001, 3710 ms Jul 28 09:45:12 boom3 postfix/smtp[6936]: 370E125C002: to=, relay=127.0.0.1[127.0.0.1]:10024, delay=3.8, delays=0.07/0.02/0.01/3.7, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as E99FA25C001) Jul 28 09:45:12 boom3 postfix/pipe[6971]: E99FA25C001: to=, orig_to=, relay=cyrus, delay=0.12, delays=0.05/0/0/0.06, dsn=5.6.0, status=bounced (data format error. Command output: usermyserver: Message contains invalid header ) ------------------------------------------------------------------------------------- # postconf -n alias_maps = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases best_mx_transport = local biff = no command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/lib/postfix debug_peer_level = 2 defer_transports = disable_dns_lookups = no disable_mime_output_conversion = no html_directory = /usr/share/doc/packages/postfix/html inet_interfaces = all inet_protocols = all mail_owner = postfix mailbox_command = mailbox_size_limit = 0 mailbox_transport = cyrus mailq_path = /usr/bin/mailq manpage_directory = /usr/share/man masquerade_classes = envelope_sender, header_sender, header_recipient masquerade_domains = masquerade_exceptions = root message_size_limit = 10485760 mydestination = mysql:/etc/postfix/mysql-mydestination.cf myhostname = myserver mynetworks = 10.10.10.10/10, 11.11.11.11/11, 12.12.12.12./, 127.0.0.0/8 mynetworks_style = subnet newaliases_path = /usr/bin/newaliases queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/packages/postfix/README_FILES receive_override_options = no_address_mappings relayhost = relocated_maps = hash:/etc/postfix/relocated sample_directory = /usr/share/doc/packages/postfix/samples sender_canonical_maps = mysql:/etc/postfix/mysql-canonical.cf sendmail_path = /usr/sbin/sendmail setgid_group = maildrop smtp_sasl_auth_enable = no smtp_use_tls = no smtpd_client_restrictions = permit_mynetworks, reject_rbl_client bl.spamcop.net, reject_rbl_client sbl.spamhaus.org smtpd_helo_required = yes smtpd_helo_restrictions = permit_mynetworks smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination smtpd_sasl_auth_enable = no smtpd_sender_restrictions = hash:/etc/postfix/access smtpd_use_tls = no strict_8bitmime = no strict_rfc821_envelopes = yes transport_maps = hash:/etc/postfix/transport unknown_local_recipient_reject_code = 550 virtual_alias_maps = mysql:/etc/postfix/mysql-virtual.cf -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20090728/cdf2cf94/attachment-0001.html From blake at ispn.net Wed Jul 29 01:13:52 2009 From: blake at ispn.net (Blake Hudson) Date: Wed, 29 Jul 2009 00:13:52 -0500 Subject: 'PLAIN encryption needed to use mechanism' error Message-ID: <4A6FDA90.20802@ispn.net> I recently setup a new server and everything tested well. However, once in production I am seeing errors like the following: pop3PRTC[20896]: badlogin: [204.x.x.x] PLAIN encryption needed to use mechanism I wasn't aware that POP utilized other mechanisms? I can login just fine with telnet and tbird, and cannot replicate this error myself. Any ideas? --Blake From blake at ispn.net Wed Jul 29 01:44:16 2009 From: blake at ispn.net (Blake Hudson) Date: Wed, 29 Jul 2009 00:44:16 -0500 Subject: 'PLAIN encryption needed to use mechanism' error In-Reply-To: <4A6FDA90.20802@ispn.net> References: <4A6FDA90.20802@ispn.net> Message-ID: <4A6FE1B0.4050603@ispn.net> -------- Original Message -------- Subject: 'PLAIN encryption needed to use mechanism' error From: Blake Hudson To: info-cyrus at lists.andrew.cmu.edu Date: Wednesday, July 29, 2009 12:13:52 AM > I recently setup a new server and everything tested well. However, once > in production I am seeing errors like the following: > > pop3PRTC[20896]: badlogin: [204.x.x.x] PLAIN encryption needed to use > mechanism > > > I wasn't aware that POP utilized other mechanisms? I can login just fine > with telnet and tbird, and cannot replicate this error myself. Any ideas? > > --Blake > Looks like the POP side is not advertising LOGIN/PLAIN auth types while the imap side is. Is this the intended behavior? In my imapd.conf i have the following mech list defined: sasl_mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5 ---------------------- POP3---------------------- +OK twinP Cyrus POP3 v2.3.7-Invoca-RPM-2.3.7-2.el5 server ready <173180331313918 17429.1248845988 at twinP> auth +OK List of supported mechanisms follows DIGEST-MD5 CRAM-MD5 . -------------------------------------------- ----------------------IMAP---------------------- * OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID STARTTLS AUTH=DIGEST-MD5 AUTH=LOGIN AUTH=PLAIN AUTH=CRAM-MD5 SASL-IR] twinP Cyrus IMAP4 v2.3.7-Invoca-RPM-2.3.7-2.el5 server ready -------------------------------------------- I suppose this is likely a bad client that is not refreshing its mech list after the server switch, but I'd still like to know how to resolve the issue server side (if possible). -Blake From damm at yazzy.org Wed Jul 29 02:30:46 2009 From: damm at yazzy.org (Scott M. Likens) Date: Tue, 28 Jul 2009 23:30:46 -0700 Subject: 'PLAIN encryption needed to use mechanism' error In-Reply-To: <4A6FE1B0.4050603@ispn.net> References: <4A6FDA90.20802@ispn.net> <4A6FE1B0.4050603@ispn.net> Message-ID: <2EA7B957-6BEC-4BC2-A387-CCB0A3699A47@yazzy.org> Hi Blake, Actually pop3 by default should be using plain, like damm at desolation> telnet localhost pop3 ~ Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. +OK desolation Cyrus POP3 v2.3.14 server ready <8505169291665378509.1248848742 at desolation> user root +OK Name is a valid mailbox pass toor +OK Mailbox locked and ready However, if you man imapd.conf you will notice there is such an option as, allowplaintext: 0 You may need to change that to 1, in order for plaintext ala pop3 to work. Scott On Jul 28, 2009, at 10:44 PM, Blake Hudson wrote: > -------- Original Message -------- > Subject: 'PLAIN encryption needed to use mechanism' error > From: Blake Hudson > To: info-cyrus at lists.andrew.cmu.edu > Date: Wednesday, July 29, 2009 12:13:52 AM >> I recently setup a new server and everything tested well. However, >> once >> in production I am seeing errors like the following: >> >> pop3PRTC[20896]: badlogin: [204.x.x.x] PLAIN encryption needed to use >> mechanism >> >> >> I wasn't aware that POP utilized other mechanisms? I can login just >> fine >> with telnet and tbird, and cannot replicate this error myself. Any >> ideas? >> >> --Blake >> > > Looks like the POP side is not advertising LOGIN/PLAIN auth types > while > the imap side is. Is this the intended behavior? > > In my imapd.conf i have the following mech list defined: > sasl_mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5 > > ---------------------- POP3---------------------- > +OK twinP Cyrus POP3 v2.3.7-Invoca-RPM-2.3.7-2.el5 server ready > <173180331313918 > 17429.1248845988 at twinP> > auth > +OK List of supported mechanisms follows > DIGEST-MD5 > CRAM-MD5 > .. > -------------------------------------------- > ----------------------IMAP---------------------- > > * OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID STARTTLS AUTH=DIGEST-MD5 > AUTH=LOGIN > AUTH=PLAIN AUTH=CRAM-MD5 SASL-IR] twinP Cyrus IMAP4 > v2.3.7-Invoca-RPM-2.3.7-2.el5 server ready > > -------------------------------------------- > > I suppose this is likely a bad client that is not refreshing its mech > list after the server switch, but I'd still like to know how to > resolve > the issue server side (if possible). > > -Blake > ---- > Cyrus Home Page: http://cyrusimap.web.cmu.edu/ > Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html > > > !DSPAM:4a6fe485262521931426455! > > From blake at ispn.net Wed Jul 29 02:39:07 2009 From: blake at ispn.net (Blake Hudson) Date: Wed, 29 Jul 2009 01:39:07 -0500 Subject: 'PLAIN encryption needed to use mechanism' error In-Reply-To: <2EA7B957-6BEC-4BC2-A387-CCB0A3699A47@yazzy.org> References: <4A6FDA90.20802@ispn.net> <4A6FE1B0.4050603@ispn.net> <2EA7B957-6BEC-4BC2-A387-CCB0A3699A47@yazzy.org> Message-ID: <4A6FEE8B.2000805@ispn.net> Thanks for the reply Scott. I can auth as you described using the User/Pass method (allowplaintext: is already set to 1 and I've also tried sasl_minimum_layer: 0 at the same time). My concern is that over port 110 the server is only advertising CRAM-MD5 and DIGEST-MD5. POP3s appears to be advertising PLAIN. Why isn't PLAIN advertised over both? --Blake -------- Original Message -------- Subject: Re: 'PLAIN encryption needed to use mechanism' error From: Scott M. Likens To: Blake Hudson Cc: info-cyrus at lists.andrew.cmu.edu Date: Wednesday, July 29, 2009 1:30:46 AM > Hi Blake, > > Actually pop3 by default should be using plain, like > > damm at desolation> telnet localhost > pop3 > ~ > Trying 127.0.0.1... > Connected to localhost. > Escape character is '^]'. > +OK desolation Cyrus POP3 v2.3.14 server ready > <8505169291665378509.1248848742 at desolation> > user root > +OK Name is a valid mailbox > pass toor > +OK Mailbox locked and ready > > However, if you man imapd.conf you will notice there is such an option > as, > > allowplaintext: 0 > > You may need to change that to 1, in order for plaintext ala pop3 to > work. > > Scott > > On Jul 28, 2009, at 10:44 PM, Blake Hudson wrote: > >> -------- Original Message -------- >> Subject: 'PLAIN encryption needed to use mechanism' error >> From: Blake Hudson >> To: info-cyrus at lists.andrew.cmu.edu >> Date: Wednesday, July 29, 2009 12:13:52 AM >>> I recently setup a new server and everything tested well. However, once >>> in production I am seeing errors like the following: >>> >>> pop3PRTC[20896]: badlogin: [204.x.x.x] PLAIN encryption needed to use >>> mechanism >>> >>> >>> I wasn't aware that POP utilized other mechanisms? I can login just >>> fine >>> with telnet and tbird, and cannot replicate this error myself. Any >>> ideas? >>> >>> --Blake >>> >> >> Looks like the POP side is not advertising LOGIN/PLAIN auth types while >> the imap side is. Is this the intended behavior? >> >> In my imapd.conf i have the following mech list defined: >> sasl_mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5 >> >> ---------------------- POP3---------------------- >> +OK twinP Cyrus POP3 v2.3.7-Invoca-RPM-2.3.7-2.el5 server ready >> <173180331313918 >> 17429.1248845988 at twinP> >> auth >> +OK List of supported mechanisms follows >> DIGEST-MD5 >> CRAM-MD5 >> .. >> -------------------------------------------- >> ----------------------IMAP---------------------- >> >> * OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID STARTTLS AUTH=DIGEST-MD5 >> AUTH=LOGIN >> AUTH=PLAIN AUTH=CRAM-MD5 SASL-IR] twinP Cyrus IMAP4 >> v2.3.7-Invoca-RPM-2.3.7-2.el5 server ready >> >> -------------------------------------------- >> >> I suppose this is likely a bad client that is not refreshing its mech >> list after the server switch, but I'd still like to know how to resolve >> the issue server side (if possible). >> >> -Blake >> ---- >> Cyrus Home Page: http://cyrusimap.web.cmu.edu/ >> Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki >> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html >> >> >> !DSPAM:4a6fe485262521931426455! >> >> > From dwhite at olp.net Wed Jul 29 03:49:51 2009 From: dwhite at olp.net (Dan White) Date: Wed, 29 Jul 2009 02:49:51 -0500 Subject: 'PLAIN encryption needed to use mechanism' error In-Reply-To: <4A6FEE8B.2000805@ispn.net> References: <4A6FDA90.20802@ispn.net> <4A6FE1B0.4050603@ispn.net> <2EA7B957-6BEC-4BC2-A387-CCB0A3699A47@yazzy.org> <4A6FEE8B.2000805@ispn.net> Message-ID: <4A6FFF1F.2080307@olp.net> Blake, What sasl lines do you have in /etc/imapd.conf. Do you have any proxies installed? "pop3PRTC" in your syslog looks suspicious...: Usually, pop3 and imap will offer the same mechanisms based on this config item: sasl_mech_list: x x x if this line is commented out, then sasl should attempt to initialize all available mechs. Be on the lookout for customization like this (which overrides the sasl_mech_list config item): pop3_mech_list: x x x imap_mech_list: x x x - Dan Blake Hudson wrote: > Thanks for the reply Scott. I can auth as you described using the > User/Pass method (allowplaintext: is already set to 1 and I've also > tried sasl_minimum_layer: 0 at the same time). > > My concern is that over port 110 the server is only advertising CRAM-MD5 > and DIGEST-MD5. POP3s appears to be advertising PLAIN. Why isn't PLAIN > advertised over both? > > --Blake > > -------- Original Message -------- > Subject: Re: 'PLAIN encryption needed to use mechanism' error > From: Scott M. Likens > To: Blake Hudson > Cc: info-cyrus at lists.andrew.cmu.edu > Date: Wednesday, July 29, 2009 1:30:46 AM > >> Hi Blake, >> >> Actually pop3 by default should be using plain, like >> >> damm at desolation> telnet localhost >> pop3 >> ~ >> Trying 127.0.0.1... >> Connected to localhost. >> Escape character is '^]'. >> +OK desolation Cyrus POP3 v2.3.14 server ready >> <8505169291665378509.1248848742 at desolation> >> user root >> +OK Name is a valid mailbox >> pass toor >> +OK Mailbox locked and ready >> >> However, if you man imapd.conf you will notice there is such an option >> as, >> >> allowplaintext: 0 >> >> You may need to change that to 1, in order for plaintext ala pop3 to >> work. >> >> Scott >> >> On Jul 28, 2009, at 10:44 PM, Blake Hudson wrote: >> >> >>> -------- Original Message -------- >>> Subject: 'PLAIN encryption needed to use mechanism' error >>> From: Blake Hudson >>> To: info-cyrus at lists.andrew.cmu.edu >>> Date: Wednesday, July 29, 2009 12:13:52 AM >>> >>>> I recently setup a new server and everything tested well. However, once >>>> in production I am seeing errors like the following: >>>> >>>> pop3PRTC[20896]: badlogin: [204.x.x.x] PLAIN encryption needed to use >>>> mechanism >>>> >>>> >>>> I wasn't aware that POP utilized other mechanisms? I can login just >>>> fine >>>> with telnet and tbird, and cannot replicate this error myself. Any >>>> ideas? >>>> >>>> --Blake >>>> >>>> >>> Looks like the POP side is not advertising LOGIN/PLAIN auth types while >>> the imap side is. Is this the intended behavior? >>> >>> In my imapd.conf i have the following mech list defined: >>> sasl_mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5 >>> >>> ---------------------- POP3---------------------- >>> +OK twinP Cyrus POP3 v2.3.7-Invoca-RPM-2.3.7-2.el5 server ready >>> <173180331313918 >>> 17429.1248845988 at twinP> >>> auth >>> +OK List of supported mechanisms follows >>> DIGEST-MD5 >>> CRAM-MD5 >>> .. >>> -------------------------------------------- >>> ----------------------IMAP---------------------- >>> >>> * OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID STARTTLS AUTH=DIGEST-MD5 >>> AUTH=LOGIN >>> AUTH=PLAIN AUTH=CRAM-MD5 SASL-IR] twinP Cyrus IMAP4 >>> v2.3.7-Invoca-RPM-2.3.7-2.el5 server ready >>> >>> -------------------------------------------- >>> >>> I suppose this is likely a bad client that is not refreshing its mech >>> list after the server switch, but I'd still like to know how to resolve >>> the issue server side (if possible). >>> >>> -Blake >>> ---- >>> Cyrus Home Page: http://cyrusimap.web.cmu.edu/ >>> Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki >>> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html >>> >>> >>> !DSPAM:4a6fe485262521931426455! >>> >>> >>> -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20090729/78afd61a/attachment.html From blake at ispn.net Wed Jul 29 03:58:32 2009 From: blake at ispn.net (Blake Hudson) Date: Wed, 29 Jul 2009 02:58:32 -0500 Subject: 'PLAIN encryption needed to use mechanism' error In-Reply-To: <4A6FFF1F.2080307@olp.net> References: <4A6FDA90.20802@ispn.net> <4A6FE1B0.4050603@ispn.net> <2EA7B957-6BEC-4BC2-A387-CCB0A3699A47@yazzy.org> <4A6FEE8B.2000805@ispn.net> <4A6FFF1F.2080307@olp.net> Message-ID: <4A700128.2030104@ispn.net> -------- Original Message -------- Subject: Re: 'PLAIN encryption needed to use mechanism' error From: Dan White To: Blake Hudson Cc: info-cyrus at lists.andrew.cmu.edu Date: Wednesday, July 29, 2009 2:49:51 AM > Blake, > > What sasl lines do you have in /etc/imapd.conf. Do you have any > proxies installed? my mech list was posted... see below I also have "sasl_pwcheck_method: auxprop", everything else sasl has to do with my sql config. no proxies are present. > > "pop3PRTC" in your syslog looks suspicious...: that's just the name I gave it... > > Usually, pop3 and imap will offer the same mechanisms based on this > config item: > > sasl_mech_list: x x x as posted initially I have the following mech list line in imapd.conf: sasl_mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5 imap advertises the full list as specified (see original message) > > if this line is commented out, then sasl should attempt to initialize > all available mechs. > > Be on the lookout for customization like this (which overrides the > sasl_mech_list config item): > > pop3_mech_list: x x x > imap_mech_list: x x x > good idea, though I don't have these specified. I see your cyrus server is outputting the full mech list via 110... wonder why mine isn't? ------------YOURS----- +OK <1114961040.1248853981 at neo> neo Cyrus POP3 Murder v2.3.12-Debian-2.3.12-1-5 server ready auth +OK List of supported mechanisms follows CRAM-MD5 PLAIN GSSAPI OTP DIGEST-MD5 LOGIN . ------------MINE----- +OK twinP Cyrus POP3 v2.3.7-Invoca-RPM-2.3.7-2.el5 server ready <163906105530322 97444.1248854211 at twinP> auth +OK List of supported mechanisms follows DIGEST-MD5 CRAM-MD5 . > - Dan > > Blake Hudson wrote: >> Thanks for the reply Scott. I can auth as you described using the >> User/Pass method (allowplaintext: is already set to 1 and I've also >> tried sasl_minimum_layer: 0 at the same time). >> >> My concern is that over port 110 the server is only advertising CRAM-MD5 >> and DIGEST-MD5. POP3s appears to be advertising PLAIN. Why isn't PLAIN >> advertised over both? >> >> --Blake >> >> -------- Original Message -------- >> Subject: Re: 'PLAIN encryption needed to use mechanism' error >> From: Scott M. Likens >> To: Blake Hudson >> Cc: info-cyrus at lists.andrew.cmu.edu >> Date: Wednesday, July 29, 2009 1:30:46 AM >> >>> Hi Blake, >>> >>> Actually pop3 by default should be using plain, like >>> >>> damm at desolation> telnet localhost >>> pop3 >>> ~ >>> Trying 127.0.0.1... >>> Connected to localhost. >>> Escape character is '^]'. >>> +OK desolation Cyrus POP3 v2.3.14 server ready >>> <8505169291665378509.1248848742 at desolation> >>> user root >>> +OK Name is a valid mailbox >>> pass toor >>> +OK Mailbox locked and ready >>> >>> However, if you man imapd.conf you will notice there is such an option >>> as, >>> >>> allowplaintext: 0 >>> >>> You may need to change that to 1, in order for plaintext ala pop3 to >>> work. >>> >>> Scott >>> >>> On Jul 28, 2009, at 10:44 PM, Blake Hudson wrote: >>> >>> >>>> -------- Original Message -------- >>>> Subject: 'PLAIN encryption needed to use mechanism' error >>>> From: Blake Hudson >>>> To: info-cyrus at lists.andrew.cmu.edu >>>> Date: Wednesday, July 29, 2009 12:13:52 AM >>>> >>>>> I recently setup a new server and everything tested well. However, once >>>>> in production I am seeing errors like the following: >>>>> >>>>> pop3PRTC[20896]: badlogin: [204.x.x.x] PLAIN encryption needed to use >>>>> mechanism >>>>> >>>>> >>>>> I wasn't aware that POP utilized other mechanisms? I can login just >>>>> fine >>>>> with telnet and tbird, and cannot replicate this error myself. Any >>>>> ideas? >>>>> >>>>> --Blake >>>>> >>>>> >>>> Looks like the POP side is not advertising LOGIN/PLAIN auth types while >>>> the imap side is. Is this the intended behavior? >>>> >>>> In my imapd.conf i have the following mech list defined: >>>> sasl_mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5 >>>> >>>> ---------------------- POP3---------------------- >>>> +OK twinP Cyrus POP3 v2.3.7-Invoca-RPM-2.3.7-2.el5 server ready >>>> <173180331313918 >>>> 17429.1248845988 at twinP> >>>> auth >>>> +OK List of supported mechanisms follows >>>> DIGEST-MD5 >>>> CRAM-MD5 >>>> .. >>>> -------------------------------------------- >>>> ----------------------IMAP---------------------- >>>> >>>> * OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID STARTTLS AUTH=DIGEST-MD5 >>>> AUTH=LOGIN >>>> AUTH=PLAIN AUTH=CRAM-MD5 SASL-IR] twinP Cyrus IMAP4 >>>> v2.3.7-Invoca-RPM-2.3.7-2.el5 server ready >>>> >>>> -------------------------------------------- >>>> >>>> I suppose this is likely a bad client that is not refreshing its mech >>>> list after the server switch, but I'd still like to know how to resolve >>>> the issue server side (if possible). >>>> >>>> -Blake >>>> ---- >>>> Cyrus Home Page: http://cyrusimap.web.cmu.edu/ >>>> Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki >>>> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html >>>> >>>> >>>> !DSPAM:4a6fe485262521931426455! >>>> >>>> >>>> > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20090729/c87c87ae/attachment-0001.html From dwhite at olp.net Wed Jul 29 04:20:08 2009 From: dwhite at olp.net (Dan White) Date: Wed, 29 Jul 2009 03:20:08 -0500 Subject: 'PLAIN encryption needed to use mechanism' error In-Reply-To: <4A700128.2030104@ispn.net> References: <4A6FDA90.20802@ispn.net> <4A6FE1B0.4050603@ispn.net> <2EA7B957-6BEC-4BC2-A387-CCB0A3699A47@yazzy.org> <4A6FEE8B.2000805@ispn.net> <4A6FFF1F.2080307@olp.net> <4A700128.2030104@ispn.net> Message-ID: <4A700638.8050801@olp.net> Blake Hudson wrote: > -------- Original Message -------- > Subject: Re: 'PLAIN encryption needed to use mechanism' error > From: Dan White > To: Blake Hudson > Cc: info-cyrus at lists.andrew.cmu.edu > > Date: Wednesday, July 29, 2009 2:49:51 AM > > > I see your cyrus server is outputting the full mech list via 110... > wonder why mine isn't? > > ------------YOURS----- > +OK <1114961040.1248853981 at neo> neo Cyrus POP3 Murder > v2.3.12-Debian-2.3.12-1-5 > server ready > auth > +OK List of supported mechanisms follows > CRAM-MD5 > PLAIN > GSSAPI > OTP > DIGEST-MD5 > LOGIN All of these are explicitly set in my sasl_mech_list. GSSAPI and OTP require SASL library configuration. The others, including PLAIN/LOGIN should not. > . > ------------MINE----- > +OK twinP Cyrus POP3 v2.3.7-Invoca-RPM-2.3.7-2.el5 server ready > <163906105530322 > 97444.1248854211 at twinP> > auth > +OK List of supported mechanisms follows > DIGEST-MD5 > CRAM-MD5 > . Do you have either of the following specified? sasl_minimum_layer: X sasl_maximum_layer: X Have you specified a '-p xxx' within cyrus.conf for imap but not pop3? Are you using TLS/SSL when connecting via IMAP but not POP3? Sounds like your telnetting, so that's probably not the case. Setting "sasl_log_level: 7" in imapd.conf might provide more information in your syslog. >>>> >>>>> Looks like the POP side is not advertising LOGIN/PLAIN auth types while >>>>> the imap side is. Is this the intended behavior? >>>>> >>>>> In my imapd.conf i have the following mech list defined: >>>>> sasl_mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5 >>>>> >>>>> ---------------------- POP3---------------------- >>>>> +OK twinP Cyrus POP3 v2.3.7-Invoca-RPM-2.3.7-2.el5 server ready >>>>> <173180331313918 >>>>> 17429.1248845988 at twinP> >>>>> auth >>>>> +OK List of supported mechanisms follows >>>>> DIGEST-MD5 >>>>> CRAM-MD5 >>>>> .. >>>>> -------------------------------------------- >>>>> ----------------------IMAP---------------------- >>>>> >>>>> * OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID STARTTLS AUTH=DIGEST-MD5 >>>>> AUTH=LOGIN >>>>> AUTH=PLAIN AUTH=CRAM-MD5 SASL-IR] twinP Cyrus IMAP4 >>>>> v2.3.7-Invoca-RPM-2.3.7-2.el5 server ready >>>>> >>>>> -------------------------------------------- >>>>> >>>>> I suppose this is likely a bad client that is not refreshing its mech >>>>> list after the server switch, but I'd still like to know how to resolve >>>>> the issue server side (if possible). >>>>> >>>>> -Blake From blake at ispn.net Wed Jul 29 04:30:40 2009 From: blake at ispn.net (Blake Hudson) Date: Wed, 29 Jul 2009 03:30:40 -0500 Subject: 'PLAIN encryption needed to use mechanism' error In-Reply-To: <4A700638.8050801@olp.net> References: <4A6FDA90.20802@ispn.net> <4A6FE1B0.4050603@ispn.net> <2EA7B957-6BEC-4BC2-A387-CCB0A3699A47@yazzy.org> <4A6FEE8B.2000805@ispn.net> <4A6FFF1F.2080307@olp.net> <4A700128.2030104@ispn.net> <4A700638.8050801@olp.net> Message-ID: <4A7008B0.6070300@ispn.net> -------- Original Message -------- Subject: Re: 'PLAIN encryption needed to use mechanism' error From: Dan White To: Blake Hudson Cc: info-cyrus at lists.andrew.cmu.edu Date: Wednesday, July 29, 2009 3:20:08 AM > Blake Hudson wrote: >> -------- Original Message -------- >> Subject: Re: 'PLAIN encryption needed to use mechanism' error >> From: Dan White >> To: Blake Hudson >> Cc: info-cyrus at lists.andrew.cmu.edu >> >> Date: Wednesday, July 29, 2009 2:49:51 AM >> > >> >> I see your cyrus server is outputting the full mech list via 110... >> wonder why mine isn't? >> >> ------------YOURS----- >> +OK <1114961040.1248853981 at neo> neo Cyrus POP3 Murder >> v2.3.12-Debian-2.3.12-1-5 >> server ready >> auth >> +OK List of supported mechanisms follows >> CRAM-MD5 >> PLAIN >> GSSAPI >> OTP >> DIGEST-MD5 >> LOGIN > > All of these are explicitly set in my sasl_mech_list. > > GSSAPI and OTP require SASL library configuration. The others, > including PLAIN/LOGIN should not. >> . >> ------------MINE----- >> +OK twinP Cyrus POP3 v2.3.7-Invoca-RPM-2.3.7-2.el5 server ready >> <163906105530322 >> 97444.1248854211 at twinP> >> auth >> +OK List of supported mechanisms follows >> DIGEST-MD5 >> CRAM-MD5 >> . > > Do you have either of the following specified? > sasl_minimum_layer: X > sasl_maximum_layer: X I tried specifying the minimum to 0, but it did not make a difference. > > Have you specified a '-p xxx' within cyrus.conf for imap but not pop3? no -p option anywhere. > > Are you using TLS/SSL when connecting via IMAP but not POP3? Sounds > like your telnetting, so that's probably not the case. just telnet. Here's the output of pop3test util: ------------ NO SSL ------------ root at twinp src]# pop3test -m PLAIN -a xxx mail.xxx.com S: +OK twinP Cyrus POP3 v2.3.7-Invoca-RPM-2.3.7-2.el5 server ready <12408582082392233762.1248855924 at twinP> C: CAPA S: +OK List of capabilities follows S: SASL DIGEST-MD5 CRAM-MD5 S: STLS S: EXPIRE NEVER S: LOGIN-DELAY 0 S: TOP S: UIDL S: PIPELINING S: RESP-CODES S: AUTH-RESP-CODE S: USER S: IMPLEMENTATION Cyrus POP3 server v2.3.7-Invoca-RPM-2.3.7-2.el5 S: . Please enter your password: C: AUTH PLAIN xxxuc3Rlc3QAdGVzdDEyMw== S: -ERR [AUTH] authenticating: encryption needed to use mechanism Authentication failed. generic failure Security strength factor: 0 quit +OK Connection closed. ------------ SSL ------------ [root at twinp src]# pop3test -s -m PLAIN -a xxxmail.xxx.com verify error:num=18:self signed certificate TLS connection established: TLSv1 with cipher AES256-SHA (256/256 bits) S: +OK twinP Cyrus POP3 v2.3.7-Invoca-RPM-2.3.7-2.el5 server ready <832124781731685216.1248855943 at twinP> C: CAPA S: +OK List of capabilities follows S: SASL DIGEST-MD5 LOGIN PLAIN CRAM-MD5 S: EXPIRE NEVER S: LOGIN-DELAY 0 S: TOP S: UIDL S: PIPELINING S: RESP-CODES S: AUTH-RESP-CODE S: USER S: IMPLEMENTATION Cyrus POP3 server v2.3.7-Invoca-RPM-2.3.7-2.el5 S: . Please enter your password: C: AUTH PLAIN xxxuc3Rlc3QAdGVzdDEyMw== S: +OK Mailbox locked and ready Authenticated. Security strength factor: 256 quit +OK Connection closed. ------------------------- It sure seems like pop is picking up on different sasl security settings (such as the sasl_minimum_layer or the noplaintextwithouttls option). However, IMAP seems to obey these just fine as configured with the same config file. > > Setting "sasl_log_level: 7" in imapd.conf might provide more > information in your syslog. I'll try that, but it will have to wait till later. I'm also thinking of trying a newer version, though nothing about this is listed in the changelog. > >>>>> >>>>>> Looks like the POP side is not advertising LOGIN/PLAIN auth types >>>>>> while >>>>>> the imap side is. Is this the intended behavior? >>>>>> >>>>>> In my imapd.conf i have the following mech list defined: >>>>>> sasl_mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5 >>>>>> >>>>>> ---------------------- POP3---------------------- >>>>>> +OK twinP Cyrus POP3 v2.3.7-Invoca-RPM-2.3.7-2.el5 server ready >>>>>> <173180331313918 >>>>>> 17429.1248845988 at twinP> >>>>>> auth >>>>>> +OK List of supported mechanisms follows >>>>>> DIGEST-MD5 >>>>>> CRAM-MD5 >>>>>> .. >>>>>> -------------------------------------------- >>>>>> ----------------------IMAP---------------------- >>>>>> >>>>>> * OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID STARTTLS >>>>>> AUTH=DIGEST-MD5 >>>>>> AUTH=LOGIN >>>>>> AUTH=PLAIN AUTH=CRAM-MD5 SASL-IR] twinP Cyrus IMAP4 >>>>>> v2.3.7-Invoca-RPM-2.3.7-2.el5 server ready >>>>>> >>>>>> -------------------------------------------- >>>>>> >>>>>> I suppose this is likely a bad client that is not refreshing its >>>>>> mech >>>>>> list after the server switch, but I'd still like to know how to >>>>>> resolve >>>>>> the issue server side (if possible). >>>>>> >>>>>> -Blake From dwhite at olp.net Wed Jul 29 04:40:27 2009 From: dwhite at olp.net (Dan White) Date: Wed, 29 Jul 2009 03:40:27 -0500 Subject: 'PLAIN encryption needed to use mechanism' error In-Reply-To: <4A7008B0.6070300@ispn.net> References: <4A6FDA90.20802@ispn.net> <4A6FE1B0.4050603@ispn.net> <2EA7B957-6BEC-4BC2-A387-CCB0A3699A47@yazzy.org> <4A6FEE8B.2000805@ispn.net> <4A6FFF1F.2080307@olp.net> <4A700128.2030104@ispn.net> <4A700638.8050801@olp.net> <4A7008B0.6070300@ispn.net> Message-ID: <4A700AFB.2090407@olp.net> Blake Hudson wrote: > -------- Original Message -------- > Subject: Re: 'PLAIN encryption needed to use mechanism' error > From: Dan White > To: Blake Hudson > Cc: info-cyrus at lists.andrew.cmu.edu > Date: Wednesday, July 29, 2009 3:20:08 AM > > ------------ NO SSL ------------ > root at twinp src]# pop3test -m PLAIN -a xxx mail.xxx.com > S: +OK twinP Cyrus POP3 v2.3.7-Invoca-RPM-2.3.7-2.el5 server ready > <12408582082392233762.1248855924 at twinP> > C: CAPA > S: +OK List of capabilities follows > S: SASL DIGEST-MD5 CRAM-MD5 > S: STLS > S: EXPIRE NEVER > S: LOGIN-DELAY 0 > S: TOP > S: UIDL > S: PIPELINING > S: RESP-CODES > S: AUTH-RESP-CODE > S: USER > S: IMPLEMENTATION Cyrus POP3 server v2.3.7-Invoca-RPM-2.3.7-2.el5 > S: . > Please enter your password: > C: AUTH PLAIN xxxuc3Rlc3QAdGVzdDEyMw== > S: -ERR [AUTH] authenticating: encryption needed to use mechanism > Authentication failed. generic failure > Security strength factor: 0 > quit > +OK > Connection closed. > ------------ SSL ------------ > [root at twinp src]# pop3test -s -m PLAIN -a xxxmail.xxx.com > verify error:num=18:self signed certificate > TLS connection established: TLSv1 with cipher AES256-SHA (256/256 bits) > S: +OK twinP Cyrus POP3 v2.3.7-Invoca-RPM-2.3.7-2.el5 server ready > <832124781731685216.1248855943 at twinP> > C: CAPA > S: +OK List of capabilities follows > S: SASL DIGEST-MD5 LOGIN PLAIN CRAM-MD5 > S: EXPIRE NEVER > S: LOGIN-DELAY 0 > S: TOP > S: UIDL > S: PIPELINING > S: RESP-CODES > S: AUTH-RESP-CODE > S: USER > S: IMPLEMENTATION Cyrus POP3 server v2.3.7-Invoca-RPM-2.3.7-2.el5 > S: . > Please enter your password: > C: AUTH PLAIN xxxuc3Rlc3QAdGVzdDEyMw== > S: +OK Mailbox locked and ready > Authenticated. > Security strength factor: 256 > quit > +OK > Connection closed. > ------------------------- > > > It sure seems like pop is picking up on different sasl security settings > (such as the sasl_minimum_layer or the noplaintextwithouttls option). > However, IMAP seems to obey these just fine as configured with the same > config file. > > Agreed. A possible work around until you figure out the issue would be to add '-p 256' within cyrus.conf, for your pop3 entry (see man pop3d). That would emulate a sasl security layer of 256 bits, and would be treated as if you had connected via SSL when you hadn't. - Dan From blake at ispn.net Wed Jul 29 04:49:19 2009 From: blake at ispn.net (Blake Hudson) Date: Wed, 29 Jul 2009 03:49:19 -0500 Subject: 'PLAIN encryption needed to use mechanism' error In-Reply-To: <4A700AFB.2090407@olp.net> References: <4A6FDA90.20802@ispn.net> <4A6FE1B0.4050603@ispn.net> <2EA7B957-6BEC-4BC2-A387-CCB0A3699A47@yazzy.org> <4A6FEE8B.2000805@ispn.net> <4A6FFF1F.2080307@olp.net> <4A700128.2030104@ispn.net> <4A700638.8050801@olp.net> <4A7008B0.6070300@ispn.net> <4A700AFB.2090407@olp.net> Message-ID: <4A700D0F.2050704@ispn.net> > > Agreed. A possible work around until you figure out the issue would be > to add '-p 256' within cyrus.conf, for your pop3 entry (see man pop3d). > > That would emulate a sasl security layer of 256 bits, and would be > treated as if you had connected via SSL when you hadn't. > > - Dan That does indeed resolve the issue, so do you think this is a Cyrus SASL problem or a Cyrus IMAP (POP) problem? Also, do you have the same -p option specified? I'm wondering if others are experiencing the same problem - all of our servers are on the same version of cyrus 2.3.7 (from RHEL) or older and seem to exhibit the same behavior. --Blake From dwhite at olp.net Wed Jul 29 05:01:19 2009 From: dwhite at olp.net (Dan White) Date: Wed, 29 Jul 2009 04:01:19 -0500 Subject: 'PLAIN encryption needed to use mechanism' error In-Reply-To: <4A700D0F.2050704@ispn.net> References: <4A6FDA90.20802@ispn.net> <4A6FE1B0.4050603@ispn.net> <2EA7B957-6BEC-4BC2-A387-CCB0A3699A47@yazzy.org> <4A6FEE8B.2000805@ispn.net> <4A6FFF1F.2080307@olp.net> <4A700128.2030104@ispn.net> <4A700638.8050801@olp.net> <4A7008B0.6070300@ispn.net> <4A700AFB.2090407@olp.net> <4A700D0F.2050704@ispn.net> Message-ID: <4A700FDF.5080505@olp.net> Blake Hudson wrote: >> Agreed. A possible work around until you figure out the issue would be >> to add '-p 256' within cyrus.conf, for your pop3 entry (see man pop3d). >> >> That would emulate a sasl security layer of 256 bits, and would be >> treated as if you had connected via SSL when you hadn't. >> >> - Dan >> > > That does indeed resolve the issue, so do you think this is a Cyrus SASL > problem or a Cyrus IMAP (POP) problem? > > Also, do you have the same -p option specified? I'm wondering if others > are experiencing the same problem - all of our servers are on the same > version of cyrus 2.3.7 (from RHEL) or older and seem to exhibit the same > behavior. > > --Blake > I do not have it specified on my primary cyrus store. My relevant configuration: neo:~# grep 'sasl\|plaintext' /etc/imapd.conf | grep -v '^#' allowplaintext: yes sasl_mech_list: LOGIN PLAIN CRAM-MD5 DIGEST-MD5 GSSAPI OTP EXTERNAL sasl_pwcheck_method: auxprop saslauthd sasl_keytab: /etc/krb5.keytab-mailstore sasl_auxprop_plugin: ldapdb sasl_ldapdb_uri: ldap://hiro.olp.net ldap://ando.olp.net sasl_ldapdb_mech: GSSAPI sasl_ldapdb_canon_attr: uid pop3_sasl_canon_user_plugin: ldapdb sasl_log_level: 7 sasl_auto_transition: no neo:~# cat /etc/cyrus.conf | grep -v '#' | grep 'pop\|imap' imap cmd="imapd -U 30 -D" listen="imap" prefork=0 maxchild=200 imapunix cmd="imapd -U 30" listen="/var/run/cyrus/socket/imap" prefork=0 maxchild=100 imaps cmd="imapd -s -U 30" listen="imaps" prefork=0 maxchild=200 pop3 cmd="pop3d -U 30" listen="pop3" prefork=0 maxchild=200 pop3unix cmd="pop3d -U 30" listen="/var/run/cyrus/socket/pop3" prefork=0 maxchild=100 pop3s cmd="pop3d -s -U 30" listen="pop3s" prefork=0 maxchild=100 I'm running version 2.3.12. However, on an older server, I *do* have the -p option specified for my imap sessions, probably because I ran into a similar situation as you, but I was too lazy dig in to the real issue. That server is running 2.3.10, and has this configuration (i don't use pop3 on this server): gandalf:~# grep 'sasl\|plaintext' /etc/imapd.conf | grep -v '^#' allowplaintext: yes sasl_mech_list: PLAIN GSSAPI sasl_pwcheck_method: saslauthd sasl_keytab: /etc/krb5.keytab-mailstore sasl_auto_transition: no gandalf:~# cat /etc/cyrus.conf | grep -v '#' | grep 'pop\|imap' imap cmd="imapd -U 30 -p 256 -D" listen="imap" prefork=0 maxchild=100 provide_uuid=2 imapunix cmd="imapd -U 30 -p 256 -D" listen="/var/run/cyrus/socket/imap" prefork=0 maxchild=100 provide_uuid=2 imaps cmd="imapd -s -U 30" listen="imaps" prefork=0 maxchild=100 provide_uuid=2 pop3 cmd="pop3d -U 30" listen="pop3" prefork=0 maxchild=50 provide_uuid=2 pop3s cmd="pop3d -s -U 30" listen="pop3s" prefork=0 maxchild=50 provide_uuid=2 - Dan From blake at ispn.net Wed Jul 29 05:09:02 2009 From: blake at ispn.net (Blake Hudson) Date: Wed, 29 Jul 2009 04:09:02 -0500 Subject: 'PLAIN encryption needed to use mechanism' error In-Reply-To: <4A700FDF.5080505@olp.net> References: <4A6FDA90.20802@ispn.net> <4A6FE1B0.4050603@ispn.net> <2EA7B957-6BEC-4BC2-A387-CCB0A3699A47@yazzy.org> <4A6FEE8B.2000805@ispn.net> <4A6FFF1F.2080307@olp.net> <4A700128.2030104@ispn.net> <4A700638.8050801@olp.net> <4A7008B0.6070300@ispn.net> <4A700AFB.2090407@olp.net> <4A700D0F.2050704@ispn.net> <4A700FDF.5080505@olp.net> Message-ID: <4A7011AE.1070303@ispn.net> -------- Original Message -------- Subject: Re: 'PLAIN encryption needed to use mechanism' error From: Dan White To: Blake Hudson Cc: info-cyrus at lists.andrew.cmu.edu Date: Wednesday, July 29, 2009 4:01:19 AM > > However, on an older server, I *do* have the -p option specified for > my imap sessions, probably because I ran into a similar situation as > you, but I was too lazy dig in to the real issue. That server is > running 2.3.10, and has this configuration (i don't use pop3 on this > server): Seems like it might be worth trying out a newer version. This is mainly academic, as was mentioned earlier users can still issue the traditional user/pass commands to long - and any pop3 client should support this method. The problems I'm seeing are likely with a few bad clients (thunderbird) that get the mechlist once and never forget it (until restarted) - even after making server settings changes. Thanks for the help, I'll let you know if the new version resolves the problem once I get a chance to try it out. -Blake From brennan at columbia.edu Wed Jul 29 08:56:55 2009 From: brennan at columbia.edu (Joseph Brennan) Date: Wed, 29 Jul 2009 08:56:55 -0400 Subject: Invalid Header problems In-Reply-To: References: Message-ID: <1CDC503391DAB27B507CFD71@sodor.cc.columbia.edu> Google is your friend. Notice that a Message-ID header exists but has no string after the label: Jul 28 09:45:10 boom3 postfix/cleanup[6921]: B9A7225C001: message-id= See http://archives.neohapsis.com/archives/postfix/2005-02/1410.html Joseph Brennan Lead Email Systems Engineer Columbia University Information Technology From Gary at primeexalia.com Thu Jul 30 21:43:30 2009 From: Gary at primeexalia.com (Gary Smith) Date: Thu, 30 Jul 2009 18:43:30 -0700 Subject: lmtp delivery rewriting issue. Message-ID: <5017258D295FBE41917880488689F7B80FABD910A4@VCSSBS.visionarycs.local> Stuff is AFU after server migration. Email can be delivered to accounts that existing on domain1.com prior to the migration. I created a new domain, domain2, and issued the standard cm user/gary at domain2.com. I verified that the domain exist in both the mydestinations and virtual_users sql database results. When an email comes to gary at domain2.com, the lmtp command errors our while trying to rewrite the email address to root at thelocalmachine. Below is the maillog lmtp command failure, where you can see that it's trying to pass the incorrect user/domain. There is nothing above these lines beyond the connection and the accepting email from. What I need to know is if this is a cyrus issue re-writing or postfix. When I try using domain1.tld, everything works fine. Again, I've verified that the domains come back with postmap -d for both mydestinations and virtual_users. They are the same for the two different domains. In the postfix list group, I failed to mention that I can access both accounts from telnet to pop3 just fine. Jul 30 19:56:05 hostname lmtpunix[9371]: accepted connection Jul 30 19:56:05 hostname lmtpunix[9371]: lmtp connection preauth'd as postman Jul 30 19:56:05 hostname lmtpunix[9371]: verify_user(hostname.local!user.root) failed: Mailbox does not exist Jul 30 19:56:05 hostname master[9398]: about to exec /usr/lib/cyrus-imapd/lmtpd Jul 30 19:56:05 hostname lmtpunix[9398]: executed postconf -n alias_maps = hash:/etc/aliases command_directory = /usr/sbin config_directory = /etc/postfix daemon_directory = /usr/libexec/postfix debug_peer_level = 2 html_directory = no mail_owner = postfix mailbox_command = /usr/bin/procmail mailbox_transport = lmtp:unix:/var/lib/imap/socket/lmtpunix mailq_path = /usr/bin/mailq manpage_directory = /usr/share/man mydestination = $myhostname, localhost.$mydomain, localhost, mysql:/etc/postfix/mysql/mydestinations.mysql newaliases_path = /usr/bin/newaliases queue_directory = /var/spool/postfix readme_directory = /usr/share/doc/postfix-2.4.6/README_FILES relayhost = 10.x.x.x:9383 sample_directory = /usr/share/doc/postfix-2.4.6/samples sendmail_path = /usr/sbin/sendmail setgid_group = postdrop smtp_tls_note_starttls_offer = yes smtp_use_tls = yes smtpd_tls_cert_file = /etc/ssl/certs/holdstead.crt smtpd_tls_key_file = /etc/ssl/private/holdstead.pem smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_session_cache_timeout = 3600s smtpd_use_tls = yes tls_random_source = dev:/dev/urandom unknown_local_recipient_reject_code = 550 virtual_alias_maps = mysql:/etc/postfix/mysql/virtual-users.mysql virtual_transport = lmtp:unix:/var/lib/imap/socket/lmtpunix /etc/imapd.conf unixhierarchysep: yes virtdomains: yes defaultdomain: localdomain configdirectory: /var/lib/imap partition-default: /var/spool/imap admins: cyrus root murder sievedir: /var/lib/imap/sieve sendmail: /usr/sbin/sendmail hashimapspool: true sasl_pwcheck_method: saslauthd sasl_mech_list: PLAIN allowplaintext: yes From schweizer.martin at gmail.com Fri Jul 31 12:17:58 2009 From: schweizer.martin at gmail.com (Martin Schweizer) Date: Fri, 31 Jul 2009 18:17:58 +0200 Subject: Cyrus Imapd with SASL, authenticate against AD Windows 2003 with Kerberos5 Message-ID: <380ccfd60907310917w7f0d16f4o9ee06de5c42c84b@mail.gmail.com> Hello My goal is to authenticate my Cyrus Imapd users against Windos 2003 Active Directory with Kerberos . I have the following setup: Kerberos5 client =========== FreeBSD acsvfbsd06.domain.tld 7.2-RELEASE FreeBSD 7.2-RELEASE /etc/krb.conf: [libdefaults] default_realm = domain.tld default_etypes_des = des-cbc-md5 [realms] ACUTRONIC.CH = { kdc = tcp/acsv3k04.domain.tld:88 } [logging] kdc = SYSLOG:INFO:AUTH admin_server = SYSLOG:INFO:AUTH default = SYSLOG:INFO:AUTH /etc/krb5.keytab (ktutil list output): For the keytab file I followed: http://technet.microsoft.com/en-us/library/bb742433.aspx FILE:/etc/krb5.keytab: Vno Type Principal 1 des-cbc-md5 host/acsvfbsd06.domain.tld at DOMAIN.TLD I get tickets if I use kinit user: acsvfbsd06# kinit user martin at DOMAIN.TLD's Password: kinit: NOTICE: ticket renewable lifetime is 1 week klist: Credentials cache: FILE:/tmp/krb5cc_0 Principal: user at DOMAIN.TLD Issued Expires Principal Jul 31 17:58:09 Aug 1 03:57:44 krbtgt/DOMAIN.TLD at DOMAIN.TLD I an use ldapsearch as follows: acsvfbsd06# ldapsearch -v -LLL -b "OU=Mitgliedsserver,OU=ACH,DC=Domain,DC=tld" -h acsv3k04.domain.tld description ldap_initialize( ldap://acsv3k04.domain.tld) SASL/GSSAPI authentication started SASL username: user at DOMAIN.TLD SASL SSF: 56 SASL data security layer installed. filter: (objectclass=*) requesting: description dn: OU=Mitgliedsserver,OU=ACH,DC=Domain,DC=tld ... [snip] So far all looks well. For the Cyrus Imapd setup I run saslauthd -a kerberos5. /usr/local/etc/imapd.conf: configdirectory: /usr/imap/var/imap partition-default: /usr/imap/var/spool/imap virtdomains: yes admins:root cyrus sasl_option: 1 sasl_pwcheck_method: saslauthd sasl_mech_list: GSSAPI PLAIN LOGIN CRAM-MD5 DIGEST-MD5 sasl_log_level: 7 lmtpsocket: /usr/imap/var/imap/socket/lmtp allowplaintext: yes Each time I start a test by - testsaslauthd -u user -p password or - imtest -m plain -a user localhost I get ervery time saslauthd[42062]: do_auth : auth failure: [user=user] [service=imap] [realm=] [mech=kerberos5] [reason=krb5_verify_user_opt failed] The krb5_verify_user_opt failed is comming from the Kerberos 5 Library (libkrb5, -lkrb5) -> krb5_verify_user_opt and is located in the auth_krb5.c (from SASL). I ckecked the kerberos/DNS communication on both sides with tshark and Netmon (Microsoft's "tcpdump") but the kerberos communications seems to be ok. Additionaly I started also a struss on saslauthd but also without any look. So I have now no more ideas where I can check. Any hints are welcome. Regards, -- Martin Schweizer schweizer.martin at gmail.com Tel.: +41 32 512 48 54 (VoIP) Fax: +1 619 3300587 From dbucherml at hsolutions.ch Fri Jul 31 15:51:54 2009 From: dbucherml at hsolutions.ch (Denis BUCHER) Date: Fri, 31 Jul 2009 21:51:54 +0200 Subject: Architectural mistake in cyrus ? In-Reply-To: <4A5F7FCD.9020409@olp.net> References: <4A1EF8B7.6000307@hsolutions.ch> <4A5F593E.1060705@hsolutions.ch> <4A5F5E90.8080009@hsolutions.ch> <4A5F7FCD.9020409@olp.net> Message-ID: <4A734B5A.3070201@hsolutions.ch> Hello, Dan White a ?crit : >>>> I already asked this question as an help request here some time ago, >>>> but >>>> noone was able to solve this "bug" in cyrus, and I think this issue >>>> should be addressed : >>>> >>>> 1] Problem : >>>> How to set quota for a user being in another domain than the "main" >>>> domain ?? >>>> >>>> 2] More precisely : >>>> How to access "other" (virtual) domains in cyradm : >>>> >>>> >>>>> su - cyrus >>>>> cyradm --user cyrus localhost >>>>> lm >>>>> >>>> Here I see all mailboxes from our main domain, for example : >>>> >>>> >>>>> user.dbucherml.ML (\HasChildren) >>>>> user.dbucherml.ML.Fournisseurs (\HasChildren) >>>>> user.dbucherml.ML.Fournisseurs.Acer (\HasNoChildren) >>>>> user.dbucherml.ML.Fournisseurs.Microsoft (\HasChildren) >>>>> user.dbucherml.ML.Fournisseurs.Microsoft.MSPRP (\HasNoChildren) >>>>> >>>> But as you can see I don't have any "@hsolutions.ch" or >>>> "@anything.else" >>>> >>>> 3] Global admin : >>>> Some people said my cyrus user is maybe not a global admin, but noone >>>> was able to help me make it global. >>>> I mean, some people and some web page gave me some techniques to >>>> make it >>>> global, but none worked. >>>> >>> What are your current settings in imapd.conf for: >>> >>> servername: >>> admins: >>> defaultdomain: >>> sasl_pwcheck_method: >>> virtdomains: >>> >> >> servername: . (replaced with real values) >> admins: cyrus cyrus@ >> sasl_pwcheck_method: saslauthd >> sasl_mech_list: PLAIN >> virtdomains: on >> hashimapspool: true >> >> => I don't have any defaultdomain: but I already tried with main domain, >> or with alternative domain, it never solved the problem... >> >> => authentification is based on LDAP >> > See: > http://cyrusimap.web.cmu.edu/imapd/install-virtdomains.html > In particular, the 'Administration' section. Ok I did everything you suggested but there are some PROBLEMS ! To follow what both of you suggested and to follow the instructions, I only need to add this line : defaultdomain: But when I do it, many problems appear : 1. First problem I cannot login anymore to cyradm ! => In the LDAP logs I see that even if I log with "cyrus@", in fact cyrus REMOVES the default domain from the login ! 2. I solved this by creating a second cyrus admin in LDAP, instead of "cyrus@" this one is simply "cyrus". This made possible to access cyradm again, AND surprise : lm !user.dbucherml.* It works ! :-) 3. BUT THE BIGGEST PROBLEM is : Now the system is completely screw up, no user can login, no mail can come in anymore (IMAP/webmail) 4. The explanation of the problem is simple, but I don't see the solution : In LDAP logs it is clear that cyrus removes the main/default domain when "defaultdomain: " is present in the config. This is not possible, we need the domain ! 5. WOAW !!! I think I was able to do what I want but it's 100% kludgy ! How to do it : a) Define a FAKE domain as default domain ! I used "aaa.ch" b) Create your mail admin as "cyrus" (without domain !) c) Login into cyradm with cyrus at aaa.ch (NOT with cyrus !) And it works... Not really elegant but it seems to be the only solution (???) What do you think ? Denis From dbucherml at hsolutions.ch Fri Jul 31 16:03:12 2009 From: dbucherml at hsolutions.ch (Denis BUCHER) Date: Fri, 31 Jul 2009 22:03:12 +0200 Subject: Architectural mistake in cyrus ? In-Reply-To: <4A5F7FCD.9020409@olp.net> References: <4A1EF8B7.6000307@hsolutions.ch> <4A5F593E.1060705@hsolutions.ch> <4A5F5E90.8080009@hsolutions.ch> <4A5F7FCD.9020409@olp.net> Message-ID: <4A734E00.4060801@hsolutions.ch> Hello, Dan White a ?crit : >>>> I already asked this question as an help request here some time ago, >>>> but >>>> noone was able to solve this "bug" in cyrus, and I think this issue >>>> should be addressed : >>>> >>>> 1] Problem : >>>> How to set quota for a user being in another domain than the "main" >>>> domain ?? >>>> >>>> 2] More precisely : >>>> How to access "other" (virtual) domains in cyradm : >>>> >>>> >>>>> su - cyrus >>>>> cyradm --user cyrus localhost >>>>> lm >>>>> >>>> Here I see all mailboxes from our main domain, for example : >>>> >>>> >>>>> user.dbucherml.ML (\HasChildren) >>>>> user.dbucherml.ML.Fournisseurs (\HasChildren) >>>>> user.dbucherml.ML.Fournisseurs.Acer (\HasNoChildren) >>>>> user.dbucherml.ML.Fournisseurs.Microsoft (\HasChildren) >>>>> user.dbucherml.ML.Fournisseurs.Microsoft.MSPRP (\HasNoChildren) >>>>> >>>> But as you can see I don't have any "@hsolutions.ch" or >>>> "@anything.else" >>>> >>>> 3] Global admin : >>>> Some people said my cyrus user is maybe not a global admin, but noone >>>> was able to help me make it global. >>>> I mean, some people and some web page gave me some techniques to >>>> make it >>>> global, but none worked. >>>> >>> What are your current settings in imapd.conf for: >>> >>> servername: >>> admins: >>> defaultdomain: >>> sasl_pwcheck_method: >>> virtdomains: >>> >> >> servername: . (replaced with real values) >> admins: cyrus cyrus@ >> sasl_pwcheck_method: saslauthd >> sasl_mech_list: PLAIN >> virtdomains: on >> hashimapspool: true >> >> => I don't have any defaultdomain: but I already tried with main domain, >> or with alternative domain, it never solved the problem... >> >> => authentification is based on LDAP >> > See: > http://cyrusimap.web.cmu.edu/imapd/install-virtdomains.html > In particular, the 'Administration' section. Ok I did everything you suggested but there are some PROBLEMS ! To follow what both of you suggested and to follow the instructions, I only need to add this line : defaultdomain: But when I do it, many problems appear : 1. First problem I cannot login anymore to cyradm ! => In the LDAP logs I see that even if I log with "cyrus@", in fact cyrus REMOVES the default domain from the login ! 2. I solved this by creating a second cyrus admin in LDAP, instead of "cyrus@" this one is simply "cyrus". This made possible to access cyradm again, AND surprise : lm !user.dbucherml.* It works ! :-) 3. BUT THE BIGGEST PROBLEM is : Now the system is completely screw up, no user can login, no mail can come in anymore (IMAP/webmail) 4. The explanation of the problem is simple, but I don't see the solution : In LDAP logs it is clear that cyrus removes the main/default domain when "defaultdomain: " is present in the config. Without default domain : > slapd[1868]: conn=2 op=3962 SRCH base="ou=mailservices,dc=hsolutions,dc=ch" scope=2 deref=0 filter="(|(&(objectClass=CourierMailAccount)(mail=dbucherml@
)(accountStatus=active))(&(cn=mailadmin)(description=dbucherml@
)))" With default domain : (You see that cyrus has removed domain) > slapd[1868]: conn=1 op=4130 SRCH base="ou=mailservices,dc=hsolutions,dc=ch" scope=2 deref=0 filter="(|(&(objectClass=CourierMailAccount)(mail=dbucherml)(accountStatus=active))(&(cn=mailadmin)(description=dbucherml)))" This is not possible, we need the domain ! 5. WOAW !!! I think I was able to do what I want but it's 100% kludgy ! How to do it : a) Define a FAKE domain as default domain ! I used "aaa.ch" b) Create your mail admin as "cyrus" (without domain !) c) Login into cyradm with cyrus at aaa.ch (NOT with cyrus !) And it works... Not really elegant but it seems to be the only solution (???) What do you think ? Denis From dwhite at olp.net Fri Jul 31 16:19:24 2009 From: dwhite at olp.net (Dan White) Date: Fri, 31 Jul 2009 15:19:24 -0500 Subject: Architectural mistake in cyrus ? In-Reply-To: <4A734E00.4060801@hsolutions.ch> References: <4A1EF8B7.6000307@hsolutions.ch> <4A5F593E.1060705@hsolutions.ch> <4A5F5E90.8080009@hsolutions.ch> <4A5F7FCD.9020409@olp.net> <4A734E00.4060801@hsolutions.ch> Message-ID: <4A7351CC.2070900@olp.net> Denis BUCHER wrote: > > 5. WOAW !!! I think I was able to do what I want but it's 100% kludgy ! > > How to do it : > > a) Define a FAKE domain as default domain ! I used "aaa.ch" > b) Create your mail admin as "cyrus" (without domain !) > c) Login into cyradm with cyrus at aaa.ch (NOT with cyrus !) > > And it works... Not really elegant but it seems to be the only solution > (???) > > What do you think ? > > Denis > I think that functionality agrees with my understanding of the documentation. Please note that changing virtual domain settings may break existing mailboxes... For instance, creating a mailbox of 'user at default.domain' before setting a default domain, then setting 'defaultdomain: default.domain' in your imapd.conf will probably break access to that mailbox. You may want to consider rebuilding your mailstore if feasible, after finalizing your configuration. - Dan