No delivery for fully qualified userid

plcyrus plcyrus at soberridersiceland.com
Fri Dec 2 21:01:08 EST 2005 

Hi,
I have  set up exim4 and cyrus21 on a debian sarge system. I can recieve
mail for users created thus:

cm user/userid

but not thus:

cm user/userid at foo.com

As you can see I use the unix hierarchy convention, because otherwise
cyradm will not allow me to create mailboxes in the latter manner,
denying me (user cyrus, admin in imapd.conf) permission. Which I find a
bit strange.

I have exim accept and deliver mail for two domains, foo.com and
bar.com. This is fine, and if I create a user <user/testuser> in the
former manner, without a fully qualified userid, mail is delivered to
the mailbox, regardless of which domain name (foo.com or bar.com) the
mail is sent to. That is to say: If I send a mail to testuser at foo.com it
gets delivered to the user/testuser mailbox, and also if I send to
testuser at bar.com From this fact I deduct, that my Exim config is
working, and so is the general setup of cyrus.


So, having read this

http://asg.web.cmu.edu/cyrus/download/imapd/install-virtdomains.html

I create a user with a fully qualified userid to be able to use the same
userid for users in different domains:

cm  user/testuser at foo.com

and

cm user/testuser at bar.com

I then create a sasl password for the mailboxes, and am able to
authenticate from Thunderbird or Evolution  and access the mailboxes.
All seems well. Until I try to receive mail for the mailboxes. The mail
doesn't get through. The logs say.

2005-12-03 01:22:50 1EiM70-0005mO-NK ** testuser at foo.com
R=local_user_cyrus T=cyrus_delivery: LMTP error after RCPT
TO:<testuser at foo.com>: 550-Mailbox unknown.  Either there is no mailbox
associated with this\n550-name or you do not have authorization to see
it.\n550 5.1.1 User unknown


The testuser at foo.com is the mailbox name. The name is correct, and I log
into the account from Thunderbird under that name, yet cyrus will not
accept mail for it and rejects it upon RCPT. What can be the reason for
that? Is this a known problem? I append my imapd.conf.


Thanks.

Ps: I also  often experience that Thunderbird and Evolution hang when I
try to copy to sent/trash, as described in a recent mail from Alan
Batie. Sometimes this mysteriously fixes itself and suddenly starts to
work very well???



My imapd.conf





# Debian Cyrus imapd.conf
# See imapd.conf(5) for more information and more options
#Mordur baetti vid
virtdomains: userid
defaultdomain: foo.com

# Configuration directory
configdirectory: /var/lib/cyrus

# Which partition to use for default mailboxes
defaultpartition: default
partition-default: /var/spool/cyrus/mail

# News setup
partition-news: /var/spool/cyrus/news
newsspool: /var/spool/news
# Alternate namespace
# If enabled, activate the alternate namespace as documented in
# /usr/share/doc/cyrus21-doc/html/altnamespace.html, where an user's
# subfolders are in the same level as the INBOX
# See also userprefix and sharedprefix on imapd.conf(5)
altnamespace: no

# UNIX Hierarchy Convention
# Set to yes, and cyrus will accept dots in names, and use the forward
# slash "/" to delimit levels of the hierarchy. This is done by converting
# internally all dots to "^", and all "/" to dots. So the "rabbit.holes"
# mailbox of user "helmer.fudd" is stored in "user.elmer^fud.rabbit^holes"
unixhierarchysep: yes

# Munging illegal characters in headers
# Headers of RFC2882 messages must not have characters with the 8th bit
# set. However, too many badly-written MUAs generate this, including most
# spamware.  Disable this if you want Cyrus to leave the crappage untouched
# and you don't care that IMAP SEARCH won't work right anymore.
#munge8bit: no

# Forcing recipient user to lowercase
# Cyrus 2.1 is case-sensitive.  If all your mail users are in lowercase,
it is
# probably a very good idea to set lmtp_downcase_rcpt to true.  The
default is
# to assume the user knows what he is doing, and not downcase anything.
lmtp_downcase_rcpt: yes

# Uncomment the following and add the space-separated users who
# have admin rights for all services.
admins: cyrus postman

# Space-separated list of users that have lmtp "admin" status (i.e. that
# can deliver email through TCP/IP lmtp) in addition to those in the
# admins: entry above
lmtp_admins: postman

# Space-separated list of users that have mupdate "admin" status, in
# addition to those in the admins: entry above. Note that mupdate slaves
and
# backends in a Murder cluster need to autenticate against the mupdate
master
# as admin users.
#mupdate_admins: mupdateman

# Space-separated list of users that have imapd "admin" status, in
# addition to those in the admins: entry above
#imap_admins: cyrus

# Space-separated list of users that have sieve "admin" status, in
# addition to those in the admins: entry above
#sieve_admins: cyrus

# List of users and groups that are allowed to proxy for other users,
# seperated by spaces.  Any user listed in this will be allowed to login
# for any other user.  Like "admins:" above, you can have imap_proxyservers
# and sieve_proxyservers.
#proxyservers: cyrus

# No anonymous logins
allowanonymouslogin: no

# Minimum time between POP mail fetches in minutes
popminpoll: 1

# If nonzero, normal users may create their own IMAP accounts by creating
# the mailbox INBOX.  The user's quota is set to the value if it is
positive,
# otherwise the user has unlimited quota.
autocreatequota: 0

# umask used by Cyrus programs
umask: 077

# Sendmail binary location
# DUE TO A BUG, Cyrus sends CRLF EOLs to this program. This breaks Exim 3.
# For now, to work around the bug, set this to a wrapper that calls
# /usr/sbin/sendmail -dropcr instead if you use Exim 3.
#sendmail: /usr/sbin/sendmail

# If enabled, cyrdeliver will look for Sieve scripts in user's home
# directories: ~user/.sieve.
sieveusehomedir: false

# If sieveusehomedir is false, this directory is searched for Sieve scripts.
sievedir: /var/spool/sieve

# notifyd(8) method to use for "MAIL" notifications.  If not set, "MAIL"
# notifications are disabled.  Valid methods are: null, log, zephyr
#mailnotifier: zephyr

# notifyd(8) method to use for "SIEVE" notifications.  If not set, "SIEVE"
# notifications are disabled.  This method is only used when no method is
# specified in the script.  Valid methods are null, log, zephyr, mailto
#sievenotifier: zephyr

# DRAC (pop-before-smtp, imap-before-smtp) support
# Set dracinterval to the time in minutes to call DRAC while a user is
# connected to the imap/pop services. Set to 0 to disable DRAC (default)
# Set drachost to the host where the rpc drac service is running
#dracinterval: 0
#drachost: localhost

# If enabled, the partitions will also be hashed, in addition to the hashing
# done on configuration directories. This is recommended if one
partition has a
# very bushy mailbox tree.
hashimapspool: true

# Allow plaintext logins by default (SASL PLAIN)
allowplaintext: yes

# Force PLAIN/LOGIN authentication only
# (you need to uncomment this if you are not using an auxprop-based SASL
# mechanism.  saslauthd users, that means you!). And pay attention to
# sasl_minimum_layer and allowapop below, too.
sasl_mech_list: PLAIN

# Allow use of the POP3 APOP authentication command.
# Note that this command requires that the plaintext passwords are
# available in a SASL auxprop backend (eg. sasldb), and that the system
# can provide enough entropy (eg. from /dev/urandom) to create a challenge
# in the banner.
#allowapop: no

# The minimum SSF that the server will allow a client to negotiate. A
# value of 1 requires integrity protection; any higher value requires some
# amount of encryption.
sasl_minimum_layer: 0

# The maximum SSF that the server will allow a client to negotiate. A
# value of 1 requires integrity protection; any higher value requires some
# amount of encryption.
#sasl_maximum_layer: 256

# List of remote realms whose users may log in using cross-realm
# authentications.  Seperate each realm name by a space. A cross-realm
# identity is considered any identity returned by SASL with an "@" in it.
loginrealms: bar.com foo.com

#
# SASL library options (these are handled directly by the SASL libraries,
# refer to SASL documentation for an up-to-date list of these)
#

# The mechanism(s) used by the server to verify plaintext passwords.
Possible
# values are "saslauthd", "auxprop", "pwcheck" and "alwaystrue".  They
# are tried in order, you can specify more than one, separated by spaces.
#
# Do note that, since sasl will be run as user cyrus, you may have a lot of
# trouble to set this up right.
sasl_pwcheck_method: saslauthd

# What auxpropd plugins to load, if using sasl_pwcheck_method: auxprop
# by default, all plugins are tried (which is probably NOT what you want).
sasl_auxprop_plugin: sasldb

# If enabled, the SASL library will automatically create authentication
secrets
# when given a plaintext password. Refer to SASL documentation
sasl_auto_transition: no

#
# SSL/TLS Options
#

# File containing the global certificate used for ALL services (imap, pop3,
# lmtp, sieve)
#tls_cert_file: /etc/ssl/certs/cyrus-global.pem

# File containing the private key belonging to the global server
certificate.
#tls_key_file: /etc/ssl/private/cyrus-global.key

# File containing the certificate used for imap. If not specified, the
global
# certificate is used.  A value of "disabled" will disable SSL/TLS for imap.
#tls_imap_cert_file: /etc/ssl/certs/cyrus-imap.pem

# File containing the private key belonging to the imap-specific server
# certificate.  If not specified, the global private key is used.  A
value of
# "disabled" will disable SSL/TLS for imap.
#tls_imap_key_file: /etc/ssl/private/cyrus-imap.key

# File containing the certificate used for pop3. If not specified, the
global
# certificate is used.  A value of "disabled" will disable SSL/TLS for pop3.
#tls_pop3_cert_file: /etc/ssl/certs/cyrus-pop3.pem

# File containing the private key belonging to the pop3-specific server
# certificate.  If not specified, the global private key is used.  A
value of
# "disabled" will disable SSL/TLS for pop3.
#tls_pop3_key_file: /etc/ssl/private/cyrus-pop3.key

# File containing the certificate used for lmtp. If not specified, the
global
# certificate is used.  A value of "disabled" will disable SSL/TLS for lmtp.
#tls_lmtp_cert_file: /etc/ssl/certs/cyrus-lmtp.pem

# File containing the private key belonging to the lmtp-specific server
# certificate.  If not specified, the global private key is used.  A
value of
# "disabled" will disable SSL/TLS for lmtp.
#tls_lmtp_key_file: /etc/ssl/private/cyrus-lmtp.key

# File containing the certificate used for sieve. If not specified, the
global
# certificate is used.  A value of "disabled" will disable SSL/TLS for
sieve.
#tls_sieve_cert_file: /etc/ssl/certs/cyrus-sieve.pem

# File containing the private key belonging to the sieve-specific server
# certificate.  If not specified, the global private key is used.  A
value of
# "disabled" will disable SSL/TLS for sieve.
#tls_sieve_key_file: /etc/ssl/private/cyrus-sieve.key

# File containing one or more Certificate Authority (CA) certificates.
#tls_ca_file: /etc/ssl/certs/cyrus-imapd-ca.pem

# Path to directory with certificates of CAs.
tls_ca_path: /etc/ssl/certs

# The length of time (in minutes) that a TLS session will be cached for
later
# reuse.  The maximum value is 1440 (24 hours), the default.  A value of
0 will
# disable session caching.
tls_session_timeout: 1440

# The list of SSL/TLS ciphers to allow.  The format of the string is
described
# in ciphers(1). THIS DISABLES THE WEAK 'FOR EXPORT' CRAP!
tls_cipher_list: TLSv1:SSLv3:SSLv2:!NULL:!EXPORT:!DES:!LOW:@STRENGTH

# Require a client certificate for ALL services (imap, pop3, lmtp, sieve).
#tls_require_cert: false

# Require a client certificate for imap ONLY.
#tls_imap_require_cert: false

# Require a client certificate for pop3 ONLY.
#tls_pop3_require_cert: false

# Require a client certificate for lmtp ONLY.
#tls_lmtp_require_cert: false

# Require a client certificate for sieve ONLY.
#tls_sieve_require_cert: false

#
# Cyrus Murder cluster configuration
#
# Set the following options to the values needed for this server to
# autenticate against the mupdate master server:
# mupdate_server
# mupdate_port
# mupdate_username
# mupdate_authname
# mupdate_realm
# mupdate_password
# mupdate_retry_delay

##
## KEEP THESE IN SYNC WITH cyrus.conf
##
# Unix domain socket that lmtpd listens on.
lmtpsocket: /var/run/cyrus/socket/lmtp

# Unix domain socket that idled listens on.
idlesocket: /var/run/cyrus/socket/idle

# Unix domain socket that the new mail notification daemon listens on.
notifysocket: /var/run/cyrus/socket/notify

##
## DEBUGGING
##
# Debugging hook. See /usr/share/doc/cyrus21-common/README.Debian.debug
# Keep the hook disabled when it is not in use
#
# gdb Back-traces
#debug_command: /usr/bin/gdb -batch -cd=/tmp -x
/usr/lib/cyrus/get-backtrace.gdb /usr/lib/cyrus/bin/%s %d
>/tmp/gdb-backtrace.cyrus.%1$s.%2$d <&- 2>&1 &
#
# system-call traces
#debug_command: /usr/bin/strace -tt -o /tmp/strace.cyrus.%s.%d -p %2$d
<&- 2>&1 &
#
# library traces
debug_command: /usr/bin/ltrace -tt -n 2 -o /tmp/ltrace.cyrus.%s.%d -p
%2$d <&- 2>&1 &

More information about the Info-cyrus mailing list