sieve: filtering message body
Hi, is it possible to filter a mail's body with sieve? I'm already using sieve to filter subject, from etc. KMail seems not to support filtering on incoming IMAP Folders. Cheers, Marcus --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
pop3: Logins must be at least 1 minute apart
Hi, may be a simple and stupid question, but I can't figure out how to disable this cyrus/pop3d message: "Sending of password did not succeed. Mailserver xyz.example.com responded: Logins must be at least 1 minute apart" I'm using cyrus 2.1.15 backport on debian woody. Thanks, Marcus --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: pop3: Logins must be at least 1 minute apart
Moin! On Thursday 24 June 2004 02:56, Jules Agee wrote: > In /etc/imapd.conf, set: > > popminpoll: 0 ha, that's it. Thanks! Just a hint for IMP/Horde users: if popminpoll is activated you can login via cyrus/pop3d, but can't read any messages, because MP/Horde isn't able to handle this time delay feature. It causes a "CRAM-MD5 generic failure" error. Took me half a night to figure this out. [...] Jun 23 19:35:08 walter cyrus/pop3d[20133]: login: vernon[192.168.44.2] test CRAM-MD5 User logged in Jun 23 19:35:09 walter cyrus/pop3d[20133]: accepted connection Jun 23 19:35:12 walter cyrus/pop3d[20133]: badlogin: vernon[192.168.44.2] CRAM-MD5 generic failure Jun 23 19:35:12 walter cyrus/master[20134]: about to exec /usr/lib/cyrus/bin/pop3d Jun 23 19:35:12 walter cyrus/pop3[20134]: executed Jun 23 19:35:12 walter cyrus/pop3d[20134]: accepted connection Jun 23 19:35:15 walter cyrus/pop3d[20133]: badlogin: vernon[192.168.44.2] CRAM-MD5 generic failure [...] Cheers, M. --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
SASL 1 + SASL 2 + sendmail + cyrus21
Hi, I installed Henrique's ( http://people.debian.org/~hmh/ ) Debian woody backport for cyrus21. Problem is that Debain's sendmail is build with SASL 1 and cyrus21 comes with SASL 2. Now I have two different user databases. SASL 1 is used for sendmail's SMTP_AUTH, SASL 2 is used for cyrus21 authentification. Both SASL versions are working fine, but now I have to manage to differnet databases. Is there a way to authenticate sendmail and cyrus21 against the same user-database? BTW: is it a problem to run SASL 1 and SASL 2 on the same system? Thank you Marcus -- Marcus Schopen(0> P.O. Box 10 25 25 //\ Deutsche Zope User Group D-33525 Bielefeld V_/_www.dzug.org
Re: SASL 1 + SASL 2 + sendmail + cyrus21
Hi Ken, Ken Murchison wrote: Marcus Schopen wrote: I installed Henrique's ( http://people.debian.org/~hmh/ ) Debian woody backport for cyrus21. Problem is that Debain's sendmail is build with SASL 1 and cyrus21 comes with SASL 2. Now I have two different user databases. SASL 1 is used for sendmail's SMTP_AUTH, SASL 2 is used for cyrus21 authentification. Both SASL versions are working fine, but now I have to manage to differnet databases. Is there a way to authenticate sendmail and cyrus21 against the same user-database? I ported Sendmail to use SASLv2 back around 8.12.4. Its an undocumented FFR and won't be officially supported until 8.13, but several people are using it, including me. You'll have to compile it yourself using a config such as: APPENDDEF(`confENVDEF', `-DSASL=2') APPENDDEF(`conf_sendmail_LIBS', `-lsasl2') Hmmm, if I build sendmail myself, I have to leave Debain's package manager. That's what I wanted to avoid. What about using something else but sasl for SMTP_AUTH and cyrus21 authentification? :-)) Marcus -- Marcus Schopen(0> P.O. Box 10 25 25 //\ Deutsche Zope User Group D-33525 Bielefeld V_/_www.dzug.org
problem with setting up vacation with sieve
Hi,
I'm using cyrus-imapd 2.1.13-0 backport on Debian woody with the
following vacation configuration (sieve):
require "fileinto";
require "vacation";
require "envelope";
if header :contains "subject" "vactest" {
vacation :days 7 :addresses ["[EMAIL PROTECTED]"] "vactest!";
}
Maillog shows the following errors when I send a mail from a valid mail
account to my email address:
Aug 2 23:13:30 dude sendmail[21513]: h72LDUWw021513:
Authentication-Warning: dude.home.de: cyrus set sender to <> using -f
[...]
Aug 2 23:13:30 dude sendmail[21513]: h72LDUWw021513:
[EMAIL PROTECTED], delay=00:00:00, xdelay=00:00:00,
mailer=relay, pri=30388, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0,
stat=Sent (h72LDUtb021515 Message accepted for delivery)
[...]
Aug 2 23:13:30 dude sm-mta[21523]: h72LDUtb021515:
to=<[EMAIL PROTECTED]>, delay=00:00:00, xdelay=00:00:00,
mailer=esmtp, pri=120627, relay=unspecified-domain, dsn=5.1.2, stat=Host
unknown (Name server: unspecified-domain: host not found)
[...]
Aug 2 23:13:30 dude sm-mta[21523]: h72LDUtb021515: h72LDUta021523:
postmaster notify: Host unknown (Name server: unspecified-domain: host
not found)
Any idea where what is misconfigured?
Thanks,
Marcus
sendmail.mc entries
Hi, is that a correct sendmail.mc entry to deliver using cyrus: -- [...] define(`CYRUS_MAILER_FLAGS', `A5@/:|')dnl define(`CYRUS_MAILER_PATH', `/usr/sbin/cyrdeliver')dnl define(`CYRUS_MAILER_ARGS', `cyrdeliver -e -q -m $h -- $u ')dnl define(`CYRUS_MAILER_USER', `cyrus:mail')dnl define(`CYRUS_BB_MAILER_FLAGS', `')dnl define(`CYRUS_BB_MAILER_ARGS', `cyrdeliver -e -q -m $u ')dnl [...] MAILER(local)dnl MAILER(smtp)dnl MAILER(cyrus)dnl -- I works fine, but I'm not sure, if I forgot something little, but important. System: cyrus 2.1.13 + sendmail 8.12.3 on Debian woody. Thanks, Marcus
sieve and pipes
Hi,
is it possible to let sieve write into a pipe (like in /etc/aliases):
if header :contains "Subject" "abc" {
"|/usr/local/bin programm";
keep;
}
Thanks,
Marcus
Re: sendmail.mc entries
Sebastian Hagedorn wrote: Marcus, --On Sonntag, 3. August 2003 17:16 Uhr +0200 Marcus Schopen <[EMAIL PROTECTED]> wrote: is that a correct sendmail.mc entry to deliver using cyrus: -- [...] define(`CYRUS_MAILER_FLAGS', `A5@/:|')dnl define(`CYRUS_MAILER_PATH', `/usr/sbin/cyrdeliver')dnl define(`CYRUS_MAILER_ARGS', `cyrdeliver -e -q -m $h -- $u ')dnl define(`CYRUS_MAILER_USER', `cyrus:mail')dnl define(`CYRUS_BB_MAILER_FLAGS', `')dnl define(`CYRUS_BB_MAILER_ARGS', `cyrdeliver -e -q -m $u ')dnl [...] MAILER(local)dnl MAILER(smtp)dnl MAILER(cyrus)dnl -- I works fine, but I'm not sure, if I forgot something little, but important. what you've done may work, but why do it the hard way? Recent versions of sendmail come with a new cyrus mailer definition: MAILER(cyrusv2)dnl and you're done. This doesn't use 'deliver' anymore and performs in my experience better. O.k. sounds good. But where do I get the cyrusv2.m4 macro? Can't find it in the sendmail or cyrus source. My /usr/share/sendmail/cf/mailer directory just constains a cyrus21.m4, which seems to be deprecated. Thanks, Marcus -- Marcus Schopen(0> P.O. Box 10 25 25 //\ Deutsche Zope User Group D-33525 Bielefeld V_/_www.dzug.org
Re: sendmail.mc entries
Hi Sebastian, Sebastian Hagedorn wrote: Marcus, --On Sonntag, 3. August 2003 17:16 Uhr +0200 Marcus Schopen <[EMAIL PROTECTED]> wrote: is that a correct sendmail.mc entry to deliver using cyrus: -- [...] define(`CYRUS_MAILER_FLAGS', `A5@/:|')dnl define(`CYRUS_MAILER_PATH', `/usr/sbin/cyrdeliver')dnl define(`CYRUS_MAILER_ARGS', `cyrdeliver -e -q -m $h -- $u ')dnl define(`CYRUS_MAILER_USER', `cyrus:mail')dnl define(`CYRUS_BB_MAILER_FLAGS', `')dnl define(`CYRUS_BB_MAILER_ARGS', `cyrdeliver -e -q -m $u ')dnl [...] MAILER(local)dnl MAILER(smtp)dnl MAILER(cyrus)dnl -- I works fine, but I'm not sure, if I forgot something little, but important. what you've done may work, but why do it the hard way? Recent versions of sendmail come with a new cyrus mailer definition: MAILER(cyrusv2)dnl and you're done. This doesn't use 'deliver' anymore and performs in my experience better. I found the macro in the current sendmail sources! Could you send me your cyrus relevant parts of your sendmail.mc? On comp.mail.sendmail someone posted this sendmail.mc: -- dnl define(`confBIND_OPTS',`-DNSRCH -DEFNAMES')dnl define(`confLOCAL_MAILER', `cyrusv2')dnl MAILER(`local')dnl MAILER(`smtp')dnl MAILER(`cyrusv2')dnl dnl MODIFY_MAILER_FLAGS(`cyrus',`+w')dnl LOCAL_RULE_0 Rbb + $+ < @ $=w . >$#cyrusbb $: $1 -- A friend of mine sent me these lines: -- define(`confLOCAL_MAILER',`cyrusv2')dnl define(`CYRUSV2_MAILER_PATH', `/usr/lib/cyrus-imapd/deliver')dnl define(`CYRUSV2_MAILER_FLAGS', `A5@/:|')dnl define(`CYRUSV2_MAILER_ARGS', `cyrdeliver -e -q -m $h -- $u ')dnl define(`CYRUSV2_MAILER_ARGS', `FILE /var/lib/imap/socket/lmtp')dnl define(`CYRUS_BB_MAILER_FLAGS', `')dnl define(`CYRUS_BB_MAILER_ARGS', `cyrdeliver -e -q -m $u ')dnl MAILER(cyrusv2) LOCAL_RULE_0 R$=N$: $#local $: $1 R$=N < @ $=w . >$: $#local $: $1 Rbb + $+ < @ $=w . >$#cyrusbb $: $1 -- What's the best way? Thanks, Marcus -- Marcus Schopen(0> P.O. Box 10 25 25 //\ Deutsche Zope User Group D-33525 Bielefeld V_/_www.dzug.org
Re: FYI: email with malicious attchmnt.
BTW: Since two or three days I get a lot of virus mails over this list. Is there a change to set up scanner on the list server. I could give some help with amavis if needed. Saluti, M. -- Marcus Schopen(0> P.O. Box 10 25 25 //\ Deutsche Zope User Group D-33525 Bielefeld V_/_www.dzug.org Weird, but life is too short, move on ...
cyrus accepts mails for "unknown users"
Hi, I've seen that simular questions have been discussed here, but I'm not sure if this problem is the same (sorry if yes and I just didn't get it): I'm runnung sendmail 8.12.3 with cyrusv2 local mailer (Debian woody standard package) and cyrus 2.1.17 (backport from http://people.debian.org/~hmh/). Today I had a heavy spam attack caused by the fact, that sendmail accepts mails for non existing users. EMails to unknown accounts on local domains (local-host-names) will be accepted and than bounced. Is there a way to stop/reject these mails at "rcpt to: user unknown"-point? Thanks, Marcus -- You know, some of these stories are pretty good. I never knew mice lived such interesting lives. -- Homer Simpson Itchy & Scratchy & Marge --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: cyrus accepts mails for "unknown users"
Hi, On Wednesday 01 December 2004 11:57, Andrzej Adam Filip wrote: > Marcus Schopen wrote: > > I've seen that simular questions have been discussed here, but I'm not > > sure if this problem is the same (sorry if yes and I just didn't get it): > > > > I'm runnung sendmail 8.12.3 with cyrusv2 local mailer (Debian woody > > standard package) and cyrus 2.1.17 (backport from > > http://people.debian.org/~hmh/). Today I had a heavy spam attack caused > > by the fact, that sendmail accepts mails for non existing users. EMails > > to unknown accounts on local domains (local-host-names) will be accepted > > and than bounced. Is there a way to stop/reject these mails at "rcpt to: > > user unknown"-point? > > Take a look at http://anfi.homeunix.net/sendmail/rtcyrus2.html > > how to make sendmail check in real time presence of cyrus mailbox using > socket map map (or fstat map) and FEATURE(`mrs'). It supports cyrus virtual > domains Is there another way? There are no sendmail-8.13.x and Cyrus-2.2.x packages for Debian and I don't want to build all that stuff from source. Thanks, Marcus -- The weak and nerdy are admired for their computer-programming abilities. -- Homer Simpson Bart vs. Australia --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
intermediate certificates
Hi, I've to build a new SSL certificate for my cyrus 2.2.13. I'm using a Thawte SSL123 certificate. Since the CAs changed to intermediate certificates, I'd like to be sure to do the right steps for an update and not running into problems with imaps and pop3s clients: 1. modify /etc/imapd.conf. Using tls_ca_file for the intermediate certificate file: tls_cert_file: /etc/mail/tls/mx.myserver.de.thawte.crt tls_key_file: /etc/mail/tls/mx.myserver.de.thawte.key tls_ca_file: /etc/ssl/certs/SSL123_CA_Bundle.pem tls_ca_path: /etc/ssl/certs I've found a howto on the thawte.nl website http://www.thawte.nl/fr/support/manuals/cyrus/cyrus+imap+server/install +certificate/ which puts private key, certification and the intermediate certificate file in one .pem file and uses this combined file for tls_cert_file, tls_key_file and tls_ca_file. Good way? 2. check databases /usr/sbin/ctl_cyrusdb -c 3. shut down cyrus (and may be backup /var/lib/cyrus) 4. do I have to remove /var/lib/cyrus/tls_sessions.db ? 5. start cyrus again Any comments are welcome. System debian/lenny: cyrus-admin-2.2 2.2.13-14+lenny3 cyrus-common-2.2 2.2.13-14+lenny3 cyrus-imapd-2.2 2.2.13-14+lenny3 cyrus-pop3d-2.2 2.2.13-14+lenny3 libcyrus-imap-perl22 2.2.13-14+lenny3 Ciao, Marcus Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
Re: intermediate certificates
Am Mittwoch, den 19.01.2011, 12:53 -0600 schrieb Dan White: > On 19/01/11 19:07 +0100, Marcus Schopen wrote: > >Hi, > > > >I've to build a new SSL certificate for my cyrus 2.2.13. I'm using a > >Thawte SSL123 certificate. Since the CAs changed to intermediate > >certificates, I'd like to be sure to do the right steps for an update > >and not running into problems with imaps and pop3s clients: > > > >1. modify /etc/imapd.conf. Using tls_ca_file for the intermediate > >certificate file: > > > > tls_cert_file: /etc/mail/tls/mx.myserver.de.thawte.crt > > tls_key_file: /etc/mail/tls/mx.myserver.de.thawte.key > > tls_ca_file: /etc/ssl/certs/SSL123_CA_Bundle.pem > > tls_ca_path: /etc/ssl/certs > > We use Digicert here, which uses an intermediate certificate. Our > configuration is the same: > > tls_cert_file: /etc/ssl/certs/file.crt > tls_key_file: /etc/ssl/private/file.key > tls_ca_file: /etc/ssl/certs/DigiCertCA.crt > tls_ca_path: /etc/ssl/certs > > > I've found a howto on the thawte.nl website > > > > http://www.thawte.nl/fr/support/manuals/cyrus/cyrus+imap+server/install > >+certificate/ > > > > which puts private key, certification and the intermediate certificate > >file in one .pem file and uses this combined file for tls_cert_file, > >tls_key_file and tls_ca_file. Good way? > > We have not had to do that. > > >4. do I have to remove /var/lib/cyrus/tls_sessions.db ? > > I don't think so. We've renewed/reinstalled our certificate a couple of > times over the years and have not had to do anything but a restart. A > restart may not even be necessary if both the old and new certificates are > valid, and your imapd sessions cycle out over time (via timeout, or the -U > option). That is an interesting point. I try to avoid a restart as often as I can. Did you or some else test a change without a restart? Ciao, Marcus Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
very old imapd process in /var/lib/cyrus/proc
Hi, I see some very old pid files in /var/lib/cyrus/proc: -rw--- 1 cyrus mail 58 9. Nov 21:24 12116 -rw--- 1 cyrus mail 58 9. Nov 23:56 26636 -rw--- 1 cyrus mail 46 23. Nov 10:00 30308 -rw--- 1 cyrus mail 53 3. Dez 21:11 5042 -rw--- 1 cyrus mail 87 5. Dez 14:54 5623 -rw--- 1 cyrus mail 53 19. Nov 11:03 7064 -rw--- 1 cyrus mail 55 21. Dez 11:41 8681 -rw--- 1 cyrus mail 17 26. Nov 13:59 9610 ... # more 30308 xxx.dip0.t-ipconnect.de [80.131.xxx.xxx] The imapd processes are still running. How to kill them? Just a "kill pidnumer" for each of them or will that harm any cyrus databases? Thanks, Marcus Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
Re: very old imapd process in /var/lib/cyrus/proc
Hi, Am Donnerstag, den 20.01.2011, 21:02 +0100 schrieb Simon Matter: > > Hi, > > > > I see some very old pid files in /var/lib/cyrus/proc: > > > > -rw--- 1 cyrus mail 58 9. Nov 21:24 12116 > > -rw--- 1 cyrus mail 58 9. Nov 23:56 26636 > > -rw--- 1 cyrus mail 46 23. Nov 10:00 30308 > > -rw--- 1 cyrus mail 53 3. Dez 21:11 5042 > > -rw--- 1 cyrus mail 87 5. Dez 14:54 5623 > > -rw--- 1 cyrus mail 53 19. Nov 11:03 7064 > > -rw--- 1 cyrus mail 55 21. Dez 11:41 8681 > > -rw--- 1 cyrus mail 17 26. Nov 13:59 9610 > > ... > > > > # more 30308 > > xxx.dip0.t-ipconnect.de [80.131.xxx.xxx] > > > > The imapd processes are still running. How to kill them? Just a "kill > > pidnumer" for each of them or will that harm any cyrus databases? > > I think killing the way you said (which means SIGTERM) is not a problem. > However, it would be interesting to know what those processes are doing? > Maybe you could strace them? > I think the newer cyrus-imapd versions have some ways to detect not > existing clients while older version waited forever, so what's your > version? I'm using Cyrus 2.2.13-14+lenny3 on a Debian/Lenny system. Ciao, Marcus Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
lmtp over tcp configuation
Hi, I'm planing to split cyrus 2.2.13 from my incoming mail server running sendmail 8.14.3. Basically I set up an openvpn tunnel between the boxes and changed the CYRUSV2_MAILER_ARGS from FILE to TCP in the cyrusv2.m4 macro on sendmail side and activated lmtp in the cyrus.conf on the other side. First tests are running fine. Did I forget something? Any tuning hints? /etc/mail/sendmail.mc: [...] dnl # Default Mailer setup MAILER_DEFINITIONS define(`confLOCAL_MAILER', `cyrusv2')dnl MAILER(`local')dnl MAILER(`smtp')dnl MAILER(`cyrusv2')dnl /usr/share/sendmail/cf/mailer/cyrusv2.m4: [...] ifdef(`CYRUSV2_MAILER_ARGS',, `define(`CYRUSV2_MAILER_ARGS', `TCP [192.168.100.2] 2003')') [...] /etc/cyrus.conf: [...] lmtpcmd="lmtpd -a" listen="192.168.200.1:lmtp" prefork=0 maxchild=20 lmtpunixcmd="lmtpd" listen="/var/run/cyrus/socket/lmtp" prefork=0 maxchild=20 [...] System Ubuntu 10.04 LTS with sendmail8.14.3-9.1ubuntu1 cyrus-common-2.22.2.13-19squeeze3build0.10.04.1 Cheers Marcus Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
keep cyrus in sync with cold standby
Hi, I'm thinking about a strategy to keep my cyrus server (2.2.13 on Ubuntu 10.04 LTS) in sync with a cold standby server. This hasn't to be a live/hot sync and I'd like to keep it as simple as possible. A sync delay up to 30 minutes is acceptable for this small setup (250 Accounts, 80 GB mail storage, 5 emails per minute), but I don't want to stop cyrus while doing the snyc. Cyrus replication seems to be the most reasonable way, but I'm sitting on Ubuntu 10.04 LTS, which comes with cyrus 2.2.13 and I can't find any newer backports. Centos 6.x with Cyrus 2.3.16 could be an alternative setup, but I'm not sure if 2.3.16 is also to old for stable replication. :/ DRBD could be an option but I never had DRBD running within a parallels virtualisation (bare metal setup); might be a timing/performance problem with a lot of very small files? Do I run in bad problems if I just run a simple rsync of /var/lib/cyrus, /var/spool/cyrus/ and /var/spool/sieve/ and dump mailboxes.db (skiplist) with "ctl_mboxlist -d" every 30 minutes? Is there a way give cyrus a flush of its databases without stopping it? Ciao Marcus Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
sieve: count recipients of a single domain
Hi, I'd like to count the recipients of a single domain in the To: or Cc: header. If the recipients to this domain (recipients to other domains ignored) in the To: or Cc: header in total are greater than 1 (= minimum 2) the mail should moved into a subfolder. Is that possible with sieve scripting? Skript examples are welcome ;) Ciao Marcus Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
cyrus and Outlook subfolder crawling
Hi, I've got a problem with a Outlook 2010 client. The client is accessing a 10 GB cyrus imap account and crawling with high a frequency like crazy through each subfolders which fills the mail logfile and causes a noticeable higher load. This never stops unless the Outook client is closed. I'm not familiar with Outlook and to my mind this is not a cyrus problem, but does anybody know to say Outlook to stop this annoying behaviour. Ciao Marcus Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
secure lmtp connection between sendmail and cyrus
Hi, I'm looking for a secure and stable way to connect sendmail (8.14.4) and cyrus (2.4.12) in case of both hosts not running on the same machine or in the same local secure subnet. What is a practical way? An openvpn (tcp or udp?) connection between sendmail and cyrus and starting lmtpd with -a option at the tunnel's end? Or a LMTPs connection with LMTP_AUTH, but couldn't find any good example configs how to configure sendmail to use LMTP_AUTH und TLS to talk to cyrus. Cheers Marcus Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: secure lmtp connection between sendmail and cyrus
Am Samstag, den 15.02.2014, 18:56 +0100 schrieb Marcus Schopen: > Hi, > > I'm looking for a secure and stable way to connect sendmail (8.14.4) and > cyrus (2.4.12) in case of both hosts not running on the same machine or > in the same local secure subnet. > > What is a practical way? An openvpn (tcp or udp?) connection between > sendmail and cyrus and starting lmtpd with -a option at the tunnel's > end? > > Or a LMTPs connection with LMTP_AUTH, but couldn't find any good example > configs how to configure sendmail to use LMTP_AUTH und TLS to talk to > cyrus. LMTP_AUTH connections via access # client AUTH AuthInfo:IP "I:testuser" "P:test and put testuser to lmtp_admins on cyrus side lmtp_admins: testuser But this is still not secure of course. Would a openvpn or tinc tunnel be faster instead of a LMTPs connection? Ciao Marcus Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: secure lmtp connection between sendmail and cyrus
Am Sonntag, den 16.02.2014, 00:43 +0100 schrieb Marcus Schopen: > Am Samstag, den 15.02.2014, 18:56 +0100 schrieb Marcus Schopen: > > Hi, > > > > I'm looking for a secure and stable way to connect sendmail (8.14.4) and > > cyrus (2.4.12) in case of both hosts not running on the same machine or > > in the same local secure subnet. > > > > What is a practical way? An openvpn (tcp or udp?) connection between > > sendmail and cyrus and starting lmtpd with -a option at the tunnel's > > end? > > > > Or a LMTPs connection with LMTP_AUTH, but couldn't find any good example > > configs how to configure sendmail to use LMTP_AUTH und TLS to talk to > > cyrus. > > LMTP_AUTH connections via access > > # client AUTH > AuthInfo:IP "I:testuser" "P:test > > and put testuser to lmtp_admins on cyrus side > lmtp_admins: testuser > > But this is still not secure of course. Would a openvpn or tinc tunnel > be faster instead of a LMTPs connection? TLS for lmtp connections between sendmail and cyrus seems to work out of the box as soon as tls_cert_file, tls_key_file and tls_ca_file are set on cyrus side and sendmail is configured with starttls and sasl. Nice! But question is still if a permanent openvpn tunnel to an lmtpd started with -a is faster than an authentication and starting tls for each incoming email? Ciao! Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: COMPRESS received NO response: Compression already active: DEFLATE
Am Mittwoch, den 20.02.2013, 13:14 +0100 schrieb Per olof Ljungmark: > sync_client starts with compression enable (-z) but as soon as it > restarts, it fails to enable it. > > Server side at first start > > syncserver[87122]: accepted connection > syncserver[87122]: cmdloop(): startup > syncserver[87122]: login: [client-IP] cyrus PLAIN User logged in > syncserver[87122]: created decompress buffer of 4102 bytes > syncserver[87122]: created compress buffer of 4102 bytes > > Client at first restart > > sync_client[49902]: sync_client RESTART succeeded > sync_client[49902]: COMPRESS received NO response: Compression already > active: DEFLATE > sync_client[49902]: Failed to enable compression, continuing uncompressed > > cyrus-imap is 2.4.17 Same here on Ubuntu 12.04 LTS dpkg -l | grep cyrus ii cyrus-admin 2.4.12-2 ii cyrus-admin-2.4 2.4.12-2 ii cyrus-common 2.4.12-2 ii cyrus-common-2.4 2.4.12-2 ii cyrus-imapd 2.4.12-2 ii cyrus-imapd-2.4 2.4.12-2 ii cyrus-pop3d 2.4.12-2 ii cyrus-pop3d-2.4 2.4.12-2 ii cyrus-replication2.4.12-2 ii cyrus-replication-2.42.4.12-2 ii libcyrus-imap-perl24 2.4.12-2 Ciao! Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
sync_server and TLS
Hi, how do I figure out if master and replica are talking via TLS? Certs are installed on both servers. Telnet on the replica shows: ~# telnet replica 2005 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. * SASL DIGEST-MD5 CRAM-MD5 NTLM LOGIN PLAIN * STARTTLS * COMPRESS DEFLATE * OK tripp Cyrus sync server v2.4.12-Debian-2.4.12-2 When starting the master, login and replication is working, but it seems not working on TLS: Feb 19 01:11:24 replica cyrus/syncserver[22175]: accepted connection Feb 19 01:11:24 replica cyrus/syncserver[22175]: cmdloop(): startup Feb 19 01:11:24 replica cyrus/syncserver[22175]: login: server [xxx] syncuser DIGEST-MD5 User logged in Ciao! Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: sync_server and TLS
Am Mittwoch, den 19.02.2014, 01:16 +0100 schrieb Marcus Schopen: > Hi, > > how do I figure out if master and replica are talking via TLS? Certs are > installed on both servers. Telnet on the replica shows: > > > ~# telnet replica 2005 > Trying 127.0.0.1... > Connected to localhost. > Escape character is '^]'. > * SASL DIGEST-MD5 CRAM-MD5 NTLM LOGIN PLAIN > * STARTTLS > * COMPRESS DEFLATE > * OK tripp Cyrus sync server v2.4.12-Debian-2.4.12-2 > > > When starting the master, login and replication is working, but it seems > not working on TLS: > > Feb 19 01:11:24 replica cyrus/syncserver[22175]: accepted connection > Feb 19 01:11:24 replica cyrus/syncserver[22175]: cmdloop(): startup > Feb 19 01:11:24 replica cyrus/syncserver[22175]: login: server [xxx] > syncuser DIGEST-MD5 User logged in Certificates seems to be fine. A synctest from the master to the replica (= server) looks like this: synctest -a syncadmin -u syncamdin -t '' server --- Feb 19 02:23:57 tripp cyrus/master[22549]: about to exec /usr/lib/cyrus/bin/sync_server Feb 19 02:23:57 tripp cyrus/syncserver[22549]: executed Feb 19 02:23:57 tripp cyrus/syncserver[22549]: accepted connection Feb 19 02:23:57 tripp cyrus/syncserver[22549]: cmdloop(): startup Feb 19 02:23:57 tripp cyrus/syncserver[22549]: imapd:Loading hard-coded DH parameters Feb 19 02:23:57 tripp cyrus/syncserver[22549]: SSL_accept() incomplete -> wait Feb 19 02:23:57 tripp cyrus/syncserver[22549]: SSL_accept() succeeded -> done Feb 19 02:23:57 tripp cyrus/syncserver[22549]: starttls: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits new) no authentication Feb 19 02:23:59 tripp cyrus/syncserver[22549]: login: server [xxx] syncamdin DIGEST-MD5+TLS User logged in --- Restarting Cyrus on the master comes up with this login without TLS on the replica: --- Feb 19 02:24:55 tripp cyrus/syncserver[22549]: accepted connection Feb 19 02:24:55 tripp cyrus/syncserver[22549]: cmdloop(): startup Feb 19 02:24:55 tripp cyrus/syncserver[22549]: login: server [xxx] syncadmin DIGEST-MD5 User logged in --- Ciao! Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: sync_server and TLS
Hi Stephen, Am Dienstag, den 18.02.2014, 22:33 -0800 schrieb Stephen Ingram: > On Tue, Feb 18, 2014 at 4:16 PM, Marcus Schopen > wrote: > Hi, > > how do I figure out if master and replica are talking via TLS? > Certs are > installed on both servers. Telnet on the replica shows: > > > ~# telnet replica 2005 > Trying 127.0.0.1... > Connected to localhost. > Escape character is '^]'. > * SASL DIGEST-MD5 CRAM-MD5 NTLM LOGIN PLAIN > * STARTTLS > * COMPRESS DEFLATE > * OK tripp Cyrus sync server v2.4.12-Debian-2.4.12-2 > > > When starting the master, login and replication is working, > but it seems > not working on TLS: > > Feb 19 01:11:24 replica cyrus/syncserver[22175]: accepted > connection > Feb 19 01:11:24 replica cyrus/syncserver[22175]: cmdloop(): > startup > Feb 19 01:11:24 replica cyrus/syncserver[22175]: login: server > [xxx] > syncuser DIGEST-MD5 User logged in > > > Marcus- > > > It doesn't look like your sync server is using TLS. You'll see > references to it in the logs on both the master and the replica as the > connection is established like: > > > sync_client[25615]: starttls: TLSv1 with cipher DHE-RSA-AES256-SHA > (256/256 bits new client) no authentication, > > > then you should see the authentication begin. > > > Does your imapd.conf file on both master and replica specify the > certificate, key and CA? Do the users the processes run as have access > to these? I feed the master via LMT over TCP from a remote sendmail and this connection is using TLS. I can see it in the logs. And I can connect the Master via SSL on IMAPs Port. Therefore I think the certificates are correctly installed on the master. I set tls_cert_file, tls_key_file and tls_ca_file. And on replica a synctest shows --- synctest -a syncadmin -u syncamdin -t '' server Feb 19 02:23:57 tripp cyrus/master[22549]: about to exec /usr/lib/cyrus/bin/sync_server Feb 19 02:23:57 tripp cyrus/syncserver[22549]: executed Feb 19 02:23:57 tripp cyrus/syncserver[22549]: accepted connection Feb 19 02:23:57 tripp cyrus/syncserver[22549]: cmdloop(): startup Feb 19 02:23:57 tripp cyrus/syncserver[22549]: imapd:Loading hard-coded DH parameters Feb 19 02:23:57 tripp cyrus/syncserver[22549]: SSL_accept() incomplete -> wait Feb 19 02:23:57 tripp cyrus/syncserver[22549]: SSL_accept() succeeded -> done Feb 19 02:23:57 tripp cyrus/syncserver[22549]: starttls: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits new) no authentication Feb 19 02:23:59 tripp cyrus/syncserver[22549]: login: server [xxx] syncamdin DIGEST-MD5+TLS User logged in --- So I think TLS configuration on replica is fine too. But the master seems not to use TLS when conecting via sync_client to the replica. Is there an option to force using TLS or should the master connect using TLS as soon as the replica offers it? Ciao Marcus Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: sync_server and TLS
Am Mittwoch, den 19.02.2014, 02:28 +0100 schrieb Marcus Schopen: > Am Mittwoch, den 19.02.2014, 01:16 +0100 schrieb Marcus Schopen: > > Hi, > > > > how do I figure out if master and replica are talking via TLS? Certs are > > installed on both servers. Telnet on the replica shows: > > > > > > ~# telnet replica 2005 > > Trying 127.0.0.1... > > Connected to localhost. > > Escape character is '^]'. > > * SASL DIGEST-MD5 CRAM-MD5 NTLM LOGIN PLAIN > > * STARTTLS > > * COMPRESS DEFLATE > > * OK tripp Cyrus sync server v2.4.12-Debian-2.4.12-2 > > > > > > When starting the master, login and replication is working, but it seems > > not working on TLS: > > > > Feb 19 01:11:24 replica cyrus/syncserver[22175]: accepted connection > > Feb 19 01:11:24 replica cyrus/syncserver[22175]: cmdloop(): startup > > Feb 19 01:11:24 replica cyrus/syncserver[22175]: login: server [xxx] > > syncuser DIGEST-MD5 User logged in > > Certificates seems to be fine. A synctest from the master to the replica > (= server) looks like this: > > synctest -a syncadmin -u syncamdin -t '' server > > --- > Feb 19 02:23:57 tripp cyrus/master[22549]: about to > exec /usr/lib/cyrus/bin/sync_server > Feb 19 02:23:57 tripp cyrus/syncserver[22549]: executed > Feb 19 02:23:57 tripp cyrus/syncserver[22549]: accepted connection > Feb 19 02:23:57 tripp cyrus/syncserver[22549]: cmdloop(): startup > Feb 19 02:23:57 tripp cyrus/syncserver[22549]: imapd:Loading hard-coded > DH parameters > Feb 19 02:23:57 tripp cyrus/syncserver[22549]: SSL_accept() incomplete > -> wait > Feb 19 02:23:57 tripp cyrus/syncserver[22549]: SSL_accept() succeeded -> > done > Feb 19 02:23:57 tripp cyrus/syncserver[22549]: starttls: TLSv1 with > cipher DHE-RSA-AES256-SHA (256/256 bits new) no authentication > Feb 19 02:23:59 tripp cyrus/syncserver[22549]: login: server [xxx] > syncamdin DIGEST-MD5+TLS User logged in > --- > > Restarting Cyrus on the master comes up with this login without TLS on > the replica: > > --- > Feb 19 02:24:55 tripp cyrus/syncserver[22549]: accepted connection > Feb 19 02:24:55 tripp cyrus/syncserver[22549]: cmdloop(): startup > Feb 19 02:24:55 tripp cyrus/syncserver[22549]: login: server [xxx] > syncadmin DIGEST-MD5 User logged in > --- > > Ciao! Playing around with imap.conf Test 1: Ubuntu 12.04 LTS default imap.conf: #sasl_mech_list: PLAIN allowplaintext: yes comes up with this banner root@replicaserver:/etc# telnet localhost 2005 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. * SASL DIGEST-MD5 CRAM-MD5 NTLM LOGIN PLAIN * STARTTLS * COMPRESS DEFLATE * OK replicaserver Cyrus sync server v2.4.12-Debian-2.4.12-2 Log entry on replica Feb 19 15:30:31 replicaserver cyrus/syncserver[23528]: login: masterserver [192.168.0.100] testsyncuser DIGEST-MD5 User logged Test 2: set sasl_mech_list to PLAIN allowplaintext: yes sasl_mech_list: PLAIN comes up with this banner root@replicaserver:/etc# telnet localhost 2005 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. * SASL PLAIN * STARTTLS * COMPRESS DEFLATE * OK replicaserver Cyrus sync server v2.4.12-Debian-2.4.12-2 Log entry on replica Feb 19 15:32:17 replicaserver cyrus/syncserver[23573]: login: masterserver [192.168.0.100] testsyncuser PLAIN User logged in Test 2: set sasl_mech_list to PLAIN and allowplaintext to no allowplaintext: no sasl_mech_list: PLAIN comes up with this banner root@replicaserver:/etc# telnet localhost 2005 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. * STARTTLS * COMPRESS DEFLATE * OK replicaserver Cyrus sync server v2.4.12-Debian-2.4.12-2 Log entry on replica Feb 19 15:33:38 replicaserver cyrus/syncserver[23618]: imapd:Loading hard-coded DH parameters Feb 19 15:33:38 replicaserver cyrus/syncserver[23618]: SSL_accept() incomplete -> wait Feb 19 15:33:38 replicaserver cyrus/syncserver[23618]: SSL_accept() succeeded -> done Feb 19 15:33:38 replicaserver cyrus/syncserver[23618]: starttls: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits new) no authentication Feb 19 15:33:38 replicaserver cyrus/syncserver[23618]: login: masterserver [192.168.0.100] testsyncuser PLAIN+TLS User logged in I like this :) Seems that the master doesn't use TLS as long as the replica offers SASL mechanisms. Ciao! Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
replication questions - best practice?
Hi, some questions about master and replication: I'm running a single standalone master and a replica slave. What is best failover practice for this setup? How do I make a replication slave to master if the standalone master is down? Just remove syncserver from SERVICE section on slave and restart it (and update DNS record and change certificates)? If the former standalone master is up again how do I sync the slave, which is temporary master now, fully back to the former master? Just put a syncserver enty to SERVICES section on the former master and syncclient to START section on the temporary master and restart both server? And how do I force a full sync back, just restart master and slave? Is there there a good howto for replication, e.g. tuning, fixing common problems? The howto on http://cyrusimap.web.cmu.edu/docs/cyrus-imapd/2.4.15/install-replication.php works fine, but is very basic (in my case I had to add "sync_port: csync" to imap.conf to get it working. Getting TLS to run between master and slave took me two nights and two red wine bottles. ;) What tools are best to check if master and replica are in full sync? Just logfiles? Last question: Is it a no go to connect with an imap client on the slave to check if sync is working as long as the slave is not becoming master? Cheers Marcus Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
replication deleting files on slave and sync_client -u
Hi, just a understanding question: for some testing I connected via imap to the slave an deleted some messages there. After that I started a /usr/lib/cyrus/bin/sync_client -u mailboxname on the master to sync master and slave. This is the log on the master: - Feb 19 23:51:19 master cyrus/sync_client[8077]: starttls: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits new client) no authentication Feb 19 23:51:19 master cyrus/sync_client[8077]: MAILBOX received NO response: IMAP_MAILBOX_CRC Checksum Failure Feb 19 23:51:19 master cyrus/sync_client[8077]: CRC failure on sync for user.testbox, trying full update Feb 19 23:51:19 master cyrus/sync_client[8077]: SYNCNOTICE: highestmodseq higher on replica user.testbox, updating 57 => 61 Feb 19 23:51:19 master cyrus/sync_client[8077]: SYNCNOTICE: record mismatch with replica: user.testbox more recent on replica Feb 19 23:51:19 master cyrus/sync_client[8077]: SYNCNOTICE: master uid:40 modseq:56 last_updated:1392850167 internaldate:1392850167 flags:(\Seen) Feb 19 23:51:19 master cyrus/sync_client[8077]: SYNCNOTICE: replica uid:40 modseq:58 last_updated:1392850232 internaldate:1392850167 flags:(\Seen) Feb 19 23:51:19 master cyrus/sync_client[8077]: SYNCNOTICE: record mismatch with replica: user.testbox more recent on replica Feb 19 23:51:19 master cyrus/sync_client[8077]: SYNCNOTICE: master uid:40 modseq:56 last_updated:1392850167 internaldate:1392850167 flags:(\Seen) Feb 19 23:51:19 master cyrus/sync_client[8077]: SYNCNOTICE: replica uid:40 modseq:58 last_updated:1392850232 internaldate:1392850167 flags:(\Seen) Feb 19 23:51:19 master cyrus/sync_client[8077]: Unlinking files in mailbox user.testbox Feb 19 23:51:50 master cyrus/sync_client[8080]: Doing a peer verify - Looking into the mailbox on master server the on the slave deleted messages are deleted on the master too. So far so good, both mailboxes seems to be in sync, but I would have had expected that the master is syncing the deleted messages back to the slave and not the other way around. Ciao Marcus Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: replication does not work
Hi, Am Freitag, den 21.02.2014, 17:23 +0100 schrieb Willy Offermans: [...] > > > I can answer my own question. I was indeed missing the authentication > mechanism. I added to imapd.conf on the > back-end server and the replication worked. > > So I wonder how I can tell sync_client which authentication mechanism to > use? It seems like a feature request to me? or a hidden option to the > sync_client executable. That's an interesting question. I had a similar problem this week to force master and slave to sync via TLS. As long as the banner on slave side offered "DIGEST-MD5 CRAM-MD5 NTLM LOGIN PLAIN" to connection plain. I set "allowplaintext: no" and "sasl_mech_list: PLAIN" on slave and now both are talking PLAIN via TLS. So if there is an option on master side to force to login using eg. CRAM-MD5 then there might be an option too to force TLS. > I'm playing with replication now and testing what happens if one deletes > e-mails on the back-end server and not on the client. Will these mails be > restored on the back-end by replication and when? Don't understand, what is the client, the replica server? Ciao! Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: replication does not work
Hi Andrew, Am Freitag, den 21.02.2014, 11:21 -0800 schrieb Andrew Morgan: > On Fri, 21 Feb 2014, Marcus Schopen wrote: > > > Hi, > > > > Am Freitag, den 21.02.2014, 17:23 +0100 schrieb Willy Offermans: > > [...] > >> > >> > >> I can answer my own question. I was indeed missing the authentication > >> mechanism. I added to imapd.conf on the > >> back-end server and the replication worked. > >> > >> So I wonder how I can tell sync_client which authentication mechanism to > >> use? It seems like a feature request to me? or a hidden option to the > >> sync_client executable. > > > > That's an interesting question. I had a similar problem this week to > > force master and slave to sync via TLS. As long as the banner on slave > > side offered "DIGEST-MD5 CRAM-MD5 NTLM LOGIN PLAIN" to connection plain. > > I set "allowplaintext: no" and "sasl_mech_list: PLAIN" on slave and now > > both are talking PLAIN via TLS. So if there is an option on master side > > to force to login using eg. CRAM-MD5 then there might be an option too > > to force TLS. > > > >> I'm playing with replication now and testing what happens if one deletes > >> e-mails on the back-end server and not on the client. Will these mails be > >> restored on the back-end by replication and when? > > > > Don't understand, what is the client, the replica server? > > Have you looked at the sasl_minimum_layer option? > > sasl_minimum_layer: 0 > The minimum SSF that the server will allow a client to > negotiate. A value of 1 requires integrity protection; any > higher value requires some amount of encryption. > > > Andy Many thanks for your response. Yes, I've tried sasl_minimum_layer with values from 1 up to 100. But even then the master doesn't start a TLS connection to the replica. Hmm Cheers from Germany Marcus Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
disable login for users without mailbox
Hi, as soon as a user is created in sasldb2 a imap login is possible even if a cyrus mailbox isn't available. Can I avoid this? I use sasldb authentication for another service (sendmail smtp_auth) on the same server and don't want to mix up smtp and imap users. Separated sasldb databases would be great. Ciao! Marcus -- I say, if your knees aren't green by the end of the day, you ought to seriously re-examine your life. -- Calvin Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
undelete a single message, delete_mode + expunge_mode activated
Hi, I've just activated delete_mode: delayed expunge_mode: delayed on my cyrus 2.4.12. A deleted subfolder "testfolder3" from testuser's Inbox is moved to /var/spool/cyrus/mail/u/DELETED/user/testuser/testfolder3/531E16DC/ I can undelete the complete folder using rename[1] localhost> rename DELETED.user.testuser.testfolder3.531E16DC user.testuser.testfolder3_recovery This seems to work fine with folders. When deleting a single message from Inbox or a subfolder these message are not moved into a DELETED structure and keep staying at their originally place on filesystem. Those messages are definitely delete. I can't see them in my imap client anymore (tested with evolution and Thunderbird). How do I undelete these single messages? Ciao Marcus [1] http://www.cyrusimap.org/~vanmeeuwen/cyrus-imapd-2.4-docs/Administrator_Guide/html/chap-Administrator_Guide-Deleting_and_Undeleting_Messages_and_Folders.html Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: undelete a single message, delete_mode + expunge_mode activated
Hi Dennis, Am Montag, den 10.03.2014, 21:04 + schrieb Dennis Davis: > > Use the Cyrus "unexpunge" command mentioned on the page given below. > See the manual page for unexpunge for details. It's basically: > > unexpunge -l ... > > to list the deleted messages and either: > > unexpunge -a ... > > to restore all deleted messages or: > > unexpunge -u ... > > to restore selected messages. > > You probably also want to use the "-d" argument on any restored > messages. I need a XXL coffee %-) ... Thanks! Cheers Marcus Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
cyrus backup and LVM snaps without stopping cyrus?
Hi, before starting a filebased backup with rdiff-backup I stop Cyrus, create LVM snaps of partitions where /var/lib/cyrus/ and /var/lib/cyrus are located and start Cyrus again. The downtime of Cyrus is just a few seconds, but is there a way to avoid stopping Cyrus before creating the snaps or is this the safest method to flush all data and get a consistent status of data and databases? Ciao Marcus -- If you want to stay dad you've got to polish your image. I think the image we need to create for you is "repentant but learning".-- Calvin Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
duplicate inodes after moving messages from Inbox to subfolder
Hi, a kind of node weirdness which makes me a little nervous. My daily rdiff-backup reports a lot of warning lines like this Warning: Attempt to rename over same inode: /backup/var/spool/cyrus/mail/a/user/archive/nagios/rdiff-backup.tmp.578 to /backup/var/spool/cyrus/mail/a/user/archive/nagios/608. This happens since I moved emails about 1000 emails with Thunderbird from the Inbox of User archive to the subfolder nagios. I've activated delete_mode: delayed expunge_mode: delayed in /etc/imap.conf therefore a su - cyrus -c "/usr/sbin/unexpunge -l user.archive" shows the moved messages in die Inbox as deleted and the same messages in the nagios subfolder and these massages have the same inode E-Mail in the Inbox: # ls -li /var/spool/cyrus/mail/a/user/archive/1246. 10488557 -rw--- 3 cyrus mail 1586 Mär 27 06:19 /var/spool/cyrus/mail/a/user/archive-bot-mxrelay/1246. E-Mail in the Subfolder: #ls -li /var/spool/cyrus/mail/a/user/archive/nagios/999. 10488557 -rw--- 3 cyrus mail 1586 Mär 27 06:19 /var/spool/cyrus/mail/a/user/archive-bot-mxrelay/nagios/999. Both have the same inode id. diff /var/spool/cyrus/mail/a/user/archive/nagios/999. /var/spool/cyrus/mail/a/user/archive/1246. -> no output, same content. Is that normal? Ciao! Marcus Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: duplicate inodes after moving messages from Inbox to subfolder
Am Sonntag, den 30.03.2014, 14:52 +0200 schrieb Marcus Schopen: > Is that normal? Seem to be hardlinks. Is this how cyrus arranges the spool in these cases? Ciao! Marcus Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
syncing sieve scripts on Ubuntu 12.04 LTS
Hi, may be helpful to people running cyrus on Debian/Ubuntu 12.04 TLS: today I ran into a problem creating and syncing sieve scripts from master to slave, which causes tons of following log entries on master and slave: mail.log on master: Mar 31 14:39:43 server cyrus/sync_client[32690]: SIEVE received NO response: System I/O error Mar 31 14:39:43 server cyrus/sync_client[32690]: SIEVE received NO response: System I/O error mail.err on slave: Mar 31 14:39:17 slave cyrus/syncserver[16679]: Failed to create /var/spool/sieve/a/...:Permission denied Mar 31 14:39:17 slave cyrus/syncserver[16679]: Failed to create /var/spool/sieve/a/...:Permission denied Reason are wrong permissions on /var/spool/sieve subdirs, which are owned by root.root by default on Ubuntu 12.04 TLS and not by cyrus.mail. A simple chown -R cyrus.mail /var/spool/sieve/* on master and slave "fixed" this problem in my setup. This bug has been reported[1], but in case of Ubuntu 12.04 TLS it is definitely not fixed. Ciao Marcus [1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=693507 Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
delprune/cyr_expire on a single maibox
Hi, my daily delprune in events is configured like this: delprunecmd="/usr/sbin/cyrus expire -E 1 -X 7 -D 7" at=0601 Is this the correct way to clean up all deleted messages in a single box by hand: as user cyrus run /usr/sbin/cyr_expire -E 1 -X 0 -D 0 -p user.testbox -v Ciao! Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: fetching user_deny.db entry for ...
Am Donnerstag, den 02.02.2012, 14:26 +0100 schrieb Eric Luyten: > On Thu, February 2, 2012 2:20 pm, Marten Lehmann wrote: > > > since my upgrade from cyrus-imapd 2.3.x to 2.4.x mail maillog gets cluttered > > by entries like this: > > > > Feb 2 14:18:07 g112 cyrus/imap[16836]: fetching user_deny.db entry for > > 'u...@mailbox.com' > > > > > > I have absoletely no use for this user_deny.db stuff. Before I created > > an empty user_deny.db I got IOERRORs with "No such file or directory", now > > that > > it exists, now I get these useless logs. How can I disable this entirely? Or > > how can I disable logging of it? > > Marten, > > You could reduce the syslog logging level from .debug to .info but this will > make you lose some other stuff too. Check whether you really need the latter. > Solved it with rsyslog message filtering[1]: ###*.*;auth,authpriv.none -/var/log/syslog *.*;auth,authpriv.none;mail.none-/var/log/syslog [...] :msg,startswith, " fetching user_deny" ~ :msg,startswith, " SQUAT failed" ~ :msg,contains, "defaultbc doesn\'t exist: No such " ~ mail.* -/var/log/mail.log Ciao Marcus [1] http://www.rsyslog.com/doc/rsyslog_conf_filter.html Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
hanging imap with more then 120 connections
Hi,
my cyrus/imap starts hanging (I get timeouts on port 143) whenever a
user is connecting to 120 mailboxes from a single IP and holding these
connections for some time. The machine (KVM, 4 GB RAM, 4x2,1 GHz CPU)
doesn't have hight load or is swapping therefore I'm a little bit
surprised about this behavior.
SERVICES {
...
imapcmd="imapd -U 30" listen="imap" prefork=4 maxchild=100
imaps cmd="imapd -s -U 30" listen="imaps" prefork=4 maxchild=100
...
}
Would maxchild=150 solve it and would the work out with the given VM
setup?
Ciao
Marcus
--
The only skills I have patience to learn are those that have no real
application in life. -- Calvin
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
old dirs with content in /var/spool/cyrus/mail/sync. on replication server
Hi, on my replication I see about a thousand dirs, many of them a few month old. The total size of /var/spool/cyrus/mail/sync. is about 240 MB. Most of the dirs are empty, about 240 dirs containing files For today for example I do see some dirs which are all empty: drwx-- 1354 cyrus mail 36864 Aug 26 12:40 . drwx--2 cyrus mail4096 Aug 26 12:43 22681 drwx--2 cyrus mail4096 Aug 26 04:39 28130 drwx--2 cyrus mail4096 Aug 26 05:09 28668 drwx--2 cyrus mail4096 Aug 26 12:30 3257 drwx--2 cyrus mail4096 Aug 26 05:39 4706 drwx--2 cyrus mail4096 Aug 26 12:40 5630 drwx--2 cyrus mail4096 Aug 26 01:39 8785 drwx--2 cyrus mail 12288 Aug 26 01:49 9707 What about the non empty directorys? Boths servers seem to in sync. The file /var/lib/cyrus/sync/log on the master ist empty or doesn't exists. Ciao Marcus Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
backup rsync
Hi, I'm planing to use lvm snaps and rsync for a daily disaster recovery backup on my master cyrus (2.4.12 Ubuntu 12.04 LTS): ctl_cyrusdb -c ctl_mboxlist -d > mailboxes.db.dump stop cyrus lvm snaps start cyrus rsync /var/lib/cyrus/ and /var/spool/cyrus to backup host remove snaps Is there something to be aware with rsync especially with /var/spool/cyrus directories? Beside that the master is in master-slave replication too. In a case of disaster recovery - if you don't want to make the slave to the master - would it work out to rsync /var/lib/cyrus/ and /var/spool/cyrus from the slave to the master or is that not a good idea? Ciao Marcus Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: backup rsync
Am Freitag, den 29.08.2014, 07:56 -0700 schrieb David R Bosso: > --On August 29, 2014 at 4:27:57 PM +0200 Marcus Schopen > wrote: > > > Hi, > > > > I'm planing to use lvm snaps and rsync for a daily disaster recovery > > backup on my master cyrus (2.4.12 Ubuntu 12.04 LTS): > > Have you tested lvm snaps for this purpose yet? When I tried to use lvm > snapshots in this way a few years ago, it absolutely killed performance on > the volume with the active snapshots. Hopefully things have improved, but > I wouldn't bet on it. Yes, I've tested it and don't see any performance problems while the snaphot is active. My problem is how to backup about 140 GB mailspool in an acceptable time slot. What tools are recommended? If using rsync what options are best practice? Ciao Marcus Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: backup rsync
Am Samstag, den 30.08.2014, 17:10 +0200 schrieb Simon Matter: > > Am Freitag, den 29.08.2014, 07:56 -0700 schrieb David R Bosso: > >> --On August 29, 2014 at 4:27:57 PM +0200 Marcus Schopen > >> wrote: > >> > >> > Hi, > >> > > >> > I'm planing to use lvm snaps and rsync for a daily disaster recovery > >> > backup on my master cyrus (2.4.12 Ubuntu 12.04 LTS): > >> > >> Have you tested lvm snaps for this purpose yet? When I tried to use lvm > >> snapshots in this way a few years ago, it absolutely killed performance > >> on > >> the volume with the active snapshots. Hopefully things have improved, > >> but > >> I wouldn't bet on it. > > > > Yes, I've tested it and don't see any performance problems while the > > snaphot is active. My problem is how to backup about 140 GB mailspool in > > an acceptable time slot. What tools are recommended? > > > > If using rsync what options are best practice? > > I suggest -aH to preserve single instance storage in the backup. So, rsync -aH to keep hardlinks in the spool. What about -A, --aclspreserve ACLs (implies -p) -X, --xattrs reserve extended attributes Ciao! Marcus Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: backup rsync
Am Samstag, den 30.08.2014, 14:37 -0500 schrieb Patrick Goetz: > On 8/30/2014 10:10 AM, Simon Matter wrote: > > > > I suggest -aH to preserve single instance storage in the backup. > > > > Does cyrus use a lot of hard links? I use rsync a lot to create > snapshot backups, and use hard links across snapshots to preserve space; > however, for a single instance backup and unless the filesystem includes > hard links (not normal), then the -H won't do much for you. > > Of course one should always use -a. > > The biggest concern I have about backing up mail spools is keeping the > index and message stores in sync while the backup is taking place. This is why I use lvm. > A > long time ago someone suggested using cyrdump, but when I looked into > this, I couldn't find any documentation whatsoever. Is cyrdump a real > thing, or did I imagine all this? Ciao Marcus Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: backup rsync
Am Samstag, den 30.08.2014, 17:10 +0200 schrieb Simon Matter: > > Am Freitag, den 29.08.2014, 07:56 -0700 schrieb David R Bosso: > >> --On August 29, 2014 at 4:27:57 PM +0200 Marcus Schopen > >> wrote: > >> > >> > Hi, > >> > > >> > I'm planing to use lvm snaps and rsync for a daily disaster recovery > >> > backup on my master cyrus (2.4.12 Ubuntu 12.04 LTS): > >> > >> Have you tested lvm snaps for this purpose yet? When I tried to use lvm > >> snapshots in this way a few years ago, it absolutely killed performance > >> on > >> the volume with the active snapshots. Hopefully things have improved, > >> but > >> I wouldn't bet on it. > > > > Yes, I've tested it and don't see any performance problems while the > > snaphot is active. My problem is how to backup about 140 GB mailspool in > > an acceptable time slot. What tools are recommended? > > > > If using rsync what options are best practice? > > I suggest -aH to preserve single instance storage in the backup. Just bought some good wine for my weekend project: what about rsnapshot combined with lvm snapshots (in the pre/postexec scripts of rsnapshot)? rsnapshot works with rsync and hardlinks. Rotation and some other nice features come out of the box. Any experiences with cyrus and this tool? Ciao! Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: backup rsync
Hi Bron, Am Samstag, den 06.09.2014, 22:17 +1000 schrieb Bron Gondwana: > That's what we do :) > Thanks for your feedbeek. What's your workaround for not stopping cyrus before taking a lvm snapshot and run rsnapshot? Ciao Marcus Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
syncserver suddenly refused connection from master
Hi, my syncserver suddenly refused connection from its master this evening. The master/slave setup is running without any problems for half a year now. On slave/replica side I found in /var/log/mail.err Sep 11 23:51:19 replica cyrus/syncserver[27328]: refused connection from xxx.xxx.xxx.xxx On master side /var/log/mail.err: Sep 11 23:43:33 master cyrus/sync_client[31324]: couldn't authenticate to backend server: no mechanism available I restarted cyrus on slave side and replication started to work again. I couldn't find anything weird in the logfiles on slave or master side, so anything to be worried about? I'm running cyrus 2.4.12 on Ubuntu 12.04 LTS on both sides. Ciao! - Sep 11 23:16:19 replica cyrus/syncserver[27328]: accepted connection Sep 11 23:16:19 replica cyrus/syncserver[27328]: cmdloop(): startup Sep 11 23:17:19 replica cyrus/syncserver[27328]: accepted connection Sep 11 23:17:19 replica cyrus/syncserver[27328]: cmdloop(): startup Sep 11 23:17:47 replica cyrus/syncserver[27328]: accepted connection Sep 11 23:17:47 replica cyrus/syncserver[27328]: cmdloop(): startup Sep 11 23:17:47 replica cyrus/syncserver[27328]: SSL_accept() incomplete -> wait Sep 11 23:17:47 replica cyrus/syncserver[27328]: SSL_accept() succeeded -> done Sep 11 23:17:47 replica cyrus/syncserver[27328]: starttls: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits new) no authentication Sep 11 23:17:47 replica cyrus/syncserver[27328]: login: master [xx.xx.xx.xx] userxxx PLAIN+TLS User logged in Sep 11 23:18:19 replica cyrus/syncserver[31979]: accepted connection Sep 11 23:18:19 replica cyrus/syncserver[31979]: cmdloop(): startup Sep 11 23:19:19 replica cyrus/syncserver[31979]: accepted connection Sep 11 23:19:19 replica cyrus/syncserver[31979]: cmdloop(): startup Sep 11 23:20:19 replica cyrus/syncserver[31979]: accepted connection Sep 11 23:20:19 replica cyrus/syncserver[31979]: cmdloop(): startup Sep 11 23:21:19 replica cyrus/syncserver[31979]: accepted connection Sep 11 23:21:19 replica cyrus/syncserver[31979]: cmdloop(): startup Sep 11 23:22:19 replica cyrus/syncserver[31979]: accepted connection Sep 11 23:22:19 replica cyrus/syncserver[31979]: cmdloop(): startup Sep 11 23:23:19 replica cyrus/syncserver[31979]: accepted connection Sep 11 23:23:19 replica cyrus/syncserver[31979]: cmdloop(): startup Sep 11 23:24:19 replica cyrus/syncserver[31979]: refused connection from xx.xx.xx.xx Sep 11 23:25:20 replica cyrus/syncserver[31979]: refused connection from xx.xx.xx.xx Sep 11 23:26:19 replica cyrus/syncserver[31979]: refused connection from xx.xx.xx.xx Sep 11 23:27:19 replica cyrus/syncserver[31979]: refused connection from xx.xx.xx.xx Sep 11 23:27:48 replica cyrus/syncserver[31979]: refused connection from xx.xx.xx.xx Sep 11 23:28:03 replica cyrus/syncserver[27328]: refused connection from xx.xx.xx.xx Sep 11 23:28:19 replica cyrus/syncserver[31979]: refused connection from xx.xx.xx.xx Sep 11 23:28:33 replica cyrus/syncserver[27328]: refused connection from xx.xx.xx.xx Sep 11 23:29:19 replica cyrus/syncserver[31979]: refused connection from xx.xx.xx.xx Sep 11 23:29:33 replica cyrus/syncserver[27328]: refused connection from xx.xx.xx.xx Sep 11 23:30:19 replica cyrus/syncserver[31979]: refused connection from xx.xx.xx.xx Sep 11 23:31:19 replica cyrus/syncserver[27328]: refused connection from xx.xx.xx.xx Sep 11 23:31:33 replica cyrus/syncserver[27328]: refused connection from xx.xx.xx.xx Sep 11 23:32:19 replica cyrus/syncserver[27328]: refused connection from xx.xx.xx.xx Sep 11 23:33:19 replica cyrus/syncserver[27328]: refused connection from xx.xx.xx.xx Sep 11 23:34:19 replica cyrus/syncserver[27328]: refused connection from xx.xx.xx.xx Sep 11 23:35:19 replica cyrus/syncserver[27328]: refused connection from xx.xx.xx.xx Sep 11 23:35:33 replica cyrus/syncserver[27328]: refused connection from xx.xx.xx.xx Sep 11 23:36:19 replica cyrus/syncserver[27328]: refused connection from xx.xx.xx.xx Sep 11 23:37:19 replica cyrus/syncserver[27328]: refused connection from xx.xx.xx.xx Sep 11 23:38:19 replica cyrus/syncserver[27328]: refused connection from xx.xx.xx.xx Sep 11 23:39:19 replica cyrus/syncserver[27328]: refused connection from xx.xx.xx.xx Sep 11 23:40:19 replica cyrus/syncserver[27328]: refused connection from xx.xx.xx.xx Sep 11 23:41:19 replica cyrus/syncserver[27328]: refused connection from xx.xx.xx.xx Sep 11 23:42:19 replica cyrus/syncserver[27328]: refused connection from xx.xx.xx.xx Sep 11 23:43:19 replica cyrus/syncserver[27328]: refused connection from xx.xx.xx.xx Sep 11 23:43:33 replica cyrus/syncserver[27328]: refused connection from xx.xx.xx.xx Sep 11 23:44:19 replica cyrus/syncserver[27328]: refused connection from xx.xx.xx.xx Sep 11 23:45:19 replica cyrus/syncserver[27328]: refused connection from xx.xx.xx.xx Sep 11 23:46:20 replica cyrus/syncserver[27328]: refused connection from xx.xx.xx.xx Sep 11 23:47:19 replica cyrus/syncserver[27328]: refused connection from xx.xx.xx.xx Sep 11 23:48:19
cyrus/chk_cyrus found messages and deleted messages differs on master and slave
Hi, since a few days do I see chk_cyrus messages on one single subfolder "sent_mail" (440 MB) of a user's mailbox in my mail.err each morning at the same time (6:30am): -- Sep 15 06:31:16 grady cyrus/chk_cyrus[25398]: user.userxyz.sent_mail uid 2 found - adding [...] Sep 15 06:31:50 grady cyrus/chk_cyrus[25398]: user.userxyz.sent_mail uid 1768 found - adding -- The reported UIDs on the folder differ from day to day, but I always do see about 900 log entries each morning. Looking with an imap client into this userxyz.sent_mail subfolder all messages except of one message seem to be deleted by the user. System here is cyrus 2.4.12 Ubuntu 12.04 LTS with master and slave; I've set delete_mode and expunge_mode to delayed, to be able to restored deleted messages and folders (expire is 7 days). The strange thing is now that on the replica/slave side the folder userxyz.sent_mail is empty inside the filesystem in /var/spool/cyrus/mail/u/user/userxyz/sent_mail/ (exepect this single message) and the whole content of the send_mail folder has moved to /var/spool/cyrus/mail/u/DELETED/user/userxyz/sent_mail/54101FA9/. BUT on the primary side I still do see 1774 messages in the filesystem userxyz.sent_mail and the same number of messages in the DELETE folder unter /var/spool/cyrus/mail/u/DELETED/user/userxyz/sent_mail/54101FA9/. I don't understand that. If I believe in the timestamp of the folder /var/spool/cyrus/mail/u/DELETED/user/userxyz/sent_mail/ on primary and slave it was created at Sep. 10th. The chk_cyrus messages started later at Sep. 13th. Second strange thing: su - cyrus -c "/usr/sbin/unexpunge -l user.userxyz.sent_mail" on the master doesn't show any deleted UIDs. If I check for hardlinks I do see three UIDs hardlinked to the same inode #10897103: # ls -li /var/spool/cyrus/mail/u/user/userxyz/sent_mail/1766. 10897103 -rw--- 3 cyrus mail 5520 Sep 9 23:08 /var/spool/cyrus/mail/u/user/userxyz/sent_mail/1766. #ls -li /var/spool/cyrus/mail/u/user/userxyz/Gesendete\ Elemente/1807. 10897103 -rw--- 3 cyrus mail 5520 Sep 9 23:08 /var/spool/cyrus/mail/u/user/userxyz/Gesendete Elemente/1807. # ls -li /var/spool/cyrus/mail/u/DELETED/user/userxyz/sent_mail/54101FA9/1766. 10897103 -rw--- 3 cyrus mail 5520 Sep 9 23:08 /var/spool/cyrus/mail/u/DELETED/user/userxyz/sent_mail/54101FA9/1766. I don't know what the user did exactly, but I think he moved/copied the content from the "sent_mail" subfolder to another subfolder "Gesendete Elemente", to merge different Sent folders created by different imap clients. After that he deleted the mails inside the original "sent_mail". No problem at all, but what's the plan to get rid of the chk_cyrus messages? They do make me nervous. A "reconstruct -r user.userxyz.sent_mail" might restore deleted mails which might confuse the user? Deleting sent_mail subfolder via an imap client again to moved the whole sent_mail folder to DELETED and create an empty new one? Andy ideas? Ciao Marcus Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: cyrus/chk_cyrus found messages and deleted messages differs on master and slave
Hi, some more info. I've copied the sent_mail folder to a testmachine and started a chk_cyrus. Same messages in /var/log/mail.err: cyrus/chk_cyrus[15900]: user.userxyz.sent_mail uid 201 found - adding [...] Btw: I figured out that rsyslog skipped some logging. So chk_cyrus reports always the same amount of messages: Sep 15 18:59:45 test rsyslogd-2177: imuxsock begins to drop messages from pid 15900 due to rate-limiting In the sent_mail folder there was one single messages, which is shown in an imap client. This is message 1. in the file system and was created after the user deleted all messages in the sent_mail folder. --- Sep 10 11:53:46 primary cyrus/imaps[19286]: Deleted mailbox user.userxyz.sent_mail -rw--- 2 cyrus mail 543 2014-09-12 10:18 var/spool/cyrus/mail/u/user/userxyz/sent_mail/1. --- It seems that something strange happened while deleting the 440 MB big sent_mail folder. The cyrus databases inside the sent_mail started counting at number 1 again. Using Thunderbird I've copied another message inside the sent_mail folder and this message got number 2. and overwrote the old "deleted" 2. messages, which is still hang around in the file system together with the other ~1700 messages. As the "deleted" mails in the sent_mail folder are hardlinked three times 10897103 -rw--- 3 cyrus mail 5520 Sep 9 23:08 /var/spool/cyrus/mail/u/user/userxyz/sent_mail/1766. 10897103 -rw--- 3 cyrus mail 5520 Sep 9 23:08 /var/spool/cyrus/mail/u/user/userxyz/Gesendete Elemente/1807. 10897103 -rw--- 3 cyrus mail 5520 Sep 9 23:08 /var/spool/cyrus/mail/u/DELETED/user/userxyz/sent_mail/54101FA9/1766. what would happen if I start a cyrus expire on the DELETED.user.userxyz.sent_mail folder by hand: /usr/sbin/cyrus expire -E 1 -X 0 -D 0 -p DELETED.user.userxyz.sent_mail This would be what will happen in a few days, when nightly cyrus expire is started by cyrus events and the deleted messages are older than 7 days. So question is what happens to file files in "u/user/userxyz/sent_mail" in "u/DELETED/user/userxyz/sent_mail/54101FA9/" and in "u/user/userxyz/Gesendete Elemente/" ? The files in subfolder "Gesendete Elemente" subfolder must not be deleted. I think the user copied all mails from "sent_mail" to "Gesendete Elemente" to merge, so he wants to keep those mails. Or another way: just delete user.userxyz.sent_mail subfolder using cyradm. The sent_mail folder will be moved into a subfolder under u/DELETED/user/userxyz/sent_mail/ and will only keep message 1., because all other emails are not know by the cyrus databases in user.userxyz.sent_mail. This would solve the chk_cyrus error messages. But what happens to hardlink 1807. then? Will cyrus keep these mails in "Gesendete Elemente" then? Third way: reconstruct -r on the u/user/userxyz/sent_mail folder and delete the complete folder by hand afterwards? Ciao Marcus Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
old lock files listed at cyrus-imapd startup
Hi, I do see a lot of .lock file when starting cyrus: /run/cyrus/lock/t/user/test/Drafts.lock [...] This has already been reportet in the Ubuntu bug tracker #1010424 two years ago: https://bugs.launchpad.net/ubuntu/+source/cyrus-imapd-2.4/+bug/1010424 /etc/init.d/cyrus-imapd: # Clean stale entries find "$LOCK_DIR" -mindepth 1 -depth -size 0 # -delete find "$PROC_DIR" -mindepth 1 -depth -name '[0-9]*' # -delete Is it safe to use the -delete option and to remove old .lock files at startup? Or what are these old lockfiles for? Ciao Marcus Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: cyrus/chk_cyrus found messages and deleted messages differs on master and slave
Hi, Am Montag, den 15.09.2014, 20:08 +0200 schrieb Marcus Schopen: > Or another way: just delete user.userxyz.sent_mail subfolder using > cyradm. The sent_mail folder will be moved into a subfolder under > u/DELETED/user/userxyz/sent_mail/ and will only keep message 1., because > all other emails are not know by the cyrus databases in > user.userxyz.sent_mail. This would solve the chk_cyrus error messages. > But what happens to hardlink 1807. then? Will cyrus keep these mails in > "Gesendete Elemente" then? I renamed the "sent_mail" folder to "sent_mail_test" (using Thunderbird). This action removed all UIDs in the filesystem inside the sent_folder, which were not known by cyrus.* databases in the "sent_mail" folder. Afterwards I renamed the folder back to "sent_mail". The only UID which wasn't deleted is UID 1., which is correct, because this UID was created inside the sent_mail after the users copy/movement/whatever session, first new email/UID. A following chk_cyrus didn't come up with errors. :) Checking files: # ls -li /var/spool/cyrus/mail/u/user/userxyz/sent_mail/1766. No such file or directory -> good, deleted by my renaming #ls -li /var/spool/cyrus/mail/u/user/userxyz/Gesendete\ Elemente/1807. 10897103 -rw--- 3 cyrus mail 5520 Sep 9 23:08 /var/spool/cyrus/mail/u/user/userxyz/Gesendete Elemente/1807. -> good, still there # ls -li /var/spool/cyrus/mail/u/DELETED/user/userxyz/sent_mail/54101FA9/1766. 10897103 -rw--- 3 cyrus mail 5520 Sep 9 23:08 /var/spool/cyrus/mail/u/DELETED/user/userxyz/sent_mail/54101FA9/1766. -> good, will be hopefully deleted after 7 days be nightly expunge Question still is what caused this inconsistence between cyrus.* databases and fileystem, how can that happen? Cheers Marcus Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Remove of supposedly empty directory ... failed: Directory not empty
Hi, today a saw a lot of messages like this in my mail.log (Cyrus 2.4.12) Sep 23 15:54:04 testserv cyrus/imaps[21530]: Remove of supposedly empty directory /var/spool/cyrus/mail/s/user/test/aaa failed: Directory not empty Those messages come up when renaming folders using eg. Thunderbird: - create a folder "aaa" - create a subfolder within "aaa" called "bbb" - copy some messages into aaa and bbb folder - rename "aaa" to "zzz" And they also came up at daily cyr_expire this morning (delete_mode and expunge_mode set to delayed): Sep 23 06:03:39 serv cyrus/cyr_expire[5179]: Remove of supposedly empty directory /var/spool/cyrus/mail/u/DELETED/user failed: Directory not empty Sep 23 06:03:39 serv cyrus/cyr_expire[5179]: Remove of supposedly empty directory /var/spool/cyrus/mail/u/DELETED failed: Directory not empty Anything to be worried about? Ciao Marcus Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
replication: sync_client on master stops after restarting the replica
Hi, always when I have to reboot the replica or its cyrus the synchronization on master side stops, /var/lib/cyrus/sync/log fills up and I don't see a "/usr/lib/cyrus/bin/sync_client -r" process anymore. /var/log/mail.err on master when restarting replica: Sep 27 10:06:28 master cyrus/sync_client[1023]: Error in do_sync(): bailing out! Bad protocol Sep 27 10:06:28 master cyrus/sync_client[1023]: Processing sync log file /var/lib/cyrus/sync/log-1023 failed: Bad protocol When I restart cyrus on master side, synchronization starts again. Is there another way to get synchronization working again? Ciao Marcus Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
pop3: counts: retr=<0> top=<0> dele=<0> mailbox not empty
Hi, what exactly means "counts: retr=<0> top=<0> dele=<0>" on a non empty mailbox. The pop3 client is connecting, but doesn't fetch and drop mails. Client problem? Oct 2 06:10:06 master cyrus/pop3[4990]: USAGE testuser-01 user: 0.00 sys: 0.012000 Oct 2 06:10:06 master cyrus/pop3[4990]: counts: retr=<0> top=<0> dele=<0> -- Oct 2 07:01:08 master cyrus/pop3[7533]: USAGE user-01 user: 0.056000 sys: 0.104000 Oct 2 07:01:08 master cyrus/pop3[7533]: counts: retr=<50> top=<50> dele=<0> -- Oct 2 09:07:22 master cyrus/pop3[17968]: USAGE user-01 user: 0.052000 sys: 0.08 Oct 2 09:07:22 master cyrus/pop3[17968]: counts: retr=<50> top=<50> dele=<0> -- Oct 2 09:08:31 master cyrus/pop3[17588]: USAGE user-01 user: 0.032000 sys: 0.096000 Oct 2 09:08:31 master cyrus/pop3[17588]: counts: retr=<50> top=<50> dele=<0> -- Oct 2 09:26:23 master cyrus/pop3[18299]: USAGE user-01 user: 0.068000 sys: 0.072000 Oct 2 09:26:23 master cyrus/pop3[18299]: counts: retr=<50> top=<50> dele=<0> -- Oct 2 09:31:23 master cyrus/pop3[18681]: USAGE user-01 user: 0.048000 sys: 0.084000 Oct 2 09:31:23 master cyrus/pop3[18681]: counts: retr=<50> top=<50> dele=<0> -- Oct 2 09:36:07 master cyrus/pop3[19020]: USAGE user-01 user: 0.06 sys: 0.084000 Oct 2 09:36:07 master cyrus/pop3[19020]: counts: retr=<50> top=<50> dele=<0> -- Oct 2 09:46:16 master cyrus/pop3[19535]: USAGE user-01 user: 0.028000 sys: 0.104000 Oct 2 09:46:16 master cyrus/pop3[19535]: counts: retr=<50> top=<50> dele=<0> -- Oct 2 10:50:47 master cyrus/pop3[25473]: USAGE user-01 user: 0.18 sys: 0.212000 Oct 2 10:50:47 master cyrus/pop3[25473]: counts: retr=<105> top=<105> dele=<105> Cheers Marcus Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
delete and expunge delayed and delprune on replica?
Hi, in a master/slave setup I've activated delete_mode and expunge_mode on master and salve side. imapd.conf: delete_mode: delayed expunge_mode: delayed cyrus.conf: delprunecmd="/usr/sbin/cyrus expire -E 1 -X 7 -D 7" at=0501 Does is make sense to set delete and expunge mode to delayed and run delpune as an event on slave side too or should this only configured on master side and delete/expunge delayed and delprune configuration on master will also effect the replica? Ciao! Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: replication: sync_client on master stops after restarting the replica
Am Samstag, den 27.09.2014, 10:59 +0200 schrieb Marcus Schopen: > Hi, > > always when I have to reboot the replica or its cyrus the > synchronization on master side stops, /var/lib/cyrus/sync/log fills up > and I don't see a "/usr/lib/cyrus/bin/sync_client -r" process anymore. > > /var/log/mail.err on master when restarting replica: > > Sep 27 10:06:28 master cyrus/sync_client[1023]: Error in do_sync(): > bailing out! Bad protocol > Sep 27 10:06:28 master cyrus/sync_client[1023]: Processing sync log > file /var/lib/cyrus/sync/log-1023 failed: Bad protocol > > When I restart cyrus on master side, synchronization starts again. > > Is there another way to get synchronization working again? Andy ideas? For Backup reasons I'd like to stop and start cyrus on replica side at night, which is a problem if synchronization stops on master side and I have to restart cyrus on master to get synchronisation working again. System is Ubuntu 12.04 LTS with cyrus 2.4.12. Ciao! Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: replication: sync_client on master stops after restarting the replica
Hi Patrick, Am Freitag, den 10.10.2014, 09:13 -0300 schrieb Patrick Boutilier: > On 10/10/2014 09:09 AM, Marcus Schopen wrote: > > Am Samstag, den 27.09.2014, 10:59 +0200 schrieb Marcus Schopen: > >> Hi, > >> > >> always when I have to reboot the replica or its cyrus the > >> synchronization on master side stops, /var/lib/cyrus/sync/log fills up > >> and I don't see a "/usr/lib/cyrus/bin/sync_client -r" process anymore. > >> > >> /var/log/mail.err on master when restarting replica: > >> > >> Sep 27 10:06:28 master cyrus/sync_client[1023]: Error in do_sync(): > >> bailing out! Bad protocol > >> Sep 27 10:06:28 master cyrus/sync_client[1023]: Processing sync log > >> file /var/lib/cyrus/sync/log-1023 failed: Bad protocol > >> > >> When I restart cyrus on master side, synchronization starts again. > >> > >> Is there another way to get synchronization working again? > > > > Andy ideas? For Backup reasons I'd like to stop and start cyrus on > > replica side at night, which is a problem if synchronization stops on > > master side and I have to restart cyrus on master to get synchronisation > > working again. System is Ubuntu 12.04 LTS with cyrus 2.4.12. > > > > Should just have to start sync_client on master, not cyrus itself. That > is what we do whenever the replica is rebooted/Cyrus stopped/etc.. Thanks for your answer. Okay, I understand. So this is not an unusual behavior of my setup. When I check processes now I see a "/usr/lib/cyrus/bin/sync_client -r" process running as user cyrus. So a simple su - cyrus -c "/usr/lib/cyrus/bin/sync_client -r" should start the sync again. Right? May be monit could help. Otherwise the replica needs shell access via ssh ... hmmm. Ciao! Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: replication: sync_client on master stops after restarting the replica
Hi Rudy,
Am Montag, den 13.10.2014, 10:41 +0200 schrieb Rudy Gevaert:
>
>
> On 09/27/14 10:59, Marcus Schopen wrote:
> > Hi,
> >
> > always when I have to reboot the replica or its cyrus the
> > synchronization on master side stops, /var/lib/cyrus/sync/log fills up
> > and I don't see a "/usr/lib/cyrus/bin/sync_client -r" process anymore.
> >
> > /var/log/mail.err on master when restarting replica:
> >
> > Sep 27 10:06:28 master cyrus/sync_client[1023]: Error in do_sync():
> > bailing out! Bad protocol
> > Sep 27 10:06:28 master cyrus/sync_client[1023]: Processing sync log
> > file /var/lib/cyrus/sync/log-1023 failed: Bad protocol
> >
> > When I restart cyrus on master side, synchronization starts again.
> >
> > Is there another way to get synchronization working again?
>
> I have added this in EVENTS { }
>
> synccheck cmd="/usr/share/cyrus-ugent/cyrus-synccheck -i mail1 -v
> cyrus-2.4.17" period=10
>
>
> Where /usr/share/cyrus-ugent/cyrus-synccheck is a script that checks if
> sync_client is running. If not, it start it
Thanks, what a great idea.
Is it this script?
https://github.com/rgevaert/cyrus-ugent/blob/master/src/cyrus-synccheck
Ciao!
Marcus
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
hanging POP3 client, how to kill
Hi, from time to time I have hanging pop3 clients. I've activated telemetry logging (thanks Bron) for that single user to see the interaction between client and server. While downloading messages the client stops suddenly (in middle of the body of a 6 MB big message) but the pop3 process is running for a long time. Interestingly if changing on client side from pop3 to pop3s the same messages from the same account and from the same network are downloaded without any problems. There is an application firewall running on the router on client side, therefore I think this firewall application is analyzing the stream, but can't do that when using pop3s and that's why the messages are going through with pop3s. I checked the same account with the same messages from another networks and I myself don't have any problems with pop3 and pop3s. Question for me now is how to kill these hanging pop3 processes automatically? I didn't set poptimeout value so it should be 10 minutes by default, but those processes are running for a longer time. Ciao Marcus Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Cyrus connect to an external SMTP server
Hi, Am Samstag, den 08.11.2014, 10:06 -0200 schrieb Fabio S. Schmidt: > Hi, > > I have deployed Cyrus Aggregator and I noticed that when a Backend > server sends a message, an auto response for instance, it connects to > the localhost on port 25, which forced me to deploy a SMTP server > locally. > > Is there any way to set Cyrus to connect to an external SMTP server? ssmtp would be a quick and easy way to set up a local smtp hub. Ciao! Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: restore from cyrdump
Am Mittwoch, den 10.12.2014, 02:36 +1100 schrieb Bron Gondwana: > On Wed, Dec 10, 2014, at 02:03 AM, Willy Offermans wrote: > > Hello Cyrus Friends, > > > > On Sun, Dec 07, 2014 at 01:01:52PM +0100, Willy Offermans wrote: > > > Dear Cyrus friends, > > > > > > I want to simulate a possible crash of the company's mail server. > > > At the moment the server works smoothly, but you never know... It is best > > > to be prepared for it and to have possibilities to restore critical data. > > > E-mail info was appointed to be one of the critical data. > > > > > > So I picked one user and cyrdump his data into a file. > > > > > > ``cyrdump -v user.$USER > /tmp/$USER.dump'' > > > > > > If I make a quick scan of the file, it looks like a dump of mails of the > > > user. Moreover, there is flag info per mail subfolder. There is info > > > about > > > subfolders and there is info about the mail IDs in each subfolder. > > > Summarized, there is all the info needed to reconstruct the user's > > > mailfolder and mails. > > > > > > I created the mailbox lists > > > > > > su - cyrus -c "ctl_mboxlist -d" > /tmp/mailboxes.txt > > > > > > Now I want to restore the data of user.$USER on a different server. > > > > > > How should I proceed? I might write a script to reconstruct the data from > > > the $USER.dump file, but I guess there is already a tool to do so. However > > > I'm not aware of such tool and moreover I cannot find any info on > > > http://www.cyrusimap.org/ concerning this. Can someone help me out? > > > > > > To my opinion, the restore procedure should be well documented. > > > > > > -- > > > > Is there nobody with a good suggestion? > > Not really. Most people seem to be using LVM snapshots. We have a custom > backup thing at FastMail. Building a better backup/restore for Cyrus has > been on my todo list for a long time, but I keep not getting time to work on > it :( Basically I run a simple master/replica setup and use LVM snaps in combination with rsnapshot for disaster recovery. Those snaps were archived with rdiff-backup later then. Another idea might be imapsync. But depending on how big your cyrus spool it will take its time. It's more a tool for moving mails between imap servers. I think a cyrus-replica setup is a good and stable way to handle a crash. Any backup based methods will lose changes in between the cycles. Ciao Marcus Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
sieve vacation with start and end date
Hi,
does sieve vacation understand a start and end date? Something like this
does not work:
---
require ["date", "relational", "vacation"];
if allof(currentdate :value "ge" "date" "2007-06-30",
currentdate :value "le" "date" "2007-07-07")
{ vacation :days 7 "I'm away during the first week in July."; }
---
System: cyrus 2.4.12 on Ubuntu 12.04 LTS
Cheers
Marcus
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Using Roundcube with cyrus?
Am Dienstag, den 03.02.2015, 10:10 -0600 schrieb Patrick Goetz: > On 2/3/2015 9:49 AM, Patrick Boutilier wrote: > >> Roundcube is appending the domain; I'm logging in with pgoetz. > > > > http://trac.roundcube.net/wiki/Howto_Config#IMAPserverconnection > > indicates that username_domain may be set. > > > > Argh! That was it. I thought I had removed this, but it must have > re-appeared while I was substituting configuration options in and out > while trying to get this to work. > > Thanks so much for your help! For performance check imapproxy too. I've installed imapproxy on roundcube side and connect via openvpn to cyrus on another host. Ciao! Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: replication: sync_client on master stops after restarting the replica
Am Donnerstag, den 16.10.2014, 14:57 +0200 schrieb Rudy Gevaert: > On Tue, Oct 14, 2014 at 10:28:24PM +0200, Marcus Schopen wrote: > > > > Thanks, what a great idea. > > > > Is it this script? > > > > https://github.com/rgevaert/cyrus-ugent/blob/master/src/cyrus-synccheck > > > > Hi, yes it is, I forgot I shared it online :) > > Rudy Checked monit rules today and forgot to post what I did last year. Here is my monit rule on master: check process sync_client matching "/usr/lib/cyrus/bin/sync_client -r" every 2 cycles start program = "/root/bin/start_cyrus_sync_client" stop program = "/usr/bin/killall sync_client" if 5 restarts within 10 cycles then timeout /root/bin/start_cyrus_sync_client: #!/bin/bash /bin/su - cyrus -c "/usr/lib/cyrus/bin/sync_client -r" Ciao Marcus Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
force relication to all mailboxes
Hi, I set a cyrus (2.4.12 / Ubuntu 12.04 LTS) with existing mailboxes in replication with an cyrus (2.4.12 / Ubuntu 12.04 LTS). Replication works fine, but a sync of existing mailboxes is only triggered on by new incoming mails to inboxes or by changes inside subfolders. How to I force an initial replication of all mailboxes including subfolders from the master to the replica? Cheers Marcus Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: force relication to all mailboxes
Am Sonntag, den 19.07.2015, 18:16 +0200 schrieb Marcus Schopen: > Hi, > > I set a cyrus (2.4.12 / Ubuntu 12.04 LTS) with existing mailboxes in > replication with an cyrus (2.4.12 / Ubuntu 12.04 LTS). Replication works > fine, but a sync of existing mailboxes is only triggered on by new > incoming mails to inboxes or by changes inside subfolders. How to I > force an initial replication of all mailboxes including subfolders from > the master to the replica? Calling sync_client for each mailbox works fine: sync_client -S imapsync.server -v -u mailboxname ... Any better ways? Ciao! Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
lmtp authentication ignored with tls enabled
Hi, I'm trying to deliver mails via lmtp/tcp from sendmail to cyrus running on another machine. sendmail.mc: -- define(`confLOCAL_MAILER', `cyrusv2')dnl define(`CYRUSV2_MAILER_ARGS', `TCP imap.domain.de 2003')dnl -- Without an authentication line in /etc/mail/access -- AuthInfo:imap.domain.de "I:lmtp-admin" "P:pass" "M:DIGEST-MD5" -- I'm getting the following error: -- Jul 20 02:19:01 mail sendmail[5368]: t6K0GIKP005234: to=, delay=00:02:43, xdelay=00:00:03, mailer=cyrusv2, pri=211679, relay=imap.domain.de. [xx.xx.xx.xx], dsn=4.0.0, stat=Deferred: 430 Authentication required -- This is correct. Adding AuthInfo to /etc/mail/access and add lmtp-admin to sasldb2 on cyrus side mails are delivered via lmtp to cyrus with proper authentication. Good. But after setting tls_cert_file und tls_key_file in imapd.conf to get an encrypted connection the lmtp authentication is completely ignored and mails are going through even without any AuthInfo in /etc/mail/access: cyrus log: -- Jul 20 03:08:06 imap cyrus/lmtp[3875]: accepted connection Jul 20 03:08:06 imap cyrus/lmtp[3875]: connection from [xx.xx.xx.xx] Jul 20 03:08:06 imap cyrus/lmtp[3875]: imapd:Loading hard-coded DH parameters Jul 20 03:08:06 imap cyrus/lmtp[3875]: SSL_accept() incomplete -> wait Jul 20 03:08:06 imap cyrus/lmtp[3875]: Doing a peer verify Jul 20 03:08:06 cyrus/lmtp[3875]: last message repeated 2 times Jul 20 03:08:06 imap cyrus/lmtp[3875]: SSL_accept() incomplete -> wait Jul 20 03:08:06 imap cyrus/lmtp[3875]: SSL_accept() succeeded -> done Jul 20 03:08:06 imap cyrus/lmtp[3875]: received client certificate Jul 20 03:08:06 imap cyrus/lmtp[3875]: subject=/CN=server.domain.de Jul 20 03:08:06 imap cyrus/lmtp[3875]: starttls: TLSv1.2 with cipher DHE-RSA-AES256-SHA (256/256 bits new) authenticated as server.domain.de Jul 20 03:08:06 imap cyrus/lmtp[3875]: duplicate_check: <201507200108.t6k185ov005...@test.domain.de> user.test Mon, 20 Jul 2015 03:08:05 +0200 0 Jul 20 03:08:06 imap cyrus/lmtp[3875]: Delivered: <201507200108.t6k185ov005...@test.domain.de> to mailbox: user.test Jul 20 03:08:06 imap cyrus/lmtp[3875]: duplicate_mark: <201507200108.t6k185ov005...@test.domain.de> user.test Mon, 20 Jul 2015 03:08:05 +0200 1437354486 48 Jul 20 03:08:06 imap cyrus/lmtp[3875]: USAGE test user: 0.033640 sys: 0.005606 -- /etc/imapd.conf: -- configdirectory: /var/lib/cyrus proc_path: /run/cyrus/proc mboxname_lockpath: /run/cyrus/lock defaultpartition: default partition-default: /var/spool/cyrus/mail partition-news: /var/spool/cyrus/news newsspool: /var/spool/news altnamespace: no unixhierarchysep: no lmtp_downcase_rcpt: yes admins: cyrus lmtp_admins: lmtp-admin allowanonymouslogin: no popminpoll: 1 autocreatequota: 0 umask: 077 sieveusehomedir: false sievedir: /var/spool/sieve hashimapspool: true allowplaintext: yes sasl_minimum_layer: 0 sasl_pwcheck_method: auxprop sasl_auto_transition: no tls_cert_file: /etc/ssl/domain/imap.crt tls_key_file: /etc/ssl/domain/imap.key tls_ca_file: /etc/ssl/domain/cacert_org-class3.crt tls_ca_path: /etc/ssl/certs tls_session_timeout: 1440 tls_cipher_list: TLSv1+HIGH:!aNULL:@STRENGTH lmtpsocket: /var/run/cyrus/socket/lmtp idlesocket: /var/run/cyrus/socket/idle notifysocket: /var/run/cyrus/socket/notify syslog_prefix: cyrus -- cyrus.conf: - lmtpcmd="lmtpd" listen="2003" prefork=4 maxchild=20 lmtpunixcmd="lmtpd" listen="/var/run/cyrus/socket/lmtp" prefork=0 maxchild=20 - Any ideas? Ciao Marcus -- "You don't get to be mom if you can't fix everything just right." -Calvin Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: lmtp authentication ignored with tls enabled
Am Montag, den 20.07.2015, 03:21 +0200 schrieb Marcus Schopen: > Hi, > > I'm trying to deliver mails via lmtp/tcp from sendmail to cyrus running > on another machine. > > sendmail.mc: > -- > define(`confLOCAL_MAILER', `cyrusv2')dnl > define(`CYRUSV2_MAILER_ARGS', `TCP imap.domain.de 2003')dnl > -- > > Without an authentication line in /etc/mail/access > > -- > AuthInfo:imap.domain.de "I:lmtp-admin" "P:pass" "M:DIGEST-MD5" > -- > > I'm getting the following error: > > -- > Jul 20 02:19:01 mail sendmail[5368]: t6K0GIKP005234: > to=, delay=00:02:43, xdelay=00:00:03, > mailer=cyrusv2, pri=211679, relay=imap.domain.de. [xx.xx.xx.xx], > dsn=4.0.0, stat=Deferred: 430 Authentication required > -- > > This is correct. Adding AuthInfo to /etc/mail/access and add lmtp-admin > to sasldb2 on cyrus side mails are delivered via lmtp to cyrus with > proper authentication. Good. > > But after setting tls_cert_file und tls_key_file in imapd.conf to get an > encrypted connection the lmtp authentication is completely ignored and > mails are going through even without any AuthInfo in /etc/mail/access: > > cyrus log: > -- > Jul 20 03:08:06 imap cyrus/lmtp[3875]: accepted connection > Jul 20 03:08:06 imap cyrus/lmtp[3875]: connection from [xx.xx.xx.xx] > Jul 20 03:08:06 imap cyrus/lmtp[3875]: imapd:Loading hard-coded DH > parameters > Jul 20 03:08:06 imap cyrus/lmtp[3875]: SSL_accept() incomplete -> wait > Jul 20 03:08:06 imap cyrus/lmtp[3875]: Doing a peer verify > Jul 20 03:08:06 cyrus/lmtp[3875]: last message repeated 2 times > Jul 20 03:08:06 imap cyrus/lmtp[3875]: SSL_accept() incomplete -> wait > Jul 20 03:08:06 imap cyrus/lmtp[3875]: SSL_accept() succeeded -> done > Jul 20 03:08:06 imap cyrus/lmtp[3875]: received client certificate > Jul 20 03:08:06 imap cyrus/lmtp[3875]: subject=/CN=server.domain.de > Jul 20 03:08:06 imap cyrus/lmtp[3875]: starttls: TLSv1.2 with cipher > DHE-RSA-AES256-SHA (256/256 bits new) authenticated as server.domain.de > Jul 20 03:08:06 imap cyrus/lmtp[3875]: duplicate_check: > <201507200108.t6k185ov005...@test.domain.de> user.test Mon, > 20 Jul 2015 03:08:05 +0200 0 > Jul 20 03:08:06 imap cyrus/lmtp[3875]: Delivered: > <201507200108.t6k185ov005...@test.domain.de> to mailbox: user.test > Jul 20 03:08:06 imap cyrus/lmtp[3875]: duplicate_mark: > <201507200108.t6k185ov005...@test.domain.de> user.test Mon, > 20 Jul 2015 03:08:05 +0200 1437354486 48 > Jul 20 03:08:06 imap cyrus/lmtp[3875]: USAGE test user: 0.033640 sys: > 0.005606 > -- > > /etc/imapd.conf: > -- > configdirectory: /var/lib/cyrus > proc_path: /run/cyrus/proc > mboxname_lockpath: /run/cyrus/lock > defaultpartition: default > partition-default: /var/spool/cyrus/mail > partition-news: /var/spool/cyrus/news > newsspool: /var/spool/news > altnamespace: no > unixhierarchysep: no > lmtp_downcase_rcpt: yes > admins: cyrus > lmtp_admins: lmtp-admin > allowanonymouslogin: no > popminpoll: 1 > autocreatequota: 0 > umask: 077 > sieveusehomedir: false > sievedir: /var/spool/sieve > hashimapspool: true > allowplaintext: yes > sasl_minimum_layer: 0 > sasl_pwcheck_method: auxprop > sasl_auto_transition: no > tls_cert_file: /etc/ssl/domain/imap.crt > tls_key_file: /etc/ssl/domain/imap.key > tls_ca_file: /etc/ssl/domain/cacert_org-class3.crt > tls_ca_path: /etc/ssl/certs > tls_session_timeout: 1440 > tls_cipher_list: TLSv1+HIGH:!aNULL:@STRENGTH > lmtpsocket: /var/run/cyrus/socket/lmtp > idlesocket: /var/run/cyrus/socket/idle > notifysocket: /var/run/cyrus/socket/notify > syslog_prefix: cyrus > -- > > cyrus.conf: > - > lmtp cmd="lmtpd" listen="2003" prefork=4 maxchild=20 > lmtpunix cmd="lmtpd" listen="/var/run/cyrus/socket/lmtp" prefork=0 > maxchild=20 > - > > Any ideas? Setting lmtp_tls_cert_file and to lmtp_tls_key_file to "disabled" activates lmtp authentication again. But how do I force lmtp authentication with lmtp_tls enabled? Seems to me like a security problem, if lmtp with enabled tls accepts connections from everywhere?! The only way I see to get more security is a lmtp connection between sendmail and cyrus over e.g. openvpn or hosts.allow/deny or iptables configuraiton with lmtp_tls enabled. Ciao Marcus Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: lmtp authentication ignored with tls enabled
Hi Dan, Am Montag, den 20.07.2015, 08:33 -0500 schrieb Dan White: > It appears you may be performing sasl EXTERNAL authentication. Your > auth-facility syslog should confirm that. How do I do that? > Configuring a restricted mechanism list would prevent that from happening: > > lmtp_sasl_mech_list: digestmd5 I set "lmtp_sasl_mech_list: DIGEST-MD5" to imapd.conf. Connected to localhost. Escape character is '^]'. 220 roz Cyrus LMTP v2.4.12-Debian-2.4.12-2 server ready lhlo e 250-roz 250-8BITMIME 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-SIZE 250-STARTTLS 250-AUTH DIGEST-MD5 250 IGNOREQUOTA But has no effect. As soon as tls is actived, mails are delivered without using LMTP_AUTH. Ciao! Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
sendmail cyrusv2.m4 deliver per domain to diffent cyrus
Hi, is it possible to deliver per domain to different cyrus hosts via lmtp with e.g. two different cyrusv2.m4 macros? Ciao Marcus Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: force relication to all mailboxes
Hi Bron, Am Sonntag, den 19.07.2015, 18:19 -0700 schrieb Bron Gondwana: > On Sun, Jul 19, 2015, at 12:49, Marcus Schopen wrote: > > Am Sonntag, den 19.07.2015, 18:16 +0200 schrieb Marcus Schopen: > > > Hi, > > > > > > I set a cyrus (2.4.12 / Ubuntu 12.04 LTS) with existing mailboxes in > > > replication with an cyrus (2.4.12 / Ubuntu 12.04 LTS). Replication works > > > fine, but a sync of existing mailboxes is only triggered on by new > > > incoming mails to inboxes or by changes inside subfolders. How to I > > > force an initial replication of all mailboxes including subfolders from > > > the master to the replica? > > > > Calling sync_client for each mailbox works fine: > > > > sync_client -S imapsync.server -v -u mailboxname > > ... > > > > Any better ways? > > There will be '-A' in the future, but it's not available in LTS. You can > script > it up with something that uses cyr_dbtool or ctl_mboxlist to get a listing. For understanding: after a restart of a replica the way to get master und replica fully in sync again is to start the syn_cclient on master and call "sync_client -S imapsync.server -v -u mailboxname" for each mailbox, right? And are there any scripts available to check if master and replica storage completely in sync or mails are missing? Ciao Marcus Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
nginx configuration and auth script
Hi, are here any good auth scripts for nginx imap proxy to cyrus in use? Cheers Marcus Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Migrate from 2.2.13 to 2.4.17 disasters
Am Sonntag, den 23.08.2015, 20:36 +0200 schrieb Mogens Melander: > For a task like this, I would use imapsync, a well documented, > well supported and open source tool. > > https://github.com/imapsync/imapsync I've used imapsync to migrate an internal server from 2.1.18 to 2.4.17 without any problems. Good tool. Ciao! Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Excisting idle connections and changing password
Hi, Am Mittwoch, den 22.02.2017, 12:45 +0100 schrieb Paul van der Vlis: > Hello, > > When I change the password of a user what's logged in using an IMAP > idle-connection, how long will the connection "stay"? > > My goal is that the user cannot access the mailbox anymore and does not > get "new mail". > > What I did now is restarting Cyrus and I think all excisting idle > connections will be lost and all users have to login again. > > So my question is "for the next time". I would change the password and just kill the process the user is hanging on. Ciao! Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
removing folders which are not in mailboxes.db
Hi, some time ago I removed several big sized subfolders in a mailbox using my mail client. Yesterday I recognized that for some reasons those folders are still on the file system on master, but not on replica side. Non of those deleted folders are listed in mailboxes.db, which is correct. What's the best way to remove those old folders permanently from the filesystem on the master? Can I use reconstruct with -O option (Delete odd files)? Ciao Marcus Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: removing folders which are not in mailboxes.db
some more info: I did some further checks: those messages are not shown by unexpunge -l. I get a "Failed to open mailbox" if I check the delete subdirs, which is correct to my mind, because these mailbox don't exist any more. The delete subdirs didn't show up in DELETED.user. I use "delete_mode: delayed" and "expunge_mode: delayed" and did a "expire -E 1 -X 0 -D 0 -v -p DELETED.user.mailboxname" to remove all deleted mailbox, just to be sure. Ciao Marcus Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: removing folders which are not in mailboxes.db
Hi, Am Montag, den 15.05.2017, 07:34 -0300 schrieb Patrick Boutilier: > That will probably work. You can see what will happen by using -n also . > Another option is just to remove the subfolders from the filesystem > using rm . I just tried: su - cyrus -c " /usr/lib/cyrus/bin/reconstruct -r -O user.li...@domain.tld" But this didn't remove the odd folders nor the files in these folders. Just remove them by "rm -rf" or move them to another location outside the spool? Ciao! Marcus Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: removing folders which are not in mailboxes.db
Am Montag, den 15.05.2017, 07:59 -0300 schrieb Patrick Boutilier: > rm -fr if you are 100% sure you don't need the files. Move if not 100% > sure .:-) > > Since cyrus doesn't know about the folders in mailboxes.db it shouldn't > care either way. That's working. Thanks Marcus Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Cyrus IMAP 2.4.19 released
Hi Ellie, thank you! Are there any Ubuntu packages available as I don't think the Debian/Ubuntu maintainers will patch their packages. Ciao Marcus Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
sslv3 alert certificate unknown in SSL_accept() -> fail
Hi, today I changed my SSL certificates to "sha256WithRSAEncryption", because Thunderbird started complaining about me old SHA1 certificates. ;) One pop3s client (it's a kind of java based mailgate) causes a lot of these errors, not at each connect, but on about two of 140 mailbox connects within 5 minutes: mail log: -- May 20 23:14:02 mailserv cyrus/pop3s[17825]: accepted connection May 20 23:14:02 mailserv cyrus/pop3s[17825]: SSL_accept() incomplete -> wait May 20 23:14:02 mailserv cyrus/pop3s[17825]: sslv3 alert certificate unknown in SSL_accept() -> fail May 20 23:14:02 mailserv cyrus/pop3s[17825]: pop3s failed: ppp-xx-xx-xx-xx.domain.de [xx.xx.xx.xx] May 20 23:14:02 mailserv cyrus/pop3s[17825]: Fatal error: tls_start_servertls() failed May 20 23:14:02 mailserv cyrus/pop3s[17825]: counts: retr=<0> top=<0> dele=<0> -- error log: -- May 20 23:12:07 mailserv cyrus/pop3s[17838]: Fatal error: tls_start_servertls() failed -- If I check pop3s with my Thunderbird or other clients everything is fine. SSL checker e.g. on https://decoder.link/sslchecker doesn't show any errors and it's only this one pop3 client, which causes this error. I didn't changed anything in imap.conf, but replacing cert files and reload imapd tls_cert_file tls_key_file tls_ca_file tls_cipher_list is unchanged: tls_cipher_list: TLSv1+HIGH:!aNULL:@STRENGTH Is the client sending a client certificate, which my server doesn't like? But I don't ask for any client certificates. System: cyrus 2.4.12 Ciao Marcus Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Restart after new TLS certificate?
Am Freitag, den 27.10.2017, 12:51 +0200 schrieb Paul van der Vlis: > Hello, > > I use now a certificate from LetsEncrypt and it is automatically > renewed. Needs Cyrus to be restarted before it sees the new certificate? see answer from Dan White on subject "intermediate certificates" at Wed, 19 Jan 2011: "A restart may not even be necessary if both the old and new certificates are valid, and your imapd sessions cycle out over time (via timeout, or the -U option). If I remember right, I haven't had to restart cyrus when installing a new certificate. -- Hobbes : Well, you still have afternoons and weekends Calvin : That's when I watch TV. Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Missing Email & Folders
Am Mittwoch, den 07.11.2018, 09:16 +0100 schrieb Michael Menge: > Hi, > > Quoting Robert Covell : > > > > If you suspect this is due to a client related problem, you could > > > enable telemetry logging to find out who/what is causeing the > > > emails to go > > > > missing. > > > > > > https://www.cyrusimap.org/imap/reference/faqs/o-telemetry.html > > > > Good idea will turn this on. > > > > > > > > If the purpose is to (mostly) copy emails into the folder and > > > rarely > > > delete, you could restrict delete access to a specific account > > > via ACL. > > > > > > https://www.cyrusimap.org/imap/reference/admin/access-control/rights > > > - > > > reference.html > > > > Believe it is setup like this, been awhile since I did it. Will > > confirm. > > > > Also forgot to say the one account is ~90GB if that makes any > > difference... > > > > -Bob > > > > (sent twice) > > > > We have seen the same kind of problems with Outlook with much > smaller > mailboxes. > I didn't have the time to debug it. So fare I suspected that some > Data > in the Outlook > profile got somehow corrupted. Isn't this the known bug that Outlook 2013 doesn't really work well if it is only used via IMAP and not with Exchange? There have been similar cases with IMAP accounts that have been completely compromised. On the IMAP there were whole folders missing, but they still existed locally. Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
folder left after dm user.mailboxname, remove by rm ?
Hi, I've deleted an unused mailbox "dm user.emil" and cleaned up DELETED with 'su - cyrus -c "/usr/sbin/cyrus expire -E 1 -X 0 -D 0 -v -p DELETED.user.emil'. /var/spool/cyrus/mail/u/DELETED/user is empty now and "su - cyrus -c "/usr/sbin/ctl_mboxlist -d" | grep -i emil" doesn't show any user.emil mailboxes anymore. Nevertheless there is one single folder left on the master in /var/spool/cyrus/mail/e/user/emil/team/ which contains some messages and cyrus.cache, cyrus.header, cyrus.header files. So this must have been a normal folder once. If I understood that correctly, Cyrus doesn't know about the folder anymore because the dump with "ctl_mboxlist -d" shows that the user has been removed completely, no user.email folders are left in the dump output. Can I remove that folder securely just by rm -rf /var/spool/cyrus/mail/e/user/emil/ The following question would be, why the folder was not available in the cyrus database. But since the user is deleted anyway, this would not be my primary problem, especially since the user had worked with Outlook and had hamstered about 11 GB and 1200 folders in his mailbox. Ciao! Marcus Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: folder left after dm user.mailboxname, remove by rm ?
Hi Eric, thanks for your time! Am Dienstag, den 05.02.2019, 18:19 +0100 schrieb Eric Luyten: > > I do not know what Cyrus version you are running but very > occasionally, > on a 2.3 system, I witness the same phenomenon. It's a 2.4 version. > To give you an idea : this happens on average once every thousand > (or > so) account removals. > > If Cyrus doesn't know about the directory through mailboxes.db it is > never going to remove it by itself. I understand. Is it safe then to remove that "forgotten" folder by hand (rm -rf ...). Ciao! Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
disk space used by a mailbox without expunged
Hi, is there a way to count the disk space used by a mailbox without expunged messages? Ciao M. Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Upgrade cyrus 2.4.17 to 2.4.18 on Ubuntu
Hi, I have to upgrade an internal Ubuntu 14.04 LTS with cyrus 2.4.17 to Ubuntu 16.04 LTS, which comes with cyrus 2.4.18. Is there anything to consider when upgrading from cyrus 2.4.17 to 2.4.18 (beside good backup)? Cyrus runs as replica (master/slave). Probably it makes sense to shut down the slave during the master upgrade and vice versa? Downtimes are no problem. Is there actually a way to check whether master and slave are on the same state? And are there any cyrus 3.x packages available for Ubuntu 16.04 or 18.04 LTS. Even Ubuntu 18.04 LTS comes with an old 2.5 cyrus version? Cioa Marcus Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
2FA and IMAP
Hi, a friend wants to restrict access to his mailbox with 2FA. As webmailer I use Roundcube, which offers a 2FA plugin. But in the end this is pointless, because besides the webmailer there is also the native IMAP access available. Is it therefore possible to restrict the access to a single IMAP account to a certain IP so that this mailbox can only be accessed via the Roundcube? Ciao! Marcus Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
delprune on a single mailbox
Hi, globally in cyrus.conf delprune is set to delprunecmd="/usr/sbin/cyrus expire -E 1 -X 7 -D 7" at=0501 For a single mailbox I don't want to keep deleted mails for 7 days, but expire them immediately or once a day per cron. How to do that? Ciao! Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: delprune on a single mailbox
Am Sonntag, den 01.11.2015, 13:35 +0100 schrieb Marcus Schopen via Info-cyrus: > Hi, > > globally in cyrus.conf delprune is set to > > delprune cmd="/usr/sbin/cyrus expire -E 1 -X 7 -D 7" at=0501 > > For a single mailbox I don't want to keep deleted mails for 7 days, but > expire them immediately or once a day per cron. How to do that? Forogt to say that delete_mode and expunge_mode is set to delayed. Via cron this should work for an immediate cleanup/expire: su - cyrus -c "/usr/sbin/cyrus expire -E 1 -X 0 -D 0 -v -p user.mailboxname" su - cyrus -c "/usr/sbin/cyrus expire -E 1 -X 0 -D 0 -v -p DELETED.user.mailboxname" Is it possible to set it by ACL on a single mailbox? Ciao! Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: delprune on a single mailbox
Hi,
Am Montag, den 02.11.2015, 10:58 -0500 schrieb Adam Tauno Williams via
Info-cyrus:
> On Sun, 2015-11-01 at 14:40 +0100, Marcus Schopen via Info-cyrus wrote:
> > Am Sonntag, den 01.11.2015, 13:35 +0100 schrieb Marcus Schopen via
> > Info-cyrus:
> > > Hi,
> > > globally in cyrus.conf delprune is set to
> > > delprune cmd="/usr/sbin/cyrus expire -E 1 -X 7 -D 7" at=0501
> > > For a single mailbox I don't want to keep deleted mails for 7 days,
> > > but
> > > expire them immediately or once a day per cron. How to do that?
> > Forogt to say that delete_mode and expunge_mode is set to delayed.
> > Via cron this should work for an immediate cleanup/expire:
>
> You can set an expire annotation per mailbox.
How do I do that? From cyr_expire manpage:
"The value of the /vendor/cmu/cyrus-imapd/expire annotation is inherited
by all children of the given mailbox, so an entire mailbox tree can be
expired by seting a single annotation on the root of that tree. If a
mailbox does not have a /vendor/cmu/cyrus-imapd/expire annotation set on
it (or does not inherit one), then no messages are expired from the
mailbox."
Is this correct?
setannotation "user.myuser"
"/vendor/cmu/cyrus-imapd/expire" ("value.shared" "0")
But is it possible to expunge a message immediately when it's deleted by
client and not with the next expire run?
> Downside is that I
> believe the annotation will be 'inherited' but subordinate mailboxes;
> which stinks for some use-cases.
>
>
> > su - cyrus -c "/usr/sbin/cyrus expire -E 1 -X 0 -D 0 -v -p
> > user.mailboxname"
>
> FYI, I believe with the very latest Cyrus the "su -" is unnecessary as
> it will automatically handle the context change when run as root.
Ciao!
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: delprune on a single mailbox
Am Dienstag, den 03.11.2015, 08:24 +0100 schrieb Marcus Schopen via
Info-cyrus:
> Hi,
>
> Am Montag, den 02.11.2015, 10:58 -0500 schrieb Adam Tauno Williams via
> Info-cyrus:
> > On Sun, 2015-11-01 at 14:40 +0100, Marcus Schopen via Info-cyrus wrote:
> > > Am Sonntag, den 01.11.2015, 13:35 +0100 schrieb Marcus Schopen via
> > > Info-cyrus:
> > > > Hi,
> > > > globally in cyrus.conf delprune is set to
> > > > delprunecmd="/usr/sbin/cyrus expire -E 1 -X 7 -D 7" at=0501
> > > > For a single mailbox I don't want to keep deleted mails for 7 days,
> > > > but
> > > > expire them immediately or once a day per cron. How to do that?
> > > Forogt to say that delete_mode and expunge_mode is set to delayed.
> > > Via cron this should work for an immediate cleanup/expire:
> >
> > You can set an expire annotation per mailbox.
>
> How do I do that? From cyr_expire manpage:
>
> "The value of the /vendor/cmu/cyrus-imapd/expire annotation is inherited
> by all children of the given mailbox, so an entire mailbox tree can be
> expired by seting a single annotation on the root of that tree. If a
> mailbox does not have a /vendor/cmu/cyrus-imapd/expire annotation set on
> it (or does not inherit one), then no messages are expired from the
> mailbox."
>
> Is this correct?
>
> setannotation "user.myuser"
> "/vendor/cmu/cyrus-imapd/expire" ("value.shared" "0")
>
> But is it possible to expunge a message immediately when it's deleted by
> client and not with the next expire run?
Sorry, but could someon explain how and where to set annotation?
cyradmin seems not to be the right tool.
Ciao!
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: delprune on a single mailbox
Am Mittwoch, den 04.11.2015, 06:36 -0500 schrieb Adam Tauno Williams via
Info-cyrus:
> globally in cyrus.conf delprune is set to
> > > > > delprune cmd="/usr/sbin/cyrus expire -E 1 -X 7 -D 7"
> > > > > at=0501
> > > > > For a single mailbox I don't want to keep deleted mails for 7
> > > > > days,
> > > > > but
> > > > > expire them immediately or once a day per cron. How to do that?
> > > > Forogt to say that delete_mode and expunge_mode is set to
> > > > delayed.
> > > > Via cron this should work for an immediate cleanup/expire:
> > > You can set an expire annotation per mailbox.
> > How do I do that? From cyr_expire manpage:
> > "The value of the /vendor/cmu/cyrus-imapd/expire annotation is
> > inherited by all children of the given mailbox, so an entire mailbox
> > tree can be expired by seting a single annotation on the root of that
> > tree. If a mailbox does not have a /vendor/cmu/cyrus-imapd/expire
> > annotation set on it (or does not inherit one), then no messages are
> > expired from the mailbox."
>
> Via cyradm -
>
> cyrus.example.com> mboxcfg user.adam expire 365
> cyrus.example.com> info user.adam
> {user.adam}:
> condstore: false
> duplicatedeliver: false
> expire: 365
> lastpop:
> lastupdate: 13-Aug-2008 19:37:31 -0400
> partition: default
> sharedseen: false
> size: 12325671
>
> AFAIK the annotations supported by cyradm/mboxcfg are:
>
> * comment – A free-form text comment or description to be attached to
> the mailbox.
> * condstore – This annotation is only supported in the 2.3.x release
> series starting with 2.3.3 although its use is not recommended until
> 2.3.8. As of the 2.4.x release series CONDSTORE functionality is
> enabled on all mailboxes regardless of annotation and attempting to set
> this annotation will result in a permission denied message. On releases
> where this annotation is supported setting a value of “true” will
> enable CONDSTORE functionality1.
> * expire – If an expire value is provided messages will be
> automatically deleted from the mailbox once the specified number of
> days has elapsed.
> * news2mail -
> * sharedseen - Enables the use of a shared \Seen flag on messages
> rather than a per-user \Seen flag. The 's' right in the mailbox ACL
> still controls whether a user can set the shared \Seen flag.
> * sieve – In the case of a shared folder the “sieve” parameter
> specifies the name of a global SIEVE script that will be used for every
> message delivered to the folder. This value is ignored for personal
> mailboxes (mailboxes including and subordinate to a user's INBOX).
> * squat – Flags the mailbox to be included for indexing when the SQUAT
> process performs index generation.
>
>
> > But is it possible to expunge a message immediately when it's deleted
> > by client and not with the next expire run?
>
> Not if delayed expunge is enabled AFAIK; that would defeat the purpose.
I set "mboxcfg user.test expire 1" on a test mailbox, but it has no
effect on nightly delprune set in cyrus.conf EVENT:
delprune cmd="/usr/sbin/cyrus expire -E 1 -X 7 -D 7" at=0501"
Messages deleted two days ago are still in the file system.
localhost> info user.test
{user.test}:
duplicatedeliver: false
expire: 1
lastpop:
lastupdate: 4-Nov-2015 17:14:20 +0100
partition: default
pop3newuidl: true
sharedseen: false
size: 0
Any ideas?
Ciao!
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Replication problem do_folders(): failed to rename
Hi, I have a problem with a single mailbox. The user's Outlook crashed and since then the sync_client is running wild on this user account and produces high load on the master. I stopped sync_client on master side for the moment. When I try to sync the user by hand /bin/su - cyrus -c "/usr/lib/cyrus/bin/sync_client -S replicaserver -v -u testuser I do get the following error. Dec 11 17:54:48 master cyrus/sync_client[22727]: RENAME received NO response: Operation is not supported on mailbox Dec 11 17:54:48 master cyrus/sync_client[22727]: do_folders(): failed to rename: user.elsa-secgen -> user.testuser.Archives.Gesch&AOQ-ftsjahr 2014-15.25-Jahr-Feier Dec 11 17:54:48 master cyrus/sync_client[22727]: IOERROR: The remote Server(s) denied the operation Dec 11 17:54:48 master cyrus/sync_client[22727]: Error in do_user(testuser): bailing out! Comparing master and slave on filesystem I do see the subfolder "25-Jahr-Feier" in "user.testuser.Archives.Gesch&AOQ-ftsjahr 2014-15.", but only on master but not on slave side. And why does sync_client want to rename and where does it get this order from? I can login into the users' mailbox on master side and new message are shown in the INBOX. How can I fix it? Should I try a "reconstruct -r user.testuser" on master and slave or just on slave? (do I have to shutdown cyrus for a reconstruct -r on a user box?) Or can I delete the complete mailbox on slave side start an "sync_client -S replicaserver -v -u testuser"? Thanks for helping Marcus Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Replication problem do_folders(): failed to rename
Hi, forgot the cyrus version: 2.4.12 on Ubuntu 12.04 LTS Ciao! Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Replication problem do_folders(): failed to rename
Am Freitag, den 11.12.2015, 19:10 +0100 schrieb Marcus Schopen via Info-cyrus: > Hi, > > I have a problem with a single mailbox. The user's Outlook crashed and > since then the sync_client is running wild on this user account and > produces high load on the master. I stopped sync_client on master side > for the moment. > > When I try to sync the user by hand > > /bin/su - cyrus -c "/usr/lib/cyrus/bin/sync_client -S replicaserver -v > -u testuser > > I do get the following error. > > Dec 11 17:54:48 master cyrus/sync_client[22727]: RENAME received NO > response: Operation is not supported on mailbox > Dec 11 17:54:48 master cyrus/sync_client[22727]: do_folders(): failed to > rename: user.elsa-secgen -> user.testuser.Archives.Gesch&AOQ-ftsjahr > 2014-15.25-Jahr-Feier > Dec 11 17:54:48 master cyrus/sync_client[22727]: IOERROR: The remote > Server(s) denied the operation > Dec 11 17:54:48 master cyrus/sync_client[22727]: Error in > do_user(testuser): bailing out! > > Comparing master and slave on filesystem I do see the subfolder > "25-Jahr-Feier" in "user.testuser.Archives.Gesch&AOQ-ftsjahr 2014-15.", > but only on master but not on slave side. And why does sync_client want > to rename and where does it get this order from? > > I can login into the users' mailbox on master side and new message are > shown in the INBOX. > > How can I fix it? > > Should I try a "reconstruct -r user.testuser" on master and slave or > just on slave? (do I have to shutdown cyrus for a reconstruct -r on a > user box?) > > Or can I delete the complete mailbox on slave side start an "sync_client > -S replicaserver -v -u testuser"? > > Thanks for helping > Marcus I did a reconstruct on the replica whichs runs through on the 12 GB mailbox ot the user within a second (too fast?). /bin/su - cyrus -c "/usr/lib/cyrus/bin/reconstruct -r user.testuser" A following sync ended up with the same error: /bin/su - cyrus -c "/usr/lib/cyrus/bin/sync_client -S replicaserver -v -u testuser Any ideas? Ciao Marcus Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Replication problem do_folders(): failed to rename
Hi, Am Montag, den 14.12.2015, 12:53 +0100 schrieb Michael Menge via Info-cyrus: > Hi, > > > Quoting Patrick Boutilier via Info-cyrus : > > > On 12/14/2015 06:25 AM, Marcus Schopen via Info-cyrus wrote: > >> Am Freitag, den 11.12.2015, 19:10 +0100 schrieb Marcus Schopen via > >> Info-cyrus: > >>> Hi, > >>> > >>> I have a problem with a single mailbox. The user's Outlook crashed and > >>> since then the sync_client is running wild on this user account and > >>> produces high load on the master. I stopped sync_client on master side > >>> for the moment. > >>> > >>> When I try to sync the user by hand > >>> > >>> /bin/su - cyrus -c "/usr/lib/cyrus/bin/sync_client -S replicaserver -v > >>> -u testuser > >>> > >>> I do get the following error. > >>> > >>> Dec 11 17:54:48 master cyrus/sync_client[22727]: RENAME received NO > >>> response: Operation is not supported on mailbox > >>> Dec 11 17:54:48 master cyrus/sync_client[22727]: do_folders(): failed to > >>> rename: user.elsa-secgen -> user.testuser.Archives.Gesch&AOQ-ftsjahr > >>> 2014-15.25-Jahr-Feier > >>> Dec 11 17:54:48 master cyrus/sync_client[22727]: IOERROR: The remote > >>> Server(s) denied the operation > >>> Dec 11 17:54:48 master cyrus/sync_client[22727]: Error in > >>> do_user(testuser): bailing out! > >>> > >>> Comparing master and slave on filesystem I do see the subfolder > >>> "25-Jahr-Feier" in "user.testuser.Archives.Gesch&AOQ-ftsjahr 2014-15.", > >>> but only on master but not on slave side. And why does sync_client want > >>> to rename and where does it get this order from? > >>> > >>> I can login into the users' mailbox on master side and new message are > >>> shown in the INBOX. > >>> > >>> How can I fix it? > >>> > >>> Should I try a "reconstruct -r user.testuser" on master and slave or > >>> just on slave? (do I have to shutdown cyrus for a reconstruct -r on a > >>> user box?) > >>> > >>> Or can I delete the complete mailbox on slave side start an "sync_client > >>> -S replicaserver -v -u testuser"? > >>> > >>> Thanks for helping > >>> Marcus > >> > >> I did a reconstruct on the replica whichs runs through on the 12 GB > >> mailbox ot the user within a second (too fast?). > >> > >> /bin/su - cyrus -c "/usr/lib/cyrus/bin/reconstruct -r user.testuser" > >> > >> A following sync ended up with the same error: > >> > >> /bin/su - cyrus -c "/usr/lib/cyrus/bin/sync_client -S replicaserver -v > >> -u testuser > >> > >> Any ideas? > > > > No, but this seems weird. Was this user ever renamed? > > > > user.testuser -> user.testuser.Archives.Gesch&AOQ-ftsjahr > > > > Cyrus uses the folder "Unique ID" for syncronisation. If this "Unique > ID" is NOT unique > it will confuse syncronisation. I connected with an imap client to the mailbox and removed all folders on the master to which sync_client was bailing out. After that sync_client was runnig through without problems. Strange ... Ciao! Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
