Cyrus IMAPd 2.3.7 Released
André Böhm
andre at abtime.de
Thu Jul 13 10:37:01 EDT 2006
Ken Murchison schrieb:
> Andre Böhm wrote:
>> Ken Murchison schrieb:
>>> André Böhm wrote:
>>>> Hello,
>>>>
>>>> after upgrading from 2.2.13 to 2.3.7, I have a very worrying problem
>>>> with lmtp.
>>>>
>>>> When procmail tries to deliver mail via the "deliver" command, with
>>>> the "-a" option I get "master[96435]: process 99783 exited, signaled
>>>> to death by 11".
>>>>
>>>> This is only on murder master and murder frontends. On the backend
>>>> seems not to be any problem.
>>>>
>>>> Without the "-a" argument, deliver does work, but I cannot use any
>>>> extensions anymore because ACL for anyone would be needed.
>>>>
>>>> What can I do to fix this? Or is there some changes in LMTP I were not
>>>> aware of?
>>> Just to clarify, you only have this problem on frontend (proxy) machines
>>> when using the -a option?
>>>
>>>
>>
>> Sorry, my information was incomplete and not quite correct. Now I think
>> I mixed up two different things, but they may be connected.
>>
>> On the frontend/proxy, the main problem is that delivery to the postuser
>> fails, with lmtpunix reporting: "verify_user() failed: Mailbox does not
>> exist"
>
> By 'postuser' do you mean the value of the 'postuser' option in
> imapd.conf? Are you trying to deliver to a shared mailbox?
>
>
>> The problem with "signalled to death" happened 4 times as in syslog, but
>> I cannot repeat it.
>>
>> On the murder master, the same problem exists with the postuser.
>> Additionally, attempts to use the -a parameter with deliver always
>> result in this:
>> lmtpunix[28915]: accepted connection
>> lmtpunix[28915]: lmtp connection preauth'd as postman
>> mupdate[5989]: cmd_find(fd:13, user.andre)
>> master[5981]: process 28915 exited, signaled to death by 11
>> master[5981]: service lmtpunix pid 28915 in BUSY state: terminated
>> abnormally
>
> Is the murder master also a frontend machine (I assume it has to be if
> lmtpproxyd is listening)?
Yes.
>
> I can't reproduce this problem the problem here, but maybe I don't quite
> understand your config.
>
>
O.k., I just try to list all of it, you have to pick the interesting
parts...
I have several servers, all running FreeBSD. All mailservers live in a
FreeBSD jail and consist of cyrus-imapd and postfix plus some procmail
"magic".
Two of these servers are cyrus imapd murder frontends (proxies) that
also have a postfix configured as mx server for several domains.
Out of these two servers one is actually the murder master.
When email comes in, postfix does not deliver directly to lmtp, instead
every email is given to procmail, and after some clamav, spamd, and
homebrewn conversion scripts (8bit header and so on).
Now the important part is when the email finally gets through all this
procmail processing, it will be piped to cyrus/bin/deliver.
This is now (2.3.7) working nearly as it has been working before
(2.2.x), with practically same configuration as before, but with only
two exceptions.
The first exception when email is destined for the "postuser", defined
in imapd.conf. In my case the postuser is called "shared".
On all imapd.confs in the murder environment the "postuser"
configuration option is the same, and it worked for really a long time
with 2.2.
This is the "critical" part at the end of my procmail recipe:
DELIVERMAIL=/usr/local/cyrus/bin/deliver
:0 w
* EXTENSION ?? [^ ]
| $DELIVERMAIL -a "$ABMAILDELIVERTO" -r "$SENDER" -m "$EXTENSION"
"$ABMAILDELIVERTO"
:0 w
| $DELIVERMAIL -a "$ABMAILDELIVERTO" -r "$SENDER" "$ABMAILDELIVERTO"
:0 w
| $DELIVERMAIL -a "andre" -r "$SENDER" -m "unzustellbar" -q "andre"
The variable ABMAILDELIVERTO is set to the user by the script before,
i.e. "andre" (for myself) or "shared" for the postuser.
Note, that normally procmail would stop processing after a successful
delivery, so that the last line will only be reached if all delivery
attempts before were unsuccessful.
The extension "unzustellbar" is german for "undeliverable" and is one of
my own mail folder, that I watch for problems (like remote backends
being unreachable).
Now, on the frontend/proxy, when emails arrive that would normally (like
for the last 2 years) be delivered to a shared folder called
"Postmaster/Bad-address", the procmail recipe does the following:
/usr/local/cyrus/bin/deliver -a "shared" -r "postmaster at abmail.de" -m
"Postmaster/Bad-address" "shared"
with the result:
lmtpunix[30300]: verify_user(Postmaster.Bad-address) failed: Mailbox
does not exist
After that, because of failure, procmail continues in the script to the
next lines to deliver without the extension:
/usr/local/cyrus/bin/deliver -a "shared" -r "postmaster at abmail.de" "shared"
with the result:
lmtpunix[30356]: verify_user() failed: Mailbox does not exist
Which, o.k., is correct. My script should not try to put something into
shareds inbox, so I have to fix it myself. This line should never be
executed for the "shared" (postuser) user. It is obsolete as I learned
lmtp tries by itself to put the mail into the inbox when the extension
is not available.
However, the last resort is:
/usr/local/cyrus/bin/deliver -a "andre" -r "postmaster at abmail.de" -m
"unzustellbar" "andre"
So finally all the emails for the shared user end up in my
"unzustellbar" mail folder.
O.k., the same problem I have on the other frontend, which is at the
same time the murder master.
But on this server there is also the additional problem. I now have
removed the -a parameter from my delivery recipe in procmail to have it
working again (but I cannot use any subfolders/extensions from procmail
recipes anymore). Whenever I try to deliver with -a parameter, I get:
lmtpunix[66205]: accepted connection
lmtpunix[66205]: lmtp connection preauth'd as postman
mupdate[57984]: cmd_find(fd:15, Postmaster.Bad-address)
Jul 13 15:22:30 mtb master[57976]: process 66205 exited, signaled to
death by 11
Jul 13 15:22:30 mtb master[57976]: service lmtpunix pid 66205 in BUSY
state: terminated abnormally
This only happens on murder master with deliver -a.
This is the cyrus.conf from murder master:
START {
recover cmd="ctl_cyrusdb -r"
idled cmd="idled"
}
# UNIX sockets start with a slash and are put into /var/imap/socket
SERVICES {
imap cmd="imapd" listen="imap" prefork=1
imapunix cmd="imapd" listen="/var/imap/socket/imap" prefork=1
imaps cmd="imapd -s" listen="imaps" prefork=1
pop3 cmd="pop3d" listen="pop3" prefork=0
pop3s cmd="pop3d -s" listen="pop3s" prefork=0
# nntp cmd="nntpd" listen="nntp" prefork=0
# nntps cmd="nntpd -s" listen="nntps" prefork=0
sieve cmd="timsieved" listen="sieve" prefork=0
# lmtp cmd="lmtpd" listen="lmtp" prefork=1
lmtpunix cmd="lmtpd" listen="/var/imap/socket/lmtp" prefork=0
mupdate cmd="/usr/local/cyrus/bin/mupdate -m" listen=3905 prefork=1
}
EVENTS {
checkpoint cmd="ctl_cyrusdb -c" period=30
delprune cmd="cyr_expire -E 3" at=0400
tlsprune cmd="tls_prune" at=0400
}
Some lines from my imapd.conf which are the same on all servers:
unixhierarchysep: yes
altnamespace: yes
userprefix: Andere Benutzer
sharedprefix: Gemeinsame Ordner
postuser: shared
username_tolower: 1
lmtp_downcase_rcpt: 0
lmtp_fuzzy_mailbox_match: 1
virtdomains: userid
defaultdomain: abmail.de
(I cycled the new lmtp_downcase_rcpt and lmtp_fuzzy_mailbox_match
options, but that did not change anything for the "postuser" problem.
However, addressing these particular folders worked before for years, so
it should not be the broken part.)
The mupdate server is configured in imapd.conf on all servers, also on
the mupdate master itself where it connects to itself.
I hope that shows the general picture of my setup. Please tell me if I
missed some crucial parts.
Last night was a little stressful, so forgive me that I didn't post all
relevant information at once.
Would you recommend separating the murder master and not use it as a
frontend?
André Böhm
More information about the Info-cyrus
mailing list