cyrus murder and some unclear things(cant create mailbox from frontend)

rupert rupertt at gmail.com
Fri Jan 11 10:05:35 EST 2008 

i followed some howtos on the net and provides wit cyrus,
it uses pam to store some stuff in a mysql 5.1 DB.
i can only login with imtest when i create the user I created with
saslpasswd2 and "cm user.*"  also create this user in the DB,
which was installed during the web-cyradmin installation.

Do I understand right that I have the db with the user accounts on the
frontend and the mailboxes on the backend, so I dont need any DB and
accounts in the sasldb1 on the backend?

Another point is that I cant delete any user with dm, it asks for a
password, when i enter the correct one it asks again until i enter a wrong
one..!

not an easy setup, but its making progress...



here are my config file:
frontend/mupdater
admins: cyrus cyrus-frontend cyrus-backend
configdirectory: /var/lib/imap
partition-default: /var/spool/imap
#admins: cyrus
sievedir: /var/lib/imap/sieve
sendmail: /usr/sbin/sendmail
hashimapspool: true

##
sasl_pwcheck_method: saslauthd
sasl_mech_list: PLAIN LOGIN DIGEST-MD5
sasl_auxprop_plugin: sasldb
sasl_minimum_layer: 0
sasl_auto_transition: no

#sasl_pwcheck_method: auxprop
#sasl_auxprop_plugin: sasldb
#sasl_auxprop_plugin: sql
#sasl_sql_engine: mysql
#sasl_sql_hostnames: localhost
#sasl_sql_user: sqlpassword
#sasl_sql_database: cyrus
#sasl_sql_verbose: no
#sasl_sql_select: SELECT password FROM cyrus_mail WHERE username = '%u' AND
active='1'
#sasl_sql_usessl: 0
#allowplaintext: yes

tls_cert_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem
tls_key_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem
tls_ca_file: /etc/pki/tls/certs/ca-bundle.crt

postmaster: postmaster
allowanonymouslogin: no
allowplaintext: yes
# servername: localhost
autocreatequota: 10000
reject8bit: no
quotawarn: 90
timeout: 30
poptimeout: 10
dracinterval: 0
drachost: localhost
sieve_maxscriptsize: 32
sieve_maxscripts: 5
#unixhierarchysep: yes
#tls_ca_file:/var/lib/imap/server.pem
#tls_cert_file:/var/lib/imap/server.pem
#tls_key_file:/var/lib/imap/server.pem
realm: mailfarm21.local
##################
# MUPDATE Master #
##################
servername: mail2.mailfarm21.local


# hier kommt der backend server
proxy_authname: cyrus-frontend
mail1_password: secret
proxy_password: secret
#proxyservers: mail1.mailfarm21.local
proxyd_disable_mailbox_referrals: 1

## mupdate client?
mupdate_server: mail2.mailfarm21.local
mupdate_port: 3905
mupdate_username: cyrus-frontend
mupdate_authname: cyrus-frontend
mupdate_password: secret



backend:

admins: cyrus cyrus-frontend cyrus-backend
configdirectory: /var/lib/imap
partition-default: /var/spool/imap

sievedir: /var/lib/imap/sieve
sendmail: /usr/sbin/sendmail
hashimapspool: true

tls_cert_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem
tls_key_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem
tls_ca_file: /etc/pki/tls/certs/ca-bundle.crt

postmaster: postmaster
allowanonymouslogin: no
allowplaintext: yes
servername: localhost
autocreatequota: 10000
reject8bit: no
quotawarn: 90
timeout: 30
poptimeout: 10
dracinterval: 0
drachost: localhost
sieve_maxscriptsize: 32
sieve_maxscripts: 5
#unixhierarchysep: yes
#tls_ca_file:/var/lib/imap/server.pem
#tls_cert_file:/var/lib/imap/server.pem
#tls_key_file:/var/lib/imap/server.pem

## sasl kram
sasl_auxprop_plugin: sasldb
sasl_pwcheck_method: saslauthd
#sasl_pwcheck_method: auxprop
sasl_mech_list: plain login DIGEST-MD5


#################
# mupdate slave #
#################
mupdate_server: mail2.mailfarm21.local
mupdate_port: 3905
mupdate_username: cyrus-backend
mupdate_authname: cyrus-backend
mupdate_password: secret
#mupdate_config: unified

# frontendzugriff
proxyservers: mail2.mailfarm21.local
proxy_authname: cyrus-backend

# transfer between backends
allowusermoves: yes
allowsubscribes: yes

cyrus.conf

# standard standalone server implementation

START {
  # do not delete this entry!
  recover    cmd="ctl_cyrusdb -r"

  # this is only necessary if using idled for IMAP IDLE
  idled        cmd="idled"
#
# resync the mailbox with the master at startup
mupdatepush   cmd="ctl_mboxlist -m"
}

# UNIX sockets start with a slash and are put into /var/lib/imap/sockets
SERVICES {
  # add or remove based on preferences
  imap        cmd="imapd" listen="imap" prefork=5
  imaps        cmd="imapd -s" listen="imaps" prefork=1
  pop3        cmd="pop3d" listen="pop3" prefork=3
  pop3s        cmd="pop3d -s" listen="pop3s" prefork=1
  sieve        cmd="timsieved" listen="sieve" prefork=0

  # these are only necessary if receiving/exporting usenet via NNTP
#  nntp        cmd="nntpd" listen="nntp" prefork=3
#  nntps        cmd="nntpd -s" listen="nntps" prefork=1

  # at least one LMTP is required for delivery
#  lmtp        cmd="lmtpd" listen="lmtp" prefork=0
  lmtpunix    cmd="lmtpd" listen="/var/lib/imap/socket/lmtp" prefork=1

  # this is only necessary if using notifications
#  notify    cmd="notifyd" listen="/var/lib/imap/socket/notify" proto="udp"
prefork=1

#
mupdate       cmd="/usr/lib/cyrus-imapd/mupdate" listen="3905" prefork=1
fud cmd="fud" proto="udp" listen="4201" profork=0 maxchilds=10

}

EVENTS {
  # this is required
  checkpoint    cmd="ctl_cyrusdb -c" period=30

  # this is only necessary if using duplicate delivery suppression,
  # Sieve or NNTP
  delprune    cmd="cyr_expire -E 3" at=0400
#delprune      cmd="ctl_deliver -E 3" period=1440
  # this is only necessary if caching TLS sessions
  tlsprune    cmd="tls_prune" at=0400

  # Squat failed, helps
    squatter      cmd="squatter -r user" period=1440
}

On Jan 11, 2008 2:30 PM, Ken Murchison <murch at andrew.cmu.edu> wrote:

> rupert wrote:
> > another questions is:
> > does the mysql database have to be on both machines or does the frontend
> > cyrus get its data from the backend and doesnt store anything inside its
> > local DB?
>
> What MySQL database?  For authentication?  All user credentials need to
> be verified on the frontends.  If you IMAP client(s) support referrals,
> then they might also authenticate directly on the backends.  Otherwise,
> only the "murder" user authenticates on the backends.
>
>
>
> > I created a new domain and user on the backend with web-cyradm and on
> > the frontend/mupdate i can get the data with lm, but I cant connect with
> > a mail client.
> >
> > On Jan 11, 2008 1:13 PM, Rupertt <rupertt at gmail.com
> > <mailto:rupertt at gmail.com>> wrote:
> >
> >     Ken Murchison wrote:
> >>     rupert wrote:
> >>
> >>>     Hello first,
> >>>     I was able to set up an murder cluster with one backend and a
> frontend
> >>>     which also acts as a mupdate server.
> >>>     i could get the mailbox accounts from the backend, which was a
> >>>     standalone before.
> >>>     I read that now the murder is running i should "only" create
> accounts on
> >>>     the frontend and dont do anything manually on the backend, right?
> >>>
> >>>     When I now create a user with web-cyradm on the frontend it
> creates the
> >>>     entry in the DB, but the logfile says:
> >>>
> >>>     Jan 11 12:34:02 mail2 mupdate[2166]: cmd_set(fd:18, user.ralf)
> >>>     Jan 11 12:34:02 mail2 imap[2183]: mupdate NO response: mailbox
> already
> >>>     exists
> >>>     Jan 11 12:34:02 mail2 imap[2183]: MUPDATE: can't reserve mailbox
> entry
> >>>     for 'user.ralf'
> >>>     Jan 11 12:34:02 mail2 imap[2183]: autocreateinbox: User ralf,
> INBOX
> >>>     failed. unable to reserve mailbox on mupdate server
> >>>
> >>>
> >>>     when i try to add the user with "cm ralf" i get a permission
> denied
> >>>     error in the cyradm console.
> >>>
> >>>     i could add a new mailbox on the backend by hand and when I do a
> "lm" on
> >>>     the frontend the new account gets listed there.
> >>>
> >>>     So how can I proceed?
> >>>
> >>     Toplevel mailboxes MUST be created on the backend.
> >>
> >>
> >>
> >     you mean like "ralf", well i tried "user.ralf" and it still does not
> >     work.
> >
> >     this is my current list:
> >
> >     sam (\HasNoChildren)            user.sigi (\HasChildren)
> >     testuser (\HasNoChildren)         user.sigi.Sent (\HasNoChildren)
> >     user.box1 (\HasNoChildren)        user.sigi.Trash (\HasNoChildren)
> >     user.jon (\HasNoChildren)         user.tb0001 (\HasNoChildren)
> >     user.roy (\HasChildren)           user.test1 (\HasNoChildren)
> >     user.roy.Sent (\HasNoChildren)    user.test2 (\HasNoChildren)
> >     user.roy.Trash (\HasNoChildren)   user.testuser (\HasNoChildren)
> >
> >
> >
> >
>
>
> --
> Kenneth Murchison
> Systems Programmer
> Project Cyrus Developer/Maintainer
> Carnegie Mellon University
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20080111/1e1fbd58/attachment-0001.html

More information about the Info-cyrus mailing list