Hi
> Also worth mentioning in the FAQ is that it's a good idea to kill the
master
> process before running 'make install' to ensure that everything is
replaced
> properly.
Thanks, I've added it.
> PS: Tarjei, could you please adjust your mailer so that it wraps your
lines
> to 72 chars or thereabouts? Otherwise we get the problem you see above of
> replies not prefixing your quoted lines properly?
Done.
Also, I asked if CMU would be so kind as to set up a faq-o-matic. I guess
that is not possible?
Tarjei
<faq included>
The cysrus-ldap-sasl FAQ.
The Faq handles these topics:
- Use and setup of the fabulas and famous Cyrus Imapd server
- Setup (use no problem) of the infamous but very nice cyrus-sasl package.
- Use of ldap in this combination.
For those wondering. This FAQ is written because Ken Murchinson demanded
someone actually do something about the situation. I am happy for anyone who
proofreads this faq.
Q 1: Death by 11 nr I
The errormessage "imapd was signaled to death by 11" has stopped many from
getting ingto cyrus.
There are two reasons for this problem:
** Your db3 libs are fxxxed.
Make sure that cyrus can find your libs.
If you are on rh. make sure that you got the latest rpm's, AND then
recompile and reinstall the cyrus-sasl rpms like this:
(get cyrus-sasl.src.rpm from your rh cd og rh ftp site).
rpm -i cyrus-sasl-1.5.24-n.src.rpm
cd /usr/src/redhat/SPECS
rpm -ba cyrus-sasl.spec
cd ../RPMS/i386
rpm -i --force cyrus-sasl*
thus cyrus imapd and sasl is installed with the same libs.
Then look below for the rest of the instalation.
Q 2. Death by 11 nr II
"Ok the db's are ok. still I am having problems".
You are using pam-ldap & openldap 2.0.x for authentication, right?
Ok. Bad idea. The reason is that OL2 also uses the sasl libs. Thus when you
try to auth to the openldap server you get a reentrant crisis (or that was
what the people who know what they are doing called it on the maillinglist).
Here's basicly what happens:
your client -> imap -> sasl -> pam-ldap (or any other) -> sasl -> openldap
ok. Se sasl twice? Sasl does not like t be used twice (Oh! What a consumer
society! ,)
so what you do is drop the pam part. There are a few patches for this, they
let sasl authenticate dircetly to db, ldap mysql and a couple of other
places you might feel to save your userdata.
I use the one forund here: www.surf.org.uk
others say this one is better:
You will find a SASL patch under
http://www.matuschek.net/software/sasl-patch
This patch contains support for PostgreSQL, LDAP, BerkeleyDB and
a special authentification server.
Q.3 Sasl-ldap and SSL
Ok. I'm using the ldap-sasl patch. Woha that was a breeze! Now how do I
encrypt the transport between the imap server and the ldap server?
Can someone answer thisone?
Q.4 Where can I find some more documentation on admining cyrus?
Here:
http://www.oreilly.com/catalog/mimap/chapter/ch09.html#92594
Q.5 How do I take backup of cyrus?
Heres a script I ripped from the maillinglist (and made some changes on to
backup ldap too):
Note: I sugges using postfix -> it's better!
#!/bin/sh
# sauve-imap.sh
# stop servers
/etc/rc.d/init.d/cyrus stop
/etc/rc.d/init.d/ldap stop
/usr/sbin/slapcat > /tmp/ldap.ldif
# start ldap.
/etc/rc.d/init.d/ldap start
#tar IMAP
/bin/tar cvzf /backup/var-imap.tgz /var/imap/
/bin/tar cvzf /backup/spool-imap.tgz /var/spool/imap/
# tar conf and ldap files directly to mounted nis dir. (they're not BIG)
/bin/tar cvzf /mnt/test/conf.tgz /etc/cyrus.conf /etc/imapd.conf /etc/sasldb
/etc/openldap /etc/postfix
/bin/tar cvxf /mnt/test/ldap.tgz /tmp/ldap.ldif
# start cyrus
/etc/rc.d/init.d/cyrus start
# move tarr'ed files to mounted nis dir.
/bin/mv /backup/var-imap.tgz /mnt/test/var-imap.tgz
/bin/mv /backup/spool-imap.tgz /mnt/test/spool-imap.tgz
Q.6.Can anybody help me to migrate "old" mbox-style mailboxes into
Cyrus-IMAP ?
>It would be nice if I could keep things like "seen flags".
>
>Get the imap-utils from imap.org. The program mbxcvt does exactly what you
>want...I hacked my copy to allow for copying to an existing mailbox---the
>default is that it wont...
Note: The author could not manage to do it this way ;)
Q.7 how do I list the quotausage for all my users?
su cyrus
/usr/cyrus/bin/quota
you'll get a listing.
You can also do:
sudo -u cyrus '/usr/cyrus/bin/quota'
Q.8 Outlook issue
Thanks for that. For anybody checking the archives, when I reconstructed
the Cyrus server, for some reason a Drafts and Sent folder were created at
the root of the folder tree, with permissions "anyone lrs". I actually had
the folders INBOX.Drafts and INBOX.Sent set up and with the correct
permissions on them, but OE tries to do a trick where it attempts to saved
sent messages direct to "Sent" instead of "INBOX.Sent", as it assumes that
"Sent" is a subfolder of INBOX by default.
The solution is to blow away the Sent and Drafts folders from the root of
the directory tree, and OE behaves itself quite nicely again, with calls to
"Sent" automatically going to "INBOX.Sent" :)
Q.9 Upgrading Cyrus.
I finaly managed to install cyrus a few months ago and am happily running it
now. What I am wondering about, is how do I upgrade.
Is it possible to do:
(in 2.0.14 dir) : ./configure, make make install
and none of my personal files (cyrus/imapd.conf etc) will be overwritten?
Yes. That is perfectly possible. You should kill the master prosess before
doing this though.
Also, keep a copy of your old src dir incase the upgrade failed for some
reason, so you can just do a make install and cyrus works again.
Q.10: Can someone explain to me the difference of lmtp vs. lmtpunix?
>From cyrus.conf:
> # LMTP is required for delivery
> lmtpunix cmd="lmtpd" listen="/var/imap/socket/lmtp" prefork=1
> lmtp cmd="lmtpd" listen="lmtp" prefork=0
>
> Can someone explain to me the difference of lmtp vs. lmtpunix?
The difference is simply whether lmtpd listens on an internet socket or
a unix socket. If sendmail and cyrus are running on the same machine,
then lmtpunix is probably fine. If you have them on different machines,
then you really have no choice but to use lmtp.
Q.11 Using differnt conf.files for pop/imapd.
>
> pop3 cmd="pop3d -C /etc/popd.conf" listen="pop3" prefork=1
>
> ..but I noticed that while pop3 is indeed preforked, whenever a single
> person checks their email via pop3, another instance is spawned! - So what
> the heck is the advantage of having a preforked pop3 ?!
Thhe prefork means that there will always be N daemons spawned and ready
to service a connection. In you case, your pop3 connection used the
daemon which was initially preforked, and as soon as you connected,
another was preforked to service the next connection.
Q.11. Does anyone have a HOWTO for installing on rh?
No. But Jeremy Howard posted this on the maillinglist:
I have removed the parts I consider not needed on 7.x systems.
PS: You must have installed the e2fsprogs & e2fsprogs-devel! + Bison
Here's a tip: Download the src rpm's from rh powtools, rebuild (to make sure
that you do not get the db problem, install. Then, compile cyrus form src
and install over the other install, thus you got all the initscripts,
logrotate and logging that you need!
> SASL (look at q1 for a better idea)
> ----
> make clean
> rm -f config.cache
> ./configure --disable-krb4 --disable-gssapi --disable-cram
> --disable-digest --with-dblib=berkeley
> make
> make install
> rm -f /etc/sasldb
> utils/saslpasswd admin
> # Select admin password when prompted
> # Do this even if not using sasldb
>
> IMAP
> ----
> # Remove any IMAP RPMs currently installed
> # Check with:
> # rpm -qa | grep imap
> # Kill any IMAP processes running,
> # and remove from inetd/xinetd
>
> useradd cyrus -d /usr/cyrus -G mail -s /bin/false
> make clean
> rm -f config.cache
> ./configure --with-auth=unix --without-krb \
> --with-perl=/usr/bin/perl
> # Add if Berkeley is in non-standard place
> # --with-db-dir=/usr/local/Berkeley-xx
>
> make depend
> make all CFLAGS=-O2
> make install
> cp master/conf/normal.conf /etc/cyrus.conf
>
> pushd /var
> mkdir imap
> chown cyrus imap
> chgrp mail imap
> chmod 750 imap
> mkdir pwcheck
> chown cyrus pwcheck
> chgrp nobody pwcheck
>
> cd /var/spool
> mkdir imap
> chown cyrus imap
> chgrp mail imap
> chmod 750 imap
>
> cd /usr
> mkdir sieve
> chown cyrus sieve
> chown mail sieve
> chmod 750 sieve
>
> popd
> chown cyrus:mail /etc/imapd.conf
>su cyrus
> tools/mkimap
> exit
>
> cd /var/imap
> chattr +S . user quota user/* quota/*
> chattr +S /var/spool/imap
> chattr +S /var/spool/mqueue
>
> /usr/cyrus/bin/master &
> cyradm localhost -u admin
> # Add your mailboxes here...
Q.12 Cyrus.conf, deciding servicelevel based on ips.
I want a setup where
- localhost may use imap (for squirrelmail)
and everyone else uses pops or imaps, and also that local users connects
using the local networkcard and
- local users are denyed the use of pop.
Then your cyrus.conf services section must look like this:
SERVICES {
# POP3 removed due to security reasons. Only imaps and pås allowd from
outside.
# add or remove based on preferences
imap cmd="/usr/cyrus/bin/imapd" listen="localhost:imap"
prefork=0
imaps1 cmd="/usr/cyrus/bin/imapd -s" listen="imaps" prefork=0
imaps2 cmd="/usr/cyrus/bin/imapd -s" listen="imaps" prefork=0
# pop3 cmd="/usr/cyrus/bin/pop3d" listen="pop3" prefork=0
pop3s cmd="/usr/cyrus/bin/pop3d -s" listen="195.204.129.18:pop3s"
prefork=0
sieve1 cmd="/usr/cyrus/bin/timsieved" listen="192.168.1.2:sieve"
prefork=0
sieve2 cmd="/usr/cyrus/bin/timsieved" listen="localhost:sieve"
prefork=0
look at the listen="" parameter. The syntax is FQDN or ip adress:service or
port. F.x.:
listen="imap" (all ips/networkcards and the imap service as defined in
/etc/services)
listen="102.168.1.2:pop"
listen="www.usgow.gow:133" (nonstandard port, ok for testing or other
purposes).
A note on the servicenames:
The services entry is used mostly for TCP wrappers (and a little bit of
logging). Other than that, the name doesn't matter.
Therefore it should be quite safe to use different names.
Q13. A tip on sieve
Run websive: http://host1.dyndns.org/websieve/
