Cannot xfer or rename mailbox in murder

Dan White dwhite at olp.net
Fri May 4 10:23:34 EDT 2012


On 05/04/12 07:32 -0500, Nic Bernstein wrote:
>In trying to bring up a murder with 2.4.10, I am encountering a 
>problem I just cannot seem to get past.  I've got a Mupdate master, 2 
>backends and 2 frontends.  Everyone seems to be exchanging 
>mailboxes.db info just fine, but I cannot move a mailbox (user inbox) 
>from the original backend (used to be single, standalone system) to 
>the second backend.
>
>Here is sample cyradm session, first to a frontend:
>
>   # cyradm -user cyradmin mail
>   Password:
>   mail>  xfer user.nic mailbox.wi
>   xfermailbox: bad parameters to function
>
>   mail>  rename user.nic user.nic mailbox.wi
>   renamemailbox: The remote Server(s) denied the operation
>
>and to the backend holding the mailbox to be moved:
>
>   # cyradm -user cyradmin mailbox
>   Password:
>   mailbox>  xfer user.nic mailbox.wi
>   xfermailbox: The remote Server(s) denied the operation
>
>   mailbox>  rename user.nic user.nic mailbox.wi
>   renamemailbox: The remote Server(s) denied the operation
>
>Here are protocol traces from the hosts involved:
>From the first session:
>
>   On host<mail>
>   ---------- cyradmin Fri May  4 07:01:01 2012
>
>   <1336132861<4 RLIST "" ""
>   >1336132861>* LIST (\Noselect) "." ""
>   4 OK Completed (0.000 secs)
>   <1336132870<5 XFER user.nic mailbox.wi
>   >1336132871>5 NO bad parameters to function
>   <1336132898<6 RENAME user.nic user.nic mailbox.wi
>   >1336132898>6 NO The remote Server(s) denied the operation
>
>   On host<mailbox.wi>
>   ---------- murder Fri May  4 07:01:10 2012
>
>   <1336132871<Q01 LOGOUT
>   >1336132871>* BYE LOGOUT received
>   Q01 OK Completed
>
>   On host<postman>  (with clock drift)
>   ---------- postman Fri May  4 07:03:26 2012
>
>   <1336133006<X0 ACTIVATE {8+}
>   user.nic {26+}
>   mailbox.occinc.com!default {63+}
>   nic	lrswipcda	admin	d	cyrus	lrswipkxtea	cyradmin	lrswipkxtecda	
>   >1336133006>X0 OK "done"
>   <1336133006<Q01 LOGOUT
>   >1336133006>Q01 OK "bye-bye"
>
>And from the second:
>
>   On host<mailbox.wi>
>   ---------- murder Fri May  4 07:14:51 2012
>
>   <1336133691<Q01 SETQUOTA {9+}
>   +user.nic (STORAGE 3500000)
>   >1336133691>Q01 NO Permission denied
>   <1336133691<Q01 LOGOUT
>   >1336133691>* BYE LOGOUT received
>   Q01 OK Completed
>   ---------- murder Fri May  4 07:15:00 2012
>
>   <1336133700<Q01 SETQUOTA {9+}
>   +user.nic (STORAGE 3500000)
>   >1336133700>Q01 NO Permission denied
>   <1336133700<Q01 LOGOUT
>   >1336133700>* BYE LOGOUT received
>   Q01 OK Completed
>
>   On host<postman>  (again with clock drift)
>   ---------- postman Fri May  4 07:16:38 2012
>
>   <1336133798<X0 ACTIVATE {8+}
>   user.nic {26+}
>   mailbox.occinc.com!default {63+}
>   nic	lrswipcda	admin	d	cyrus	lrswipkxtea	cyradmin	lrswipkxtecda	
>   >1336133798>X0 OK "done"
>   <1336133798<Q01 LOGOUT
>   >1336133798>Q01 OK "bye-bye"
>
>So it looks to me like the ACL is not being transferred, and the 
>entire operation is buggered from there on.  Right?  What's the fix 
>to this?  Is there some overarching ACL which I'm missing?
>
>Here are the pertinent (sanitized) portions of the configurations 
>from both backends:
>
>   # mailbox - main backend
>   admins: cyrus cyradmin
>   allowplaintext: yes
>   sasl_pwcheck_method: saslauthd
>   sasl_mech_list: PLAIN
>   sasl_minimum_layer: 0
>   sasl_auto_transition: no
>   servername: mailbox.example.com
>   proxyservers: cyradmin murder
>   allowusermoves: true
>   idlemethod: idled
>   allowallsubscribe: true
>   altnamespace: true
>   defaultacl: anyone lrsip
>   mupdate_server: postman.example.com
>   mupdate_username: postman
>   mupdate_authname: postman
>   mupdate_password: password1
>   proxy_authname: murder
>   proxy_password: password2
>   force_sasl_client_mech: PLAIN
>   postman_mechs: PLAIN
>   mailbox_mechs: PLAIN
>   serverlist: mailbox mailbox.wi
>   ----------------------
>
>   # mailbox.wi - new backend
>   admins: cyrus cyradmin
>   allowplaintext: yes
>   sasl_pwcheck_method: saslauthd
>   sasl_mech_list: PLAIN LOGIN
>   sasl_minimum_layer: 0
>   sasl_auto_transition: no
>   servername: mailbox.wi.example.com
>   allowallsubscribe: true
>   duplicatesuppression: true
>   expunge_mode: delayed
>   proxyservers: cyradmin murder
>   allowusermoves: true
>   mupdate_server: postman.example.com
>   mupdate_username: postman
>   mupdate_authname: postman
>   mupdate_password: password1
>   proxy_authname: murder
>   proxy_password: password2
>   force_sasl_client_mech: PLAIN
>   postman_mechs: PLAIN
>   mailbox_mechs: PLAIN
>   serverlist: mailbox mailbox.wi
>
>For what it's worth, all authentication is via saslauthd with LDAP.  
>I am able to create new mailboxes on the new backend, and access them 
>via all frontends, etc.   I am just not able to transfer mailboxes, 
>which is kind of the critical part of this whole effort (distribute 
>mail from centralized location to remote sites).
>
>Any assistance would be greatly appreciated.

Which version are you running on these 4 systems? Are they all
the same?

The doc at:

http://cyrusimap.org/docs/cyrus-imapd/2.4.16/install-murder.php

claims that the proxy_authenticating user will need to be a full admin
(section: Additional backend configuration):

admins: cyrus cyradmin murder

and you may not need 'murder' in your proxyservers.

Check your syslog for any additional output. Focus on the case where you're
connecting directly to the original backend when performing the transfer,
rather than the frontend. I don't know if transfers are allowed from a
frontend.

-- 
Dan White


More information about the Info-cyrus mailing list