[no subject]
Hello, I want to set up a mail server using Cyrus and a RedHat 7.x. So I would like to know the capacity in term of account of Cyrus with and without cluster implementation. Thanks in advance Gael
postfix / cyrus quota message
First, Thank you to everyone who emailed me with large companies / organizations that are running cyrus. Next, I have hit a snag & am not sure if this is caused be some configuration option I have not correctly set. I have postfix delivering to cyrus via lmtp, this works great. When a user becomes over quota (set via cyradm), cyrus will not accept mail for that user & a temporary error will be issued to postfix, postfix will then keep mail in its spool until it can be delivered. This is not desired, I want mail for users over quota to be rejected! I have therefor (from information I found in the mailing list archives) altered cyrus to no longer issue a temporary error, cyrus will now issue 550 when the user is over quota. This works and is good, however the bounce message returned to the message sender is; postfix etc,etc When talking to lmtp:/pathtosocket/socketname the etc,etc said "User over quota" etc,etc This is my problem, I have no desire for people to know the location of the lmtp socket nor see any information about it. Is there a way to stop this ?? I would like the message sender to get a message something like; postfix etc,etc The message could not be delivered as the mailbox is full, please try later. Is there possibly another code instead of 550 I should not accept mail with ?? With Thanks Steve.
Re: howto change postfix / cyrus quota message
How I changed the quota message; To change the message cyrus rejects over quota mail with I modified /usr/local/src/cyrus-imapd-2.0.16/imap/lmtpengine.c (line 152) The lines 151 & 152 now read; 151 case IMAP_QUOTA_EXCEEDED: 152return "550 4.2.2 Over quota"; After recompiling cyrus the only binary files that will have changed are deliver & lmtpd, these files are located as; /usr/local/src/cyrus-imapd-2.0.16/imap/deliver /usr/local/src/cyrus-imapd-2.0.16/imap/lmtpd Backup /usr/cyrus/bin/deliver & /usr/cyrus/bin/lmtpd Stop cyrus & replace the two files with the new copies. Restart cyrus & the message will have changed. I hope this helps. Steve. On Thursday 21 February 2002 12:45, you wrote: > Hello > > > I have therefor (from information I found in the mailing list archives) > > altered cyrus to no longer issue a temporary error, cyrus will now issue > > 550 when the user is over quota. > > Please, could u tell me how to do that, or direct me to that message , > where u found the answer . I couldnt find it in the mailing list. > > Thanks > Regards > > > Andrei V. Loukinykh , Evpatoria Ukrtelecom ISP, +380 6569 29376 > ~~~ > "UNIX is like a vigvam - no Windows, no Gates and an Apache inside"
RE: Sieve woes, but closer maybe? + SHAMELESS BRIBE
Hi Mike,
I can relate to your despair, no pizza need apply if this helps.
1. have you tried WebSieve? Has a lot more out of the box preconfigured treats in it.
2. Did you compile cyrus with sieve support disabled accidentally?
3. do you have a straight up mail.log not just imap.log? a mail.debug line in
syslog.conf helps enormously for this.
-Original Message-
From: Mike Grommet [SMTP:[EMAIL PROTECTED]]
Sent: Thursday, February 21, 2002 2:26 AM
To: [EMAIL PROTECTED]
Subject:Sieve woes, but closer maybe? + SHAMELESS BRIBE
I'm really at the end of my rope here, so, I'm
offering free pizza to the person who can figure out my pain and make it all
better...
I'll order a large pizza with the toppings of your choice, from the delivery
place of your choosing, and have it delivered to you at home / offfice /
wherever :)
I'm completely serious here :) Who says theres no such thing as a free
lunch (Ok, I believe it was Heinlien)?
Ok, I'm really stumped when it comes to sieve configuration with sendmail...
I can telnet to the sieve port just fine. Cyrus seems to perform just
dandy. Sieve scritps are happily
being placed into /usr/sieve/whatever
Is there other information I can supply? I'm seeing really weird behavior
from 2 different sieve scripts, a reject script and a vacation script
I found this reject examle script in the ether... Its getting on the
server, and is activated.
require "fileinto";
require "reject";
if header :contains "Subject" "Shockwave"
{reject "Possible virus? Check your system!";}
my imap log looks like this:
--
Feb 21 01:29:26 sammonsmail master[13201]: about to exec
/usr/cyrus/bin/lmtpd
Feb 21 01:29:26 sammonsmail service-lmtpunix[13201]: executed
Feb 21 01:29:26 sammonsmail lmtpd[13201]: accepted connection
Feb 21 01:29:26 sammonsmail lmtpd[13201]: lmtp connection preauth'd as
postman
Feb 21 01:29:27 sammonsmail master[13206]: about to exec
/usr/cyrus/bin/lmtpd
Feb 21 01:29:27 sammonsmail service-lmtpunix[13206]: executed
Feb 21 01:29:27 sammonsmail lmtpd[13201]: accepted connection
Feb 21 01:29:27 sammonsmail lmtpd[13201]: lmtp connection preauth'd as
postman
Feb 21 01:29:27 sammonsmail lmtpd[13206]: accepted connection
Feb 21 01:29:27 sammonsmail lmtpd[13206]: lmtp connection preauth'd as
postman
Feb 21 01:29:28 sammonsmail lmtpd[13201]: accepted connection
Feb 21 01:29:28 sammonsmail lmtpd[13201]: lmtp connection preauth'd as
postman
My mail log looks like this when one of these messges goes in::
-
Feb 21 01:40:35 sammonsmail sendmail[13277]: g1L6eYUG013277: from=,
size=632, class=0, nrcpts=1,
msgid=<013f01c1baa5$021b5380$[EMAIL PROTECTED]>, proto=ESMTP, daemon=MTA,
relay=sm11.texas.rr.com [24.93.35.42]
Feb 21 01:40:35 sammonsmail sendmail[13280]: g1L6eYUG013277: to=,
delay=00:00:01, xdelay=00:00:00, mailer=cyrus, pri=30625, dsn=2.0.0,
stat=Sent
And thats it... no vacation message is ever sent, and nothing odd is showing
up in my imap log.
The reject script doesnt reject... the mail is sent right on through...
Cyrus.conf:
--
# standard standalone server implementation
START {
# do not delete these entries!
mboxlist cmd="ctl_mboxlist -r"
deliver cmd="ctl_deliver -r"
# this is only necessary if using idled for IMAP IDLE
# idledcmd="idled"
}
# UNIX sockets start with a slash and are put into /var/imap/socket
SERVICES {
# add or remove based on preferences
imap cmd="imapd" listen="imap" prefork=0
imaps cmd="imapd -s" listen="imaps" prefork=0
pop3 cmd="pop3d" listen="pop3" prefork=0
pop3s cmd="pop3d -s" listen="pop3s" prefork=0
sieve cmd="timsieved" listen="sieve" prefork=0
# at least one LMTP is required for delivery
# lmtp cmd="lmtpd" listen="lmtp" prefork=0
lmtpunix cmd="lmtpd" listen="/var/imap/socket/lmtp" prefork=0
}
EVENTS {
# this is required
checkpointcmd="ctl_mboxlist -c" period=30
# this is only necessary if using duplicate delivery suppression
delprune cmd="ctl_deliver -E 3" period=1440
}
Relevant sendmail.mc contents
-
define(`confLOCAL_MAILER',`cyrus')
define(`CYRUS_MAILER_FLAGS', `A5@/:|SmXz')dnl
define(`CYRUS_MAILER_ARGS', `deliver -l -e')
define(`CYRUS_MAILER_PATH',`/usr/cyrus/bin/deliver')dnl
define(`CYRUS_MAILER_MAX',`eval(10*1024*1024)')dnl
define(`CYRUS_MAILER_USER',`cyrus:mail')dnl
define(`CYRUS_BB_MAILER_FLAGS',`S')dnl
define(`CYRUS_BB_MAILER_ARGS',`deliver -l -e -m $u')dnl
FEATURE(`accept_unresolvable_domains')dnl
MAILER(smtp)dnl
MAILER(procmail)dnl
MAILER(local)
MAILER(cyrus)
LOCAL_RULE_0
R$=N$: $#local $: $1
R$=N < @ $=w . >$: $#local $: $1
Rbb + $+ < @ $=w . >$#cyrusbb $: $1
Which gets translated to these .cf contents:
---
Mcyrus,
can't write to the imapd.log and auth.log
I did the same as described in the online documentation: /etc/syslog.conf local6.debug/var/log/imapd.log auth.debug /var/log/auth.log But there are no logs, instead I find logs about imap in the messages file, this is because of the following entry: *.* /var/log/messages Does anyone why I can't see any logs where they should be? Thanks, Manuel -- Sex is one of the nine reasons for reincarnation... the other eight are unimportant. -Henry Miller
duplicate_prune - what does this mean
When ever I start the cyrus-imapd I got the following two lines for every letter from a-z in my logfile: Feb 21 14:09:03 he0 ctl_deliver[36825]: creating /usr/local/etc/imap/deliverdb/deliver-z.db Feb 21 14:09:03 he0 ctl_deliver[36825]: duplicate_prune: /usr/local/etc/imap/deliverdb/deliver-z.db: purged 0 out of 0 entries Can anyone tell me what this means? Thanks, Manuel -- A human being should be able to change a diaper, plan an invasion, butcher a hog, conn a ship, design a building, write a sonnet, balanceaccounts, build a wall, set a bone, comfort the dying, take orders, giveorders, cooperate, act alone, solve equations, analyze a new problem, pitch manure, program a computer, cook a tasty meal, fight efficiently, and die gallantly. Specialization is for insects. -Robert A. Heinlein, "The Notebook of Lazarus Long"
Re: howto change postfix / cyrus quota message
Andrei, Not sure if I understand your question, the behavior will change but only because we change the response code cyrus gives. My understanding of this is below (and please tell me if i'm wrong), how I understand this over quota mail is never placed in the queue by cyrus. It is only placed in the queue by postfix. But if I have understood you correctly you want to know only that mail will bounce immediately & the answer is yes. My understanding = Incoming mail --> Postfix --> Cyrus --> Outgoing Incoming mail being smtp Outgoing mail being a client using pop3 / imap / etc In a 'normal' compile of cyrus, mail comes into postfix which accepts the mail because the recipient is in whatever list of valid users it uses, the mail is now in postfix's spool. Postfix now attempts to deliver the mail to its destination which for local mail will be cyrus, it does this either via deliver or lmtp. Cyrus checks if the user is valid, then if it checks the quota, if the user is over quota it responds with a temporary error code & an english message saying "over quota". The message is still in postfix's spool & can be seen with mailq, Postfix will attempt to deliver the mail for the next 5 days (default), it will also continue to accept mail for the user. This patch modifies the error code cyrus returns to postfix, causing postfix not to continue attempting to deliver mail, but to bounce the mail as undeliverable back to the sender (including the "over quota" text cyrus passed it). Steve. On Thursday 21 February 2002 13:05, you wrote: > > The lines 151 & 152 now read; > > 151 case IMAP_QUOTA_EXCEEDED: > > 152return "550 4.2.2 Over quota"; > > It will change the message, but will it change cyrus' behavior also? > I mean not to place overquoted message to the queue, an reject it > immediately ? > > > Andrei V. Loukinykh , Evpatoria Ukrtelecom ISP, +380 6569 29376 > ~~~ > "UNIX is like a vigvam - no Windows, no Gates and an Apache inside"
Re: can't write to the imapd.log and auth.log
execute touch /var/log/imapd.log and touch /var/log/auth.log imapd does not create the files if they dont exist Stefan Goethals System Engineer --- ADEPT nv - The partner to make IT secure! Vlamingstraat 4, B-8560 Wevelgem, Belgium E-mail : [EMAIL PROTECTED] Tel :+32-(0)56-432.888 The information transmitted is intended only for the person or entity to which it is addressed. It may contain confidential, proprietary or legally privileged information. No confidentiality or privilege is waived or lost by any mistransmission. If you receive this message in error, please immediately delete it and all copies of it from your system, destroy any hard copies of it and notify the sender. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient. ADEPT and each of its subsidiaries each reserve the right to monitor all e-mail communications through its networks. Any views expressed in this message are those of the individual sender, except where the message states otherwise and the sender is authorised to state them to be the views of any such entity. Unless otherwise stated, any pricing information given in this message is indicative only, is subject to change and does not constitute an offer to deal at any price quoted. Any reference to the terms of executed transactions should be treated as preliminary only and subject to our formal written confirmation. Manuel Hendel .de> cc: Sent by: Subject: can't write to the imapd.log and auth.log [EMAIL PROTECTED] rew.cmu.edu 21/02/2002 14:31 I did the same as described in the online documentation: /etc/syslog.conf local6.debug/var/log/imapd.log auth.debug /var/log/auth.log But there are no logs, instead I find logs about imap in the messages file, this is because of the following entry: *.* /var/log/messages Does anyone why I can't see any logs where they should be? Thanks, Manuel -- Sex is one of the nine reasons for reincarnation... the other eight are unimportant. -Henry Miller
Re: can't write to the imapd.log and auth.log
On Thu, Feb 21, 2002 at 02:31:24PM +0100, [EMAIL PROTECTED] wrote: > > execute > touch /var/log/imapd.log > and > touch /var/log/auth.log > > imapd does not create the files if they dont exist This doesn't change anything, I tried this before. Manuel -- You may be disappointed if you fail, but you are doomed if you don't try. -Beverly Sills
spaces around uid
Hi,
we noticed, that cyrus-imapd allows users to prepend or append
whitespaces to their uid like this:
. login " user " secret
cyrus-imapd hand's over this string as is to the underlying
authentication system. In case of pam with pam_ldap, this results in a
DN like this:
"uid= user ,dc=some,dc=dom"
which will then be normalized by OpenLDAP to
"uid=user,dc=some,dc=dom"
and will give a successfull authentication... :-(
Another point is, that the uid attribute is caseINsensitve as defined
in the core openldap schema, which makes things even harder:
. login " uSer " secret
would be the same as
. login " user " secret
for openldap in this case.
Most mailclients would then notice, that there is no inbox -because
imapd is now looking into "/var/imap/user/ uSer /" which currently
does not exist. Then they issue a "create inbox" command and voila, we
have a new directory called "/var/imap/user/ uSer /".
So I wrote a small patch for the auth_canonifyid function, which
strips off leading and trailing whitespaces and lowers alpha chars.
I am not exactly sure, if this is the right place to fix, but it
works.
I attached the patch to this mail.
--
With best regards,
Carsten Hoeger
SuSE, The Linux Experts, http://www.suse.com
Key fingerprint = E3B6 7FDB 4800 0F22 DC09 EB2B 7988 B6A8 6691 C94A
diff -urN cyrus-imapd-2.0.16/lib/auth_unix.c cyrus-imapd-2.0.16.SuSE/lib/auth_unix.c
--- cyrus-imapd-2.0.16/lib/auth_unix.c Tue May 23 22:56:12 2000
+++ cyrus-imapd-2.0.16.SuSE/lib/auth_unix.c Wed Feb 20 15:32:44 2002
@@ -154,9 +154,11 @@
const char *identifier;
{
static char retbuf[81];
+char backup[81];
struct group *grp;
char sawalpha;
char *p;
+int ic,rbc;
if (strcasecmp(identifier, "anonymous") == 0) {
return "anonymous";
@@ -210,6 +212,21 @@
*p = 0;
if (!sawalpha) return NULL; /* has to be one alpha char */
+
+strcpy(backup,retbuf);
+/* remove leading blanks */
+for(ic=0; isblank(backup[ic]); ic++);
+for(rbc=0; backup[ic]; ic++) {
+ retbuf[rbc] = ( isalpha(backup[ic]) ?
+ tolower(backup[ic]) : backup[ic] );
+ rbc++;
+}
+retbuf[rbc] = '\0';
+/* remove trailing blanks */
+for(--rbc; isblank(retbuf[rbc]); rbc--) {
+ retbuf[rbc] = '\0';
+}
+
return retbuf;
}
msg06101/pgp0.pgp
Description: PGP signature
Re: can't write to the imapd.log and auth.log
Are you sure those files belong to the correct user? If you created them as root they will not be writable by the imapd user until you give those files to the right user with "chown" Stefan Goethals System Engineer --- ADEPT nv - The partner to make IT secure! Vlamingstraat 4, B-8560 Wevelgem, Belgium E-mail : [EMAIL PROTECTED] Tel :+32-(0)56-432.888 The information transmitted is intended only for the person or entity to which it is addressed. It may contain confidential, proprietary or legally privileged information. No confidentiality or privilege is waived or lost by any mistransmission. If you receive this message in error, please immediately delete it and all copies of it from your system, destroy any hard copies of it and notify the sender. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient. ADEPT and each of its subsidiaries each reserve the right to monitor all e-mail communications through its networks. Any views expressed in this message are those of the individual sender, except where the message states otherwise and the sender is authorised to state them to be the views of any such entity. Unless otherwise stated, any pricing information given in this message is indicative only, is subject to change and does not constitute an offer to deal at any price quoted. Any reference to the terms of executed transactions should be treated as preliminary only and subject to our formal written confirmation. Manuel Hendel cc: Cyrus <[EMAIL PROTECTED]> Sent by: Subject: Re: can't write to the imapd.log and auth.log [EMAIL PROTECTED] rew.cmu.edu 21/02/2002 14:46 On Thu, Feb 21, 2002 at 02:31:24PM +0100, [EMAIL PROTECTED] wrote: > > execute > touch /var/log/imapd.log > and > touch /var/log/auth.log > > imapd does not create the files if they dont exist This doesn't change anything, I tried this before. Manuel -- You may be disappointed if you fail, but you are doomed if you don't try. -Beverly Sills
Re: can't write to the imapd.log and auth.log
On Thu, 2002-02-21 at 13:46, Manuel Hendel wrote: > On Thu, Feb 21, 2002 at 02:31:24PM +0100, [EMAIL PROTECTED] wrote: > > > > execute > > touch /var/log/imapd.log > > and > > touch /var/log/auth.log > > > > imapd does not create the files if they dont exist > > This doesn't change anything, I tried this before. > and kill -HUP the syslog deamon. -- Simon
Re: duplicate_prune - what does this mean
Cyrus keeps a database to prevent duplicate emails. The ctl_deliver command removes old entries that are no longer needed from this database. I believe the command is run about every 20 minutes and will delete any entries in the database over 3 days old. Steve. On Thursday 21 February 2002 13:34, you wrote: > When ever I start the cyrus-imapd I got the following two lines for > every letter from a-z in my logfile: > > Feb 21 14:09:03 he0 ctl_deliver[36825]: creating > /usr/local/etc/imap/deliverdb/deliver-z.db > Feb 21 14:09:03 he0 ctl_deliver[36825]: duplicate_prune: > /usr/local/etc/imap/deliverdb/deliver-z.db: purged 0 out of 0 entries > > Can anyone tell me what this means? > > Thanks, > Manuel
Re: duplicate_prune - what does this mean
So it's absolutly ok! Isn't it? Manuel -- Search not the wound too deep, lest thou make a new one. -Thomas Fuller
Re: duplicate_prune - what does this mean
You would have a problem if it wasn't there :) Steve On Thursday 21 February 2002 14:16, you wrote: > So it's absolutely ok! Isn't it? > > Manuel
Re: can't write to the imapd.log and auth.log
It's working now thanks. Manuel -- Experience is what allows us to repeat our mistakes, only with more finesse! -Derwood Fincher (contributed by Chris Johnston)
using multiple mechanism for authentication on cyrus-imap-2.1.2
Hi: I have just compiled and installed sasl-2.1.1 and imap-2.1.2, and I have problems getting it to authenticate with sasldb mechanism. Here is my desired behavior for cyrus-imap. I have currently unix users that I like them to use the same unix passwords for logging into cyrus to get their emails. Hence, I have the sasl_pwcheck_method: saslauthd in imapd.conf. However, I also have guest users who I don't want to set up unix accounts just to get emails. I like to use the default sasldb for that purpose. How do I use the fallback scheme, where it will check saslauthd for passwds and if not available, check sasldb entries for such users? Is it possible? Thanks keith
Re: using multiple mechanism for authentication on cyrus-imap-2.1.2
On Thu, 21 Feb 2002, Keith Kee wrote: >How do I use the fallback scheme, where it will check saslauthd for > passwds and if not available, check sasldb entries for such users? >Is it possible? Not with the current code, but modifying _sasl_checkpass to do a fallback style parseing of the pwcheck_method option shouldn't be very hard (If you do it, send us a patch!). -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 235 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper
Re: spaces around uid
Carsten Hoeger schrieb am Thu, Feb 21, 2002 at 02:43:40PM +0100: [...] > > Most mailclients would then notice, that there is no inbox -because > imapd is now looking into "/var/imap/user/ uSer /" which currently > does not exist. Then they issue a "create inbox" command and voila, we > have a new directory called "/var/imap/user/ uSer /". > > So I wrote a small patch for the auth_canonifyid function, which > strips off leading and trailing whitespaces and lowers alpha chars. [...] With the whitespaces I'm not sure but I don't think one should enforce case insensitivety - instead one should instruct OpenLDAP to behave case sensitive. Regards, - Birger
Re: [Fwd: Vacation.. yes again..]
Given that redirect works, and there are no apparent errors as a result
of vacation, I'd agree with Amos, that the address matching is failing.
Make sure that you list all :addresses that people might use to send an
email to you (those that would appear in the to/cc/bcc headers).
Ken
Tyrone Vaughn wrote:
>
> Redirect worked here's the data (I hope I got it all).
>
> Again.. thanks.
>
> # cat /var/imap/sieve/t/tvaughn/default
> require ["fileinto"];
> require ["reject"];
> require ["vacation"];
>
> if header :contains "from" "tvaughn" { redirect "[EMAIL PROTECTED]";
> }
>
> # tail /var/log/mail/info
> Feb 20 16:54:21 tyrone sendmail[28757]: g1KMsLJ28757:
> from=<[EMAIL PROTECTED]>, size=1058, class=0, nrcpts=1, ms
> gid=<[EMAIL PROTECTED]>, proto=ESMTP, daemon=MTA,
> relay=nsmaster.amicus.com [208.134.129.10]
> Feb 20 16:54:27 tyrone sendmail[28763]: g1KMsRX28763:
> Authentication-Warning: tyrone.vcrl.org: cyrus set sender to
> [EMAIL PROTECTED] using -f
> Feb 20 16:54:27 tyrone sendmail[28763]: g1KMsRX28763:
> [EMAIL PROTECTED], size=1373, class=0, nrcpts=1,
> msgid=<[EMAIL PROTECTED]>, relay=cyrus@localhost
> Feb 20 16:54:27 tyrone sendmail[28760]: g1KMsLJ28757:
> to=<[EMAIL PROTECTED]>, delay=00:00:06, xdelay=00:00:06, mailer=cyrus,
> pri=31058, relay=localhost, dsn=2.0.0, stat=Sent
> Feb 20 16:56:09 tyrone sendmail[28765]: g1KMsRX28763: [EMAIL PROTECTED],
> [EMAIL PROTECTED] (1000/0), delay=00:01:42, xdelay=00:01:42,
> mailer=esmtp, pri=31373, relay=nsmaster.amicus.com. [208.134.129.10],
> dsn=2.0.0, stat=Sent (g1KMrfK07592 Message accepted for delivery)
>
> # tail /var/log/mail/cyrus.log
> Feb 20 16:53:16 tyrone master[28742]: about to exec /usr/cyrus/bin/timsieved
> Feb 20 16:53:16 tyrone master[28742]: about to exec /usr/cyrus/bin/timsieved
> Feb 20 16:53:16 tyrone service-sieve[28742]: executed
> Feb 20 16:53:16 tyrone service-sieve[28742]: executed
> Feb 20 16:53:16 tyrone service-sieve[28742]: accepted connection
> Feb 20 16:53:16 tyrone service-sieve[28742]: accepted connection
> Feb 20 16:53:24 tyrone timsieved[28742]: login:
> localhost.localdomain[127.0.0.1] tvaughn PLAIN User logged in
> Feb 20 16:53:24 tyrone timsieved[28742]: login:
> localhost.localdomain[127.0.0.1] tvaughn PLAIN User logged in
> Feb 20 16:53:56 tyrone master[27082]: process 28742 exited, status 75
> Feb 20 16:53:56 tyrone master[27082]: process 28742 exited, status 75
> Feb 20 16:54:21 tyrone master[28761]: about to exec /usr/cyrus/bin/lmtpd
> Feb 20 16:54:21 tyrone master[28761]: about to exec /usr/cyrus/bin/lmtpd
> Feb 20 16:54:21 tyrone service-lmtpunix[28761]: executed
> Feb 20 16:54:21 tyrone service-lmtpunix[28761]: executed
> Feb 20 16:54:27 tyrone lmtpd[28761]: accepted connection
> Feb 20 16:54:27 tyrone lmtpd[28761]: accepted connection
> Feb 20 16:54:27 tyrone lmtpd[28761]: lmtp connection preauth'd as postman
> Feb 20 16:54:27 tyrone lmtpd[28761]: lmtp connection preauth'd as postman
> Feb 20 16:55:27 tyrone master[27082]: process 28761 exited, status 0
> Feb 20 16:55:27 tyrone master[27082]: process 28761 exited, status 0
>
> Ken Murchison wrote:
>
> > Since vacation is failrly complex, try setting up a redirect action so
> > we can determine if it is a sendmail problem or a lmtpd/sieve problem.
> > Make sure to set the logging level for local6 to debug so we can see
> > what Cyrus is telling us (it looks like you already have this).
> >
> >
> > Tyrone Vaughn wrote:
> >
> >>That was my feeling. That something HAD to change. The last time any
> >>configuration file was touched, prior to this, was over 4 weeks ago. A
> >>MILTER process was upgraded two weeks ago and sendmail/cyrus was
> >>restarted, so I thought that might be the issue, (We use RAV Antivirus) so
> >>I backed it out and then completely removed it to no avail.
> >>
> >>The _only_ thing that seems to have had any specific cause and effect is
> >>adding the F=w to the sendmail.cf for Mcyrus. I had two machines that are
> >>almost identical with the exception of that flag -- one no longer working
> >>and one still working -- so I added the 'w' flag and vacation quit! A-HA!
> >>I think to myself, and I quickly remove it .. . . nope. Now it's broke
> >>too. Attempted to test/repeat it on the other machines to only find out
> >>they are not working either... hence my 'aaarrgghh''
> >>
> >>Soo, I have build a completely NEW, SCRATCH machine and am working
> >>through all the various things I believe could effect it and it is just
> >>laughing at me as I go bald. :-)
> >>
> >>I am completely stumped. I was sure that a complete re-install would fix
> >>it, and was prepared to tell all the clients that, as if magic, all their
> >>mail was going to be 'unread' next time the checked due to this re-install
> >>when even that route failed to repair the issue...
> >>
> >>I did remove everything (tar'ng off the user.$user/. files and NOT the
> >>other files. and developing a list of folders to go with it) completely
> >>recom
Cyrus+procmail
Hi, I have cyrus-imapd-2.0.16 installed with PAM+mysql and postfix, and I will migrate uw-imap users files to cyrus, but I have to migrate the procmail rules too. And I would like to know if it's possible to install procmail instead sieve to do the filtering function. As I'm reading in the info-cyrus archive, it seems to be possible, but I haven't found any documentation about it. Where could I get it? Thanks in advance. Sandra
Re: Sieve woes, but closer maybe? + SHAMELESS BRIBE
First, does a simple fileinto action work? If not, then your scripts
probably aren't being run. If it does, then we have to look at why
lmtpd isn't forking a sendmail process.
Mike Grommet wrote:
>
> I'm really at the end of my rope here, so, I'm
> offering free pizza to the person who can figure out my pain and make it all
> better...
>
> I'll order a large pizza with the toppings of your choice, from the delivery
> place of your choosing, and have it delivered to you at home / offfice /
> wherever :)
> I'm completely serious here :) Who says theres no such thing as a free
> lunch (Ok, I believe it was Heinlien)?
>
> Ok, I'm really stumped when it comes to sieve configuration with sendmail...
>
> I can telnet to the sieve port just fine. Cyrus seems to perform just
> dandy. Sieve scritps are happily
> being placed into /usr/sieve/whatever
>
> Is there other information I can supply? I'm seeing really weird behavior
> from 2 different sieve scripts, a reject script and a vacation script
>
> I found this reject examle script in the ether... Its getting on the
> server, and is activated.
>
> require "fileinto";
> require "reject";
> if header :contains "Subject" "Shockwave"
> {reject "Possible virus? Check your system!";}
>
> my imap log looks like this:
> --
> Feb 21 01:29:26 sammonsmail master[13201]: about to exec
> /usr/cyrus/bin/lmtpd
> Feb 21 01:29:26 sammonsmail service-lmtpunix[13201]: executed
> Feb 21 01:29:26 sammonsmail lmtpd[13201]: accepted connection
> Feb 21 01:29:26 sammonsmail lmtpd[13201]: lmtp connection preauth'd as
> postman
> Feb 21 01:29:27 sammonsmail master[13206]: about to exec
> /usr/cyrus/bin/lmtpd
> Feb 21 01:29:27 sammonsmail service-lmtpunix[13206]: executed
> Feb 21 01:29:27 sammonsmail lmtpd[13201]: accepted connection
> Feb 21 01:29:27 sammonsmail lmtpd[13201]: lmtp connection preauth'd as
> postman
> Feb 21 01:29:27 sammonsmail lmtpd[13206]: accepted connection
> Feb 21 01:29:27 sammonsmail lmtpd[13206]: lmtp connection preauth'd as
> postman
> Feb 21 01:29:28 sammonsmail lmtpd[13201]: accepted connection
> Feb 21 01:29:28 sammonsmail lmtpd[13201]: lmtp connection preauth'd as
> postman
>
> My mail log looks like this when one of these messges goes in::
> -
> Feb 21 01:40:35 sammonsmail sendmail[13277]: g1L6eYUG013277: from=,
> size=632, class=0, nrcpts=1,
> msgid=<013f01c1baa5$021b5380$[EMAIL PROTECTED]>, proto=ESMTP, daemon=MTA,
> relay=sm11.texas.rr.com [24.93.35.42]
> Feb 21 01:40:35 sammonsmail sendmail[13280]: g1L6eYUG013277: to=,
> delay=00:00:01, xdelay=00:00:00, mailer=cyrus, pri=30625, dsn=2.0.0,
> stat=Sent
>
> And thats it... no vacation message is ever sent, and nothing odd is showing
> up in my imap log.
>
> The reject script doesnt reject... the mail is sent right on through...
>
> Cyrus.conf:
> --
> # standard standalone server implementation
>
> START {
> # do not delete these entries!
> mboxlist cmd="ctl_mboxlist -r"
> deliver cmd="ctl_deliver -r"
>
> # this is only necessary if using idled for IMAP IDLE
> # idledcmd="idled"
> }
>
> # UNIX sockets start with a slash and are put into /var/imap/socket
> SERVICES {
> # add or remove based on preferences
> imap cmd="imapd" listen="imap" prefork=0
> imaps cmd="imapd -s" listen="imaps" prefork=0
> pop3 cmd="pop3d" listen="pop3" prefork=0
> pop3s cmd="pop3d -s" listen="pop3s" prefork=0
> sieve cmd="timsieved" listen="sieve" prefork=0
>
> # at least one LMTP is required for delivery
> # lmtp cmd="lmtpd" listen="lmtp" prefork=0
> lmtpunix cmd="lmtpd" listen="/var/imap/socket/lmtp" prefork=0
> }
>
> EVENTS {
> # this is required
> checkpointcmd="ctl_mboxlist -c" period=30
>
> # this is only necessary if using duplicate delivery suppression
> delprune cmd="ctl_deliver -E 3" period=1440
> }
>
> Relevant sendmail.mc contents
> -
>
> define(`confLOCAL_MAILER',`cyrus')
> define(`CYRUS_MAILER_FLAGS', `A5@/:|SmXz')dnl
> define(`CYRUS_MAILER_ARGS', `deliver -l -e')
> define(`CYRUS_MAILER_PATH',`/usr/cyrus/bin/deliver')dnl
> define(`CYRUS_MAILER_MAX',`eval(10*1024*1024)')dnl
> define(`CYRUS_MAILER_USER',`cyrus:mail')dnl
> define(`CYRUS_BB_MAILER_FLAGS',`S')dnl
> define(`CYRUS_BB_MAILER_ARGS',`deliver -l -e -m $u')dnl
>
> FEATURE(`accept_unresolvable_domains')dnl
> MAILER(smtp)dnl
> MAILER(procmail)dnl
> MAILER(local)
> MAILER(cyrus)
>
> LOCAL_RULE_0
> R$=N$: $#local $: $1
> R$=N < @ $=w . >$: $#local $: $1
> Rbb + $+ < @ $=w . >$#cyrusbb $: $1
>
> Which gets translated to these .cf contents:
> ---
> Mcyrus, P=/usr/cyrus/bin/deliver, F=lsDFMnPqA5@/:|SmXz, S=EnvFromL,
> R=EnvToL/HdrToL,
> M=10485760, U=cyru
RE: using multiple mechanism for authentication on cyrus-imap-2.1.2
This is how my /etc/imapd.conf look: configdirectory: /ext/imap/config partition-default: /ext/imap/mailboxes servername: thunder.netsco.com admins: root cyrus sasl_pwcheck_method: auxprop allowplaintext: yes allowanonymouslogin: no autocreatequota: 20 sendmail: /usr/lib/sendmail timeout: 30 imapidlepoll: 60 impaidreponse: yes umask: 077 sieveuserhomedir: true sievedir: /ext/imap/sieve sasl_auto_transition: yes postuser: bb lmtpsocket: /var/cyrus/socket/lmtp idlesocket: /var/cyrus/socket/idle dracinterval: 5 drachost: localhost #altnamespace: yes #userprefix: Other Users #sharedprefix: Shared Folders logtimestamps: yes sasl_mech_list: plain sasl_sasldb_path: /etc/sasldb2 bash-2.03# ls -ld /usr/lib/sasl2 lrwxrwxrwx 1 root other 18 Feb 19 15:51 /usr/lib/sasl2 -> ../local/lib/sasl2 bash-2.03# ls ../local/lib/sasl2 libanonymous.lalibdigestmd5.lalibplain.la libanonymous.solibdigestmd5.solibplain.so libanonymous.so.2 libdigestmd5.so.2 libplain.so.2 libanonymous.so.2.0.1 libdigestmd5.so.2.0.1 libplain.so.2.0.1 libcrammd5.la liblogin.lalibsasldb.la libcrammd5.so liblogin.solibsasldb.so libcrammd5.so.2liblogin.so.2 libsasldb.so.2 libcrammd5.so.2.0.1liblogin.so.2.0.1 libsasldb.so.2.0.1 Did I miss something? Thanks keith > -Original Message- > From: Rob Siemborski [mailto:[EMAIL PROTECTED]] > Sent: Thursday, February 21, 2002 11:23 AM > To: Keith Kee > Cc: Cyrus Info > Subject: RE: using multiple mechanism for authentication on > cyrus-imap-2.1.2 > > > On Thu, 21 Feb 2002, Keith Kee wrote: > > > I am not a very good programmer, so I won't be able to fix > that. However, > > since I cannot achieve that, how do I solely use /etc/salsdb2 for all my > > athentication? I looked at the mail archive about setting > > sasl_pwcheck_method to auxprop. However, when I did that, imapd > complains > > about unknown mechanism. I looked at the configure options, and > did not see > > any parameters like --enable-auxprop. I also looked at the > plugin directory, > > but did not find a libauxprop.so. Looking at the source code, I > am assuming > > that it is embedded in libsasldb.so. > > > > Can somebody be kind enough to me straighten this matter up? > > Yes, the code that is being referenced should be in libsasldb.so (or, for > that matter, any other auxprop plugins you might have, of which none are > in the standard distribution). > > Are you sure that SASL is installed properly (symlink made for > /usr/lib/sasl2, etc). > > -Rob > > -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- > Rob Siemborski * Andrew Systems Group * Cyert Hall 235 * 412-268-7456 > Research Systems Programmer * /usr/contributed Gatekeeper > > > >
RE: using multiple mechanism for authentication on cyrus-imap-2.1.2
On Thu, 21 Feb 2002, Keith Kee wrote: > I am not a very good programmer, so I won't be able to fix that. However, > since I cannot achieve that, how do I solely use /etc/salsdb2 for all my > athentication? I looked at the mail archive about setting > sasl_pwcheck_method to auxprop. However, when I did that, imapd complains > about unknown mechanism. I looked at the configure options, and did not see > any parameters like --enable-auxprop. I also looked at the plugin directory, > but did not find a libauxprop.so. Looking at the source code, I am assuming > that it is embedded in libsasldb.so. > > Can somebody be kind enough to me straighten this matter up? Yes, the code that is being referenced should be in libsasldb.so (or, for that matter, any other auxprop plugins you might have, of which none are in the standard distribution). Are you sure that SASL is installed properly (symlink made for /usr/lib/sasl2, etc). -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 235 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper
quota message
I'm getting this message generated by postfix when cyrus refuses to accept mail because the cyrus user is over quota, I need to remove the reference to the lmtp socket, can anyone tell me how ?? This is the Postfix program at host mail.domain.co.uk I'm sorry to have to inform you that the message returned below could not be delivered to one or more destinations. For further assistance, please send mail to If you do so, please include this problem report. You can delete your own text from the message returned below. The Postfix program <[EMAIL PROTECTED]>: host /var/spool/postfix/public/lmtp[/var/spool/postfix/public/lmtp] said: 550 4.2.2 Over quota Thanks, Steve.
RE: using multiple mechanism for authentication on cyrus-imap-2.1.2
I am not a very good programmer, so I won't be able to fix that. However, since I cannot achieve that, how do I solely use /etc/salsdb2 for all my athentication? I looked at the mail archive about setting sasl_pwcheck_method to auxprop. However, when I did that, imapd complains about unknown mechanism. I looked at the configure options, and did not see any parameters like --enable-auxprop. I also looked at the plugin directory, but did not find a libauxprop.so. Looking at the source code, I am assuming that it is embedded in libsasldb.so. Can somebody be kind enough to me straighten this matter up? Thanks keith > -Original Message- > From: Rob Siemborski [mailto:[EMAIL PROTECTED]] > Sent: Thursday, February 21, 2002 9:51 AM > To: Keith Kee > Cc: Cyrus Info > Subject: Re: using multiple mechanism for authentication on > cyrus-imap-2.1.2 > > > On Thu, 21 Feb 2002, Keith Kee wrote: > > >How do I use the fallback scheme, where it will check saslauthd for > > passwds and if not available, check sasldb entries for such users? > >Is it possible? > > Not with the current code, but modifying _sasl_checkpass to do a fallback > style parseing of the pwcheck_method option shouldn't be very hard (If you > do it, send us a patch!). > > -Rob > > -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- > Rob Siemborski * Andrew Systems Group * Cyert Hall 235 * 412-268-7456 > Research Systems Programmer * /usr/contributed Gatekeeper > > > >
Re: howto change postfix / cyrus quota message
From: Steve Wright <[EMAIL PROTECTED]> Date: Thu, 21 Feb 2002 12:57:44 + Cc: <[EMAIL PROTECTED]> How I changed the quota message; To change the message cyrus rejects over quota mail with I modified /usr/local/src/cyrus-imapd-2.0.16/imap/lmtpengine.c (line 152) The lines 151 & 152 now read; 151 case IMAP_QUOTA_EXCEEDED: 152return "550 4.2.2 Over quota"; You need to make that return "550 5.2.2 Over quota"; Larry
Re: spaces around uid
On Thu, Feb 21, Birger Toedtmann wrote:
> > Most mailclients would then notice, that there is no inbox -because
> > imapd is now looking into "/var/imap/user/ uSer /" which currently
> > does not exist. Then they issue a "create inbox" command and voila, we
> > have a new directory called "/var/imap/user/ uSer /".
> >
> > So I wrote a small patch for the auth_canonifyid function, which
> > strips off leading and trailing whitespaces and lowers alpha chars.
> [...]
>
> With the whitespaces I'm not sure but I don't think one should enforce
> case insensitivety - instead one should instruct OpenLDAP to behave case
> sensitive.
Yes, that's what I also thought in the past.
In the OpenLDAP core schema, you can read:
# OpenLDAP Core schema
#
# Includes LDAPv3 schema items from:
# RFC2251-RFC2256 (LDAPv3)
#
# select standard track schema items:
# RFC2079 (URI)
# RFC1274 (uid/dc)
[...]
#
# Derived from RFC1274, but with new "short names"
#
attributetype ( 0.9.2342.19200300.100.1.1
NAME ( 'uid' 'userid' )
DESC 'RFC1274: user identifier'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
[...]
And in RFC 1274:
[...]
9.3.1. Userid
The Userid attribute type specifies a computer system login name.
userid ATTRIBUTE
WITH ATTRIBUTE-SYNTAX
caseIgnoreStringSyntax
(SIZE (1 .. ub-user-identifier))
::= {pilotAttributeType 1}
[...]
They all speak about caseinsensity.
Maybe we should include the openldap people into this discussion.
My original Mail:
we noticed, that cyrus-imapd allows users to prepend or append
whitespaces to their uid like this:
. login " user " secret
cyrus-imapd hand's over this string as is to the underlying
authentication system. In case of pam with pam_ldap, this results in a
DN like this:
"uid= user ,dc=some,dc=dom"
which will then be normalized by OpenLDAP to
"uid=user,dc=some,dc=dom"
and will give a successfull authentication... :-(
Another point is, that the uid attribute is caseINsensitve as defined
in the core openldap schema, which makes things even harder:
. login " uSer " secret
would be the same as
. login " user " secret
for openldap in this case.
Most mailclients would then notice, that there is no inbox -because
imapd is now looking into "/var/imap/user/ uSer /" which currently
does not exist. Then they issue a "create inbox" command and voila, we
have a new directory called "/var/imap/user/ uSer /".
So I wrote a small patch for the auth_canonifyid function, which
strips off leading and trailing whitespaces and lowers alpha chars.
I am not exactly sure, if this is the right place to fix, but it
works.
--
With best regards,
Carsten Hoeger
SuSE, The Linux Experts, http://www.suse.com
Key fingerprint = E3B6 7FDB 4800 0F22 DC09 EB2B 7988 B6A8 6691 C94A
msg06119/pgp0.pgp
Description: PGP signature
Re: [Fwd: Vacation.. yes again..]
Okay... on the system that I did a FULL replacement of cyrus/sieve, after
I added MULTIPLE possible addresses, it now works with just the primary..
go figure. (What I mean, is that the address SHOULD be $[EMAIL PROTECTED], but
I also added $[EMAIL PROTECTED], $[EMAIL PROTECTED], etc, etc and now
it works with just $[EMAIL PROTECTED]).
On the machine that is "production" and also does a redirect correctly, I
do the following and it does NOT send a vacation.
Is there a DB file somewhere that is possible corrupt and needs rebuilt
that a re-install replaced? If it is corrupt, can it be rebuilt in-place
instead of rebuilding over 5000 mailboxes to accomplish the same thing?
Again.. thanks for all the help.. it is working on a 'developement'
environment but still fails to work in production...
Tyrone
::/var/imap/sieve/s/sfc-webmailtest/default::
require ["fileinto"];
require ["reject"];
require ["vacation"];
# %VACATION_START%
vacation
:addresses
["[EMAIL PROTECTED]","[EMAIL PROTECTED]","[EMAIL PROTECTED]"]
:days 3
:subject "Testing"
# %VAC_TEXT_START%
"Testing of vacation";
# %VAC_TEXT_END%
# %VACATION_END%
::/var/log/mail/info::
Feb 21 10:46:34 barnaby sendmail[16153]: g1LGkXj16153:
from=<[EMAIL PROTECTED]>, size=1078, class=0, nrcpts=1,
msgid=<[EMAIL PROTECTED]>, proto=ESMTP, daemon=MTA,
relay=nsmaster.amicus.com [208.134.129.10]
Feb 21 10:46:34 barnaby sendmail[16155]: g1LGkXj16153:
to=<[EMAIL PROTECTED]>, delay=00:00:01, xdelay=00:00:00,
mailer=cyrus, pri=30401, relay=localhost [127.0.0.1], dsn=2.0.0, stat=Sent
::/var/log/imapd.log::
Feb 21 10:46:34 barnaby master[16156]: about to exec /usr/cyrus/bin/lmtpd
Feb 21 10:46:34 barnaby service-lmtp[16156]: executed
Feb 21 10:46:34 barnaby lmtpd[16156]: accepted connection
Feb 21 10:46:34 barnaby lmtpd[16156]: connection from [127.0.0.1]
preauth'd as postman
Ken Murchison wrote:
> Given that redirect works, and there are no apparent errors as a result
> of vacation, I'd agree with Amos, that the address matching is failing.
> Make sure that you list all :addresses that people might use to send an
> email to you (those that would appear in the to/cc/bcc headers).
>
> Ken
>
> Tyrone Vaughn wrote:
>
>>Redirect worked here's the data (I hope I got it all).
>>
>>Again.. thanks.
>>
>># cat /var/imap/sieve/t/tvaughn/default
>>require ["fileinto"];
>>require ["reject"];
>>require ["vacation"];
>>
>>if header :contains "from" "tvaughn" { redirect "[EMAIL PROTECTED]";
>>}
>>
>># tail /var/log/mail/info
>>Feb 20 16:54:21 tyrone sendmail[28757]: g1KMsLJ28757:
>>from=<[EMAIL PROTECTED]>, size=1058, class=0, nrcpts=1, ms
>>gid=<[EMAIL PROTECTED]>, proto=ESMTP, daemon=MTA,
>>relay=nsmaster.amicus.com [208.134.129.10]
>>Feb 20 16:54:27 tyrone sendmail[28763]: g1KMsRX28763:
>>Authentication-Warning: tyrone.vcrl.org: cyrus set sender to
>>[EMAIL PROTECTED] using -f
>>Feb 20 16:54:27 tyrone sendmail[28763]: g1KMsRX28763:
>>[EMAIL PROTECTED], size=1373, class=0, nrcpts=1,
>>msgid=<[EMAIL PROTECTED]>, relay=cyrus@localhost
>>Feb 20 16:54:27 tyrone sendmail[28760]: g1KMsLJ28757:
>>to=<[EMAIL PROTECTED]>, delay=00:00:06, xdelay=00:00:06, mailer=cyrus,
>>pri=31058, relay=localhost, dsn=2.0.0, stat=Sent
>>Feb 20 16:56:09 tyrone sendmail[28765]: g1KMsRX28763: [EMAIL PROTECTED],
>>[EMAIL PROTECTED] (1000/0), delay=00:01:42, xdelay=00:01:42,
>>mailer=esmtp, pri=31373, relay=nsmaster.amicus.com. [208.134.129.10],
>>dsn=2.0.0, stat=Sent (g1KMrfK07592 Message accepted for delivery)
>>
>># tail /var/log/mail/cyrus.log
>>Feb 20 16:53:16 tyrone master[28742]: about to exec /usr/cyrus/bin/timsieved
>>Feb 20 16:53:16 tyrone master[28742]: about to exec /usr/cyrus/bin/timsieved
>>Feb 20 16:53:16 tyrone service-sieve[28742]: executed
>>Feb 20 16:53:16 tyrone service-sieve[28742]: executed
>>Feb 20 16:53:16 tyrone service-sieve[28742]: accepted connection
>>Feb 20 16:53:16 tyrone service-sieve[28742]: accepted connection
>>Feb 20 16:53:24 tyrone timsieved[28742]: login:
>>localhost.localdomain[127.0.0.1] tvaughn PLAIN User logged in
>>Feb 20 16:53:24 tyrone timsieved[28742]: login:
>>localhost.localdomain[127.0.0.1] tvaughn PLAIN User logged in
>>Feb 20 16:53:56 tyrone master[27082]: process 28742 exited, status 75
>>Feb 20 16:53:56 tyrone master[27082]: process 28742 exited, status 75
>>Feb 20 16:54:21 tyrone master[28761]: about to exec /usr/cyrus/bin/lmtpd
>>Feb 20 16:54:21 tyrone master[28761]: about to exec /usr/cyrus/bin/lmtpd
>>Feb 20 16:54:21 tyrone service-lmtpunix[28761]: executed
>>Feb 20 16:54:21 tyrone service-lmtpunix[28761]: executed
>>Feb 20 16:54:27 tyrone lmtpd[28761]: accepted connection
>>Feb 20 16:54:27 tyrone lmtpd[28761]: accepted connection
>>Feb 20 16:54:27 tyrone lmtpd[28761]: lmtp connection preauth'd as postman
>>Feb 20 16:54:27 tyrone lmtpd[28761]: lmtp connection preauth'd as postman
>>Feb 20 16:55:27 tyrone master[27082]: process 28761 exited, status 0
>>Feb 20 16:55:27 tyr
Re: quota message
On Thu, 2002-02-21 at 16:10, Steve Wright wrote: > I'm getting this message generated by postfix when cyrus refuses to accept > mail because the cyrus user is over quota, I need to remove the reference to > the lmtp socket, can anyone tell me how ?? You will need to edit postfix source somewhere. Postfix lmtp connects to the lmtp socket gets the 550 error and creates that message. ( I would look first in the lmtp code but thats just a pointer).
RE: using multiple mechanism for authentication on cyrus-imap-2.1.2
bash-2.03# /usr/local/sbin/sasldblistusers2
cyrus@thunder: userPassword
bash-2.03# /usr/local/bin/imtest -a cyrus -m login localhost
C: C01 CAPABILITY
S: * OK thunder.netsco.com Cyrus IMAP4 v2.1.2 server ready
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ NAMESPACE UIDPLUS ID
NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND SORT THREAD=ORDEREDSUBJECT
THREAD=REFERENCES LISTEXT LIST-SUBSCRIBED IDLE
S: C01 OK Completed
Password:
C: L01 LOGIN cyrus {5}
+ go ahead
C:
L01 NO Login failed: generic failure
Authentication failed. generic failure
Security strength factor: 0
bash-2.03# tail /var/log/imapd.log
Feb 21 12:09:15 thunder master[420]: [ID 392559 local6.debug] about to exec
/usr/local/cyrus/bin/imapd
Feb 21 12:09:15 thunder imap[420]: [ID 518349 local6.debug] executed
Feb 21 12:09:15 thunder imapd[420]: [ID 921384 local6.debug] accepted
connection
Feb 21 12:09:19 thunder imapd[420]: [ID 914338 local6.notice] badlogin:
localhost[127.0.0.1] plaintext cyrus SASL(-1): generic failure: checkpass
failed
Feb 21 12:10:43 thunder master[406]: [ID 310780 local6.debug] process 420
exited, status 0
bash-2.03# /usr/local/bin/imtest -a cyrus -m auxprop localhost
C: C01 CAPABILITY
S: * OK thunder.netsco.com Cyrus IMAP4 v2.1.2 server ready
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ NAMESPACE UIDPLUS ID
NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND SORT THREAD=ORDEREDSUBJECT
THREAD=REFERENCES LISTEXT LIST-SUBSCRIBED IDLE
S: C01 OK Completed
Authentication failed. no mechanism available
Security strength factor: 0
Thanks
keith
> -Original Message-
> From: Rob Siemborski [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, February 21, 2002 11:47 AM
> To: Keith Kee
> Subject: RE: using multiple mechanism for authentication on
> cyrus-imap-2.1.2
>
>
> On Thu, 21 Feb 2002, Keith Kee wrote:
>
> > Did I miss something?
>
> That all looks fine, can you also send me a copy of your syslogs showing
> the problem?
>
> -Rob
>
> -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
> Rob Siemborski * Andrew Systems Group * Cyert Hall 235 * 412-268-7456
> Research Systems Programmer * /usr/contributed Gatekeeper
>
>
>
>
RE: using multiple mechanism for authentication on cyrus-imap-2.1.2
On Thu, 21 Feb 2002, Keith Kee wrote: > bash-2.03# /usr/local/sbin/sasldblistusers2 > cyrus@thunder: userPassword > > bash-2.03# /usr/local/bin/imtest -a cyrus -m login localhost > C: C01 CAPABILITY > S: * OK thunder.netsco.com Cyrus IMAP4 v2.1.2 server ready > S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ NAMESPACE UIDPLUS ID > NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND SORT THREAD=ORDEREDSUBJECT > THREAD=REFERENCES LISTEXT LIST-SUBSCRIBED IDLE This part is actually pertty interesting, since you're not seeing AUTH=PLAIN banners (and you have sasl_mech_list set to plain), it implies that cyrus can't see your plugin directory, are permissions set on it in a reasonable way? What OS are you on? You might want to try moving the .la files out of the way, because I've heard of instances where they might not be parsed correctly, and that would lead to a problem that looks like this. > bash-2.03# /usr/local/bin/imtest -a cyrus -m auxprop localhost Auxprop isn't a SASL mechanism, it's a password checking mechanism, so this doesn't make much sense, since the password checker can only be defined on the server side. -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 235 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper
Re: [Fwd: Vacation.. yes again..]
Tyrone Vaughn wrote: > > Okay... on the system that I did a FULL replacement of cyrus/sieve, after > I added MULTIPLE possible addresses, it now works with just the primary.. > go figure. (What I mean, is that the address SHOULD be $[EMAIL PROTECTED], but > I also added $[EMAIL PROTECTED], $[EMAIL PROTECTED], etc, etc and now > it works with just $[EMAIL PROTECTED]). > > On the machine that is "production" and also does a redirect correctly, I > do the following and it does NOT send a vacation. > > Is there a DB file somewhere that is possible corrupt and needs rebuilt > that a re-install replaced? If it is corrupt, can it be rebuilt in-place > instead of rebuilding over 5000 mailboxes to accomplish the same thing? > > Again.. thanks for all the help.. it is working on a 'developement' > environment but still fails to work in production... - Check the headers in the message that you send to see if at least one fo the addresses is listed in :addresses. - Check the logs for errors. - Remember, you will only get ONE vacation response per sender per vacation text. You either have to use a different sender address or change the vacation text if you want to test multiple times. - What is different between the production and development machines? Sendmail config, location of sendmail binary...? Ken -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: howto change postfix / cyrus quota message
On Thu, 21 Feb 2002, Steve Wright wrote: > To change the message cyrus rejects over quota mail with I modified > /usr/local/src/cyrus-imapd-2.0.16/imap/lmtpengine.c (line 152) > > The lines 151 & 152 now read; > 151 case IMAP_QUOTA_EXCEEDED: > 152return "550 4.2.2 Over quota"; I just committed a change into CVS such that setting the switch "lmtp_overquota_perm_failure" to true will cause the "552 5.2.2 Over Quota" to be the over quota failure message, though the default will still be to be a temporary failure. -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 235 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper
RE: using multiple mechanism for authentication on cyrus-imap-2.1.2
On Thu, 21 Feb 2002, Rob Siemborski wrote: > This part is actually pertty interesting, since you're not seeing > AUTH=PLAIN banners (and you have sasl_mech_list set to plain), it implies > that cyrus can't see your plugin directory, are permissions set on it in a > reasonable way? Whoops, forgot that we don't advertise AUTH=PLAIN if we don't have SSL. Could you remove the sasl_mech_list option and see if the other mechanisms show up? -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 235 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper
RE: using multiple mechanism for authentication on cyrus-imap-2.1.2
Hi Rob,
When I removed the sasl_mech_list, this is what I got:
bash-2.03# /etc/init.d/cyrus start
vi /etc/imapd.conf
bash-2.03# /usr/local/bin/imtest -a cyrus -m login localhost
C: C01 CAPABILITY
S: * OK thunder.netsco.com Cyrus IMAP4 v2.1.2 server ready
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ NAMESPACE UIDPLUS ID
NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND SORT THREAD=ORDEREDSUBJECT
THREAD=REFERENCES LISTEXT LIST-SUBSCRIBED IDLE AUTH=DIGEST-MD5 AUTH=CRAM-MD5
S: C01 OK Completed
Password:
C: L01 LOGIN cyrus {4}
+ go ahead
C:
L01 NO Login failed: generic failure
Authentication failed. generic failure
Security strength factor: 0
By the way, I am running on Solaris 8. The permission in the directory
looks right.
Thanks
keith
> -Original Message-
> From: Rob Siemborski [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, February 21, 2002 1:02 PM
> To: Keith Kee
> Cc: Cyrus Info
> Subject: RE: using multiple mechanism for authentication on
> cyrus-imap-2.1.2
>
>
> On Thu, 21 Feb 2002, Rob Siemborski wrote:
>
> > This part is actually pertty interesting, since you're not seeing
> > AUTH=PLAIN banners (and you have sasl_mech_list set to plain),
> it implies
> > that cyrus can't see your plugin directory, are permissions set
> on it in a
> > reasonable way?
>
> Whoops, forgot that we don't advertise AUTH=PLAIN if we don't have SSL.
> Could you remove the sasl_mech_list option and see if the other mechanisms
> show up?
>
> -Rob
>
> -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
> Rob Siemborski * Andrew Systems Group * Cyert Hall 235 * 412-268-7456
> Research Systems Programmer * /usr/contributed Gatekeeper
>
>
>
>
Re: []
Gaël LE COZ <[EMAIL PROTECTED]> wrote: > Hello, > > I want to set up a mail server using Cyrus and a RedHat 7.x. > So I would like to know the capacity in term of account of Cyrus with and > without cluster implementation. > > Thanks in advance If you want a quick test install, check out: http://www.sourceforge.net/project/rhems It's redhat 7.2 w/ postfix, ldap authentication, cyrus imapd, and web interface for administrating. Based on the tests done here, on a PII/700, it installs in under 40 minutes (including the specific os install mentioned in the docs). ciao, elmo Best Regards, E.M. Recio << http://polywog.navpoint.com >> Inherent in every intention and desire is the mechanics for its fulfillment... intention and desire in the field of pure potentiality have infinite organizing power. And when we introduce an intention in the fertile ground of pure potentiality, we put this infinite organizing power to work for us. Get free e-mail and a permanent address at http://www.amexmail.com/?A=1
Re: spaces around uid
On Thu, 21 Feb 2002, Carsten Hoeger wrote: > On Thu, Feb 21, Birger Toedtmann wrote: > > > So I wrote a small patch for the auth_canonifyid function, which > > > strips off leading and trailing whitespaces and lowers alpha chars. > > [...] > > > > With the whitespaces I'm not sure but I don't think one should enforce > > case insensitivety - instead one should instruct OpenLDAP to behave case > > sensitive. The RFCs ask for case insensitiveness. MTAs are often configured to be case-insensitive as well. Actually, I welcome that patch very very much. It will put an end to our lusers doing braindead stuff in their imap clients. I would like (and I will probably code it sooner or later) Cyrus to force ALL folder and usernames to lowercase, always. If I code it, it will be a config option, of course :) -- "One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie." -- The Silicon Valley Tarot Henrique Holschuh
Re: sasl_auto_transition
On Thu, 21 Feb 2002, Keith Kee wrote: > Sorry if I am asking trival questions. I am trying to migrate my users from > the unix password scheme to using sasldb2. If I set sasl_auto_transition: > yes and sasl_pwcheck_method: saslauthd in /etc/imapd.conf, does that mean > that I can eventually switch over to sasldb2 after each user has logged in > once? If you are using SASLv1 this should work, though I haven't tried it myself. In SASLv2, that's how it's supposed to work, but it looks like we actually don't ever update the sasldb inside the transition function (though we do make the mechanism-specific setpass callbacks). -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 235 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper
Re: drac patch for cyrus-imapd-2.1.2
The patch has already been updated in CVS. I _think_ I did it
yesterday.
Ken
Keith Kee wrote:
>
> I have patched cyrus-imapd-2.1.2 with drac, I thought I contribute the patch
> here. One place in the file imapd.c that I am not certain if these block of
> code should go inside or outside the if(imapd_out) block.
>
> Hope this is useful.
>
> Thanks
> keith
>
> *** cyrus-imapd-2.1.2.orig/acconfig.h Wed Dec 5 10:23:22 2001
> --- cyrus-imapd-2.1.2/acconfig.hThu Feb 21 03:18:39 2002
> ***
> *** 93,98
> --- 93,101
> /* do we have SASL support for APOP? */
> #undef HAVE_APOP
>
> + /* the Dynamic Relay Authorization Control package */
> + #undef DRAC_AUTH
> +
> /* do we have OpenSSL? */
> #undef HAVE_SSL
>
> *** cyrus-imapd-2.1.2.orig/configure.in Wed Feb 13 16:29:26 2002
> --- cyrus-imapd-2.1.2/configure.in Thu Feb 21 03:19:50 2002
> ***
> *** 809,814
> --- 809,827
> SNMP_SUBDIRS=""
> AC_SUBST(SNMP_SUBDIRS)
>
> +
> +
> + dnl
> + dnl Test for DRAC
> + dnl
> + AC_ARG_WITH(drac, [ --with-drac=DIR use DRAC library in
> [no] ],
> + if test -d "$withval"; then
> + LDFLAGS="$LDFLAGS -L${withval}"
> + AC_CHECK_LIB(drac, dracauth,
> + AC_DEFINE(DRAC_AUTH)
> + LIBS="${LIBS} -ldrac")
> + fi)
> +
> CMU_SOCKETS
> CMU_LIBWRAP
> CMU_UCDSNMP
> *** cyrus-imapd-2.1.2.orig/imap/imapd.c Wed Feb 13 16:34:37 2002
> --- cyrus-imapd-2.1.2/imap/imapd.c Thu Feb 21 03:29:11 2002
> ***
> *** 114,119
> --- 114,127
> static SSL *tls_conn = NULL;
> #endif /* HAVE_SSL */
>
> + #ifdef DRAC_AUTH
> + static struct {
> + int interval; /* dracd "ping" interval; 0 = disabled */
> + unsigned long clientaddr;
> + struct prot_waitevent *event;
> + } drac;
> + #endif /* DRAC_AUTH */
> +
> /* current sub-user state */
> static struct mailbox mboxstruct;
> static struct mailbox *imapd_mailbox;
> ***
> *** 448,453
> --- 456,479
> /* setup for sending IMAP IDLE notifications */
> idle_enabled();
>
> + #ifdef DRAC_AUTH
> + /* setup for sending DRAC "pings" */
> + drac.event = NULL;
> + drac.interval = config_getint("dracinterval", 5);
> + if (drac.interval < 0) drac.interval = 0;
> +
> + if (drac.interval) {
> + char *err;
> +
> + if (dracconn(config_getstring("drachost", "localhost"), &err) != 0)
> {
> + /* disable DRAC */
> + drac.interval = 0;
> + syslog(LOG_NOTICE, "dracconn: %s", err);
> + syslog(LOG_NOTICE, "DRAC DISABLED");
> + }
> + }
> + #endif /* DRAC_AUTH */
> +
> /* create connection to the SNMP listener, if available. */
> snmp_connect(); /* ignore return code */
> snmp_set_str(SERVER_NAME_VERSION,CYRUS_VERSION);
> ***
> *** 530,535
> --- 556,567
> imapd_haveaddr = 1;
> }
> }
> +
> + #ifdef DRAC_AUTH
> + drac.clientaddr = imapd_remoteaddr.sin_addr.s_addr;
> + } else {
> + drac.clientaddr = 0;
> + #endif /* DRAC_AUTH */
> }
>
> /* create the SASL connection */
> ***
> *** 572,577
> --- 604,614
> prot_flush(imapd_out);
> snmp_increment(ACTIVE_CONNECTIONS, -1);
>
> + #ifdef DRAC_AUTH
> + if (drac.event) prot_removewaitevent(imapd_in, drac.event);
> + drac.event = NULL;
> + #endif /* DRAC_AUTH */
> +
> /* cleanup */
> imapd_reset();
>
> ***
> *** 650,655
> --- 687,696
> snmp_increment(ACTIVE_CONNECTIONS, -1);
> }
>
> + #ifdef DRAC_AUTH
> + if (drac.interval) (void) dracdisc((char **)NULL);
> + #endif /* DRAC_AUTH */
> +
> exit(code);
> }
>
> ***
> *** 672,677
> --- 713,747
>
> }
>
> + #ifdef DRAC_AUTH
> + /*
> + * Ping dracd every 'drac.interval' minutes
> + * to let it know that we are still connected
> + */
> + struct prot_waitevent *drac_ping(struct protstream *s,
> +struct prot_waitevent *ev, void *rock)
> + {
> + char *err;
> + static int nfailure = 0;
> +
> + if (dracsend(drac.clientaddr, &err) != 0) {
> + syslog(LOG_NOTICE, "dracsend: %s", err);
> + if (++nfailure >= 3) {
> + /* can't contact dracd for 3 consecutive tries - disable DRAC */
> + prot_removewaitevent(s, ev);
> + drac.event = NULL;
> + syslog(LOG_NOTICE, "DRAC DISABLED");
> + return NULL;
> + }
> + }
> + else
> + nfailure = 0;
> +
> + ev->mark = time(NULL) + (drac.interval * 60);
> + return ev;
> + }
> + #endif /* DRAC_AUTH */
> +
> /*
>* Top-level command loop parsing
>*/
> ***
> *** 1529,1534
> --- 1599,1609
>
> prot_printf(imapd_out, "%s OK %s\r\n", tag, reply);
>
> + #ifdef DRAC_AUTH
> + if (drac.interval &
Newbie: Mailbox structure...
Hi, I've looked for the answer to this for a while, but if I've missed it because I can't see the wood for the trees then apologies in advance. Basically I would prefer to have all my users on one level "../user" rather than in the "../user/a..z" sub-dirs - is this still possible as the searches I've done seem to indicate that this may have been the default procedure for prior versions. I have set the full hash option in the configure file and while that does seem to make a difference to where the folders are created when I try and access the mailbox using a client it looks for ../user/X/username. where X = a random letter not related to the username (for example P for 'rich' and F for 'teresa') when it should be looking in ../user/username/username. Here is an example... Feb 21 15:44:33 host imapd[409]: open: user rich opened INBOXFeb 21 15:44:36 host imapd[409]: accepted connectionFeb 21 15:44:36 host imapd[409]: login: some.ip.addy [x.x.x.x] rich plaintext Feb 21 15:44:36 host imapd[409]: IOERROR: opening /var/imap/user/P/rich.seen: No such file or directoryFeb 21 15:44:36 host imapd[409]: DBERROR: opening /var/imap/user/P/rich.seen: cyrusdb error I feel as though I'm doing something fundamentally wrong, any help would be gratefully accepted. Thanks, Rich.
Re: procmail rules
Sandra schrieb am Thu, Feb 21, 2002 at 04:00:57PM -0400:
>
> Please help me to understand one thing :
>
>Configuring procmail+cyrus+mysql(users without prompt and
> $HOME directory), could
> I configure /etc/procmailrc for each user, or this file is for the
> entire operating system? Could I create a procmailrc in an independent
> directory for each user, different from $HOME?
>Or I have to have sieve for this kind of thing?
I have a setup running where the MTA hands all mails over to procmail
which itself gives them to cyrus' deliver after filtering them.
In most MTAs you can specify which file it parses first for recipes
(if you don't, it'll expect /etc/procmailrc).
I chose /etc/procmail.d/globalrc. There, with
## Where to place our logfiles
LOGFILE=/var/log/procmail/$LOGNAME.log
I gave every user his own log. Then, for each user a recipe file
within /etc/procmail.d/ will be parsed via
## Include central sited user-specific recipes
:0
{
INCLUDERC=/etc/procmail.d/rc.$LOGNAME
}
After that, (still in globalrc) a "fallthrough" will be met that
hands the mail over to cyrus with
## Gone through it up to here? Then deliver It!
:0 w :$LOGNAME.deliverlock
| /usr/cyrus/bin/deliver -e -a $LOGNAME $LOGNAME
Note that you have to preauth with -a as procmail won't run as the
respective user. See procmailrc(5), procmailex(5) and deliver(8).
- Birger
unable to create lmtpunix listener socket
How can I solve this problem? I'm trying to use procmail to filter and the cyrus deliver program to deliver the mail. :0: * ^To: [EMAIL PROTECTED] | /usr/local/cyrus/bin/deliver user It seams that the rule is working, but not the lmtp stuff. The following lines are in my cyrus.conf: # lmtp cmd="lmtpd" listen="lmtp" prefork=0 lmtpunix cmd="lmtpd" listen="/var/imap/socket/lmtp" prefork=0 Which one is better to use or doesn't make it any difference? Thanks, Manuel -- If you see a turtle sitting on a fence post, you know it got some help.
Re: Newbie: Mailbox structure...
No, this is how it works in any remotely recent version. Larry From: "Rich" <[EMAIL PROTECTED]> Date: Thu, 21 Feb 2002 20:08:48 - I've looked for the answer to this for a while, but if I've missed it = because I can't see the wood for the trees then apologies in advance. = Basically I would prefer to have all my users on one level "../user" = rather than in the "../user/a..z" sub-dirs - is this still possible as = the searches I've done seem to indicate that this may have been the = default procedure for prior versions.
Re: LDAP Auth HOW-TO/Install Script
> Or if you already have the postfix sources, and the cyrus-imapd sources, and > have already patched your SASL/OpenLDAP sources, then just download the > stripped down installation scripts. (52 kb) > http://polywog.philtered.net/~erecio/RedHat-EmailServer-Scripts.tar.gz I tried this link, but it is not working. I'm right now trying to setup the same I think. Manuel -- Isolation is aloneness that feels forced upon you, like a punishment. Solitude is aloneness you choose and embrace. I think great things can come out of solitude, out of going to a place where all is quiet except the beating of your heart. -Jeanne Marie Laskas, "Washington Post Magazine"
Re: can't write to the imapd.log and auth.log
> execute > touch /var/log/imapd.log and touch /var/log/auth.log > imapd does not create the files if they dont exist Actually it's syslogd that does this. Syslogd will not write log files if they don't already exist. The files can be owned by root, since syslogd is doing the logging... not the process that calls syslogd. After every change of /etc/syslogd.conf, syslog needs to be kill -HUP'ed. It can also be killed, and syslogd can be run with the -d (debug option... recommended). Always make sure to use tabs for whitespace in the syslogd.conf file, not spaces. Spaces will make syslogd act weird. -- -Mike Schwager [EMAIL PROTECTED]
Websieve SSL
Hi Folks! I am having a hard time getting Websieve to play nice with SSL. Any one have experience with this combination? Websieve seems happy vanilla, but is choking on the SSL part. have a Sun Solaris 8 server with : cyrus-imapd-2.1.1 openssl-0.9.6c websieve-0.61 IMAP-Admin-1.6.1 perlsieve-0.4.9 Net_SSLeay.pm-1.13 IO-Socket-SSL-0.80 perl, v5.6.1 built for sun4-solaris My SSL works on my regular server, with Websieve I have these websieve.conf: # default system ports of timsieved/imapd daemons $sieveport='2000'; #$imapport='143'; $imapport='993'; #your mail domain $maildomain='gsd.harvard.edu' ; #use SSL for server connections #requires IO::Socket::SSL, Net::SSLeay, OpenSSL $useimapSSL=1; $usesieveSSL=1; %server_hosts=( "mail.gsd.harvard.edu"=>['GSD MailServer','993','143','2000','gsd.harvard.edu','ssl_all'] ); The behavior is I get to the login screen okay enter everything and it hangs. Before I changed the websieve.conf imapport I would get an error the it could not connect. Any ideas where I did something wrong? Thank you for your time! -Kiarna
Re: unable to create lmtpunix listener socket
On Thu, Feb 21, 2002 at 10:29:53PM +0100, Manuel Hendel wrote: > How can I solve this problem? I'm trying to use procmail to filter and > the cyrus deliver program to deliver the mail. > > :0: > * ^To: [EMAIL PROTECTED] > | /usr/local/cyrus/bin/deliver user > > It seams that the rule is working, but not the lmtp stuff. The > following lines are in my cyrus.conf: > > # lmtp cmd="lmtpd" listen="lmtp" prefork=0 > lmtpunix cmd="lmtpd" listen="/var/imap/socket/lmtp" prefork=0 ^ > > Which one is better to use or doesn't make it any difference? I already solved this problem, but I got a new one! The problem was, that I changed the marked path. My new problem is the following error message in the imapd.log: Feb 21 23:28:35 he0 deliver[44874]: connect(/usr/local/etc/imap/socket/lmtp) failed: Permission denied What's wrong here? Thanks, Manuel -- Women who seek equality with men, lack ambition.
re: cyrus
When we try and create a new folder on the imap server it just says permission denied, any ideas? ok here's the log entry for the error in the cyrus log file Feb 21 16:57:13 swiss imapd[1379]: myfetch: starting txn 2147484283 Feb 21 16:57:13 swiss imapd[1379]: abort_txn: aborting txn 2147484283 swiss:/var/spool/imap/user # ls -la total 16 drwx--4 cyrusroot 4096 Feb 21 16:29 drwxr-x---4 cyrusmail 4096 Feb 21 13:02 .. drwx--2 cyrusroot 4096 Feb 21 16:41 admin drwx--2 cyrusroot 4096 Feb 21 16:31 ctron swiss:/var/spool/imap/user # cd admin/ swiss:/var/spool/imap/user/admin # ls -la total 60 drwx--2 cyrusroot 4096 Feb 21 16:41 . drwx--4 cyrusroot 4096 Feb 21 16:29 .. -rw---1 cyrusroot 1510 Feb 21 13:28 1. -rw---1 cyrusroot 1496 Feb 21 13:30 2. -rw---1 cyrusroot 1499 Feb 21 14:05 3. -rw---1 cyrusroot 3195 Feb 21 15:02 4. -rw---1 cyrusroot 3224 Feb 21 15:03 5. -rw---1 cyrusroot 1488 Feb 21 16:27 6. -rw---1 cyrusroot 974 Feb 21 16:41 7. -rw---1 cyrusroot 2544 Feb 21 16:41 8. -rw---1 cyrusmail10348 Feb 21 16:41 cyrus.cache -rw---1 cyrusmail 151 Feb 21 13:29 cyrus.header -rw---1 cyrusmail 472 Feb 21 16:41 cyrus.index swiss:/var/spool/imap/user/admin # ps -fu cyrus|grep master cyrus 459 444 0 14:02 pts/200:00:00 /usr/cyrus/bin/master swiss:/var/spool/imap/user/admin # __ Do You Yahoo!? Yahoo! Sports - Coverage of the 2002 Olympic Games http://sports.yahoo.com
Re: Virtual Domain support?
On Tue, Feb 19, 2002 at 10:19:27PM -0600, Mike Grommet wrote: > I'm using Cyrus IMAP 2.0.16 > > I've read many articles in the archives concerning the use of cyrus in > virtual hosting environments... Most of them are fairly old tho. > > Did this support get added in? > Could someone point me to a HOWTO or other documentation on the subject? We've done a simple trick to get this to work. We have front-end postfix servers, with virtual tables set up like this: [EMAIL PROTECTED] [EMAIL PROTECTED] Then the user simply log into the imap/pop server with dom-domain-user, and lives happily ever after. This also makes it trivial to move mailboxes around on different servers etc, even spreading single domains over multiple servers. If you cluster your cyrus servers you don't even have to worry about the user being pointed at the right imap/pop server. The database is being put in a MySQL table, with fallback to a stored backup in a db3 file. MySQL servers are being run with a primary, and slaves on each of the mailservers, allowing speedy local writes. Should the local MySQL server fail, postfix simply queries another. Should all the MySQL servers fail, then we enable soft_bounce on them, and point to local db3 files allowing service to continue. Add to this multiple installations of the postfix frontend servers, all of them able to deliver to the correct cyrus backend using LMTP, either locally or over the network. Sounds good? (at least that's how things are supposed to work when things are done :) Terje Elde Combitel Networks AS
Mailspool/password migration, MySQL authentication etc
Hi, I'm facing the task of migrating two cyrus 2.0 servers over to a single one, and I'd like to be sure I'm doing things TheRightWay (tm). The first task is simply moving the mailboxes over. I could always just create their mailboxes and resubmit older email, but I'd rather not. >From what I understand it'd a no-no to simply copy the mailboxes into place. Would creating them with a cyradm script and then (while the server is down) populating the /var/spool/imap and /var/imap trees, and running the reconstruct script be a bad idea? Also, we'd like to move over from sasldb to using cleartext passwords in a MySQL table. There are plenty of reasons for this, first of all it eases integration with other systems, allows easier creation of administrative tools etc. This raises two questions: a) How to extract the passwords? In order to use CRAM-MD5 you've got to have cleartext passwords on the server, so I'm assuming the sasldb (v1 btw) contains either the passwords or a password equivalent. Is there a RightWay (tm) to extract these? b) In order to keep using CRAM-MD5 and friends, do I understand things correctly that we need to use sasldb alongside of the plaintext authentication system? If so, then I understand we can use sasl_auto_transition to set the passwords in sasldb, but will this be able to update the sasldb system when the user changes a cleartext password? Also, will the user need to log in using a cleartext password, or can he log in with CRAM-MD5 or APOP etc the first time if the authentication backend (in this case MySQL) can proide the cleartext password? Also, because sasl so far have been my only worry with Cyrus, it's very tempting to jump to 2.1 to gain the advantage of cyrus-saslv2. How stable is it? Should I keep my hands off at all costs? Any feedback appreciated! Terje
Re: Sieve woes, but closer maybe? + SHAMELESS BRIBE
I'm actually using websieve to create the scripts... they get to the server
just fine, they just never seem to be getting executed...
I dont believe I did... I'm about 95% sure I tried that course of action
(recompiling, making sure that sieve was installed) and didnt have any
change in results...
I dont have a mail.debug, but all mail logging goes to /var/log/maillog
and that info is posted in my previous message, but in short, nothing funky
seems to be contained within.
- Original Message -
From: "Kiarna Boyd" <[EMAIL PROTECTED]>
To: "'Mike Grommet'" <[EMAIL PROTECTED]>;
<[EMAIL PROTECTED]>
Sent: Thursday, February 21, 2002 7:07 AM
Subject: RE: Sieve woes, but closer maybe? + SHAMELESS BRIBE
> Hi Mike,
>
> I can relate to your despair, no pizza need apply if this helps.
>
> 1. have you tried WebSieve? Has a lot more out of the box preconfigured
treats in it.
> 2. Did you compile cyrus with sieve support disabled accidentally?
> 3. do you have a straight up mail.log not just imap.log? a mail.debug line
in syslog.conf helps enormously for this.
>
> -Original Message-
> From: Mike Grommet [SMTP:[EMAIL PROTECTED]]
> Sent: Thursday, February 21, 2002 2:26 AM
> To: [EMAIL PROTECTED]
> Subject: Sieve woes, but closer maybe? + SHAMELESS BRIBE
>
> I'm really at the end of my rope here, so, I'm
> offering free pizza to the person who can figure out my pain and make it
all
> better...
>
> I'll order a large pizza with the toppings of your choice, from the
delivery
> place of your choosing, and have it delivered to you at home / offfice /
> wherever :)
> I'm completely serious here :) Who says theres no such thing as a free
> lunch (Ok, I believe it was Heinlien)?
>
> Ok, I'm really stumped when it comes to sieve configuration with
sendmail...
>
> I can telnet to the sieve port just fine. Cyrus seems to perform just
> dandy. Sieve scritps are happily
> being placed into /usr/sieve/whatever
>
>
>
>
> Is there other information I can supply? I'm seeing really weird behavior
> from 2 different sieve scripts, a reject script and a vacation script
>
>
> I found this reject examle script in the ether... Its getting on the
> server, and is activated.
>
> require "fileinto";
> require "reject";
> if header :contains "Subject" "Shockwave"
> {reject "Possible virus? Check your system!";}
>
> my imap log looks like this:
> --
> Feb 21 01:29:26 sammonsmail master[13201]: about to exec
> /usr/cyrus/bin/lmtpd
> Feb 21 01:29:26 sammonsmail service-lmtpunix[13201]: executed
> Feb 21 01:29:26 sammonsmail lmtpd[13201]: accepted connection
> Feb 21 01:29:26 sammonsmail lmtpd[13201]: lmtp connection preauth'd as
> postman
> Feb 21 01:29:27 sammonsmail master[13206]: about to exec
> /usr/cyrus/bin/lmtpd
> Feb 21 01:29:27 sammonsmail service-lmtpunix[13206]: executed
> Feb 21 01:29:27 sammonsmail lmtpd[13201]: accepted connection
> Feb 21 01:29:27 sammonsmail lmtpd[13201]: lmtp connection preauth'd as
> postman
> Feb 21 01:29:27 sammonsmail lmtpd[13206]: accepted connection
> Feb 21 01:29:27 sammonsmail lmtpd[13206]: lmtp connection preauth'd as
> postman
> Feb 21 01:29:28 sammonsmail lmtpd[13201]: accepted connection
> Feb 21 01:29:28 sammonsmail lmtpd[13201]: lmtp connection preauth'd as
> postman
>
>
>
>
>
>
>
> My mail log looks like this when one of these messges goes in::
> -
> Feb 21 01:40:35 sammonsmail sendmail[13277]: g1L6eYUG013277:
from=,
> size=632, class=0, nrcpts=1,
> msgid=<013f01c1baa5$021b5380$[EMAIL PROTECTED]>, proto=ESMTP, daemon=MTA,
> relay=sm11.texas.rr.com [24.93.35.42]
> Feb 21 01:40:35 sammonsmail sendmail[13280]: g1L6eYUG013277: to=,
> delay=00:00:01, xdelay=00:00:00, mailer=cyrus, pri=30625, dsn=2.0.0,
> stat=Sent
>
> And thats it... no vacation message is ever sent, and nothing odd is
showing
> up in my imap log.
>
> The reject script doesnt reject... the mail is sent right on through...
>
>
> Cyrus.conf:
> --
> # standard standalone server implementation
>
> START {
> # do not delete these entries!
> mboxlist cmd="ctl_mboxlist -r"
> deliver cmd="ctl_deliver -r"
>
> # this is only necessary if using idled for IMAP IDLE
> # idledcmd="idled"
> }
>
> # UNIX sockets start with a slash and are put into /var/imap/socket
> SERVICES {
> # add or remove based on preferences
> imap cmd="imapd" listen="imap" prefork=0
> imaps cmd="imapd -s" listen="imaps" prefork=0
> pop3 cmd="pop3d" listen="pop3" prefork=0
> pop3s cmd="pop3d -s" listen="pop3s" prefork=0
> sieve cmd="timsieved" listen="sieve" prefork=0
>
> # at least one LMTP is required for delivery
> # lmtp cmd="lmtpd" listen="lmtp" prefork=0
> lmtpunix cmd="lmtpd" listen="/var/imap/socket/lmtp" prefork=0
> }
>
> EVENTS {
> # this is required
> checkpointcmd="ctl_mboxlist -c" perio
Re: Sieve woes, but closer maybe? + SHAMELESS BRIBE
Hi Ken, thanks for the response...
I ran this sieve script:
require "fileinto";
if header :contains "Subject" "Blah"
{fileinto "INBOX.Blah";}
and it _did_ work without a hitch.
Ok, so whats next?
- Original Message -
From: "Ken Murchison" <[EMAIL PROTECTED]>
To: "Mike Grommet" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Thursday, February 21, 2002 9:07 AM
Subject: Re: Sieve woes, but closer maybe? + SHAMELESS BRIBE
> First, does a simple fileinto action work? If not, then your scripts
> probably aren't being run. If it does, then we have to look at why
> lmtpd isn't forking a sendmail process.
>
>
> Mike Grommet wrote:
> >
> > I'm really at the end of my rope here, so, I'm
> > offering free pizza to the person who can figure out my pain and make it
all
> > better...
> >
> > I'll order a large pizza with the toppings of your choice, from the
delivery
> > place of your choosing, and have it delivered to you at home / offfice /
> > wherever :)
> > I'm completely serious here :) Who says theres no such thing as a free
> > lunch (Ok, I believe it was Heinlien)?
> >
> > Ok, I'm really stumped when it comes to sieve configuration with
sendmail...
> >
> > I can telnet to the sieve port just fine. Cyrus seems to perform just
> > dandy. Sieve scritps are happily
> > being placed into /usr/sieve/whatever
> >
> > Is there other information I can supply? I'm seeing really weird
behavior
> > from 2 different sieve scripts, a reject script and a vacation script
> >
> > I found this reject examle script in the ether... Its getting on the
> > server, and is activated.
> >
> > require "fileinto";
> > require "reject";
> > if header :contains "Subject" "Shockwave"
> > {reject "Possible virus? Check your system!";}
> >
> > my imap log looks like this:
> > --
> > Feb 21 01:29:26 sammonsmail master[13201]: about to exec
> > /usr/cyrus/bin/lmtpd
> > Feb 21 01:29:26 sammonsmail service-lmtpunix[13201]: executed
> > Feb 21 01:29:26 sammonsmail lmtpd[13201]: accepted connection
> > Feb 21 01:29:26 sammonsmail lmtpd[13201]: lmtp connection preauth'd as
> > postman
> > Feb 21 01:29:27 sammonsmail master[13206]: about to exec
> > /usr/cyrus/bin/lmtpd
> > Feb 21 01:29:27 sammonsmail service-lmtpunix[13206]: executed
> > Feb 21 01:29:27 sammonsmail lmtpd[13201]: accepted connection
> > Feb 21 01:29:27 sammonsmail lmtpd[13201]: lmtp connection preauth'd as
> > postman
> > Feb 21 01:29:27 sammonsmail lmtpd[13206]: accepted connection
> > Feb 21 01:29:27 sammonsmail lmtpd[13206]: lmtp connection preauth'd as
> > postman
> > Feb 21 01:29:28 sammonsmail lmtpd[13201]: accepted connection
> > Feb 21 01:29:28 sammonsmail lmtpd[13201]: lmtp connection preauth'd as
> > postman
> >
> > My mail log looks like this when one of these messges goes in::
> > -
> > Feb 21 01:40:35 sammonsmail sendmail[13277]: g1L6eYUG013277:
from=,
> > size=632, class=0, nrcpts=1,
> > msgid=<013f01c1baa5$021b5380$[EMAIL PROTECTED]>, proto=ESMTP,
daemon=MTA,
> > relay=sm11.texas.rr.com [24.93.35.42]
> > Feb 21 01:40:35 sammonsmail sendmail[13280]: g1L6eYUG013277:
to=,
> > delay=00:00:01, xdelay=00:00:00, mailer=cyrus, pri=30625, dsn=2.0.0,
> > stat=Sent
> >
> > And thats it... no vacation message is ever sent, and nothing odd is
showing
> > up in my imap log.
> >
> > The reject script doesnt reject... the mail is sent right on through...
> >
> > Cyrus.conf:
> > --
> > # standard standalone server implementation
> >
> > START {
> > # do not delete these entries!
> > mboxlist cmd="ctl_mboxlist -r"
> > deliver cmd="ctl_deliver -r"
> >
> > # this is only necessary if using idled for IMAP IDLE
> > # idledcmd="idled"
> > }
> >
> > # UNIX sockets start with a slash and are put into /var/imap/socket
> > SERVICES {
> > # add or remove based on preferences
> > imap cmd="imapd" listen="imap" prefork=0
> > imaps cmd="imapd -s" listen="imaps" prefork=0
> > pop3 cmd="pop3d" listen="pop3" prefork=0
> > pop3s cmd="pop3d -s" listen="pop3s" prefork=0
> > sieve cmd="timsieved" listen="sieve" prefork=0
> >
> > # at least one LMTP is required for delivery
> > # lmtp cmd="lmtpd" listen="lmtp" prefork=0
> > lmtpunix cmd="lmtpd" listen="/var/imap/socket/lmtp" prefork=0
> > }
> >
> > EVENTS {
> > # this is required
> > checkpointcmd="ctl_mboxlist -c" period=30
> >
> > # this is only necessary if using duplicate delivery suppression
> > delprune cmd="ctl_deliver -E 3" period=1440
> > }
> >
> > Relevant sendmail.mc contents
> > -
> >
> > define(`confLOCAL_MAILER',`cyrus')
> > define(`CYRUS_MAILER_FLAGS', `A5@/:|SmXz')dnl
> > define(`CYRUS_MAILER_ARGS', `deliver -l -e')
> > define(`CYRUS_MAILER_PATH',`/usr/cyrus/bin/deliver')dnl
> > define(`CYRUS_MAILER_MAX',`eval(10*102
Re: unable to create lmtpunix listener socket
Manuel Hendel schrieb: > > On Thu, Feb 21, 2002 at 10:29:53PM +0100, Manuel Hendel wrote: > > How can I solve this problem? I'm trying to use procmail to filter and > > the cyrus deliver program to deliver the mail. > > > > :0: > > * ^To: [EMAIL PROTECTED] > > | /usr/local/cyrus/bin/deliver user > > > > It seams that the rule is working, but not the lmtp stuff. The > > following lines are in my cyrus.conf: > > > > # lmtp cmd="lmtpd" listen="lmtp" prefork=0 > > lmtpunix cmd="lmtpd" listen="/var/imap/socket/lmtp" prefork=0 > ^ > > > > Which one is better to use or doesn't make it any difference? > > I already solved this problem, but I got a new one! The problem was, > that I changed the marked path. > My new problem is the following error message in the imapd.log: > > Feb 21 23:28:35 he0 deliver[44874]: > connect(/usr/local/etc/imap/socket/lmtp) failed: Permission denied What are the permissions of /usr/local/etc/imap/socket/lmtp? In my situation they are srwxrwxrwx1 root root0 Feb 20 14:17 lmtp -Simon > > What's wrong here? > > Thanks, > Manuel > > -- > Women who seek equality with men, lack ambition.
Re: unable to create lmtpunix listener socket
On Fri, Feb 22, 2002 at 07:35:55AM +0100, Simon Matter wrote: > What are the permissions of /usr/local/etc/imap/socket/lmtp? > In my situation they are > srwxrwxrwx1 root root0 Feb 20 14:17 lmtp They are srwxrwxrwx 1 root cyrus0 Feb 21 23:27 lmtp I think that's ok. Manuel -- We must learn not to disassociate the airy flower from the earthy root, for the flower that is cut off from its root fades, and its seeds are barren, whereas the root, secure in mother earth, can produce flower after flower and bring their fruit to maturity. -Kabbalah
Re: unable to create lmtpunix listener socket
Manuel Hendel schrieb: > > On Fri, Feb 22, 2002 at 07:35:55AM +0100, Simon Matter wrote: > > What are the permissions of /usr/local/etc/imap/socket/lmtp? > > In my situation they are > > srwxrwxrwx1 root root0 Feb 20 14:17 lmtp > > They are > srwxrwxrwx 1 root cyrus0 Feb 21 23:27 lmtp > I think that's ok. What about directory permissions? > > Manuel > > -- > We must learn not to disassociate the airy flower from the earthy root, for > the flower that is cut off from its root fades, and its seeds are barren, > whereas the root, secure in mother earth, can produce flower after flower and > bring their fruit to maturity. > -Kabbalah
Re: unable to create lmtpunix listener socket
On Fri, Feb 22, 2002 at 08:18:38AM +0100, Simon Matter wrote: > > They are > > srwxrwxrwx 1 root cyrus0 Feb 21 23:27 lmtp > > I think that's ok. > > What about directory permissions? drwxr-x--- 10 cyrus cyrus512 Feb 21 14:10 imap That is as it should be from the documentation. drwxr-xr-x 2 cyrus cyrus512 Feb 21 23:27 socket This is as cyrus made it. Manuel -- I got real close to seeing Elvis but my shovel broke. (contributed by Frank v Waveren)
Re: unable to create lmtpunix listener socket
Manuel Hendel schrieb: > > On Fri, Feb 22, 2002 at 08:18:38AM +0100, Simon Matter wrote: > > > They are > > > srwxrwxrwx 1 root cyrus0 Feb 21 23:27 lmtp > > > I think that's ok. > > > > What about directory permissions? > > drwxr-x--- 10 cyrus cyrus512 Feb 21 14:10 imap > That is as it should be from the documentation. > > drwxr-xr-x 2 cyrus cyrus512 Feb 21 23:27 socket > This is as cyrus made it. Seems wrong to me. Both Cyrus and your MTA need access to lmtp. I have drwxr-x---2 cyrusmail 103 Feb 20 14:17 socket drwxr-x--- 11 cyrusmail 4096 Feb 20 13:48 imap /etc/groups: mail:x:12:mail,postfix /etc/passwd: postfix:x:89:89:Postfix MTA:/var/spool/postfix:/bin/true cyrus:x:76:12:Cyrus IMAP Server:/var/lib/imap:/bin/bash -Simon > > Manuel > > -- > I got real close to seeing Elvis but my shovel broke. > (contributed by Frank v Waveren)
