Migrating Cyrus IMAP users to a new host
I want to move my cyrus mail to a new host which is running a newer version of cyrus imap. Is it possible to just backup the imap accounts from the old host and drop them on the new host after creating all of the mail accounts? I suspect I might need to re-index each account afterwards. Is this possible? I think it would be faster and less work than trying to do a mailbox migration with the migration tools. --Ezsra __ Do you Yahoo!? The New Yahoo! Search - Faster. Easier. Bingo. http://search.yahoo.com
Re: Migrating Cyrus IMAP users to a new host
Tom, Not sure I fully understand. What state data was lost? --Ezsra --- Tom Carroll <[EMAIL PROTECTED]> wrote: > Ezsra - > > I performed the method as you suggested. Only one > problem: the Berkeley > db incompatibilities (db3 to db4). This forced me > to use reconstruct to > update the indexes. Some state information was lost > that aggravated the > users (users maintain > 700 MB in their inboxes), > but > beyond that, everything appears fine. Mind you, my > upgrade was minor: > 2.1.9 to 2.1.12. > > - Tom > > On Tue, May 27, 2003 at 11:25:16AM -0700, Ezsra > McDonald wrote: > > I want to move my cyrus mail to a new host which > is > > running a newer version of cyrus imap. Is it > possible > > to just backup the imap accounts from the old host > and > > drop them on the new host after creating all of > the > > mail accounts? I suspect I might need to re-index > each > > account afterwards. > > > > Is this possible? I think it would be faster and > less > > work than trying to do a mailbox migration with > the > > migration tools. > > > > --Ezsra > > > > __ > > Do you Yahoo!? > > The New Yahoo! Search - Faster. Easier. Bingo. > > http://search.yahoo.com __ Do you Yahoo!? The New Yahoo! Search - Faster. Easier. Bingo. http://search.yahoo.com
ACL is not working?
Maybe I don't understand these but if I give a user all perms except "c" they should not be able to create folders right? I don't want my users creating folders. Command I used: setacl user.username username lrswipda For some reason I can still create folders as this user. Interesting though, the user can't delete any of the folders they create. --Ezsra __ Do you Yahoo!? SBC Yahoo! DSL - Now only $29.95 per month! http://sbc.yahoo.com
cyradm erros when reconstructing a mailbox
OK, I probably did something rash when I rsynced a few of my mailboxes to a new cyrus mail server. It was an unplanned migration and It had to be fast. One of the users can't delete messages in subfolders. she also can't move messages into these sub folders. I tried to run a reconstruct and got the following error: host.domain> reconstruct -r user.jessica reconstruct: Operating System Error Any suggestions? --Ezsra __ Do you Yahoo!? SBC Yahoo! DSL - Now only $29.95 per month! http://sbc.yahoo.com
Re: cyradm erros when reconstructing a mailbox
lm user.jessica.* user.jessica.Adobe (\HasNoChildren) user.jessica.BOHA (\HasNoChildren) user.jessica.Batch (\HasNoChildren) user.jessica.Bugs (\HasNoChildren) user.jessica.Corps (\HasNoChildren) user.jessica.Courts (\HasNoChildren) user.jessica.E-mail addresses (\HasNoChildren) user.jessica.Email Stuff (\HasNoChildren) user.jessica.Employee Self Service (\HasNoChildren) user.jessica.FTP (\HasNoChildren) user.jessica.General Responses (\HasNoChildren) user.jessica.KBA (\HasNoChildren) user.jessica.KBC (\HasNoChildren) user.jessica.KBI (\HasNoChildren) user.jessica.KBI PI (\HasNoChildren) user.jessica.KCC (\HasNoChildren) user.jessica.KDEM (\HasChildren) user.jessica.KDEM.Homeland Security (\HasNoChildren) user.jessica.KDHE (\HasNoChildren) user.jessica.KDOCH (\HasNoChildren) user.jessica.KDOHR (\HasNoChildren) user.jessica.KDOR (\HasNoChildren) user.jessica.KDOT (\HasNoChildren) user.jessica.KDWP (\HasNoChildren) user.jessica.KREC (\HasNoChildren) user.jessica.KSBN (\HasNoChildren) user.jessica.Legislative (\HasNoChildren) user.jessica.Library (\HasNoChildren) user.jessica.Links (\HasNoChildren) user.jessica.MVR (\HasNoChildren) user.jessica.Meetings (\HasNoChildren) user.jessica.Meetings, etc (\HasNoChildren) user.jessica.Miscellaneous (\HasNoChildren) user.jessica.NIC Stuff (\HasNoChildren) user.jessica.Nursing (\HasNoChildren) user.jessica.Nursing Errors (\HasNoChildren) user.jessica.PKI (\HasChildren) user.jessica.PKI.Digital ID requests (\HasNoChildren) user.jessica.PKI.Links (\HasNoChildren) user.jessica.PKI.My Stuff (\HasNoChildren) user.jessica.PKI.Reports (\HasNoChildren) user.jessica.Pharmacy (\HasNoChildren) user.jessica.Phone Numbers (\HasNoChildren) user.jessica.Procedures (\HasNoChildren) user.jessica.Projects (\HasChildren) user.jessica.Projects.Jeanine Stuff (\HasNoChildren) user.jessica.Projects.Portal Redesign (\HasNoChildren) user.jessica.Property Tax (\HasNoChildren) user.jessica.Responses (\HasNoChildren) user.jessica.SOS (\HasNoChildren) user.jessica.Sedgwick (\HasNoChildren) user.jessica.Telnet (\HasNoChildren) user.jessica.Tourism (\HasNoChildren) user.jessica.Trash (\HasNoChildren) user.jessica.Trip (\HasNoChildren) user.jessica.Trucking (\HasNoChildren) user.jessica.UCC (\HasNoChildren) user.jessica.Web Design (\HasNoChildren) user.jessica.Webfile (\HasNoChildren) user.jessica.Word Docs (\HasNoChildren) lam user.jessica.Trash jessica lrswipcda --- Patrick Welche <[EMAIL PROTECTED]> wrote: > On Mon, Jun 30, 2003 at 12:08:06PM -0700, Ezsra > McDonald wrote: > > OK, I probably did something rash when I rsynced a > few > > of my mailboxes to a new cyrus mail server. It was > an > > unplanned migration and It had to be fast. > > > > One of the users can't delete messages in > subfolders. > > she also can't move messages into these sub > folders. > > > > I tried to run a reconstruct and got the following > > error: > > > > host.domain> reconstruct -r user.jessica > > reconstruct: Operating System Error > > > > Any suggestions? > > What are the access control lists on these > subfolders? > eg. cyradm localhost > lm user.jessica.* > lam user.jessica.Sent > > Cheers, > > Patrick __ Do you Yahoo!? SBC Yahoo! DSL - Now only $29.95 per month! http://sbc.yahoo.com
pine, horde and CRAM_MD5 not happy
Since I was forced to migrate friday I have been unable to connect to the cyrus imap server with pine and horde. They are trying to use CRAM_MD5 authentication when I would rather they did not. How do I disable CRAM_MD5 as an authentication method or at least get it to work between cyrus and pine/horde? --Ezsra __ Do you Yahoo!? SBC Yahoo! DSL - Now only $29.95 per month! http://sbc.yahoo.com
Re: cyradm erros when reconstructing a mailbox
Let me go to another account with the same problem. All af the folders exist. Some are empty and reconstruct reports an IOERROR when it can't find cyrus.* in the folders. He has several folders whose names are made up of multiple words like for example one is named 'user.randy.Child Development'. It is also an empty folder. Permisions on all files and folders are setup for cyrus:mail. I can't delete 'user.randy.Child Development'. I get this error when trying to change the acl: mailhost> lm 'user.randy.Child Development' user.randy.Child Development (\HasNoChildren) mailhost> setacl 'user.randy.Child Development' cyrus all setaclmailbox: cyrus: lrswipcda: System I/O error mailhost> ls -la /var/spool/imap/user/randy/Child* total 16 drwx--2 cyrusmail 4096 2002-02-11 12:53 . drwx-- 22 cyrusmail12288 2003-07-01 13:38 .. I am spending too much time on this. What I would like to do is just remove all references to both users from the imap databases. Is there a way to do this. Then I can recreate a clean account and have the users move their mail over manually. --Ezsra --- Patrick Welche <[EMAIL PROTECTED]> wrote: > On Mon, Jun 30, 2003 at 01:57:54PM -0700, Ezsra > McDonald wrote: > > lm user.jessica.* > > > > user.jessica.Adobe (\HasNoChildren) > > user.jessica.BOHA (\HasNoChildren) > > And then for each of those, is there a eg > /var/spool/imap/user/jessica/Adobe ? > > (I like the syslog idea.. (add local6.debug > /var/log/imapd.log to syslogd.conf etc) > > Cheers, > > Patrick __ Do you Yahoo!? SBC Yahoo! DSL - Now only $29.95 per month! http://sbc.yahoo.com
IMAP auths even without valid mailboxes.
Greetings, I have been running Cyrus for a couple years now and just discovered that any user in my LDAP db can login to imap even if I have not created an IMAP account for them. Is there a setting to tell IMAP not to allow authenticated users who don't have cyrus accounts? I am using IMAP4 v2.1.9 --Ez __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: IMAP auths even without valid mailboxes.
My current system is SuSe 8.1. This version of saslauthd was not compiled with LDAP support. It currently hands off authentication to pam_ldap. I have looked for the cyrus_sasl src RPM for the version I am running. I would rebuild it but apparently it is not available. It looks like I will have to hack a later RPM and see if I can get it to work on SuSe 8.1. Does anyone know how to give pam_ldap a filter to use? That would be my quickest fix. I will be investigating that now. --Ez On Sun, 2005-04-03 at 14:07, Ondřej Surý wrote: > It's not task for IMAP server, but for SASL auth daemon. You have to > construct LDAP query in sasl so it allow only users which have mail to > login. Either create some special flag in LDAP. > > F.E.: "ldap_filter: (&(uid=%u)(allowCyrusLogin=true))" or something > similar. > > Ondrej > > On Fri, 2005-04-01 at 13:02 -0800, Ezsra McDonald wrote: > > > Is there a setting to tell IMAP not to allow > > authenticated users who don't have cyrus accounts? -- Ezsra McDonald .. Linux is like a wigwam -- no Gates, no Windows, and an Apache inside. CONFIDENTIALITY NOTICE: This E-mail and any attachments are confidential. If you are not the intended recipient, you do not have permission to disclose, copy, distribute, or open any attachments. If you have received this E-mail in error, please notify us immediately by returning it to the sender and delete this copy from your system. --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: IMAP auths even without valid mailboxes.
Scott, I was just browsing my LDAP schema. Where should if find authorizedService? --Ez On Mon, 2005-04-04 at 09:33, Scott Balmos wrote: > Use pam_ldap in conjunction with the pam_check_service_attr option in > its config file. Then add authorizedService attributes for every PAM > service you want. Cyrus can get especially fine-grained, because it has > four separate PAM services (one each for POP3, IMAP, NNTP, and Sieve). > See below for a section of my account LDIF. Note that SASL does not > append "d" to its service entries, like you think it would. That screwed > me over the first time I tried to get this setup going. > > authorizedService: sshd > authorizedService: ftpd > authorizedService: imap > authorizedService: pop > authorizedService: nntp > authorizedService: smtp > authorizedService: sieve > > --Scott > > Ezsra McDonald wrote: > > >My current system is SuSe 8.1. This version of saslauthd was not > >compiled with LDAP support. It currently hands off authentication to > >pam_ldap. I have looked for the cyrus_sasl src RPM for the version I am > >running. I would rebuild it but apparently it is not available. It looks > >like I will have to hack a later RPM and see if I can get it to work on > >SuSe 8.1. > > > >Does anyone know how to give pam_ldap a filter to use? That would be my > >quickest fix. I will be investigating that now. > > > >--Ez > > > >On Sun, 2005-04-03 at 14:07, Ondřej Surý wrote: > > > > > >>It's not task for IMAP server, but for SASL auth daemon. You have to > >>construct LDAP query in sasl so it allow only users which have mail to > >>login. Either create some special flag in LDAP. > >> > >>F.E.: "ldap_filter: (&(uid=%u)(allowCyrusLogin=true))" or something > >>similar. > >> > >>Ondrej > >> > >>On Fri, 2005-04-01 at 13:02 -0800, Ezsra McDonald wrote: > >> > >> > >> > >>>Is there a setting to tell IMAP not to allow > >>>authenticated users who don't have cyrus accounts? > >>> > >>> > > -- Ezsra McDonald .. Linux is like a wigwam -- no Gates, no Windows, and an Apache inside. CONFIDENTIALITY NOTICE: This E-mail and any attachments are confidential. If you are not the intended recipient, you do not have permission to disclose, copy, distribute, or open any attachments. If you have received this E-mail in error, please notify us immediately by returning it to the sender and delete this copy from your system. --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
LMTP said: 550-Mailbox unknown or you do not have authorization to see it
I am building a new mail server to replace an older EL6 server. The new server is Centos 8. I keep getting this response when trying to deliver email to a local account stored in LDAP. host mail.example.org[/var/lib/imap/socket/lmtp] said: 550-Mailbox unknown. Either there is no mailbox associated with this 550-name or you do not have authorization to see it. 550 5.1.1 User unknown (in reply to RCPT TO command)) I have tried replacing the new configs with my old working configs from the EL6 server but they get the same result. a postmap -q against the LDAP table config returns the appropriate information. I am wondering if the key is the 'or you do not have authorization to see it` part of the message. What exactly does LMTP need to authorize the delivery? Enabling verbose logging on LMTP and LDAP did not give any clues. Any assistance is appreciated. I have been googling and hitting my head on the desk for days. Thanks, -Ez Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: LMTP said: 550-Mailbox unknown or you do not have authorization to see it
Albert, Thank you for your response. LDAP is only used for the Postfix/Imap servers. We do not configure Pam to use LDAP. We are using saslauthd. I wonder if there is a way to test LMTP manually to verify LMTP can see the imap accounts? I have not done much with LMTP because it always worked for us in the past. ldapsearch, testsaslauthd and imtest all tested successfully. I deleted and recreated my test user's imap account cm user.testuser sam user.testuser testuser write sq user.testuser 100 -Ez On Wed, Oct 14, 2020 at 4:15 PM Albert Shih wrote: > Le 14/10/2020 à 14:30:31-0500, Ezsra McDonald a écrit > > I am building a new mail server to replace an older EL6 server. The new > server > > is Centos 8. I keep getting this response when trying to deliver email > to a > > local account stored in LDAP. > > > > host mail.example.org[/var/lib/imap/socket/lmtp] said: > > 550-Mailbox unknown. Either there is no mailbox associated with this > > 550-name or you do not have authorization to see it. > > 550 5.1.1 User unknown (in reply to RCPT TO command)) > > > > I have tried replacing the new configs with my old working configs from > the EL6 > > server but they get the same result. > > > > a postmap -q against the LDAP table config returns the appropriate > information. > > I am wondering if the key is the 'or you do not have authorization to > see it` > > part of the message. What exactly does LMTP need to authorize the > delivery? > > > > Enabling verbose logging on LMTP and LDAP did not give any clues. > > If you run > > getent passwd > > what you got ? > > Personnaly I don't run the lmtp against ldap, to risky IMHO, if you got any > problem with the connection betwen your postfix/cyrus server and the ldap > server your are going to loose email. > > So for me I'm using a script who dump the ldap inside the /etc/passwd, so > the all account are local. > > Regards > > -- > Albert SHIH > Observatoire de Paris > xmpp: j...@obspm.fr > Heure local/Local time: > Wed Oct 14 11:13:14 PM CEST 2020 > Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: LMTP said: 550-Mailbox unknown or you do not have authorization to see it
Sebastian, Thank you for the response. I have never heard of this tool but it looks interesting. I will give it a try. Will let you all know if I find anything. -Ez On Thu, Oct 15, 2020 at 9:28 AM Sebastian Hagedorn wrote: > > Am 15.10.20 um 15:49 schrieb Ezsra McDonald: > > I wonder if there is a way to test LMTP manually to verify LMTP can see > > the imap accounts? I have not done much with LMTP because it always > > worked for us in the past. > > My favorite tool for mail delivery testing is swaks. You can test LMTP > this way: > > swaks --to YOUR-TEST-USER --socket /var/lib/imap/socket/lmtp --protocol > LMTP > > -- > .:.Sebastian Hagedorn - Weyertal 121 (Gebäude 133), Zimmer 2.02.:. > .:.Regionales Rechenzentrum (RRZK).:. >.:.Universität zu Köln / Cologne University - ✆ +49-221-470-89578.:. > > Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
