troubleshooting an unified config

Jesus Roncero jesus at mxtelecom.com
Thu Oct 19 11:15:12 EDT 2006 

Hi all,

I have an almost running unified-configuration murder installation with 3 
machines:

* backbox: backend
* unibox: fronend/backend in unified mode
* mupbox: mupdate master 

It all looks like it's fine. when accessing unibox with an imap client, it 
serves the mailbox if it is at unibox or proxies it if it's at backbox. So, 
the unified config looks like it works, in terms of accessing the mailboxes. 

But we are trying to be able to move mailboxes from backbox to unibox and 
from unibox to backbox as well. Right now, if I issue a xfer command to 
transfer a mailbox from unibox to backbox, it works flawlessly. But not 
the other way around. If we try to move from backbox to unibox, it fails 
with an error like:

backbox> xfer user.andy at domain.com unibox
xfermailbox: The remote Server(s) denied the operation

Sniffing the connection, there is a connect to the mupdate master as follows:
* AUTH "CRAM-MD5" "DIGEST-MD5" "LOGIN" "PLAIN" 
* PARTIAL-UPDATE 
* OK MUPDATE "mupbox" "Cyrus Murder" "v2.3.7" "(master)" 
A01 AUTHENTICATE "PLAIN" {32+} 
PASSWORD= 
A01 OK "Authenticated" 
X0 DEACTIVATE {23+} 
domain.com!user.andy {13+} 
backbox!default 
X0 OK "done" 
X1 ACTIVATE {23+} 
domain.com!user.andy {13+} 
backbox!default {31+} 
andy at domain.com.lrswipkxtea. 
X1 OK "done"

and then, there's this connection to unibox' imap port:
* OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID MUPDATE=mupdate://mupbox/ 
AUTH=DIGEST-MD5 AUTH=CRAM-MD5 SASL-IR] unibox Cyrus IMAP4 (Murder) v2.3.7 
server ready 
C01 CAPABILITY 
* CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID MUPDATE=mupdate://mupbox/ 
AUTH=DIGEST-MD5 AUTH=CRAM-MD5 SASL-IR ACL RIGHTS=kxte QUOTA NAMESPACE UIDPLUS 
NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT SORT=MODSEQ 
THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE CATENATE CONDSTORE IDLE 
URLAUTH 
C01 OK Completed 
A01 AUTHENTICATE PLAIN PASSWORD== 
A01 OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID MUPDATE=mupdate://mupbox/ 
LOGINDISABLED ACL RIGHTS=kxte QUOTA NAMESPACE UIDPLUS NO_ATOMIC_RENAME 
UNSELECT CHILDREN MULTIAPPEND BINARY SORT SORT=MODSEQ THREAD=ORDEREDSUBJECT 
THREAD=REFERENCES ANNOTATEMORE CATENATE CONDSTORE IDLE URLAUTH] Success (no 
protection) 
LC1 LOCALCREATE {23+} 
user.andy at domain.com 
LC1 NO Mailbox already exists 
Q01 LOGOUT 
* BYE LOGOUT received 
Q01 OK Completed

The thing is that it is failing at the LOCALCREATE command because the mailbox 
looks like it *exist* to cyrus, although it is not at that server 
(unibox). 

Having a look at the boxes, I've noticed that the mailboxes.db files contains 
info as follows:

* mupbox[mupdate master] - contains all the mailboxes from backbox and unibox
* unibox(unified) - contains all the mailboxes from backbox and unibox
* backbox - contains only the mailboxes at backbox.

I guess this is the right way to do it because unibox is running an unified 
config and it is running a slave mupdate process for its frontend section and 
needs to know all this data, right? So then, why is it failing to move the 
mailbox?

I think everything is right in terms of permissions. backbox logs in to 
unibox as an admin, so there should be no problem with permissions at all, 
i guess. 

Any ideas? I am running out of them at this point.


Configuration files follows:

backbox -- cyrus.conf
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++
START {
  recover	cmd="ctl_cyrusdb -r"
  mupdatepush   cmd="ctl_mboxlist -m"
}

# UNIX sockets start with a slash and are put into /var/imap/socket
SERVICES {
  # add or remove based on preferences
  #mupdate cmd="/opt/cyrus-imapd-2.3.7/bin/mupdate" listen=3905 prefork=1

  imap		cmd="imapd" listen="imap" prefork=0
  imaps		cmd="imapd -s" listen="imaps" prefork=0
  pop3		cmd="pop3d" listen="pop3" prefork=0
  pop3s		cmd="pop3d -s" listen="pop3s" prefork=0
  sieve		cmd="timsieved" listen="sieve" prefork=0

  lmtp		cmd="lmtpd" listen="lmtp" prefork=0

}

EVENTS {
  checkpoint	cmd="ctl_cyrusdb -c" period=30
}




backbox -- imapd.conf
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++
configdirectory: /var/imap
partition-default: /var/spool/imap
sasl_pwcheck_method: auxprop

sasl_mech_list: plain login CRAM-MD5 DIGEST-MD5
sasldb_path: /etc/sasldb2

sieve_admins: cyrus, golan
sievedir: /var/spool/sieve
virtdomains: yes

altnamespace: yes
allowallsubscribe: yes
allowusermoves: 1

admins: golan murder murder at domain.com golan at domain.com

# How to get to mupdate master server
mupdate_username: backend1
mupdate_password: Password
mupdate_server: mupbox
mupdate_port: 2004
mupdate_authname: backend1
mupdate_config: standard

unibox_mechs: PLAIN
proxy_authname: murder
unibox_password: Password

mupbox_mechs: PLAIN
mupbox_password: Password

force_sasl_client_mech: PLAIN

proxyservers: murder

allowpaintext: 1




unibox -- cyrus
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++
START {
  mboxlist	cmd="ctl_cyrusdb -r"
  mupdatepush   cmd="ctl_mboxlist -m"
}
SERVICES {
  mupdate       cmd="/home/golan/cyrus-imapd-2.3.7/bin/mupdate" listen=2004 
prefork=1

  imap		cmd="proxyd" listen="imap" prefork=1
  pop3		cmd="pop3d" listen="pop3" prefork=0
  kpop          cmd="pop3d -k" listen="kpop" prefork=0
  sieve         cmd="timsieved" listen="2000" prefork=1

  # fud
  fud           cmd="fud" listen="fud" prefork=0 proto="udp"

  # relay mail correctly
  lmtpunix	cmd="lmtpproxyd" listen="/home/golan/var/imap/socket/lmtpproxy" 
prefork=1
}

EVENTS {
  checkpoint	cmd="ctl_cyrusdb -c" period=5
}



unibox -- imapd.conf
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++
configdirectory: /home/golan/var/imap
# DO NOT leave any SPACE at the end of any config setting
# ARGGGGGGGGGGGG
partition-default: /home/golan/var/spool/imap
sasl_pwcheck_method: auxprop

sasl_mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5
sasldb_path: /home/golan/etc/sasldb2
force_sasl_client_mech: PLAIN

sieve_admins: cyrus, golan
sievedir: /home/golan/var/spool/sieve

virtdomains: yes
altnamespace: yes
allowallsubscribe: yes
allowusermoves: 1

backbox_mechs: PLAIN
unibox_mechs: PLAIN

# we don't want sieve referrrals
sieve_allowreferrals: 0

admins: golan backend1 murder unified1 golan at domain.com murder at domain.com 

# How to get to the mupdate server (this machine)
mupdate_config: unified
mupdate_username: backend1
mupdate_password: Password
mupdate_server: mupbox
mupdate_port: 2004
mupdate_authname: backend1

# How to get to the backends
proxy_authname: murder
backbox_password: Password
unibox_password: Password

proxyservers: murder

syslog_prefix: unified



mupbox -- cyrus
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++
START {
  mboxlist	cmd="ctl_cyrusdb -r"
}

SERVICES {
  mupdate       cmd="/home/golan/cyrus-imapd-2.3.7-mupdate/bin/mupdate -m" 
listen=2004 prefork=1
}

EVENTS {
  checkpoint	cmd="ctl_cyrusdb -c" period=5
}






mupbox -- imapd.conf
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++
configdirectory: /home/golan/var/imap
partition-default: /tmp  # because it is not used
sasl_pwcheck_method: auxprop

sasl_mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5
sasldb_path: /home/golan/etc/sasldb2
force_sasl_client_mech: PLAIN
auxprop_plugin: sasldb

virtdomains: yes
altnamespace: yes
allowallsubscribe: yes

backbox_mechs: PLAIN
unibox_mechs: PLAIN

# we don't want sieve referrrals
sieve_allowreferrals: 0

allowusermoves: 1

admins: golan backend1 backend1 at domain.com # should I use box names here?

proxyservers: murder
proxy_authname: murder
backbox_password: Password





-- 
Jesus Roncero <jesus at mxtelecom.com>
System Developer
Tel: +44 (0) 845 666 7778
http://www.mxtelecom.com

More information about the Info-cyrus mailing list