Continued problems with virtual domains and cyradm

Paul-Erik Törrönen paul-erik.torronen at
Thu Mar 24 09:56:22 EST 2005


I tried to identify my problem in the archives but the closest was that
described by Mike Nuss in msgid 32056 (and http://acs-
Unfortunatelly the 'solution' is not implementable in my case.

In short:
FC3 with the latest patches
cyrus-impapd  version 2.2.10 release 3.fc3 by RH 
cyrus-sasl version 2.1.19 release 3 by RH
openldap Version 2.2.13 Release 2 by RH
postfix  Version 2.1.5 Release 5 by RH

The server is currently located in a firewalled network *not* affiliated
by the target domains ( nor is the real domain
while is the virtual domain.

Saslauthd is configured to authenticate against the LDAP-server

ldap_servers: ldap://localhost:389/
ldap_bind_dn: cn=Manager,dc=foo,dc=com
ldap_bind_pw: <passwd>
ldap_search_base: dc=foo,dc=com
ldap_filter: uid=%u

configdirectory: /var/lib/imap
partition-default: /var/spool/imap
admins: cyrus, cyrus at localhost.localdomain, poltsi at,
poltsi at
sievedir: /var/lib/imap/sieve
sendmail: /usr/sbin/sendmail
hashimapspool: true
sasl_pwcheck_method: saslauthd
sasl_mech_list: PLAIN
virtdomains: yes
tls_cert_file: /usr/share/ssl/certs/cyrus-imapd.pem
tls_key_file: /usr/share/ssl/certs/cyrus-imapd.pem
tls_ca_file: /usr/share/ssl/certs/ca-bundle.crt

The directories do have the correct permissions AFAIK, cyrus.mail all
the way both for '/var/lib/imap' as well '/var/spool/imap'. The latter
has two subdirs, 'domain' and 'stage.'

Now if I run cyradm I get the following:

#cyradm --user cyrus localhost
IMAP Password: 
localhost> lm
localhost> createmailbox user.poltsi at
createmailbox: Permission denied
localhost> createmailbox user.poltsi at
createmailbox: Invalid mailbox name

The same results if I log on as cyrus at localhost.localdomain. The
difference is that the realm in saslauthd (running in another window
with the -d parameter) is undefined in the first example, while it is
set to localhost.localdomain in the second example. If I use either
poltsi at or poltsi at as defined in the imapd.conf as admin I
get the following:

# cyradm --user poltsi at localhost
IMAP Password: 
localhost> lm
localhost> createmailbox user.kvide at
createmailbox: Permission denied

So no luck there, but to confuse things, the virtual seems to be work,
albeit in a very broken way:

cyradm --user poltsi at localhost
IMAP Password: 
localhost> lm
INBOX (\HasChildren)           INBOX.uptest (\HasNoChildren)  
INBOX.Trash (\HasNoChildren)   

So it looks like I'm in user.poltsi, however:

localhost> createmailbox user.kvide at
localhost> lm
INBOX (\HasChildren)           INBOX.uptest (\HasNoChildren)  
INBOX.Trash (\HasNoChildren)   user.kvide (\HasNoChildren) 

No the structure looks very bizarre. Checking through the email-client
however there is no user/kvide subdir, and
in /var/spool/imap/domain/b/ there is now two subdirs, 'k' and
'p' both with proper structure. The uptest-subdir was created by me
through the email client.

What am I missing here, why is the global admin (cyrus) unable to
list/create mailboxes and *why* does it work (in a weird way) for the
virtual domain?

I tried with the 'virtdomains: userid' but this seemed to be broken
likewise since I could not list mailboxes per domain with the command
'lm *', the command listed all the mailboxes.

I also tested the setup with the following two parameters in

ldap_filter: %U@%d

But then I was unable to log on with the email client.

This is very vexing since cyrus-imapd seems to work partially but not
consistently and I can't spot where the problem is in the configuration.

With regards,


Paul-Erik Törrönen, 
Cardinal Information Systems Ltd.
Pursimiehenkatu 29-31 C
00150 Helsinki, Finland
Mobile: +358 (0)40 703 1231
Phone: +358 (0)424 792 204
Fax: +358 (0)424 792 207

Cyrus Home Page:
Cyrus Wiki/FAQ:
List Archives/Info:

More information about the Info-cyrus mailing list