Murder + virtal hosting with ipaliasing problem

Tomas Lindroos DC skitta at abo.fi
Wed Nov 8 03:54:08 EST 2006 

Hello everybody!

I am trying to build a cyrus murder with virtual hosting enabled. In the 
future we will probably have two or three frontends on round robin dns, so 
I have imapd:s running on an IP-aliased interface. This works fine, let's 
call it foo.abo.fi.

Now, on the same frontend I need another set of imapd:s which run on yet 
another IP-alised interface, which has a DNS-entry on another domain, 
say bar.baz.org. The reasons for doing this is:

  - they want "their" imap-server on their own domain
  - they want to log in as "username", not "username at domain"
  - they want to authenticate to their active directory (through
    saslauthd-krb5, all other virtual domains use mysql auxprop)

Now, if I create a mailbox "testuser at baz.org" and log in as 
testuser at baz.org everything works as it should:

  > telnet foo.abo.fi imap
  * OK foo.abo.fi Cyrus IMAP4 Murder v2.2.12-AAU-RPM-2.2.12-3.RHEL4.1.aau server ready
  1 LOGIN testuser at baz.org ********
  1 OK User logged in
  2 LIST "" *
  * LIST (\Noinferiors) "." "INBOX"
  2 OK Completed
  3 SELECT INBOX
  * FLAGS (\Answered \Flagged \Draft \Deleted \Seen)
  * OK [PERMANENTFLAGS (\Answered \Flagged \Draft \Deleted \Seen \*)]
  * 3 EXISTS
  * 1 RECENT
  * OK [UNSEEN 3]
  * OK [UIDVALIDITY 1160720446]
  * OK [UIDNEXT 4]
  3 OK [READ-WRITE] Completed
  4 LOGOUT
  * BYE LOGOUT received
  4 OK Completed


But if I try to use the server on bar.baz.org, the LIST command fails to 
retrieve any mailboxes:

  > telnet bar.baz.org imap
  * OK foo.abo.fi Cyrus IMAP4 Murder v2.2.12-AAU-RPM-2.2.12-3.RHEL4.1.aau server ready
  1 LOGIN testuser at baz.org ********
  1 OK User logged in
  2 LIST "" *
  2 OK Completed
  3 SELECT INBOX
  3 NO Mailbox does not exist
  4 LOGOUT
  * BYE LOGOUT received
  4 OK Completed

The same thing happens when I omit the @baz.org part:

  > telnet bar.baz.org imap
  * OK foo.abo.fi Cyrus IMAP4 Murder v2.2.12-AAU-RPM-2.2.12-3.RHEL4.1.aau server ready
  1 LOGIN testuser ********
  1 OK User logged in
  2 LIST "" *
  2 OK Completed
  3 SELECT INBOX
  3 NO Mailbox does not exist
  4 LOGOUT
  * BYE LOGOUT received
  4 OK Completed


If I dump the contents of mailboxes.db I get the correct results on all 
machines in the murder.


Ok, then some snippets from the config files:

bar.baz.org-imapd.conf:

  configdirectory: /var/imap
  sievedir: /var/sieve

  defaultpartition: virtual
  partition-virtual: /var/spool/virtual

  hashimapspool: false

  unixhierarchysep: no
  altnamespace: yes
  sharedprefix: shared

  singleinstancestore: yes
  duplicatesuppression: yes
  allowusermoves: yes

  servername: bar.baz.org

  virtdomains: on
  loginrealms: baz.org
  defaultdomain: baz.org

  sasl_pwcheck_method: saslauthd

  (... + other SASL, lmtp, tls and mupdate stuff)


The working server foo.abo.fi has the same config, except for:

  servername: foo.abo.fi
  loginrealms: xxx yyy zzz abo.fi
  defaultdomain: abo.fi
  sasl_pwcheck_method: auxprop

I get the same result when using "virtdomains userid". I tried to mix the 
forms but that didn't work at all (but there could have been other reasons 
as well.)

Any ideas? It seems like the fact that the virtual server is on another 
network (in DNS, not physically) somehow screws up the mailbox lookups 
from mailboxes.db. (I've run several instances of imapd:s on other servers 
with different configs, though not with virtual domains on, and I think 
other people use it as well.) This should be possible to do, right? There 
are no complaints in the logs.


cyrus.conf:

SERVICES {
  mupdate   cmd="/usr/lib64/cyrus-imapd/mupdate" listen=3905 prefork=1

  imap          cmd="/usr/lib64/cyrus-imapd/proxyd -C /etc/imapd-foo.conf" listen="foo.abo.fi:imap" prefork=0
  imaps         cmd="/usr/lib64/cyrus-imapd/proxyd -s -C /etc/imapd-foo.conf" listen="foo.abo.fi:imaps" prefork=0

  himap          cmd="/usr/lib64/cyrus-imapd/proxyd -C /etc/imapd-baz.org.conf" listen="bar.baz.org:imap" prefork=0
  himaps         cmd="/usr/lib64/cyrus-imapd/proxyd -s -C /etc/imapd-baz.org.conf" listen="bar.baz.org:imaps" prefork=0
}


I use the RHEL4-supplied x86_64 packages, though recompiled to disable the 
autocreate patches.

 	/skitta

-- 
  Tomas 'Skitta' Lindroos.
  UNIX systemadministratör, Åbo Akademi, Datacentralen
  skitta at abo.fi, 02-215-4469

More information about the Info-cyrus mailing list