Notes on operating a unified murder

Gary Mills mills at cc.umanitoba.ca
Mon Mar 19 21:26:04 EST 2007 

For some time now, I've been testing a unified murder configuration of
the Cyrus IMAP server.  I'm using two servers.  Server A is a unified
front-end/back-end server, hosting mailboxes and proxying connections
to the back-end server.  Clients connect only to server A.  Server B
is a conventional back-end server, only hosting mailboxes.  My
objective in this exercise is to set up a production server in the
same manner, and then move mailboxes from the front-end to the
back-end in a transparent manner.  I've accomplished this successfully
with the test server.  Here are some notes I kept along the way:

o The mupdate master cannot run on unified server, even with a
  different configuration directory.
o The mupdate master will run on the backend server, with a different
  configuration directory.
o A mupdate slave is required on a unified server, to update the local
  mailboxes database.  This limitation should be fixable.
o The mupdate server is multi-threaded but also runs as multiple processes.
  However, it uses mutex locking that can't work between processes.
o E-mail delivery on the back-end server doesn't work if lmtpd has the
  `-a' option.  At least, I couldn't figure out how to make it work.
o For proxy delivery to work on the back-end server, the proxy user from
  the front-end must be defined in `lmtp_admins' on the back-end.
o The service name configuration prefix as in `lmtp_admins' appears to
  work but is not documented anyplace.  Where are the names listed?
o `cyradm' connected to the unified server honours redirection to the
  backend, but prompts for a password repeatedly.  This could be fixed
  by having it accept multiple server names on the command line, and
  opening persistent connections to all of them.
o `cyradm' must connect to the backend to create mailboxes there.
   It doesn't work via proxy from frontend.
o `sieveshell' connected to the unified server honours redirection to the
  backend, but prompts for a password twice.
o For the cyradm `xfer' command, the unified server connects to the
  backend server as the proxy user, even when cyradm authenticates
  to the front-end as the administrator.
o The mupdate master sometimes attempts to connect to itself, producing
  this error: ``kick_mupdate: can't connect to target: Connection refused''.
o `autocreatequota' on the backend server may be necessary for `xfer'
  to work.
o Defining the proxy user in `proxyservers' on the backend server does
  not work to enable cyradm `xfer' to work.
o The proxy user must be defined in `imap_admins' for `xfer' to work.
  What privileges does this imply?
o cyradm `xfer' only works from the unified server to the backend server,
  when connected to the unified server.  Could it be fixed to work in
  reverse?  Will it work when connected to backend server?

-- 
-Gary Mills-    -Unix Support-    -U of M Academic Computing and Networking-

More information about the Info-cyrus mailing list