Backend attempting to proxy to itself?

Brian Awood bawood at umich.edu
Mon Apr 26 12:57:25 EDT 2010


You need to remove mupdate entry from the "Services" section of the cyrus
config on the backend servers.  mupdate always assumes mailboxes are remote
so it is going through and changing all the mailbox entries to remote ones.
 

I'm not sure about the autocreate feature though, I assume that is what you
are trying to use by creating the mailbox while connected to the frontend. 
Traditionally you would connect to the backend where you wanted the mailbox
to live and create it there.

-Brian

On Mon, 26 Apr 2010 17:27:46 +0100 (BST), "Simon Beale"
<simon at minos.org.uk>
wrote:
> 
> However, if I restart the backend at this point, I get the old entries
> back again in addition to the fixed entries.
> 
> Given this cluster isn't yet in production, I've just stopped the entire
> cluster, deleted mailboxes.db from everything and "rm -rf
> ${partition-default}/*" in case there was something bad lurking around
> from previous experiments. But it's still the case that if I "cm
> user.simon" on the frontend with cyradm, the mailboxes.db on the backend
> appears as "... 1 store-101...!default..."
> 
> So for some reason I'm not getting correct mailbox location information
> created on the backends.
> 
> I've included my cyrus.conf files and the murder master's imapd.conf
below
> in case there's something wrong I've put in any of those.
> 
> Cheers
> 
> Simon
> 
> =====================
> Backend/frontend cyrus.conf
> 
> START {
>   recover       cmd="ctl_cyrusdb -r"
>   idled         cmd="idled"
>   #the next line is only present on the backend
>   mupdatepush   cmd="ctl_mboxlist -m"
> }
> SERVICES {
>   imap          cmd="imapd" listen="imap" proto="tcp4" prefork=2
>   imaps         cmd="imapd -s" listen="imaps" proto="tcp4" prefork=5
>   pop3          cmd="pop3d" listen="pop3" proto="tcp4" prefork=2
>   pop3s         cmd="pop3d -s" listen="pop3s" proto="tcp4" prefork=2
>   sieve         cmd="timsieved" listen="sieve" proto="tcp4" prefork=2
>   mupdate       cmd="mupdate" listen="3905" proto="tcp4" prefork=2
>   fud           cmd="fud" listen="4201" proto="udp4" prefork=1
maxchild=10
>   lmtp          cmd="lmtpd -a" listen="127.0.0.1:2003" prefork=1
> }
> EVENTS {
>   checkpoint    cmd="ctl_cyrusdb -c" period=30
>   delprune      cmd="cyr_expire -D 3 -E 3 -X 3" at=0400
>   tlsprune      cmd="tls_prune" at=0400
> }
> 
> ======================
> Murder master /etc/cyrus.conf
> 
> START {
>   recover       cmd="ctl_cyrusdb -r"
>   idled         cmd="idled"
> }
> SERVICES {
>   mupdate       cmd="mupdate -m" listen="mupdate" prefork=1
> }
> EVENTS {
>   checkpoint    cmd="ctl_cyrusdb -c" period=30
>   delprune      cmd="cyr_expire -D 3 -E 3 -X 3" at=0400
>   tlsprune      cmd="tls_prune" at=0400
> }
> 
> 
> ======================
> Murder master /etc/imapd.conf
> 
> admins:                 cyrus cyrus-frontend
> allowplaintext:         true
> configdirectory:        /var/lib/imap
> duplicate_db:           skiplist
> improved_mboxlist_sort: true
> lmtp_downcase_rcpt:     true
> normalizeuid:           true
> partition-default:      /var/spool/imap
> ptscache_db:            skiplist
> sasl_mech_list:         DIGEST-MD5 PLAIN LOGIN
> sasl_pwcheck_method:    auxprop
> sievedir:               /var/lib/imap/sieve
> statuscache_db:         skiplist
> tlscache_db:            skiplist
> tls_ca_file:            /etc/pki/tls/certs/ca-bundle.crt
> tls_cert_file:          /etc/ssl/certs/wildcard.pem
> tls_key_file:           /etc/ssl/certs/wildcard.pem
> unix_group_enable:      false
> 
> 
>> imapd is trying to proxy because the entry "1
>> store-101.internal.example.com" tells it that it's remote, even though
it
>> is not.  Theoretically this would work correctly with a unified murder
>> configuration, where any machine can proxy for another, but it isn't
>> implemented.  The mailbox entry on the backend should look like;
>>
>> user.simon      0    default simon lrswipkxtecda
>>
>> I'm not sure how the mailbox list ended up with entries like that on
your
>> backend.  Are you running mupdate there?  There should probably be a
>> warning in the docs about not starting mupdate on a backend, if there
>> isn't
>> already.  To fix it, you may need to dump the db to text, use
>> sed/awk/perl
>> (pick your favorite) and change all the "1 servername!default" to "0
>> default", remove the old db and reload it.   Hope that helps.
>>
>> -Brian
>>
>> On Mon, 26 Apr 2010 12:44:35 +0100 (BST), "Simon Beale"
>> <simon at minos.org.uk>
>> wrote:
>>> I'm having problems with getting the backend responding correctly in a
>>> murder cluster (using Simon Matter's 2.3.16 rpm built on CentOS 5.4).
>> I've
>>> got it so that I can run cyradm and issue 'cm user.simon' on the
>> frontend,
>>> see it make the mailbox on the backend, and doing 'ctl_mboxlist -d' on
>>> murder, frontend and backend all list the relevant backend location:
>>>
>>> user.simon      1 store-101.internal.example.com!default simon
>>> lrswipkxtecda
>>>
>>>
>>> However, when I run imtest and login on the frontend:
>>> . LIST "" "*"
>>> * LIST (\HasNoChildren) "." "INBOX"
>>> . OK Completed (0.000 secs 2 calls)
>>> . SELECT INBOX
>>> . NO Server(s) unavailable to complete operation
>>>
>>>
>>> Looking at the output of strace and syslogs on the backend, it appears
>>> that the backend is trying to make a new TLS connection back to itself
>>> rather than directly answering the incoming SELECT.
>>>
>>> Apr 26 13:24:09 store-101 imap[26128]: accepted connection
>>> Apr 26 13:24:09 store-101 master[26615]: about to exec
>>> /usr/lib/cyrus-imapd/imapd
>>> Apr 26 13:24:09 store-101 imap[26128]: login:
>>> switch-101.internal.example.com [10.10.10.37] simon DIGEST-MD5 User
>> logged
>>> in
>>> Apr 26 13:24:09 store-101 imap[26615]: executed
>>> Apr 26 13:24:09 store-101 imap[26615]: accepted connection
>>> Apr 26 13:24:09 store-101 master[26616]: about to exec
>>> /usr/lib/cyrus-imapd/imapd
>>> Apr 26 13:24:09 store-101 imap[26616]: executed
>>> Apr 26 13:24:09 store-101 imap[26615]: skiplist: checkpointed
>>> /var/lib/imap/tls_sessions.db (1124 records, 206900 bytes) in 0 seconds
>>> Apr 26 13:24:09 store-101 imap[26615]: imapd:Loading hard-coded DH
>>> parameters
>>> Apr 26 13:24:09 store-101 imap[26615]: SSL_accept() incomplete -> wait
>>> Apr 26 13:24:09 store-101 imap[26128]: Doing a peer verify
>>> Apr 26 13:24:09 store-101 imap[26128]: Doing a peer verify
>>> Apr 26 13:24:09 store-101 imap[26128]: received server certificate
>>> Apr 26 13:24:09 store-101 imap[26128]: starttls: TLSv1 with cipher
>>> DHE-RSA-AES256-SHA (256/256 bits new client) no authentication
>>> Apr 26 13:24:09 store-101 imap[26615]: SSL_accept() succeeded -> done
>>> Apr 26 13:24:09 store-101 imap[26615]: starttls: TLSv1 with cipher
>>> DHE-RSA-AES256-SHA (256/256 bits new) no authentication
>>> Apr 26 13:24:09 store-101 imap[26128]: couldn't authenticate to backend
>>> server: no mechanism available
>>>
>>> Can anyone help me work out why the backend appears to be attempting to
>>> proxy onwards rather than answering the SELECT itself?
>>>
>>> ===================
>>> Backend imapd.conf:
>>>
>>> admins:                 cyrus cyrus-frontend
>>> allowallsubscribe:      true
>>> allowplaintext:         true
>>> allowusermoves:         true
>>> configdirectory:        /var/lib/imap
>>> delete_mode:            delayed
>>> duplicate_db:           skiplist
>>> expunge_mode:           delayed
>>> hashimapspool:          true
>>> improved_mboxlist_sort: true
>>> lmtp_downcase_rcpt:     true
>>> mupdate_authname:       cyrus-frontend
>>> mupdate_password:       ********
>>> mupdate_server:         switch-102.internal.example.com
>>> mupdate_username:       cyrus-frontend
>>> normalizeuid:           true
>>> partition-default:      /var/spool/imap
>>> proxyservers:           cyrus-frontend
>>> ptscache_db:            skiplist
>>> sasl_mech_list:         PLAIN LOGIN DIGEST-MD5
>>> sasl_pwcheck_method:    auxprop
>>> servername:             store-101.internal.example.com
>>> sievedir:               /var/lib/imap/sieve
>>> statuscache_db:         skiplist
>>> tlscache_db:            skiplist
>>> tls_ca_file:            /etc/pki/tls/certs/ca-bundle.crt
>>> tls_cert_file:          /etc/ssl/certs/wildcard.pem
>>> tls_key_file:           /etc/ssl/certs/wildcard.pem
>>> unix_group_enable:      false
>>>
>>>
>>> ====================
>>> Frontend imapd.conf:
>>>
>>> admins:                 cyrus
>>> allowplaintext:         false
>>> allowusermoves:         true
>>> configdirectory:        /var/lib/imap
>>> delete_mode:            delayed
>>> duplicate_db:           skiplist
>>> expunge_mode:           delayed
>>> improved_mboxlist_sort: true
>>> lmtp_downcase_rcpt:     true
>>> mupdate_authname:       cyrus-frontend
>>> mupdate_password:       ********
>>> mupdate_server:         switch-102.internal.example.com
>>> mupdate_username:       cyrus-frontend
>>> normalizeuid:           true
>>> partition-default:      /var/spool/imap
>>> proxy_authname:         cyrus-frontend
>>> proxyd_disable_mailbox_referrals:       true
>>> proxy_password:         ********
>>> ptscache_db:            skiplist
>>> sasl_mech_list:         PLAIN
>>> sasl_pwcheck_method:    auxprop saslauthd
>>> serverlist:             store-101.internal.example.com
>>> servername:             switch-101.internal.example.com
>>> sieve_allowreferrals:   false
>>> sievedir:               /var/lib/imap/sieve
>>> sieveusehomedir:        0
>>> statuscache_db:         skiplist
>>> tlscache_db:            skiplist
>>> tls_ca_file:            /etc/pki/tls/certs/ca-bundle.crt
>>> tls_cert_file:          /etc/ssl/certs/wildcard.pem
>>> tls_key_file:           /etc/ssl/certs/wildcard.pem
>>> unix_group_enable:      false
>>>
>>>
>>> ----
>>> Cyrus Home Page: http://cyrusimap.web.cmu.edu/
>>> Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
>>> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
>>


More information about the Info-cyrus mailing list