Re: cyrus-imap make errors

[Scott M Likens]

install sleepycat's berkeley db 3

either you have 4, or it's a broken install.

--On Sunday, April 07, 2002 12:58 PM -0500 David Goodrich 
<[EMAIL PROTECTED]> wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> i am attempting to build cyrus-imapd-2.0.16 according to the instructions
> at http://www.linuxdoc.org/HOWTO/Cyrus-IMAP-6.html#ss6.5
> make depend works just fine, but when i try to run
> make all CFLAGS=-O
> it returns
> 
> cyrusdb_db3.c
> cyrusdb_db3.c:44:16: db.h: No such file or directory
> make[1]: *** [cyrusdb_db3.o] Error 1
> make[1]: Leaving directory `/root/cyrus-imapd-2.0.16/lib'
> make: *** [all] Error 1
> 
> i haven't been able to find anything on the web about this, i was hoping
> one of you would be able to help me.  tia
>  -david
> -BEGIN PGP SIGNATURE-
> Version: PGPfreeware 7.0.3 for non-commercial use 
>
> iQA/AwUBPLCIuNemHuGGnm+XEQJo4QCgs+re/PMKjYsCE2Fw2BarsyPDKg8Anj3t
> 4P6aQdoUZlQnReVBBQLXrtIs
> =fG5a
> -END PGP SIGNATURE-
>
>

Segfault / Bus error on Squatter...

[Scott M Likens]

I'm running Squatter trying to prune my indexes and see if it helps with 
performance.  Let's face it, that's hard.  Cyrus runs SWELL on this Ultra 
Sparc 5.

But Squatter seems to have problems with HTML encoded mail.

I've gdb'd it and here is the trace and i hope this helps.

$ gdb /usr/cyrus/bin/squatter
GNU gdb 2314
Copyright 1998 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain 
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "sparc-sun-solaris2.8"...
(gdb) run -r -v user.damm
Starting program: /usr/cyrus/bin/squatter -r -v user.damm
Indexing mailbox user.damm... Indexed 6 messages (21735 bytes) into 39525 
index bytes in 1 seconds
Indexing mailbox user.damm.crap... Indexed 1 messages (5541 bytes) into 
17602 index bytes in 1 seconds
Indexing mailbox user.damm.orders...
Program received signal SIGSEGV, Segmentation fault.
0xff04275c in t_splay () from /usr/lib/libc.so.1
(gdb) bt
#0  0xff04275c in t_splay () from /usr/lib/libc.so.1
#1  0xff0425c8 in t_delete () from /usr/lib/libc.so.1
#2  0xff0421fc in realfree () from /usr/lib/libc.so.1
#3  0xff042aa0 in cleanfree () from /usr/lib/libc.so.1
#4  0xff041bd4 in _malloc_unlocked () from /usr/lib/libc.so.1
#5  0xff041ac8 in malloc () from /usr/lib/libc.so.1
#6  0x259ec in dump_index_trie_words (index=0x1529f0, first_char=32, 
result_offset=0xffbed500)
at squat_build.c:1256
#7  0x25ce0 in index_close_internal (index=0x1529f0, OK=32) at 
squat_build.c:1381
#8  0x25f3c in squat_index_finish (index=0x1529f0) at squat_build.c:1477
#9  0x1c088 in index_me (name=0xffbede08 
"/var/spool/imap/user/damm/orders/cyrus.squat.tmp",
matchlen=16, maycreate=1, rock=0x0) at squatter.c:371
#10 0x2e72c in find_cb (rockp=0xffbeea48, key=0x147bf0 "user.damm.orders", 
keylen=16,
data=0x149548 "0 default damm\tlrswipcda\tgus\tlrswipcda\t.", 
datalen=25) at mboxlist.c:1536
#11 0x4342c in foreach (mydb=0x149298, prefix=0xffbeeb88 "user.damm.", 
prefixlen=10,
goodp=0x2e32c , cb=0x2e578 , rock=0xffbeea48, 
mytid=0x0)
at cyrusdb_db3.c:545
#12 0x2eac4 in mboxlist_findall (namespace=0x0, pattern=0xffbeeb88 
"user.damm.",
isadmin=-4265400, userid=0x0, auth_state=0x0, proc=0xa, rock=0x0) at 
mboxlist.c:1670
#13 0x1c388 in main (argc=4, argv=0xffbefbfc) at squatter.c:470

I realize it did segfault in libc, but i was thinking there is something we 
can do about this?

Thanks.

Ok....

[Scott M Likens]

This is irratating every time i reboot, and i do mean EVERY time, my 
sasldb2 gets corrupted and i have to re-enter every single users login and 
password.

Now i must admit that is quite disturbing, and annoying

I have ended up writing a simple script using -p to set all the passwords.

Is this a bug in DB 3.3 or something?  I always get invalid secret on every 
reboot

Running Berkeley DB 3.3 (compiled 64bit and 32bit) for Solaris 8 
(UltraSparc)

any ideas on why this would be, ever time i re-start master after a reboot 
i loose it?

the passwords are still readable to me via 'strings'.

So any ideas?

Thanks

.... wow such a great response...

[Scott M Likens]

I got such a GREAT response with my sasldb2 corruption i just dont know 
what to think.

Has ANYONE but me experienced their sasldb2 getting corrupted every time 
they reboot? or is this just a unique Solaris experience that no one knows 
about?

I'm running DB 3.29 with Solaris 8, Cyrus IMAPD 2.1.3 and Cyrus SASL 2.1.2

Do i need to upgrade to the bleeding edge to get this corrected?

Thanks

RE: .... wow such a great response...

[Scott M Likens]

--On Thursday, April 18, 2002 8:55 AM +0100 Russell Packer 
<[EMAIL PROTECTED]> wrote:

>
>> I got such a GREAT response with my sasldb2 corruption i just dont know
>> what to think.
>>
>> Has ANYONE but me experienced their sasldb2 getting corrupted every time
>> they reboot? or is this just a unique Solaris experience that no
>> one knows
>> about?
>>
>> I'm running DB 3.29 with Solaris 8, Cyrus IMAPD 2.1.3 and Cyrus SASL
>> 2.1.2
>>
>> Do i need to upgrade to the bleeding edge to get this corrected?
>>
>> Thanks
>>
>>
>
> I've never had a saslbdb corruption in the 2+ years I've been using Cyrus.
>
> My config is nearly the same as yours, apart from I'm running RedHat
> linux, not Solaris.

Well it's highly strange, and i see entries like this in my logs all the 
time,

Apr 15 13:15:01 shell saslpasswd2[395]: [ID 702911 auth.error] error 
deleting entry from sasldb: (null)
Apr 15 13:15:01 shell last message repeated 2 times

I get that about 8x until each users secret is then corrupted.  Then they 
cannot login, and wala problem.

Re: lmtp and procmail

[Scott M Likens]

Out of Curiosity does it actually run procmail at all?

Because i have the same exact thing and guess what.  The mail_transport = 
cyrus takes priority and kicks out procmail.  But i see you changed your 
master.cf  does procmail know how to deliver properly to cyrus?  and if so 
how?

--On Tuesday, April 23, 2002 3:19 PM + Einar Indridason 
<[EMAIL PROTECTED]> wrote:

>> If you use Cyrus you must loose procmail.  Sorry no ifs ands or buts.
>
> No.  This is incorrect.  We *are* using postfix, procmail and cyrus
> together.  We have both local Unix users, and "virtual" users.
>
> For Postfix, see the main.cf file:
> mailbox_command = /usr/bin/procmail -a "$EXTENSION" -o -t
>
> and master.cf file:
> cyrus unix  -   n   n   -   -   pipe
> flags=R user=cyrus:mail argv=/usr/bin/procmail -m /etc/procmailrc
> USER=${user}
>
> In both cases, procmail is started, and runs through the /etc/procmailrc
> file.
>
> However... if it is a local Unix user, that is to get the email, the
> procmail variable LOGNAME is set.
> If it is a "virtual" user, the "USER=cyrus_user" is passed in as $1
>
> So I have in my procmailrc:
> ...
> CYRUS_USER=$1
> ...
>
> Now, this variable is set (or not) depending on whether procmail was
> called with USER=something
>
>
> Now, procmail can take the apropriate action depending on whether the
> LOGNAME or CYRUS_USER is set.  For example, procmail can run the
> incoming message through to cyrus_deliver.
>
> Cheers,
> --
> [EMAIL PROTECTED]
>

RE: lmtp and procmail

[Scott M Likens]

--On Tuesday, April 23, 2002 3:31 PM +0800 Mathias Koerber 
<[EMAIL PROTECTED]> wrote:

> yes, because that's what some postfix documentation suggested doing
> instead of using SMTP again or sharing the mail-dir via NFS.

Well i do recall somewhere in a qmail documentation that explicitly said 
Mailbox's on NFS drives is evil evil pure evil.  I could be wrong but 
that's my opinion.

> If there is another lmtpd to simply accept the mail and then
> call procmail on it, I'd take that.

Well master starts up the lmtpd listening process so you would probobly 
need to modify the lmtpd source and procmail.  Because procmail would need 
to know how to deliver the mail properly.  I am afraid that i would /think/ 
that if you had procmail + deliver for example on 1 piece of email.  That 
you would either duplicate it either in a bsd mbox and in cyrus, or both in 
cyrus.

> All I really want is:
>   a) postfix on the SMTP side to replace sendmail
Easy enough.

>   b) cyrus IMAPD for the users' mailbox access
Makes sense, but no local access because cyrus doesnt support that.  the 
mailbox partition is secured remember?

>   c) these on different machines

Now your getting silly.

>   d) procmail support for user's existing .procmailrc

Look into sieve, i read a message that said they use procmail + cyrus.  But 
quite plainly he didnt explain it too well how.

> I'm not tied to cyrus's lmtpd, but I thought that's what it's there
> for? If this may not work, I may end up installing postfix on the
> imap server too and to SMTP between the main server and the mailbox
> server, but I considered that overkill, as all decisions regarding
> addressability etc should be made on the smtp server already..

It seems like you are trying for a bigger picture of the apple then you 
need.  Why do you want to have these multiple machines with NFS connecting 
the Cyrus mailbox partition?

> Thanks :-)

I have to ask a very specific question here, you realize that Cyrus is not 
the Maildir specific, nor is it the BSD Mailbox it is a unique setup.  If 
you want to have multiple machines handling the email i might suggest 
looking into the Cyrus Aggregator: Murder

IE 2 Proxy IMAP servers, 2 Backend that actually hold the data, 1 Master 
server containing all the login/pw information.

It seems that might be up your alley but your messages are very confusing 
to me.  So i'm doing what i can.

Sieve + RBL = SICK!

[Scott M Likens]

Now i know i RARELY ever post messages but i'll be quite honest.

This is quite Sickening, RBL is a MTA implementation not needed to be done 
via Sieve, and as for spamassasin you can always write decent header checks 
and body checks for postfix to use.  I am sure there is the same option in 
sendmail.

Cyrus IMAPD in My point of View is a IMAP Server, it delivers the mail that 
has been recieved for the user, it is not a anti-spam tool nor should it be 
given a 'bigger' position in the picture.

That is what happened with Courier IMHO and that is why i choose Cyrus, i 
like a choice in the matter of my MTA's.  I dont want a whole package in 1 
piece of software.  If i wanted that i'd run Exchange.

I'm sorry if this upsets someone, but please can we stick to Cyrus IMAPD 
related items?

Thanks,

Scott

Re: Sieve + RBL = SICK!

[Scott M Likens]

--On Friday, April 26, 2002 9:19 AM +0100 simon <[EMAIL PROTECTED]> wrote:

>
> (just adding my red diesel )
>
>
> Doesn't RBL check the IP address that people connect with ?
> Now as a SMTP server you have this implicitly , later on
> it would have to be taken from the headers, to find the ip.
> Possible bit of a pain, just need to find the received header
> your machine on... Definitely easier todo in the MTA.
>
> --
> Simon

and if you have in your postfix Delivery line...

/usr/cyrus/bin/deliver -r ${sender} -m ${extension} ${user}

you get much prettier headers for you to trace with.

Re: Sieve + RBL = SICK!

[Scott M Likens]

--On Friday, April 26, 2002 1:13 AM -0500 Scott Lamb <[EMAIL PROTECTED]> 
wrote:

> You feel it's acceptable to occasionally lose important mail to
> heuristics. I feel otherwise. This really reinforces my belief that
> per-user UCE rules are important. Now, if you know of a good way to
> accomplish that in the MTA, I'd love to hear it. Otherwise, I'm not
> interested in your postfix configuration, and I doubt the rest of the
> info-cyrus list is either.

It is an acceptable loss.  It is a required loss, no matter what antispam 
rules, antivirus routines,  you are _ALWAYS_ going to loose email.  If you 
want to do a Hotmail like Scheme with a Junk-Email Folder (which is what it 
sounds like) that's fine.  Seems like a vanity thing, i saw a few sysadmins 
drop all spam to a user named spam and let the whole system read the spam. 
Seemed highly sily.


> So essentially your reason for wanting this in the MTA boils down to CPU
> usage? Interesting, I'm not sure how much of a problem this is for people.
> (I do know, though, you should probably not be using bodychecks. They are
> not efficient, particularly with large messages. See the recent threads
> about them on postfix-users.)

_I_ have a Sun UltraSparc 5 running at 366Mhz with 128meg of ram.  so CPU 
usage is a VERY big issue.  I'm sorry that i dont run linux with a Pentium 
4 2.0Ghz But my Server is not that, and CPU usage is a very big issue.

I have users that when the anti-spam rules were not there, they would 
recieve 500+messages a day of pure unsolicited spam (that's what spam is of 
course).

Now they recieve about 5 messages a day of spam, the system is alot happier 
since the actual load is lower then it has been in months.

BodyChecks are hard, and headerchecks are worse.  There is no perfect 
solution for SPAM, the problem is with SPAM is that you have a 'SPAMMER' 
who try's to make the mail look as legit as possible, then there are those 
who dont care and use some open-relay and send 4,000 messages out at once.

The problem isnt neccesarily the SPAM it's the Administrators that are not 
at the console updating sendmail/postfix/qmail so it stops relaying.

No one should have to worry about SPAM, Truthfully one could almost say we 
should sue the company's they refer us to.  Because obviously they're 
getting paid to spam, so why not recouperate our costs from the beneficiary 
of the SPAM.

But that's for another discussion.

>
> --
> Scott Lamb
>

Re: Sieve + RBL = SICK!

[Scott M Likens]

--On Friday, April 26, 2002 9:56 AM +0200 Luca Olivetti <[EMAIL PROTECTED]> 
wrote:

> Well, that's you. Maybe your users don't agree. Maybe they don't even
> *know* that they are losing *legitimate* email if you use some careless
> rbl blackole (like the maps llc service  -- I know, I've been blackholed
> for a while just because I dared to use an ADSL line to send my emails).
> If the policy you enforce affects you and only you, that's fine with me.
> If you are imposing your policies to unsuspecting user, which will likely
> lose legitimate emails without ever knowing it, that's wrong. Let the MTA
> mark the messages and let the users decide.

Well knowing i still get legitimate mail from .hotmail.com and other 
legitimate users i dont see a problem.  All my users are /QUITE/ Happy with 
the changes.  I notify them if there is any dropped mails and if they want 
i even go as far as added that mail server into the Postfix 'access' DB and 
allowing it to pass thru.  Which makes them happy.

I feel this way,  If you want service with a Junk Mail box to determine if 
it's spam or not, go sign up for hotmail.  I dont need the server littered 
with thousands of pieces of SPAM clogging both the network and the disk 
drive.

What happens if you get 500+ Spam a day and you dont check for 3days.  Then 
you have 500*3 sitting in your Inbox to check.  Now i dont know about you 
but i would rm my mailbox and start over.  I have no desire to go over 2000 
messages or 1500, or 400, or 30 trying to figure out what is legit or what 
is not.

If it passes thru the filters it has a decent chance of being solicited 
'SPAM'.  and that's just fine for me.  If the users want it great.

But dropping 2,000+messages a day due to my filters for just 3 users i am 
taking into account, is a great thing.  Ask anyone.

Your thinking to yourself if i do that i'll loose business.  To me it's as 
simple as if they dont want my service that is their choice.  There is tons 
of fish in the sea willing to pay money for a service that works well, that 
works fast, and doesnt have a clogged email.

If you want those Junk mail boxes, please see www.hotmail.com and signup 
today!

Re: Sieve + RBL = SICK!

[Scott M Likens]

--On Friday, April 26, 2002 1:25 PM -0700 julesa <[EMAIL PROTECTED]> wrote:

> Valid points have been brought up on all sides. Just adding my $0.02:
>
> From an administrative standpoint, it is *not* all right to lose
> potentially legitimate mail without notifying the sender, unless every
> user on your system has been made FULLY aware of the risk and agrees
> with the policy. That's almost impossible unless you're in a very small
> office. People just don't understand the issues. Believe it or not,
> e-mail is used for more important communication than sending recipes and
> copies of the BOFH files to your buddies.

True, it does suck to loose legitimate Mail.  But if on the condition the 
server is setup right, responds first with a proper helo or ehlo, is 
resolving and sends all the proper commands, it wont be rejected.  Usually 
you dont have a mail server that does not resolve.  A decently setup 
Exchange server can send mail to me.  (decently as in resolves and knows 
it's own hostname).  Sendmail is fine, so is postfix, and qmail.  Believe 
it or not i rarely loose any email.

>
> From a technical/efficiency standpoint, sieve should not have to check
> an external source of information before delivering a message. Inserting
> a header, and then letting the user use Sieve to either reject the
> messages, accept them, or file them into a Spam folder is the correct
> approach, IMHO.

Honestly i forsee the thought of Sieve having to check each message as it 
comes in, as a huge process and having to resolve the hosts and everything 
just compounds things.  Sieve is not a MTA, and i wish people would think 
about the processing power it might take for their choice.  That's all.

>
> -Jules
>
> On Fri, 2002-04-26 at 12:36, Scott M Likens wrote:
>> --On Friday, April 26, 2002 9:56 AM +0200 Luca Olivetti <[EMAIL PROTECTED]>
>> wrote:
>>
>> > Well, that's you. Maybe your users don't agree. Maybe they don't even
>> > *know* that they are losing *legitimate* email if you use some careless
>> > rbl blackole (like the maps llc service  -- I know, I've been
>> > blackholed for a while just because I dared to use an ADSL line to
>> > send my emails). If the policy you enforce affects you and only you,
>> > that's fine with me. If you are imposing your policies to unsuspecting
>> > user, which will likely lose legitimate emails without ever knowing
>> > it, that's wrong. Let the MTA mark the messages and let the users
>> > decide.
>>
>> Well knowing i still get legitimate mail from .hotmail.com and other
>> legitimate users i dont see a problem.  All my users are /QUITE/ Happy
>> with  the changes.  I notify them if there is any dropped mails and if
>> they want  i even go as far as added that mail server into the Postfix
>> 'access' DB and  allowing it to pass thru.  Which makes them happy.
>>
>> I feel this way,  If you want service with a Junk Mail box to determine
>> if  it's spam or not, go sign up for hotmail.  I dont need the server
>> littered  with thousands of pieces of SPAM clogging both the network and
>> the disk  drive.
>>
>> What happens if you get 500+ Spam a day and you dont check for 3days.
>> Then  you have 500*3 sitting in your Inbox to check.  Now i dont know
>> about you  but i would rm my mailbox and start over.  I have no desire
>> to go over 2000  messages or 1500, or 400, or 30 trying to figure out
>> what is legit or what  is not.
>>
>> If it passes thru the filters it has a decent chance of being solicited
>> 'SPAM'.  and that's just fine for me.  If the users want it great.
>>
>> But dropping 2,000+messages a day due to my filters for just 3 users i
>> am  taking into account, is a great thing.  Ask anyone.
>>
>> Your thinking to yourself if i do that i'll loose business.  To me it's
>> as  simple as if they dont want my service that is their choice.  There
>> is tons  of fish in the sea willing to pay money for a service that
>> works well, that  works fast, and doesnt have a clogged email.
>>
>> If you want those Junk mail boxes, please see www.hotmail.com and signup
>> today!
>>
>>
>>
>
>
>

Re: SuSE 7.3, IMAP 2.1.3, SASL 2.1.2 -> authentication problem

[Scott M Likens]

--On Sunday, April 28, 2002 7:53 PM +0800 Ronnie Kwok 
<[EMAIL PROTECTED]> wrote:

> I have looked back and perform the following act, and yet, I am still
> having the same error.
>
> What I have done was,
>
> 1. checked the permission setting of sasldb2
> 2.recreate the user in sasldb
> 3. Since I was a bit worried if my previous installation of Cyrus will
> affecting this "upgrade", I tried to install the same packages  on a
> newly installed Linux but still, I am having the same problem.
>
> in sasldblistusers, I can see the entry,
> cyrus@linux: userPassword
>
> I have tried "imtest" with localhost or linux as the hostname but both
> are giving me the same error as follows.
>
> linux:/etc # /usr/local/bin/imtest -a cyrus -u cyrus linux
> C: C01 CAPABILITY
> S: * OK linux Cyrus IMAP4 v2.1.3 server ready
> S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ NAMESPACE UIDPLUS ID
> NO_ATOMI C_RENAME UNSELECT CHILDREN MULTIAPPEND SORT
> THREAD=ORDEREDSUBJECT THREAD=REFEREN CES IDLE
> S: C01 OK Completed
> Password:
> C: L01 LOGIN cyrus {10}
> + go ahead
> C: 
> L01 NO Login failed: user not found
> Authentication failed. generic failure
> Security strength factor: 0
>
> Can someone kindly suggest what else I might have missed? I sense that I
> might have done something wrong during the  compilation (wrong
> compilation option given) but I cannot figure out what it is. And is the
> line of "Capability" a normal one?  Should I see any login/auth method
> from this line (I am using PLAINTEXT login)?
>
> Many thanks.

Have you used Cyradmn or WebCyradmn and created the mailbox for cyrus yet?

ie cm user.cyrus

listacl user.cyrus
Looks like it's Authenticating but since there's no mailbox for cyrus it's 
failing.

That's my thought.  How about some of the error messages from 
/var/adm/messages and dmesg?

Scott

RE: Re: SuSE 7.3, IMAP 2.1.3, SASL 2.1.2 -> authentication problem

[Scott M Likens]

If you want Plaintext you will need to disable CRAM and DIGEST and SRP/OTP.

--On Tuesday, April 30, 2002 12:34 AM -0400 "[EMAIL PROTECTED]" 
<[EMAIL PROTECTED]> wrote:

> Scott,
>
> Thanks for the help... I believe I will not aware there is such utility
> if you  don't tell me... =)

If you read the docs/install.html it would have told you :)


> Indeed, I am still encountering the same problem.. and please find
> what I have done below,
>
> 1. run mkimap as root (since error show up if I run as user cyrus)
> 2. chown -R cyrus:mail /var/imap, /var/spool/imap, /usr/sieve
> 3. run dohash as cyrus and see the following error message
>
> cyrus@uatwebmail:/home/ronnie/software/cyrus-imapd-2.1.3/tools> ./
> dohash
> Use of uninitialized value in string eq at (eval 1) line 9,  line
> 209.
> Use of uninitialized value in string eq at (eval 1) line 17,  line
> 209.
> Use of uninitialized value in string eq at (eval 1) line 25,  line
> 209.
> upgrading configuration directory /var/imap...user error: couldn't create
> a

Hmm would be nice to know what it couldn't create?


> And below please find the imapd.conf I am using,
>
> configdirectory: /var/imap
> partition-default: /var/spool/imap
> admins: cyrus
> allowanonymouslogin: no
> autocreatequota: 4
> reject8bit: no
> quotawarn: 90
> timeout: 30
> poptimeout: 10
> dracinterval: 0
> drachost: localhost
> sasl_pwcheck_method: auxprop
> allowplaintext: yes
> altnamespace: yes
> unixhierarchysep: yes
>
> I found that if I put anything other than auxprop in
> "sasl_pwcheck_method", I will see the error message of below,

Ok, and have you tried using test-saslauth.c?  It's in the saslauthd 
directory uncompiled, it's a simple compile.  Try it

It is simple to pass to, what it does is pipe it thru to saslauthd and give 
a yes or no answer on if the authentication passed.  Great for finding out 
if your Mech is right.

what's drachost/interval?

>
> cyrus@uatwebmail:/home/ronnie/software/cyrus-imapd-2.1.3/tools> /
> usr/local/bin/cyradm -u cyrus -a PLAIN localhost
> Login failed: no mechanism available at /usr/lib/perl5/site_perl/5.6.1/
> Cyrus/IMAP/Admin.pm line 110
> cyradm: cannot authenticate to server with PLAIN as cyrus
>
> but if I use "auxprop", I will see the following,
>
> cyrus@uatwebmail:/home/ronnie/software/cyrus-imapd-2.1.3/tools> /
> usr/local/bin/cyradm -u cyrus -a login localhost
> Login failed: authentication failure at
> /usr/lib/perl5/site_perl/5.6.1/Cyrus/ IMAP/Admin.pm line 110
> cyradm: cannot authenticate to server with login as cyrus
>
> If I change to use the following method,
> sasl_pwcheck_method: saslauthd
> allowplaintext: yes
>
> Recreate a new /etc/sasldb2 and try cyradm again, I see new problem.
>
> Apr 30 12:30:14 uatwebmail imapd[14389]: badlogin:
> localhost[127.0.0.1] plaintext ronnie SASL(-4): no mechanism
> available: checkpass failed
> Apr 30 12:30:17 uatwebmail imapd[14389]: unable to tell master 1:
> Broken pipe

Sounds like you dont have saslauthd -a shadow

running on the master and slaves.

> And please correct me if I am wrong. What I want to do with the
> password is, keep them as plaintext and use plaintext validation. Since
> I think this will be the most simple setup.

Plaintext is the most simple setup, it is also the most insecure setup. 
But it is also the only setup that will use /etc/shadow and /etc/passwd for 
the password retrieval.

> And one more question is,  what should I consider when I am using
> Sendmail to authenticate against the sasldb? Will plaintext work with
> Sendmail?

Plaintext will look also for sendmail, another user in the mailing list has 
been working with getting CRAM and DIGEST working.  But i believe he has 
PLAINTEXT fine.


Sincerely,

Scott

Re: Sieve + RBL = SICK!

[Scott M Likens]

--On Tuesday, April 30, 2002 7:42 PM -0400 James Ralston 
<[EMAIL PROTECTED]> wrote:

> For recent versions of sendmail, you can use the spamfriend/spamhater
> hooks in the accessdb to implement either one of these policies:
>
> 1.  Incoming mail from RBL-listed sites is rejected, except for
> spamfriend users.
>
> 2.  Incoming mail from RBL-listed sites is rejected only for
> spamhater users.
>
> You'll need to design a method for users to indicate their choice,
> though.
>
> Solutions probably exist for other versions of sendmail, and other
> MTAs.

Seen Many Solutions, Fortunatly a Aware Administrator can determine where 
the spam comes from.  Because more times then not, the spammer tries to 
send the mail directly to you.  Avoiding any and all relays, but then there 
are those that are getting smarter.

> I'm not the person to whom you addressed this question, but I'll
> answer it anyway:
>
> Because the receiving MTA is the only entity which knows the IP
> address of the relay.  Once the receiving MTA hands off the message to
> another MTA, that information is lost.
>
> Trying to determine the IP address of the relay by screen-scraping the
> receiving MTA's Received headers is an ugly, disgusting, error-prone,
> shameful hack.  It does not belong in Sieve; it does not belong in
> anything.
>
> If you want to accept/block mail based on the relay it comes from, do
> it at the MTA.  Don't tag at the MTA.  Don't file at the MTA.  Either
> accept or reject, period.  Provide a way for individual users to
> control the accept/reject behavior for mail destined to them.
>
> If you want to filter mail based on content, do it at the local
> (final) delivery agent.  Tag or file based on the content, but don't
> reject it.  Provide a way for individual users to customize the
> filters and their actions.

I dont think I could have said it better myself, in fact i know i couldnt. 
I'm just glad it was said.

Thank you!

Sincerely,

Scott M Likens

well...

[Scott M Likens]

Unfortunatly i upgraded to  Cyrus 2.1.4 and my backup didnt help when i 
attempted to restore it, i'm attempting to restore all the subfolders in 
the users inbox's and having a problem with the reconstruct command.

Quite Simply, it doesnt do folders.  Just the main directory, is there a 
way we can correct this?

Thanks

Re: cyradm: Permission Denied

[Scott M Likens]

--On Thursday, May 02, 2002 9:54 PM -0700 Robert Lasirona 
<[EMAIL PROTECTED]> wrote:

> I installed postfix with cyrus packages. I've gone through the HowTo and
> now I'm having problems adding the users mailboxes. This is what I've
> completed:
>
> - Installed postfix, cyrus-sasl-gssapi, cyrus-sasl-md5, cyrus-sasl-devel,
> cyrus-sasl-java, cyrus-sasl, cyrus-sasl-plain. - I've created all of the
> local accounts for the email clients.
> - Created the email passwords with sasl.
>
> When I execute, 'cyradm -u cyrus-adm localhost'. I enter my password and
> I get a prompt. I enter 'cm test' and I get the error, "createmailbox:
> Permission denied". I'm not exactly sure where the denial is coming from.
> I double checked the permissions in /var/imap, and /var/spool/mail. I
> can't seem to figure out why I'm getting this error.
>
> Help! Please!
>
>
>
> Thanks,
> Robert Lasirona
>
>

Well anyhow you'd prolly want to make it cm user.test

If you read the docs

I'd suggest chown -R cyrus:mail /var/spool/imap

I hope to god that you really dont have it stuck in /var/spool/mail since 
that is going to conflict with your BSDish mailboxes and that would be why 
you couldnt create the mailbox.

Since the file 'test' probobly exists.

Re: cyradm: Permission Denied

[Scott M Likens]

--On Friday, May 03, 2002 7:24 AM -0700 Robert Lasirona 
<[EMAIL PROTECTED]> wrote:

> Hi Scott,
>
> Thanks for the advice. I tried what you suggested, but with no luck. I'm
> still getting the 'Permission denied'. I went through the docs that are
> at www.postfix.org, 'cyrus+sasl'. That HowTo suggested 'cm user/test',
> with this format I got 'Invalid mailbox name'.
hmm i wonder why they said user/test?  I always did cm user.test

like cm user.damm cm user.lasirona

> I verified the owner and group on /var/spool/imap, the ownership and
> group is set as you suggest.

> I'm not sure where I'm stuck at, but if my mail system is stuck at
> /var/spool/mail. How do I find out if I messed up the permissions? And,
> What should they be?  I know in another HowTo, it suggests setting 'S'
> mode on directory. I believe that was in the imap directory. Do I need to
> do that with /var/spool/mail?

Well the +S Will definetly help if your running linux, or in FreeBSD they 
have their flag.

Your old BSD mailboxes are in var/spool/mail and you will need to forward 
all your mail thru Cyrus for your users to pick it up.

But also check your /var/log/messages

See if you find any db3-nosync/flat... Unable to open, or Open file 
/var/spool/imap/blah failed

Any hints you could give us would be a great help.

Re: sieveshell from 2.1.4 not looping through mechanisms ?

[Scott M Likens]

--On Friday, May 03, 2002 9:39 AM -0400 Rob Siemborski 
<[EMAIL PROTECTED]> wrote:

> On Fri, 3 May 2002, Simon Matter wrote:
>
>> I've just recompiled my RPMS of cyrus-imapd 2.1.4.
>> The changelog says that sieveshell should now loop through all SASL
>> mechanisms before giving up.

Ok i never tried Sieveshell on 2.1.3 so you'll have to bare with me.

I recently upgraded to 2.1.4 and i noticed on Solaris (SPECIFIC) that it 
wants the directory's both in upper case and lowercase in /var/imap/user 
and /usr/sieve

I found that once i created the proper directory's in /usr/sieve i had no 
problem authenticating with sieveshell.  Works great!

Check your /var/adm/messages because there is more then likely a message 
like db3-nosync unable to open file /usr/sieve/I/test

of course there is /usr/sieve/i but not I.

Remember un unices we have lower/uppercase differences.

Maybe that's something we should add to the script to create the 
upper/lowercase in all the directory's.  Same problem with quotas, and such.

Food for thought?

> I just tried it and it did indeed try KERBEROS_V4, fail, and then try
> GSSAPI, and succeed.

GSSAPI is our api that we use to talk to Kerberos_v4.  If you read back 
you'll find this the case.

>> but it still didn't work.
>
> Could you supply a network dump of what is going on?  Any log messages?
> Did you upgrade the server as well as the client (this is necessary).
>
> In any case, I'm not going to argue that you're seeing a probem?, but is
> there any reason that you removed the sasl_mech_list option if you can't
> support mechs other than PLAIN anyway?

Duplicates triplicates ...

[Scott M Likens]

Well i just wanted to say quite simply, i haven't gotten one Duplicate yet. 
Either Postfix is removing them, or something.  Because as i use Mulberry 
client and enjoy it very much, i see not one duplicate ever.

Maybe i did something really good for once.

Re: 'in-lining' a content_filter with delivery ...

[Scott M Likens]

--On Thursday, May 09, 2002 4:29 PM -0300 Henrique de Moraes Holschuh 
<[EMAIL PROTECTED]> wrote:

> On Thu, 09 May 2002, Marc G. Fournier wrote:
>> On Thu, 9 May 2002, Rob Siemborski wrote:
>> > On Thu, 9 May 2002, Marc G. Fournier wrote:
>> > > So, unless I'm overlooking something, is there some way of injecting
>> > > 'per user' options at the lmtp (and beyond) level?
>
> Looks like a job for a lmtp proxy.  Could I suggest we add a content
> filter hook in the lmtp proxy of Murder ?  Looks like the right place to
> add any sort of filterning that needs an user context, but is not
> available through sieve.
>
> The lmtp proxy would feed messages through a pipe and forward the
> resulting processed message to the lmtp backends for normal processing.

Actually that is a wonderful idea, for a method of Spamassassin and such. 
Using LMTP instead of Deliver, forward it to a Spamassassin Proxy then it 
forwards it to the real Cyrus LMTP server if the message is kept.

Why couldnt anyone think of this earlier.

Re: hosts.allow

[Scott M Likens]

In order to use hosts.allow you must enable TCP wrappers on Cyrus

Have you done this?

--On Thursday, May 09, 2002 10:46 PM +0200 Ede Wolf 
<[EMAIL PROTECTED]> wrote:

> Hello,
>
> I was wondering, what entries are needed for /etc/hosts.allow. Haven't
> found anything in the manpages. I tried "master and "imapd", still no
> connection was allowed (with ALL: ALL in hosts.deny). After all I was
> actually quite surprised than cyrus uses those at all. Running 2.0.16 on
> a slackware8 box.
>
> Thanks for any help
>
>

Re: cyrus imapd 2.0.16 w/ SSL problems

[Scott M Likens]

You know to be quite honest i get the same error message with mine no 
matter what, self signed, etc.

But i'll be honest, it works JUST fine in Mutt, and Mulberry which are my 
only SSL based applications i test it on.

Same error message as you, so i wouldnt worry as much about 'imtest'.  It's 
not foolproof, nor is it 100%.

--On Friday, May 10, 2002 10:41 AM -0500 Thaddeus Parkinson 
<[EMAIL PROTECTED]> wrote:

> Jason (and the rest of the Cyrusians out there),
>
> Thanks for the suggestions.  The new certs definately get me different
> messages.  Now I receive a 'verify error:num=27:certificate not trusted'
> on the CA file.  I think this might be a problem with imtest not trusting
> the CA, anybody have any idea of how to make it see the light?  'openssl
> verify' has no problem with them...
>
> However, it still continues past that and dies in the same spot it was
> before.  Still not sure if they're related; it's quite irksome.
>
> I have a new option today, though.  As if perhaps an answer to my prayers,
> the Fates released a new version of OpenSSL last night.  I'm going to
> upgrade to 0.9.6d.  Keep your fingers crossed that it'll miraculously cure
> all of my headaches.
>
> Thanks again,
> Thaddeus Parkinson
>
>

Re: compiling on OpenBSD

[Scott M Likens]

Obviously your Berkeley DB does /NOT/ have DB 1.85 Compatability compiled 
into it.

You might wanna download DB 3.29 (i believe is the latest) of the 3 series 
and build it with that.  Build with DB185 support, you more then likely 
will not need CXX.

Any idea why your disabling cyradm?  Off hand.

--On Thursday, May 09, 2002 11:54 PM +0200 Isak Lyberth <[EMAIL PROTECTED]> 
wrote:

> I have walked through the archives and done some googeling on this
> without finding anything relevant. I have a box wich runs OpenBSD 3.0 on
> a pentium 2 machine.
> When ever i make a:
>| configure --with-auth=unix --disable-cyradm
> make depen
>|| make all CFLAGS=-O|
>
> i get a error saying:
>### Making all in /usr/src/cyrus-imapd-1.6.24/imap
> gcc -L/usr/lib -R/usr/lib -L/usr/local/lib -R/usr/local/lib  -g -O2 -o
> dump_deliverdb dump_de iver.o libimap.a ../lib/libcyrus.a -lsasl -lssl
> -lcrypto  -lkrb -lfl   -ldes -lcom_err dump_deliver.o: Undefined symbol
> `___db185_open' referenced from text segment collect2: ld returned 1 exit
> status
> *** Error code 1
>
> Stop in /usr/src/cyrus-imapd-1.6.24/imap (line 137 of Makefile).
> *** Error code 1
>
> Stop in /usr/src/cyrus-imapd-1.6.24 (line 49 of Makefile).
>
> What do i do wrong?
>
> My mail server is a postfix server
>
> Regards Isak
>
>

Re: cyradm: cannot authenticate to server with as cyrus

[Scott M Likens]

Can you please give us more detail.

Like how about what error messages in /var/adm/messages

Why did it fail to authenticate, no saslauthd running, unable to access a 
directory...
what?



--On Monday, May 13, 2002 7:35 AM +0800 Jim Worke <[EMAIL PROTECTED]> wrote:

> I've set up  my RedHat 7.3 box with LDAP, authenticating users through
> PAM.   I've created the cyrus user in /etc/passwd (as with my postfix,
> root etc  users).
>
> I've changed cyrus's password (but not sasldbpasswd, because I don't use
> /etc/sasldb.  I authenticate through PAM).
>
> Here's my /etc/imapd.conf:
> configdirectory: /var/imap
> partition-default: /var/spool/imap
> admins: cyrus
> allowanonymouslogin: no
>
># To use the PAM for authentication (but not /etc/passwd or shadow), change
># the following line to specify "pam" instead of "sasldb".
> sasl_pwcheck_method: pam
>
> When I run (as user cyrus) "cyradm localhost", it gives me an error:
> cyradm: cannot authenticate to server with  as cyrus
>
> Did I miss something?
>

Re: cyradm: cannot authenticate to server with as cyrus

[Scott M Likens]

How about /var/log/messages or /var/log/syslog.  Either one of those files

I'm looking for what syslogd is logging, because Cyrus should be giving 
error messages and we need to find out what those are.

Saslauthd is required for PAM authentication, LDAP, etc etc.  Unless you 
use the DB plaintext file /etc/sasldb2 you are required to run the 'pw 
check daemon' which in SASLv2 is saslauthd.

I'm assuming you are using LDAP still, so you would do saslauthd -a pam

Althought you can try 2.1.3-BETA's LDAP support built in.  Might work 
better.



--On Monday, May 13, 2002 8:30 AM +0800 Jim Worke <[EMAIL PROTECTED]> wrote:

> So sorry.  I'm new to cyrus imap.
>
> My log is empty (I'm looking at /var/imap/log directory and
> /var/log/imapd.log  file.  In Redhat, I can't find /var/adm directory).
> And I don't know how to  increase the debug level.  That's why I don't
> know what's happenning..
>
> I didn't have saslauthd running.  I followed the Cyrus-IMAP HowTo and
> there's  no mention about this?
>
> On Monday 13 May 2002 7:50 am, Scott M Likens wrote:
>> Can you please give us more detail.
>>
>> Like how about what error messages in /var/adm/messages
>>
>> Why did it fail to authenticate, no saslauthd running, unable to access a
>> directory...
>> what?
>>
>> --On Monday, May 13, 2002 7:35 AM +0800 Jim Worke <[EMAIL PROTECTED]>
>> wrote:
>> > I've set up  my RedHat 7.3 box with LDAP, authenticating users through
>> > PAM.   I've created the cyrus user in /etc/passwd (as with my postfix,
>> > root etc  users).
>> >
>> > I've changed cyrus's password (but not sasldbpasswd, because I don't
>> > use /etc/sasldb.  I authenticate through PAM).
>> >
>> > Here's my /etc/imapd.conf:
>> > configdirectory: /var/imap
>> > partition-default: /var/spool/imap
>> > admins: cyrus
>> > allowanonymouslogin: no
>> >
>> ># To use the PAM for authentication (but not /etc/passwd or shadow),
>> > change # the following line to specify "pam" instead of "sasldb".
>> > sasl_pwcheck_method: pam
>> >
>> > When I run (as user cyrus) "cyradm localhost", it gives me an error:
>> > cyradm: cannot authenticate to server with  as cyrus
>> >
>> > Did I miss something?
>
>

Re: vacation script with optional(??) address parameter

[Scott M Likens]

Mike, you do realize that the Vacation script only replies once.

It will not reply multiple times to the same address.  Idea is you tell the 
user _ONCE_ that you are on vacation, not 500x.

If you set it up with the mailing list for example, each message you get 
would reply with a vacation message.

So if there was 25messages on the info-cyrus list, there would be 25 
vacation replies.  Thus doubling the list.  Chances are the vacation 
replies would also get posted and vacationed again creating an infinate 
loop, getting yourself permently ejected from said list.

The Vacation Sieve script is simple and your setting it up right.

What your looking for is a automatic response which as you said you got 
once, and it wont give it to you again.

Does this help any?

--On Sunday, May 12, 2002 11:41 PM -0500 Mike Grommet 
<[EMAIL PROTECTED]> wrote:

> Hi list.
>
> I'm trying to get a vacation script up and running...
>
> In this form, the script works fine:
>
> require "vacation";
> vacation :days 1:addresses
> ["[EMAIL PROTECTED]","[EMAIL PROTECTED]"] text:
> **AUTOGENERATED MESSAGE**
>
> Test!!!
> .
>
>
>
> Now, when I try to leave the address parameter off, so that it will use
> the smtp envelope for the return "From" address, the script doesnt seem
> to work. No errors seem to be apparent either... We are using a stock
> 2.0.16 Cyrus install...
>
> Perhaps I'm misreading how the address param should be used, or maybe I'm
> just not understanding how things should work when the address param is
> absent.
>
> Could someone provide a syntactically correct example of a small vacation
> script that doesn't use the address param?
> Any other pointers would be dandy as well :)
>
>
>
>
>
>
>

Re: Pb with backup

[Scott M Likens]

well unfortunatly you have to make sure the permissions on the user 
directory is still cyrus:mail

If you dont do it with EVERYTHING as that, reconstruct will 'IGNORE' the 
message and continue on.

do a chown -R cyrus:mail /var/spool/imap/user/*

then reconstruct.  Should find all the folders and messages

(personal experience talking here)

--On Monday, May 13, 2002 11:43 AM +0200 Jean-Marc Delpech 
<[EMAIL PROTECTED]> wrote:

> Hi,
>
> I make a tar of /var/spool/imap/user every week from my imap server to a
> snap server (this sort of backup never delete old files on the snap server
> but only add). So when I want to restore an user, first I create the same
> user and after I restore from the snap server all his old files and
> directory. Second I make a "reconstruct". Third I make a "recontruct -f -r
> user.xx_y"
>
> After I connect Eudora ( or Outlook, or anythings else) to this user
> without any pb but I see all the directory and no files in it ! Do you no
> know what must I do to see all the mails in the folders ?
>
> Many thks for yr answers.
>
> Rgds/Jean-Marc
>
> cyrus imapd 2.0.11
> - cyrus sasl 1.5.24
> - db 3.1.17
>
>
>

Re: Cyrus continues to stop working.. no fix available?

[Scott M Likens]

--On Monday, May 13, 2002 3:08 PM -0500 Dustin Puryear <[EMAIL PROTECTED]> 
wrote:

> We continue to have problems with Cyrus. Another poster mentioned they
> have the same problem, but also didn't get any responses. Would one of
> the developers please investigate if this is a bug? What's going on? This
> is a real show stopper for us, and apparently for others as well.
I haven't noticed that really

>
> Okay, we have Cyrus installed on FreeBSD 4.4-RELEASE:
>
> cyrus-imapd-2.0.16_1 The cyrus mail server, supporting POP3 and IMAP4
> protocols cyrus-imapd-2.0.16_2 The cyrus mail server, supporting POP3 and
> IMAP4 protocols cyrus-sasl-1.5.24_7 RFC  SASL (Simple Authentication
> and Security Layer) cyrus-sasl-1.5.24_8 RFC  SASL (Simple
> Authentication and Security Layer) cyrus-sasl-1.5.27_2 RFC  SASL
> (Simple Authentication and Security Layer)

So you are running Cyrus IMAPD 2.0.16 with Cyrus SASLv1 1.5.24_7?

That's a litttle odd why not 2.1.2 or 2.1.3-BETA?

> Every once in a while Cyrus stops responding to connections. Now, it does
> ACCEPT the connection, but it doesn't seem to send. Okay, so lets say
> that I stop Cyrus and it happens to work:

> working..
> mercury# telnet mars 110
> Trying 10.0.0.5...
> Connected to mars.actioncore.com.
> Escape character is '^]'.
> +OK <[EMAIL PROTECTED]> Cyrus POP3 v2.0.16 server
> ready
>
> I get a new pop3d process:
>
> cyrus1537  0.0  0.8 18836 2128  p0  S 9:52PM   0:00.03 pop3d:
> pop3d: mercury.actioncore.com[10.0.0.1]   (pop3d)
>
> And a TCP connection:
>
> mars# netstat -f inet -ln | grep 10.0.0.1
> tcp4   0  0  10.0.0.5.110   10.0.0.1.2060
> ESTABLISHED
>
> If I wait a few seconds to several minutes, Cyrus stops working:
>
> mercury# telnet mars 110
> Trying 10.0.0.5...
> Connected to mars.actioncore.com.
> Escape character is '^]'
> ^C
>
> And the connection does exist (the connection was made from 10.0.0.1):
>
> mars# netstat -f inet -ln | grep 10.0.0.1
> tcp4 0 0 10.0.0.5.110 10.0.0.1.2057 ESTABLISHED
>
> Something I did notice is that when I run lsof that lsof seems to stall
> after it hits some for the pop3d processes. Not sure if that is important
> or just a fluke.
>
> What can we do to debug this further? What are some possible issues here
> to consider? DNS? Corrupted database files? What?
>
> Regards, Dustin

Well You know without further information like running gdb on the process, 
or giving us some detail from /var/log/messages and such.

We wont be able to help you, ie is cyrus attempting to run recover over and 
over again and failing?

As you wrote a very nice message, it lacked the common information required 
to help.

I Had attempted to do LMTP with Postfix ...

[Scott M Likens]

I had attempted to do LMTP with Postfix, but got an interesting error.

Can anyone help me?  I would prefer to use LMTP over the Deliver Command if 
possible.

Thanks

May 13 15:52:32 shell postfix/lmtp[21546]: [ID 197553 mail.info] 
614D48A84E: to=<[EMAIL PROTECTED]>, relay=shell.bourg.net[207.229.76.2], 
delay=1, status=deferred (host shell.bourg.net[207.229.76.2] said: 430 
Authentication required)

anyone might know what it meant by that?  and what i can do to correct this.

I enabled LMTP in the cyrus.conf and reloaded master so this is the LMTP 
for cyrus.

But obviously i dont know what it means by auth required.

Also has anyone seen this with the new postfix 1.1.9-Experimental?

May 13 15:39:38 shell postfix/lmtp[17534]: [ID 947731 mail.warning] 
warning: spurious attribute sender in input from lmtp socket

Thanks

Re: TLS error? cyrus-imapd-2.1.4

[Scott M Likens]

If you look in the Archive thru whatever web mailing list you wish, there 
was someone who had mentioned using openssl how to create the CA, the key, 
and cert.

Look it up, it'd be worth your time.

--On Tuesday, May 14, 2002 7:33 PM -0700 jeff bert 
<[EMAIL PROTECTED]> wrote:

> I've gotten cyrus-imapd-2.1.4 working with the unencrypted ports and have
> now moved to getting the secure ports working.  I created a self-signed
> certificate using:
>
> [root@jabba imap]# openssl req -new -x509 -days 365 -nodes -config
> /usr/lib/ssl/openssl.cnf -out cyrus-imapd.pem -keyout cyrus-imapd.pem
>
> and entering the information.
>
> My imapd.conf file has:
>
> tls_cert_file: /var/imap/cyrus-imapd.pem
> tls_key_file: /var/imap/cyrus-imapd.pem
>
> And it seems to work but there is a delay of about 30 seconds when I
> connect for the first time in an email clients session in my imapd log
> file:
>
> May 14 19:20:33 jabba imap3d[2648]: TLS engine: cannot load CA data
>
> after that it works...
>
> Is this an error I need to be concerned about or is this just the result
> of self-siging the certificate?
>
> Thanks,
>
> Jeff Bert
>
>

Re: I Had attempted to do LMTP with Postfix ...

[Scott M Likens]

So then i can assume it would be more proper to do LMTP over Unix Socket? 
I can do either, i just am trying to find the best method to do this.

Thanks


--On Wednesday, May 15, 2002 8:10 AM -0500 Amos Gouaux 
<[EMAIL PROTECTED]> wrote:

>>>>>> On Tue, 14 May 2002 12:09:14 -0600,
>>>>>> Scott M Likens <[EMAIL PROTECTED]> (sml) writes:
>
> sml> May 13 15:52:32 shell postfix/lmtp[21546]: [ID 197553 mail.info]
> sml> 614D48A84E: to=<[EMAIL PROTECTED]>,
> sml> relay=shell.bourg.net[207.229.76.2], delay=1, status=deferred (host
> sml> shell.bourg.net[207.229.76.2] said: 430 Authentication required)
>
> Ugh, README_FILES/LMTP_README really does need updating.  I should
> try to do that during our inter-session.  Anyway, if you're doing
> LMTP over a TCP connection, you'll either need to use LMTP-AUTH
> (like SMTP-AUTH), or use the "-a" flag as in:
>
> SERVICES {
> ...
> lmtp cmd="lmtpd -a" listen="[127.0.0.1]:lmtp" prefork=0
> ...
> }
>
> Though, if you use the "-a" flag, be sure to restrict access to
> this LMTP server.  This can be done by either binding to a specific
> IP address as done above and/or by using tcp_wrappers.
>
> sml> Also has anyone seen this with the new postfix 1.1.9-Experimental?
>
> sml> May 13 15:39:38 shell postfix/lmtp[17534]: [ID 947731 mail.warning]
> sml> warning: spurious attribute sender in input from lmtp socket
>
> Not yet.  I was waiting for the dust to settle a bit before trying
> latest Postfix snapshot/release.
>
> --
> Amos
>
>

Re: I Had attempted to do LMTP with Postfix ...

[Scott M Likens]

Ahh...

Since the LMTP is well quite out of date i'm more or less trying to figure 
out the password maps and everything i would need to setup.  I guess i'll 
wait for someone to update it and take another crack at it.

--On Wednesday, May 15, 2002 5:48 PM -0500 Amos Gouaux 
<[EMAIL PROTECTED]> wrote:

>>>>>> On Thu, 03 Jan 2002 13:23:55 -0700,
>>>>>> Scott M Likens <[EMAIL PROTECTED]> (sml) writes:
>
> sml> So then i can assume it would be more proper to do LMTP over Unix
> sml> Socket? I can do either, i just am trying to find the best method to
> sml> do this.
>
> The properness depends on your environment.  TCP is handy if using
> separate boxes for Cyrus and MTA.  Using TCP also makes it easier
> to take advantage of single instance delivery.  (The local delivery
> agent in Postfix can only deliver one recipient at a time.)
>
> --
> Amos
>
>

RE: TLS error? cyrus-imapd-2.1.4

[Scott M Likens]

Actually the proper way is this,

Quite good url on how to be your Own CA

http://www.aet.tu-cottbus.de/personen/jaenicke/postfix_tls/doc/myownca.html

Look it up, modify it so you dont use des based pem's...

See mine is like this (imapd.conf)

tls_cert_file: /var/imap/cert.pem
tls_key_file: /var/imap/key.pem
tls_ca_file: /var/imap/CAcert.pem

Works flawlessly.  Of course it's self signed, but i haven't had a problem 
with a client complaining about that yet.

--On Wednesday, May 15, 2002 4:35 PM -0700 Jeff Bert 
<[EMAIL PROTECTED]> wrote:

>> If you look in the Archive thru whatever web mailing list you wish, there
>> was someone who had mentioned using openssl how to create the CA,
>> the key,
>> and cert.
>>
>> Look it up, it'd be worth your time.
>>
>
> No thanks, I wasn't asking for a HOWTO but for others' experiences.
>
> I had already read the cyrus-imapd documentation and it only recommends
> using:
>
> tls_cert_file: /var/imap/cyrus-imapd.pem
> tls_key_file: /var/imap/cyrus-imapd.pem
>
> but I have found that if I add:
>
> tls_ca_file: /var/imap/cyrus-imapd.pem
>
> with the way I created the cert it works flawlessly.
>
> Jeff
>
>
>> --On Tuesday, May 14, 2002 7:33 PM -0700 jeff bert
>> <[EMAIL PROTECTED]> wrote:
>>
>> > I've gotten cyrus-imapd-2.1.4 working with the unencrypted
>> ports and have
>> > now moved to getting the secure ports working.  I created a self-signed
>> > certificate using:
>> >
>> > [root@jabba imap]# openssl req -new -x509 -days 365 -nodes -config
>> > /usr/lib/ssl/openssl.cnf -out cyrus-imapd.pem -keyout cyrus-imapd.pem
>> >
>> > and entering the information.
>> >
>> > My imapd.conf file has:
>> >
>> > tls_cert_file: /var/imap/cyrus-imapd.pem
>> > tls_key_file: /var/imap/cyrus-imapd.pem
>> >
>> > And it seems to work but there is a delay of about 30 seconds when I
>> > connect for the first time in an email clients session in my imapd log
>> > file:
>> >
>> > May 14 19:20:33 jabba imap3d[2648]: TLS engine: cannot load CA data
>> >
>> > after that it works...
>> >
>> > Is this an error I need to be concerned about or is this just the
>> > result of self-siging the certificate?
>> >
>> > Thanks,
>> >
>> > Jeff Bert
>> >
>> >
>>
>>
>>
>>
>
>

Re: I Had attempted to do LMTP with Postfix ...

[Scott M Likens]

lol sorry.. Clock seems to be resetting for some reason on my computer and 
i'm not sure why.

Battery is fine and all... just every time i reboot it looses it.

--On Thursday, May 16, 2002 1:49 AM +0200 Luc Brouard 
<[EMAIL PROTECTED]> wrote:

> Please change your system time (date !) ...
>
> On Thu, Jan 03, 2002 at 05:27:10PM -0700, Scott M Likens wrote:
>
> Thanks
>
> Luc

Re: I Had attempted to do LMTP with Postfix ...

[Scott M Likens]

Yeah i noticed.  But I find it a little nicer.

Just used lmtp:unix:/var/imap/socket/lmtp

Seems to work just dandy actually, much easier then TCP.  Althought to be 
honest TCP isnt a bad idea, having postfix on 1 server accepting the mail 
and sending it to another server for storage.

Of Course having postfix as the backup transport.  You learn something new 
every day, can almost put this on my resume by now.

Thanks btw.


--On Wednesday, May 15, 2002 10:40 PM -0500 Amos Gouaux 
<[EMAIL PROTECTED]> wrote:

>> On Wed, 15 May 2002 20:04:27 -0300,
>> Henrique de Moraes Holschuh <[EMAIL PROTECTED]> (hdmh) writes:
>
> hdmh> On Wed, 15 May 2002, Amos Gouaux wrote:
>>> to take advantage of single instance delivery.  (The local delivery
>>> agent in Postfix can only deliver one recipient at a time.)
>
> hdmh> Well, use the lmtp transport, then. It can deliver through an unix
> socket hdmh> just fine.
>
> If you use mailbox_transport, you'll still only get one recipient at
> a time.  I don't recall if that's also true with local_transport.
> I think it is.
>
> However, if there's not a high probability that you'll see lots of
> mail addressed to many recipients on the same Cyrus partition, then
> it's a mute point.
>
> --
> Amos
>

Re: pam-ldap error: unrecognized plaintext verifier PAM

[Scott M Likens]

Try using saslauthd as your verifier and run saslauthd -a pam

Should cure you.

--On Thursday, May 16, 2002 3:03 PM +0800 LiuJinhui 
<[EMAIL PROTECTED]> wrote:

>
>   I have configure smtp-auth via PAM-ldap in my server.
> So I think there is no problem with pam-ldap.
>   But when I configure my cyrus-imap to authorize via
> PAM-ldap,I got the error in log:
>
>   May 16 14:56:53 test1 imapd[22815]: unrecognized plaintext verifier PAM
>
> ~ my /etc/imap.conf
>
> configdirectory: /var/imap
> defaultpartition: default
> hashimapspool: yes
> partition-default: /var/spool/imap
> admins: root
> servername: mail.net.dlut.edu.cn
> allowplaintext:yes
> allowanonymouslogin: no
> quotawarn: 90
> defaultacl: anyone lrs
> sievedir:/usr/sieve
> sasl_pwcheck_method: PAM
>
>
>
>
> LiuJinhui
> [EMAIL PROTECTED]
> 2002-05-16
>
>

What is wrong with ASMTP with SASLv2? (Was Re: FYI:pop-before-smtp works with cyrus-imapd-2.1.4)

[Scott M Likens]

<10 cents>
I'll be honest I had the relay problem, so i just enabled ASMTP with 
SASLv2, and after figuring out all the options.

It works GREAT!  All my users can relay without me adding 1 single rule for 
insecurity.  I believe most E-Mail Clients that are WYSWIG or GUI Support 
ASMTP, unfortunatly i'm not sure pine/mutt does so you gotta set your email 
address right becuause those usually sendmail so it's not an issue as much. 
But of course you can configure postfix to relay against only 1 server and 
use TLS/ASMTP if you so choose.

Point is this, Relaying is a MTA/MUA thing and i see no use to using the 
extra process when you can use the internal ASMTP in postfix and be happy.

I'm also quite aware that the SASLv2 patch works for sendmail.

Thanks for my 10cents



Scott

--On Monday, May 20, 2002 8:51 AM -0700 Ron Kuris <[EMAIL PROTECTED]> wrote:

> Hi,
>
> Yes, this is a better solution than my hack, although I wish it weren't
> a separate process.
>
> Ron
>
> On Sun, 2002-05-19 at 15:56, Henrique de Moraes Holschuh wrote:
>> On Sun, 19 May 2002, Amos Gouaux wrote:
>> > Precisely why we use DRAC.
>> >
>> > rk> My recent patch just updates access.db directly.  No separate
>> > process is rk> required.
>> >
>> > While a separate process is required for DRAC, the nice thing about
>> > it is that it will clear out entries after some configurable amount
>> > of time.
>>
>> And it will work on Murder clusters just as well, which made it suitable
>> for default inclusion in Cyrus IMAPd for Debian, too.
>>
>> --
>>   "One disk to rule them all, One disk to find them. One disk to bring
>>   them all and in the darkness grind them. In the Land of Redmond
>>   where the shadows lie." -- The Silicon Valley Tarot
>>   Henrique Holschuh
>>
>>
>
>



---

"If Thyne Eyes Deceivee Thee, Pluck Them Out".

RE: What is wrong with ASMTP with SASLv2?

[Scott M Likens]

You can easily use TLS with ASMTP, but to be quite honest.

Plaintext is not plaintext

If you read the SASL_README on postfix it explains PLAIN is 
base64("\0user\0user\0password");

So Plaintext isnt plaintext.  Sorry to inform you that, it also supports 
CRAM-MD5 and DIGEST-MD5 just like your IMAP server does.

food for thought


--On Monday, May 20, 2002 9:43 AM -0700 Jeff Bert <[EMAIL PROTECTED]> 
wrote:

> my <1 cent> is that I use plaintext passwords and don't like the idea that
> their password is transmitted whenever they're sending mail.  I only use
> POP3S/IMAPS.  I messed around with SMTPS but that was back in my totally
> newbie days (now I'm a newbie+) and never got it working so I just moved
> onto the pop-before-smtp idea.
>
> If you could let me in on the workings or SMTPS and SMTP AUTH I'd be
> willing to give it a try again.
>
> Jeff
>
>> -Original Message-
>> From: [EMAIL PROTECTED]
>> [mailto:[EMAIL PROTECTED]]On Behalf Of Scott M
>> Likens
>> Sent: Monday, May 20, 2002 9:19 AM
>> To: Ron Kuris; Henrique de Moraes Holschuh
>> Cc: [EMAIL PROTECTED]
>> Subject: What is wrong with ASMTP with SASLv2? (Was Re: FYI:
>> pop-before-smtp works with cyrus-imapd-2.1.4)
>>
>>
>> <10 cents>
>> I'll be honest I had the relay problem, so i just enabled ASMTP with
>> SASLv2, and after figuring out all the options.
>>
>> It works GREAT!  All my users can relay without me adding 1
>> single rule for
>> insecurity.  I believe most E-Mail Clients that are WYSWIG or GUI Support
>> ASMTP, unfortunatly i'm not sure pine/mutt does so you gotta set
>> your email
>> address right becuause those usually sendmail so it's not an
>> issue as much.
>> But of course you can configure postfix to relay against only 1
>> server and
>> use TLS/ASMTP if you so choose.
>>
>> Point is this, Relaying is a MTA/MUA thing and i see no use to using the
>> extra process when you can use the internal ASMTP in postfix and be
>> happy.
>>
>> I'm also quite aware that the SASLv2 patch works for sendmail.
>>
>> Thanks for my 10cents
>>
>> 
>>
>> Scott
>>
>> --On Monday, May 20, 2002 8:51 AM -0700 Ron Kuris <[EMAIL PROTECTED]> wrote:
>>
>> > Hi,
>> >
>> > Yes, this is a better solution than my hack, although I wish it weren't
>> > a separate process.
>> >
>> > Ron
>> >
>> > On Sun, 2002-05-19 at 15:56, Henrique de Moraes Holschuh wrote:
>> >> On Sun, 19 May 2002, Amos Gouaux wrote:
>> >> > Precisely why we use DRAC.
>> >> >
>> >> > rk> My recent patch just updates access.db directly.  No separate
>> >> > process is rk> required.
>> >> >
>> >> > While a separate process is required for DRAC, the nice thing about
>> >> > it is that it will clear out entries after some configurable amount
>> >> > of time.
>> >>
>> >> And it will work on Murder clusters just as well, which made
>> it suitable
>> >> for default inclusion in Cyrus IMAPd for Debian, too.
>> >>
>> >> --
>> >>   "One disk to rule them all, One disk to find them. One disk to bring
>> >>   them all and in the darkness grind them. In the Land of Redmond
>> >>   where the shadows lie." -- The Silicon Valley Tarot
>> >>   Henrique Holschuh
>> >>
>> >>
>> >
>> >
>>
>>
>>
>> ---
>>
>> "If Thyne Eyes Deceivee Thee, Pluck Them Out".
>>
>>
>



---

"If Thyne Eyes Deceivee Thee, Pluck Them Out".

RE: What is wrong with ASMTP with SASLv2?

[Scott M Likens]

That is Trivial, but most people arnt going to spend the time to decrypt 
each password.

Most hackers would rather just look that the ones that are easy to see, and 
not care about the ones that arnt.

But that of course is my experience, unless he really wants into your 
mailbox, and if he does i doubt TLS is gonna bug him one bit either.

--On Monday, May 20, 2002 2:35 PM -0400 Rob Siemborski 
<[EMAIL PROTECTED]> wrote:

> On Mon, 20 May 2002, Scott M Likens wrote:
>
>> You can easily use TLS with ASMTP, but to be quite honest.
>>
>> Plaintext is not plaintext
>>
>> If you read the SASL_README on postfix it explains PLAIN is
>> base64("\0user\0user\0password");
>
> This doesn't change the fact that it's a trivial matter for an
> eavesdropper to get the password if PLAIN is used without TLS protection.
>
> -Rob
>
> -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
> Rob Siemborski * Andrew Systems Group * Cyert Hall 235 * 412-268-7456
> Research Systems Programmer * /usr/contributed Gatekeeper
>
>



---

"If Thyne Eyes Deceivee Thee, Pluck Them Out".

Re: Mail status

[Scott M Likens]

Actually I found the hash incorrect for both sieve and cyrus in the 
user/quota directory's.

What i did is patch'd the mkimap and dohash scripts.

Attached you'll find what i did, i implemented a FULL hash and found that 
the directory's created by the scripts were in-adequite for my needs, and 
cyrus couldnt handle it.

It was basically looking for directory's in uppercase, when they were 
lowercase, so what i did is modified the scripts to create both upper and 
lowercase on both sieve and quota and user directory's.

Which is the problem usually when messages suddenly become new.  If you 
have *.debug /var/log/debug.log enabled in syslogd which i suggest

You would have found something like this

May  2 04:16:00 shell imapd[12087]: [ID 136705 local6.error] IOERROR: 
opening /var/imap/user/S/darius.seen: No such file or directory
May  2 04:16:00 shell imapd[12087]: [ID 729713 local6.error] DBERROR: 
opening /var/imap/user/S/darius.seen: cyrusdb error
May  2 04:16:00 shell imapd[12087]: [ID 844790 local6.error] Could not open 
seen state for darius (System I/O error)

If you notice the path is /var/imap/user/S not /var/imap/user/s you will 
take note that by default S is not created, we need to create it.  Once we 
create it, darius.seen can be written and suddenly your messages will be 
sent to you proplery

Maybe it's something that Rob needs to take a look at why it's requesting 
these directory's.

But anyhow here's my little patch's i hope this helps.


--On Tuesday, May 21, 2002 2:10 PM +0200 Luca Olivetti <[EMAIL PROTECTED]> 
wrote:

> Russell Packer wrote:
>> Hi,
>>
>> I get strange behaviour using Microsoft Outlook - the status for various
>> e-mail messages seems to change rather randomly. I will mark messages as
>> being read, then 5/10 minutes later they will suddenly be marked as
>> 'unread' (IMAP). Others in the company have remarked upon it as well.
>>
>> Has anyone else experienced this behaviour? What can I look at to tell
>> what cyrus is doing?
>
> I have experienced the same problem with mozilla, see
> http://asg.web.cmu.edu/archive/message.php?mailbox=archive.info-cyrus&msg
> =13859 Alec H. Peterson suggested a solution here
> http://asg.web.cmu.edu/archive/message.php?mailbox=archive.info-cyrus&msg
> =13890 so I made a patch with a new runtime option to implement what he
> said. At first it seemed to work but then the problem resurfaced after a
> week of use. Now I switched to using skiplist instead of flat for the
> seen database and so far it works, but who knows, maybe in a couple of
> days it'll break again.
>
>
> --
> Luca Olivetti
> Wetron Automatización S.A. http://www.wetron.es/
> Tel. +34 93 5883004  Fax +34 93 5883007
>



---

"If Thyne Eyes Deceivee Thee, Pluck Them Out".


dohash.diff
Description: Binary data


mkimap.diff
Description: Binary data

Re: Secure Imap Problems

[Scott M Likens]

Out of Curiosity do you have OpenSSL installed by any chance, and if so 
what Version and did you build Cyrus 2.x.x whatever with SSL Compatability 
in it?

Thanks


--On Tuesday, May 21, 2002 12:17 PM -0700 Phil Dibowitz <[EMAIL PROTECTED]> 
wrote:

> Galen Johnson wrote:
>
>> you have to create them yourself...check out:
>>
>> http://www.ncsu.edu/imap/admin/sslcyrus.html
>
>
> Either I wasn't clear, or you didn't read my post carefully.
>
> I created the certs.
>
> What's not there is THE TLS OPTIONS IN THE MAN PAGE.
>
>
> Phil
> --
> "They that can give up essential liberty to obtain a little temporary
> safety deserve neither liberty nor safety." -Benjamin Franklin, 1759
>



---

"If Thyne Eyes Deceivee Thee, Pluck Them Out".

RE: SSL/TLS

[Scott M Likens]

*sigh*

Telnet to your imap port and please verify that the STARTTLS command 
exists...

Easiest way to do that instead of doing . logout

do . starttls

Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
* OK shell Cyrus IMAP4 v2.1.4 server ready
. starttls
. OK Begin TLS negotiation now

like that

*bleh*

Stop using imtest like a golden rule folks.  Use an ACTUAL mail client to 
test things!!!

--On Wednesday, May 22, 2002 12:58 AM -0400 Lee Hoffman 
<[EMAIL PROTECTED]> wrote:

> Here is my imapd.conf:
>
> configdirectory: /var/imap
> partition-default: /var/spool/imap
> admins: adminuser
> sasl_pwcheck_method: PAM
>
> tls_cert_file: /var/imap/server.pem
> tls_key_file: /var/imap/server.pem
>
> (/var/imap/server.pem exists and is readable by the cyrus user)
>
> ok running:  'imtest -t "" -u lee -a lee -r servername.com
> servername.com' gets auth working, but still no STARTTLS:
>
> C: C01 CAPABILITY
> S: * OK servername.com Cyrus IMAP4 v2.0.16 server ready
> S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ NAMESPACE UIDPLUS ID
> NO_ATOMIC_RENAME UNSELECT MULTIAPPEND SORT THREAD=ORDEREDSUBJECT
> THREAD=REFERENCES IDLE
> S: C01 OK Completed
> Password:
> C: L01 LOGIN lee {8}
> + go ahead
> C: 
> L01 OK User logged in
> Authenticated.
> Security strength factor: 0
>
> Any other ideas?
>
> Lee
>
>
> -Original Message-
> From: Jeff Bert [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, May 22, 2002 12:28 AM
> To: Lee Hoffman; [EMAIL PROTECTED]
> Subject: RE: SSL/TLS
>
> did you add these to your imapd.conf:
>
> tls_ca_path: /path-to-ca-folder/
> tls_ca_file: /path-to-ca-file/
> tls_cert_file: /path-to-cert-file/
> tls_key_file: /path-to-key-file/
>
> ?
>
>> -Original Message-
>> From: [EMAIL PROTECTED]
>> [mailto:[EMAIL PROTECTED]]On Behalf Of Lee Hoffman
>> Sent: Tuesday, May 21, 2002 8:21 PM
>> To: [EMAIL PROTECTED]
>> Subject: SSL/TLS
>>
>>
>> Hey all,
>> I'm trying to get SSL/TLS working on cyrus 2.0.16. I followed the
>> instructions to a "T" to create the certificate. I also compiled cyrus
>> -with-ssl=/usr/local/ssl (the latest version of openssl is installed,
>> and working with the sshd daemon). Anyway, cyrus (which is
>> authenticating off PAM/ldap) works fine. However, as soon as I try to
>> enable ssl from my email client, the client is unable to connect to
> the
>> server. I tried telneting into the box on port 993 and cyrus does
>> answer.
>>
>> Here is the output from imtest:
>>
>> Server-name:~# imtest -t "" -u lee server-name.com
>> C: C01 CAPABILITY
>> S: * OK server-name.com Cyrus IMAP4 v2.0.16 server ready
>> S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ NAMESPACE UIDPLUS
> ID
>> NO_ATOMIC_RENAME UNSELECT MULTIAPPEND SORT THREAD=ORDEREDSUBJECT
>> THREAD=REFERENCES IDLE
>> S: C01 OK Completed
>> Password:
>> C: L01 LOGIN root {8}
>> + go ahead
>> C: 
>> L01 NO Login failed: authentication failure
>> Authentication failed. generic failure
>> Security strength factor: 0
>>
>>
>> What really worries me is that STARTTLS is even listed in CAPABILITIES
>> (it should be shouldn't it?).
>>
>> My cyrus.conf file:
>>
>> # standard standalone server implementation
>>
>> START {
>>   # do not delete these entries!
>>   mboxlist  cmd="ctl_mboxlist -r"
>>   deliver   cmd="ctl_deliver -r"
>>
>>   # this is only necessary if using idled for IMAP IDLE
>> #  idledcmd="idled"
>> }
>>
>> # UNIX sockets start with a slash and are put into /var/imap/sockets
>> SERVICES {
>>   # add or remove based on preferences
>>   imap  cmd="imapd" listen="imap" prefork=5
>>   imaps cmd="imapd -s" listen="imaps" prefork=1
>> #  pop3 cmd="pop3d" listen="pop3" prefork=3
>> #  pop3scmd="pop3d -s" listen="pop3s" prefork=1
>> #  sievecmd="timsieved" listen="sieve" prefork=0
>>
>>   # at least one LMTP is required for delivery
>> #  lmtp cmd="lmtpd" listen="lmtp" prefork=0
>>   lmtpunix  cmd="lmtpd" listen="/var/imap/socket/lmtp" prefork=1
>> }
>>
>> EVENTS {
>>   # this is required
>>   checkpointcmd="ctl_mboxlist -c" period=30
>>
>>   # this is only necessary if using duplicate delivery suppression
>>   delprune  cmd="ctl_deliver -E 3" period=1440
>> }
>>
>>
>> Any ideas?
>>
>> Thanks,
>> Lee
>>
>>
>
>



---

"If Thyne Eyes Deceivee Thee, Pluck Them Out".

Re: postfix/cyrus problem

[Scott M Likens]

Do you have the lmtp properly defined in postfix?

ala

mailbox_transport = lmtp:unix:/var/imap/socket/lmtp

also in /etc/cyrus.conf do you have this also uncommented

  lmtpunix  cmd="lmtpd" listen="/var/imap/socket/lmtp" prefork=0

If both of those are you should be set!

--On Wednesday, May 22, 2002 10:47 PM +0200 Chris Schumacher 
<[EMAIL PROTECTED]> wrote:

> Hi All,
> Has anyone seen something like this? I'm setting up a Cyrus/Postfix
> mailserver on SuSE 8.0.
>
> May 22 21:53:05 linux8 postfix/pipe[2662]: 41DB51E24E:
> to=<[EMAIL PROTECTED]>, relay=cyrus, delay=1933, status=deferred
> (temporary failure. Command output: couldn't connect to lmtpd: Invalid
> argument_ 421 4.3.0 deliver: couldn't connect to lmtpd_ )
>
> Chris
>
>



---

"If Thyne Eyes Deceivee Thee, Pluck Them Out".

Re: CyrusIMAP for AMD64 Opteron ??

[Scott M. Likens]

Dear Sir,

For one you are trying to compile a rather old version, I suggest you to 
update persay to 2.3.9 if not 2.3.10?

If you are going to run 2.3 that is.

Additionally you did not give us any hints at what distribution you are 
running, so I will make this simple in hopes it makes sense.

Answer,

You need to install the openssl development library's in order to finish 
compiling that.  If you used a rpm based distro, you will need to 
install libssl?-devel*.rpm somewhere, if you run Debian you will need to 
apt-get libssl3-dev...

Much more beyond that, I don't want to know.

Best of luck,

Cheers

BipinDas wrote:
> Dear List,
>
> Is there any specific source of CyrusIMAP for AMD 64 Opteron series ?. I 
> am getting strange error while compiling CyrusIMAP2.3.1 on the above 
> said server. The error is as follows.
> 
> LD_RUN_PATH="/usr/lib64:/lib64" gcc  -shared -O2 -g -pipe -Wall 
> -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector 
> --param=ssp-buffer-size=4 -m64 -mtune=generic IMAP.o  -o 
> blib/arch/auto/Cyrus/IMAP/IMAP.so ../../lib/libcyrus.a 
> ../../lib/libcyrus_min.a   \
>-ldb -lsasl2 -lssl -lcrypto  \
> /usr/bin/ld: cannot find -lssl
> collect2: ld devolvió el estado de salida 1
> make[2]: *** [blib/arch/auto/Cyrus/IMAP/IMAP.so] Error 1
> make[2]: se sale del directorio `/opt/src/cyrus-imapd-2.3.1/perl/imap'
> make[1]: *** [all] Error 1
> make[1]: se sale del directorio `/opt/src/cyrus-imapd-2.3.1/perl'
> make: *** [all] Error 1
> --
> If somebody went across the same problem please help me.
>
>   


Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Re: autocreatequote in cyrus on gentoo doesn't seem to work.

[Scott M. Likens]

Hello Yossie,

I would like to let you know that by default Gentoo's version of cyrus 
imapd does not enable the 'autocreate' features.

You will need to enable those in /etc/portage/package.use

I refer to you to the Gentoo Handbook on how to define USE flags.

http://www.gentoo.org/doc/en/handbook/handbook-x86.xml?part=2&chap=2

* net-mail/cyrus-imapd-2.2.13-r1 {:0} [D 2.3.9] -afs -drac -idled 
kerberos pam -snmp ssl tcpd -unsupported_8bit

Additionally only 2.3.9 supports enabling this patch.  You will need to 
unmask 2.3.9 (it is keyword masked as ~x86 ~amd64)

Then you would need to enable the USE flag "autocreate" in order to use 
that.

Hope that makes sense, if not you can always visit IRC and ask for help 
on Freenode in #gentoo

Scott

Joseph Silverman wrote:
> I've been using the Mandriva (2006) version of cyrus imap (binary rpm  
> added by the urpmi command) for a few years.  We have depended on the  
> autocreatequota value in /etc/imapd.conf  to (a) allow us to create  
> an INBOX when the account has been authenticated (in our case through  
> a sql database) and (b) set a quota for that account.
>
> I have recently switched to a gentoo source distro, installed cyrus- 
> imapd with emerge.  With default use flags etc.. I get a version that  
> runs similarly in every way except that autocreatequota doesn't  
> actually seem to work.  No initial quota is set for a user created  
> INBOX.  Further, trying to create a sieve for a user, on first  
> connect, before creating an INBOX seems to fail with an auth error.
>
> In both cases I am using cyrus-imapd-2.2.12 - so it's not a version  
> issue, perse.  I think it must be a compile time configure issue, but  
> can't find any clues.
>
> So, I am asking the community for help.  Any ideas?
>
> Thanks - Yossie
>
>
> 
> Cyrus Home Page: http://cyrusimap.web.cmu.edu/
> Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
>
>
> !DSPAM:472b7c22111414477085009!
>
>
>   


Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

OT: Re: How many people to admin a Cyrus system?

[Scott M. Likens]

Gary Mills wrote:
> Thanks everyone for your responses.  I don't want to clutter up this
> technical mailing list with more management issues, although I'd
> certainly be pleased to receive personal e-mail on this topic.
>
> There appear to be two types of outsourcing.  The Google example was
> one where all of the e-mail resided on an external site.  In addition
> to the issues mentioned above, there is authentication and
> backup/restore to consider.  For all of those reasons, I don't think
> that this type will be suitable here.
>
> The Zimbra example, however, was one where a contractor was hired to
> install a new e-mail system at the university, and to do the migration
> and management.  This one I could see happening here, so that people
> with programming and development skills would no longer need to be
> kept on staff.  That seems like a bizarre idea to me.  It's
> essentially outsourcing the employees.  Since there are no problems
> whatsoever with the existing Cyrus system, I suppose that contracting
> with a company to maintain and manage it might be better than just
> abandoning it.
>
>   

I know I sent out an email earlier I don't know if it got anywhere... 
but I thought I would finish what I was saying, as I had written it out 
to explain it better.

It is certainly OT, and for that you can hate me.

Background, the company that this was deployed at was a rather small 
company.  We had MAYBE 100 employee(s).  Simultaneous connections? 
roughly 50 to 60.  We would max normally at 20 Messages/Minute Incoming, 
and a good amount of that was spam.  Depending on the time of day, it 
would go up and down, but I would say the daily average was around 7-8 
Messages/minute.

I will begin with the Pro(s) and Con(s) of Zimbra.

Pros,
1. Calendar and Contact and Mail Solution rolled into 1 package
2. Webmail loads pretty fast over EVDO
3. It has this wonderful Outlook plugin to make it look like MAPI to 
Outlook (or is that a Con?)

Cons,
1. Commercial Support that sucks... During the day you get someone in 
the US that may fix your problem, but not tell you what they did to fix 
it, or anything.  Additionally at night you get India, and my only 
experience with that was hearing 'My internet is down'...
2. Lack of Code Review... why else would bugs like DROP if exists 
(http://bugzilla.zimbra.com/show_bug.cgi?id=16879)
As well as (http://bugzilla.zimbra.com/show_bug.cgi?id=21117)
3. Can't handle high load very well, in fact it handles load horribly.
4. It uses Java/JSP and Tomcat... (Hateful I know)
5. It uses Postfix.  I guess using Postfix is better then having to 
write SMTP Support in Java. 
6. Multiple MySQL Instances... couldn't that be rolled into 1?
7. It would flag users that sent email using SMTP Authentication as spam 
(amavis-new would check against the rbls and determine that it was spam 
because it came from a Dialup/Broadband IP).  (which is extremely 
stupid, so the only obvious choice was to whitelist the user(s) that had 
this problem)

Note those are just examples, from my experience there are a number of 
things that just don't work right to begin with.

1) Upgrading, is a pain.  It follows the mentality of Redhat, and 
whatnot.  To upgrade you have to shut down Zimbra (duh) and then remove 
all the old rpm's, and then install the new rpm's (or debs in my case).  
Depending on the speed of your server it might take 5 minutes or 30.

2) Handles heavy load horribly.  In my case, we had a Super Micro Server 
with Dual Xeon (P4) 2.2(2.4?)Gigahertz processors.  2 Gigabytes of Ram, 
and was doing a sub-fancy Software RAID-5 setup with about 700gb U160 
SCSI disk(s) that were either 10 or 15k rpm.  (I Forget) Using an XFS 
Formatted Filesystem (I wasn't daring enough to try ReiserFS on this), 
and DRBD+Heartbeat. (not my idea) However it wasn't the end of the 
world.  The server was more then several years old.  But it should have 
no problem handling 350-400messages/minute.  That's not really a large 
amount of email is it?

3) ClamAV.  Do note how much email I said we dealt with a minute.  We 
didn't get a great deal of email.  Maybe 2000 email a day?  Not overly 
much.  However as the ClamAV database would grow, if you restarted 
ClamAV or Zimbra eventually it would take too long for ClamAV to start 
and would not listen on the port assigned and would make mail fail to 
deliver.  (Ouch huh?)

4) If it shuts down uncleanly which it did in my case, (first call to 
support).  I got someone in the US, they logged in via a broadband IP.  
(PTR did not even get close to zimbra.com)  Took them maybe 60-90 
Minutes to find out that there was a lockfile that did not get erased, 
which is why Tomcat was not starting the LMTP Service.  Great, 
fantastic, what was that file? I never knew.  History for that user did 
not show. 

5) Calling at Midnight... _I_ Made an amatuer mistake trying to upgrade 
some switches and caused some mass breakage, and a flood of mail was 
coming in (over 700/minute) 

Re: OT: Re: How many people to admin a Cyrus system?

[Scott M. Likens]

Have you ever looked at some of the CalDAV Servers out there?

I'll save you some time,

http://trac.macosforge.org/projects/calendarserver

http://rscds.sourceforge.net/

As well as,

http://sourceforge.net/projects/modcaldav/

Truthfully, you don't need Cyrus to support a Calendar.  Because in all
honesty, it's unrelated to mail.  If you use Kerberos, LDAP, AD, MySQL
for Authentication.  Take a look at one of those, tie in that
authentication and you're done.  Then depending on which one you choose,
you can have users share their calendars or not.

... There is enough F/OSS out there to emulate everything you can get
with Exchange, and/or any other 'Enterprise' Mail System.  No it's not
as seamless as Exchange, but it works just fine and it's an open
standard.  You'll find lots more CalDav Servers, and software in the
next 6months to a year.

Scott

Rudy Gevaert wrote:
> If we could ever get a decent calendar system that works together with 
> Cyrus or other software many people would be happy.
>
> Rudy
>   



Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Re: OT: Re: How many people to admin a Cyrus system?

[Scott M. Likens]

I was using a Tomcat based CalDAV Server.  for awhile, I forget what 
it's name was.  However I have actually been using the CalDav server 
from apple lately (see url 1 in the the quote).  It's been quite pleasant. 

I am sure there is better, there is worse.  They have a great love of 
python that is for sure. 


Scott

Rudy Gevaert wrote:

Scott M. Likens wrote:
  

Have you ever looked at some of the CalDAV Servers out there?

I'll save you some time,

http://trac.macosforge.org/projects/calendarserver

http://rscds.sourceforge.net/

As well as,

http://sourceforge.net/projects/modcaldav/

Truthfully, you don't need Cyrus to support a Calendar.  Because in all 
honesty, it's unrelated to mail.  If you use Kerberos, LDAP, AD, MySQL 
for Authentication.  Take a look at one of those, tie in that 
authentication and you're done.  Then depending on which one you choose, 
you can have users share their calendars or not.
... There is enough F/OSS out there to emulate everything you can get 
with Exchange, and/or any other 'Enterprise' Mail System.  No it's not 
as seamless as Exchange, but it works just fine and it's an open 
standard.  You'll find lots more CalDav Servers, and software in the 
next 6months to a year.



Well I'm impressed, I didn't know it would already be possible.  I'll 
keep an eye on those projects.  When I have some time I'll give them a 
closer look!


Are you running any calendar server?

Rudy


  



Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Re: OT: Re: How many people to admin a Cyrus system?

[Scott M. Likens]

Ian,

The only problem with using clamav-filter (or something appropriate) as 
a milter, etc.  Was it did not fall into what Zimbra designed. Quite 
frankly I think it would have been a lot smoother with 
Sendmail+Milter+Clamav+whatever else they wanted.


However, that is not the direction they picked, either for licensing or 
whatever.


One thing with Zimbra, is you don't exactly get to pick what you want.  
They throw a ball of software at you, and expect you to work with it. 

I admit, if I didn't review their code as much, and try and see how it 
worked.  I would have been more oblivious and pleased with Zimbra maybe.


Scott

Ian G Batten wrote:

On 13 Nov 07, at 1335, Adam Tauno Williams wrote:

  
3. Can't handle high load very well, in fact it handles load  
horribly.
  

I have a friend who works at a small shop who reports exactly the same
issue with Zimbra, s..ll...ooo.....



3) ClamAV.  Do note how much email I said we dealt with a minute.  We
didn't get a great deal of email.  Maybe 2000 email a day?  Not  
overly

much.  However as the ClamAV database would grow, if you restarted
ClamAV or Zimbra eventually it would take too long for ClamAV to  
start

and would not listen on the port assigned and would make mail fail to
deliver.  (Ouch huh?)
  
In defense of CLAMAV I can say that we run it on our SMTP server  
(not on

the IMAP or groupware server which seems like a bad idea).  It works
well and is pretty stable.  If your CLAMAV was causing you this  
problem

then Zimbra must have boloxed the setup or you just had a bad version.



Clamav-milter works very well for sendmail shops, without any amavis  
involvement at all.  The slow startup bug is an artefact of one  
particular release: it now comes up in about 15 seconds.  Once it's  
running it's perfectly rapid enough to cope with our complete  
internal load.clamd-milter can do the parsing of archives,  
breaking up of MIME etc at least as well as amavisd.


If you don't have an equivalent to clamav-filter for your MTA of  
choice, then you need to make sure that you start clamd, and then  
pass the material to be scanned with clamdscan (note the d).  clamd  
will need to be running as a user that can read the temporary files,  
because the best way to use clamd is to pass filenames over the  
AF_UNIX domain socket.


We in fact run clamav-milter with its built-in clamd support, for  
reasons I can't offhand remember.  So we fire up clamd, then clamav- 
milter, then clamav-milter passes temporary files to clamd.


If you have to use amavisd, make sure you tell it to use clamdscan  
rather than clamscan.  The latter does indeed take 10 seconds to fire  
up.


clamd likes large pages, Solaris fans.

Our milter startup script: there is some local stuff in there.

#!/bin/sh

case "$1" in
start) mv /var/clamav/clamd.log /var/clamav/clamd.log.old
   LD_PRELOAD=mpss.so.1
   MPSSHEAP=4M
   MPSSSTACK=64K
export LD_PRELOAD MPSSHEAP MPSSSTACK
   newtask -p clam /usr/local/sbin/clamd
   attempt=1
   sleep=5
   while [ $attempt -lt 5 ]; do
  if /usr/local/bin/clamdscan /etc/termcap; then
 break
  else
 attempt=`expr $attempt + 1`
 sleep=`expr $sleep + 5`
 echo sleeping for $sleep seconds, attempt $attempt
 sleep $sleep
  fi
   done

#  [EMAIL PROTECTED] \
#  --postmaster-only \

   newtask -p milter /usr/local/sbin/clamav-milter \
   --dont-blacklist=`/usr/local/bin/fujitsuhosts` \
   --noreject \
   --dont-wait \
   --local \
   --outgoing \
   --quiet \
   --external \
   --pidfile=/var/clamav/milter.pid \
   --whitelist-file=/etc/mail/clamav-whitelist \
   inet:2010

   newtask -p spam /usr/perl5/bin/spamd -s local6 -u spamd -x -d  
--pidfile=/var/run/spamd.pid

   su spamd << \ZZZ
   newtask -p milter /usr/local/sbin/spamassassin_milter -p inet: 
2002 &

ZZZ
   newtask -p milter /usr/local/sbin/mailarchive -u archive -p  
inet:4001
   newtask -p milter /usr/local/sbin/spamtrap -u spamtrap -p inet: 
4000


   ;;
stop) for i in /var/clamav/milter.pid /var/run/spamd.pid; do
  test -f $i && kill `cat $i`
   done
   pkill -u spamd
   pkill -u clamav
   pkill -u archive
   pkill -u spamtrap
   ;;
esac






Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html


!DSPAM:4739ffa181401346466276!


  



Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Re: OT: Re: How many people to admin a Cyrus system?

[Scott M. Likens]

Adam Tauno Williams wrote:

3. Can't handle high load very well, in fact it handles load horribly.



I have a friend who works at a small shop who reports exactly the same
issue with Zimbra, s..ll...ooo.....

  


I'm glad to know that I wasn't alone, even though I was positive I was not.
3) ClamAV.  Do note how much email I said we dealt with a minute.  We 
didn't get a great deal of email.  Maybe 2000 email a day?  Not overly 
much.  However as the ClamAV database would grow, if you restarted 
ClamAV or Zimbra eventually it would take too long for ClamAV to start 
and would not listen on the port assigned and would make mail fail to 
deliver.  (Ouch huh?)



In defense of CLAMAV I can say that we run it on our SMTP server (not on
the IMAP or groupware server which seems like a bad idea).  It works
well and is pretty stable.  If your CLAMAV was causing you this problem
then Zimbra must have boloxed the setup or you just had a bad version.
  
  
It was a bad ClamAV version that they shipped.  I replaced it with a 
more current version (it was .80.7 or some really old version).  Then it 
was working again without it dying on it's own or anything.


Scott

Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Re: Sieve redirect seems to stop script processing?

[Scott M. Likens]

*smack Ingo*

That's horrid...

require "fileinto";
if header :comparator "i;ascii-casemap" :contains "X-Spam-Flag" "YES"  {
fileinto "INBOX.Spam";

}
else
{
   fileinto "INBOX";}


I don't know what if true { is for... as that really doesn't make sense 
for me.  But for the other portion of it.

Scott

Davin Flatten wrote:
> Hello-
>
> We are using Horde/Ingo against a Cyrus murder with three backend
> servers.  When a user redirects there email the system generates the
> following script:
>
> ##INGO
> # sieve filter generated by Ingo (November 13, 2007, 10:08 am)
>
> require "fileinto";
>
> # Forwards
> if true {
> redirect "[EMAIL PROTECTED]";
> }
>
> # Spam Filter
> if header :comparator "i;ascii-casemap" :contains "X-Spam-Flag" "YES"  {
> fileinto "INBOX.Spam";
> stop;
> }
>
> It seems that the script stops processing at the redirect action and
> does not continue to the Spam filter.  Is this normal behavior of the
> implied keep?
>
> Thanks!
> Davin Flatten
> Systems Administrator
> Engineering Computer Services
> University of Massachusetts
> 
> Cyrus Home Page: http://cyrusimap.web.cmu.edu/
> Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
>
>
> !DSPAM:473a181285876444210739!
>
>
>   


Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Re: OT: Re: How many people to admin a Cyrus system?

[Scott M. Likens]

I looked into using NotifyLink with Zimbra.  The cost was a bit heavy, 
and the only option for us would have been them hosting it.  (We did 
not/would not have any Windows Servers/Desktops to run the software). 

However luckily my Manager refused to run any software that did not 
offer a 'linux solution'.  To quote his exact words "No Linux, No 
sale."... I spoke to someone who had been using NotifyLink with Cyrus 
for a bit later on, and he said it was initially bumpy but eventually it 
more or less worked better then the Blackberry Internet Service client.

... afterwards I never heard from NotifyLink again.  I imagine their 
software was just not that portable.

Scott

Rob Banz wrote:
> After trying consilient, and becoming very frustrated with it, we went
> with a vendor called NotifyLink for our wireless devices.  Their  
> product worked well with our crackberrys & palms, integrating with  
> Cyrus and Oracle Calendar.
>
> -rob
>   


Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Re: Replication: problems with synctest

[Scott M. Likens]

Hi Rich,

That truly depends on how your Unixlike (Linux) handles the package.  If 
you're using a rpm, you may want to look into using a SRPM the next time 
and tweek the .spec file so it does not try and pull in ntlm and otp and 
gssapi.

That's one thing I dislike about most package management systems.  
Instead of letting you decide what you want, they pull in every option 
it can. 

:(

That, or when you upgrade you can upgrade using a source tarball to 
upgrade.  Then you can disable gssapi, otp and ntlm to ensure they don't 
come back.

Scott

Rich Wales wrote:
> It looks like my problem with replication not working in one direction
> was a SASL thing.  One of my servers was advertising GSSAPI as an
> authentication mechanism, but it didn't really work (I don't have
> Kerberos installed on my systems).  Apparently, sync_client on the
> other box was deciding to use GSSAPI, but was giving up because it
> wasn't actually functional.
>
> I fixed the problem by moving the libgss* libraries out of the SASL2
> library directory.
>
> While I was at it, I also moved the libntlm* and libotp* libraries
> out of the SASL2 library directory, since I'm not using either of
> these authentication methods either.
>
> I'm mildly concerned that a future software upgrade might cause these
> libraries to reappear.  Is there a more reliable way to disable SASL
> authentication mechanisms, other than removing files from the library
> directory?
>
>   


Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Re: Problems upgrading from cyrus 2.1.18 to 2.2.13 on debian etch

[Scott M. Likens]

Steinar,

You would use ctl_mboxlist to restore the mboxlist.txt file if you used 
ctl_mboxlist to dump it.


for example, my weekly crontab backs up my mailboxes.db in a textfile, 
such as


su -c "/usr/lib/cyrus/ctl_mboxlist -d" cyrus > 
/imap.backup/mailboxes.$DATE.txt


You would use ctl_mboxlist -u to load it fwiw.


Steinar Bang wrote:

Steinar Bang <[EMAIL PROTECTED]>:



  

Does this mean they don't require rebuilding when moving from cyrus 2.1
to 2.2?
  


  

If that is true, and if the text version of the mailboxes file is what I
need, then I should be able to survive this...:-)
  


  

(but I don't dare start cyrus22 until I hear some sort of confirmation
on this...:-) )



cvt_cyrusdb croaks on the ASCII file as well. (sigh!)

/$ /usr/sbin/cvt_cyrusdb /var/lib/cyrus/mboxlist.txt flat 
/var/lib/cyrus/mailboxes.db skiplist
Converting from /var/lib/cyrus/mboxlist.txt (flat) to 
/var/lib/cyrus/mailboxes.db (skiplist)
fatal error: can't open old database


Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html


!DSPAM:474c8631206017110611695!


  



Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Re: suggestion need to design an email system.

[Scott M. Likens]

With ZFS your leaving a "ton" of stone-age worries behind.  You can go 
much beyond inodes in the perks of ZFS.

Vincent Fox wrote:
> Wesley Craig wrote:
>   
>>>  Maildir and cyrus both suffer from the same
>>> disadvantages (huge needs in terms of inodes etc.), 
>>>   
> With ZFS, inodes are among the many stone-age worries you leave behind.
>
> ;-)
>
> 
> Cyrus Home Page: http://cyrusimap.web.cmu.edu/
> Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
>
>
> !DSPAM:48d1d451236501804284693!
>
>
>   


Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Re: suggestion need to design an email system.

[Scott M. Likens]

...

I debated writing a gui for Cyrus for administration, but I realized 
that people implement Cyrus in so many different ways.  Kerberos, LDAP, 
*SQL, various forms of PAM.  Then you add in virtual domains, and how 
you might want alias's and might not, and different MTA support... and I 
just caved.

Creating a basic way to support Cyrus is extremely easy in ruby, has the 
ability to create mailboxes easily, delete them, set permissions and set 
quotas.

That would be the basics, but once you create a web-ui to support the 
basics.  You could write it up in Ruby on Rails in a couple hours to 
cover the basics and get the job done.  But it's tying the 
authentication system and MTA into the app that would be the hassle.  :(

(now I write this i don't know why I did... but I did)


J. Bakshi wrote:
> Do Duc Huy wrote:
>   
>> Hi,
>> I am in a same situation with you about system components. I have used
>> postfix+cyrus+ldap for email system since 2001 and system performance is
>> still good now. But I have to face with two problems with this system. The
>> first one is GUI for user and administrator. 
>> 
> The GUI to administrate the cyrus+ldap is really a wanted since long.
> Presently I am using egroupware groupware and it provides emailadmin
> interface to put the cyrus  admin user and password. When I create a new
> user, it also creates a mailbox for that user in the cyrus. But running
> a groupware just to administrate the cyrus is more than enough. That's
> why I am looking an interface to do the same. There is web-cyradm but I
> have not found any doc which shows how to configure it to work with
> Ldap. If you find any success with gosa or something else , please let
> us know. we can't overlook the postfix+cyrus+ldap combination because of
> its performance. ldap is first but difficult to design tool for ldap
>
>   
>> Squirrelmail was helpful enough
>> for user but I have to develop my own administration page for admin
>> purposes. Thanks for the link about Gosa you have sent, I will check it
>> later.
>> My question is about my second problem. It 's about antispam and antivirus.
>> I have used amavis for spam and virus filter. This can block virus very well
>> but it have no effect in blocking spam mail, I think.
>> So is there any one know about other opensource spam filter products which
>> work fine with postfix+cyrus+openldap and helpful in antispam
>>   
>> 
>
> Amavisd-new and spamassasin  are your friend.
>
>
>   
>> Thanks in advance
>>
>> 
>> Do Duc Huy
>> Centre for Development of Information Technology - CDiT
>> Viet Nam Posts & Telecommunications Group
>> Address: 2nd Floor, VCCI Building, 9 Dao Duy Anh str,Dongda dist,Hanoi 
>> Tel: (+84) 04 5 742 879
>> Fax: (+84) 04 5 742 857
>> Mobi: (+84) 0904 34 38 38 
>>
>> -Original Message-
>> From: [EMAIL PROTECTED]
>> [mailto:[EMAIL PROTECTED] On Behalf Of J. Bakshi
>> Sent: Wednesday, September 17, 2008 1:17 PM
>> To: lartc
>> Cc: Cyrus Mailing List
>> Subject: Re: suggestion need to design an email system.
>>
>> lartc wrote:
>>   
>> 
>>> hi,
>>>
>>> well, you can edit the gosa config file to only show you the users and
>>> their e-mail, etc. you're not obligated to use the entire system ... 
>>>
>>> when install it for clients, i only leave a few pieces of functionality
>>> (so they don't blow their foot off).
>>>
>>> cheers
>>>
>>> charles
>>>   
>>> 
>>>   
>> Thanks, I'll definitely try it.
>>
>>
>>   
>> 
>>> 
>>> Cyrus Home Page: http://cyrusimap.web.cmu.edu/
>>> Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
>>> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
>>>
>>>   
>>> 
>>>   
>>   
>> 
>
>
>   


Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Re: suggestion need to design an email system.

[Scott M. Likens]

Hi David,

If you want ZFS you have several choices, OS X (Leopard), as there is a 
development version that supports RAID-Z and works quite well.  You 
can't boot off of it, but that will change in Snow Leopard.

Additionally you can use Opensolaris such as Nexenta, or you can use 
fuse to get ZFS into Linux. 

Truthfully I would rather use Nexenta to get ZFS which at least gives 
you a decent working system... Unlike a standard Solaris where you are 
forced to get either Sun One (Forte?) or an ancient version of gcc off 
of sunfreeware and start building.   :(

However I do look forward to the day when Sun dual licenses ZFS as GPL 
and sticks it in the Linux kernel and throws us all a wrench, for good 
or bad ZFS introduces some excellent overlooked ideas that it's about 
damned time someone introduced.

Scott

David Lang wrote:
> On Wed, 17 Sep 2008, Scott M. Likens wrote:
>
>> With ZFS your leaving a "ton" of stone-age worries behind.  You can go
>> much beyond inodes in the perks of ZFS.
>
> and gaining some new worries along the way. while some are convinced 
> that ZFS is the best thing ever others see it as trading a set of 
> known problems for a set of unknown problems (plus it severly limits 
> what OS you can run, which can bring it's own set of problems along)
>
> David Lang
>
>> Vincent Fox wrote:
>>> Wesley Craig wrote:
>>>
>>>>>  Maildir and cyrus both suffer from the same
>>>>> disadvantages (huge needs in terms of inodes etc.),
>>>>>
>>> With ZFS, inodes are among the many stone-age worries you leave behind.
>>>
>>> ;-)
>>>
>>> 
>>> Cyrus Home Page: http://cyrusimap.web.cmu.edu/
>>> Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
>>> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
>>>
>>>
>>>
>>>
>>>
>>>
>>
>> 
>> Cyrus Home Page: http://cyrusimap.web.cmu.edu/
>> Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
>> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
>>


Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Re: Intermittent mailbox not found

[Scott M. Likens]

Hi,

Not to interject through the pain of this.

This issue only happens when multiple users on the same domain receive  
an email?

If I'm wrong, never mind.

On Mar 10, 2009, at 4:45 AM, Antony Gelberg wrote:

> On 2009-03-10, Bron Gondwana  wrote:
>> On Mon, Mar 09, 2009 at 10:09:24PM -0400, Adam Tauno Williams wrote:
>>> On Tue, 2009-03-10 at 08:52 +1100, Bron Gondwana wrote:
 On Mon, Mar 09, 2009 at 07:52:04PM +, Antony Gelberg wrote:
> Mar  9 14:29:07 captain cyrus/lmtpunix[20645]:  
> verify_user(user.sirius-john)
> failed: Mailbox does not exits
 Where on earth is that error message from?  I don't see "not exits"
 anywhere in the current Cyrus codebase...
>>>
>>> I'm thinking it is coming from Postfix's LMTP delivery agent.   I  
>>> wonder
>>> if some other error, like a connect error, occurs and Postfix  
>>> falls back
>>> to mailbox-does-not-exist.
>>
>> This old thread might help you:
>>
>> http://markmail.org/message/nqh3rrvhkt4ccs2r
>>
>> Bron ( that's just the first one I found on google )
>>
>
> Thanks - I had searched the web with little concrete advice coming up.
>
> I only found advice in the above thread and others, to use lmtp not  
> the cyrus
> transport.  But postfix is already doing so:
> virtual_transport = lmtp:unix:/var/run/cyrus/socket/lmtp
>
> I found it interesting that the OP in that thread said "Everything  
> works
> besides sending emails to multiple addresses in the same domain. "   
> I think
> the problem email went to multiple addresses in the same domain, but  
> I resent
> one just now to the same addresses with no issue.  I'll ask the  
> client if
> every one of these bounces over the last few months fits with that  
> scenario.
>
> -- 
> Antony
>
> 
> Cyrus Home Page: http://cyrusimap.web.cmu.edu/
> Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
>
>
> !DSPAM:49b653a3215661804284693!
>
>


Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Re: 'PLAIN encryption needed to use mechanism' error

[Scott M. Likens]

Hi Blake,

Actually pop3 by default should be using plain, like

d...@desolation> telnet localhost  
pop3 

 ~
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
+OK desolation Cyrus POP3 v2.3.14 server ready  
<8505169291665378509.1248848...@desolation>
user root
+OK Name is a valid mailbox
pass toor
+OK Mailbox locked and ready

However, if you man imapd.conf you will notice there is such an option  
as,

allowplaintext: 0

You may need to change that to 1, in order for plaintext ala pop3 to  
work.

Scott

On Jul 28, 2009, at 10:44 PM, Blake Hudson wrote:

>  Original Message  
> Subject: 'PLAIN encryption needed to use mechanism' error
> From: Blake Hudson 
> To: info-cyrus@lists.andrew.cmu.edu
> Date: Wednesday, July 29, 2009 12:13:52 AM
>> I recently setup a new server and everything tested well. However,  
>> once
>> in production I am seeing errors like the following:
>>
>> pop3PRTC[20896]: badlogin: [204.x.x.x] PLAIN encryption needed to use
>> mechanism
>>
>>
>> I wasn't aware that POP utilized other mechanisms? I can login just  
>> fine
>> with telnet and tbird, and cannot replicate this error myself. Any  
>> ideas?
>>
>> --Blake
>>
>
> Looks like the POP side is not advertising LOGIN/PLAIN auth types  
> while
> the imap side is. Is this the intended behavior?
>
> In my imapd.conf i have the following mech list defined:
> sasl_mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5
>
> -- POP3--
> +OK twinP Cyrus POP3 v2.3.7-Invoca-RPM-2.3.7-2.el5 server ready
> <173180331313918
> 17429.1248845...@twinp>
> auth
> +OK List of supported mechanisms follows
> DIGEST-MD5
> CRAM-MD5
> ..
> 
> --IMAP--
>
> * OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID STARTTLS AUTH=DIGEST-MD5
> AUTH=LOGIN
> AUTH=PLAIN AUTH=CRAM-MD5 SASL-IR] twinP Cyrus IMAP4
> v2.3.7-Invoca-RPM-2.3.7-2.el5 server ready
>
> 
>
> I suppose this is likely a bad client that is not refreshing its mech
> list after the server switch, but I'd still like to know how to  
> resolve
> the issue server side (if possible).
>
> -Blake
> 
> Cyrus Home Page: http://cyrusimap.web.cmu.edu/
> Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
>
>
> !DSPAM:4a6fe485262521931426455!
>
>


Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Re: NOTICE: Debian is moving sieve to its IANA allocated port (4190)

[Scott M. Likens]

Hi,

After reading this, I have some questions about how this will be related to 
upstream in the longterm development?  I know it's a vague question but I was 
curious how Cyrus/CMU is responding to this?

Thanks,

Scott

On Dec 7, 2009, at 10:32 AM, Henrique de Moraes Holschuh wrote:

> This is a general warning to those using Debian Squeeze, and Debian Sid.
> 
> Debian Etch and Debian Lenny users are NOT affected.
> 
> The IANA port allocated for ManageSieve is 4190/tcp, and the old port used
> by timsieved and other managesieve software in many distros (2000/tcp) is
> allocated for Cisco SCCP usage, according to the IANA registry[1].
> 
> Starting with the version 4.38 of the Debian "netbase" package, the "sieve"
> service will be moved from port 2000 to port 4190 in the /etc/services file.
> 
> Any installs which used the "sieve" service name instead of a numeric port
> number will switch to the new port number as soon as the services are
> restarted/reloaded, and in some cases, immediately after /etc/services is
> updated.
> 
> This will affect Cyrus IMAP. This may also affect other sieve-enabled
> software such as DoveCot.
> 
> In order to avoid downtime problems, mail cluster administrators using
> Debian are urged to verify their Cyrus (and probably also DoveCot) installs,
> and take measures to avoid services moving from port 2000/tcp to port
> 4190/tcp by surprise in either servers or clients.
> 
> It is worth noting that:
> 
> 1. /etc/services will only be automatically updated if you never made any
> modifications to it.  Otherwise, you will be presented with a prompt by ucf
> or dpkg asking you about the changes.
> 
> 2. You can edit /etc/services and change the sieve port back to 2000 if you
> want (this is not recommended, though).
> 
> 3. You can edit /etc/cyrus.conf and any other relevant config files for your
> mail/webmail cluster (e.g. on the sieve web frontends) ahead of time to
> force them all to a static port number.
> 
> 4. You can configure cyrus master to listen on *both* ports (2000 and 4190)
> at the same time, and thus avoid the problem entirely.  This also allows for
> a much more smooth migration from port 2000 to port 4190.
> 
> [1] http://www.iana.org/assignments/port-numbers
> 
> -- 
>  "One disk to rule them all, One disk to find them. One disk to bring
>  them all and in the darkness grind them. In the Land of Redmond
>  where the shadows lie." -- The Silicon Valley Tarot
>  Henrique Holschuh
> 
> Cyrus Home Page: http://cyrusimap.web.cmu.edu/
> Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
> 
> 
> !DSPAM:4b1d4bf5162281804284693!
> 
> 


Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Re: Too slow

[Scott M. Likens]

Don't use ext3? 

Honestly ext2/3 is fine and dandy, but gentoo does +S the /var/imap
folder, so everything has to call a sync()

That is slow on ext2/3, perhaps reiserfs or xfs would be better for you?

On Fri, 7 Apr 2006 20:58:57 +0200
"Sascha Bieler" <[EMAIL PROTECTED]> wrote:

> Hi  there,
> 
> I am running cyrus-imapd-2.1.12 on  a Gentoo Linux with kernel 2.6.15.
> 
> Got a Pentium 4 Xeon 2,8 GHz and 2 GB Ram. The cyruspartition is ext3
> on a SCSI RAID 5.
> 
> hdparm -tT /dev/sda says:
> 
> /dev/sda:
>  Timing cached reads:   2316 MB in  2.00 seconds = 1158.00 MB/sec
>  Timing buffered disk reads:   80 MB in  3.01 seconds =  26.58 MB/sec
> 
> 
> 
> Everythings working just fine, but when I want to delete an email it's
> so slowly...
> 
> Has anyone a hint for me?
> 
> Greetings
> 
> Sascha
> 
> 
> Cyrus Home Page: http://asg.web.cmu.edu/cyrus
> Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
> 
> !DSPAM:4436ca8945071336712104!
> 
> 


-- 
"What does one want when one is engaged in the sexual act?
That everything around you give you its utter attention
Think only of you, care only for you...
Every man wants to be a tyrant when he fornicates"


Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Re: Too slow

[Scott M. Likens]

So buy a new drive, format it with reiser or xfs or whatever and do
some tests of your own.

I know from personal experience after running it with xfs, it was alot
faster then with ext3.

That or reinstall?

Why would you keep your mail on your main partition anywho?  If your
drive fails your mail fails.  :(

That's bad.


On Fri, 7 Apr 2006 22:57:19 +0200
"Sascha Bieler" <[EMAIL PROTECTED]> wrote:

> If I mount all partitions with async it's not getting better...
> 
> :-( mmmh...
> 
> 
> 
> > -----Original Message-
> > From: Scott M. Likens [mailto:[EMAIL PROTECTED]
> > Sent: Friday, April 07, 2006 10:30 PM
> > To: Sascha Bieler
> > Cc: info-cyrus@lists.andrew.cmu.edu
> > Subject: Re: Too slow
> > 
> > Don't use ext3?
> > 
> > Honestly ext2/3 is fine and dandy, but gentoo does +S the /var/imap
> > folder, so everything has to call a sync()
> > 
> > That is slow on ext2/3, perhaps reiserfs or xfs would be better for
> > you?
> > 
> > On Fri, 7 Apr 2006 20:58:57 +0200
> > "Sascha Bieler" <[EMAIL PROTECTED]> wrote:
> > 
> > > Hi  there,
> > >
> > > I am running cyrus-imapd-2.1.12 on  a Gentoo Linux with kernel
> > > 2.6.15.
> > >
> > > Got a Pentium 4 Xeon 2,8 GHz and 2 GB Ram. The cyruspartition is
> > > ext3 on a SCSI RAID 5.
> > >
> > > hdparm -tT /dev/sda says:
> > >
> > > /dev/sda:
> > >  Timing cached reads:   2316 MB in  2.00 seconds = 1158.00 MB/sec
> > >  Timing buffered disk reads:   80 MB in  3.01 seconds =  26.58
> > > MB/sec
> > >
> > >
> > >
> > > Everythings working just fine, but when I want to delete an email
> > > it's so slowly...
> > >
> > > Has anyone a hint for me?
> > >
> > > Greetings
> > >
> > > Sascha
> > >
> > > 
> > > Cyrus Home Page: http://asg.web.cmu.edu/cyrus
> > > Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
> > > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
> > >
> > > 
> > >
> > >
> > 
> > 
> > --
> > "What does one want when one is engaged in the sexual act?
> > That everything around you give you its utter attention
> > Think only of you, care only for you...
> > Every man wants to be a tyrant when he fornicates"
> > 
> 
> 
> 
> !DSPAM:4436e6a064921804284693!
> 
> 


-- 
"What does one want when one is engaged in the sexual act?
That everything around you give you its utter attention
Think only of you, care only for you...
Every man wants to be a tyrant when he fornicates"


Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Re: Too slow

[Scott M. Likens]

I personally prefer xfs over reiserfs, however I don't think it's
better, because each file-system has it's give and take.  No matter
which 'guide' you may find they should tell you the cost and benefit of
every file-system.


On Sat, 8 Apr 2006 00:52:51 +0200
"Sascha Bieler" <[EMAIL PROTECTED]> wrote:

> Yes, indeed.
> 
> That's why I bought an RAID5 Controller and do a backup every night.
> I have an extra partition for var, so I just have to copy all, boot
> from disc, format and recopy... That's simple too, but unfortunatly I
> got no more power today to do this...
> 
> ;-)
> 
> Have a good night and nice weekend! Thank u for helping and I'll let
> u know. Oh one thing I'd like to know: Do u think xfs is better than
> reiser?
> 
> Greetings
> 
> Sascha
> 
> ___
> Radio Gong 2000 GmbH & Co. KG
> Sascha Bieler
> Technischer Leiter
> Franz-Joseph-Strasse 14
> 80801 München
> 
> > -Original Message-
> > From: Scott M. Likens [mailto:[EMAIL PROTECTED]
> > Sent: Saturday, April 08, 2006 12:29 AM
> > To: Sascha Bieler
> > Cc: info-cyrus@lists.andrew.cmu.edu
> > Subject: Re: Too slow
> > 
> > So buy a new drive, format it with reiser or xfs or whatever and do
> > some tests of your own.
> > 
> > I know from personal experience after running it with xfs, it was
> > alot faster then with ext3.
> > 
> > That or reinstall?
> > 
> > Why would you keep your mail on your main partition anywho?  If your
> > drive fails your mail fails.  :(
> > 
> > That's bad.
> > 
> > 
> > On Fri, 7 Apr 2006 22:57:19 +0200
> > "Sascha Bieler" <[EMAIL PROTECTED]> wrote:
> > 
> > > If I mount all partitions with async it's not getting better...
> > >
> > > :-( mmmh...
> > >
> > >
> > >
> > > > -Original Message-
> > > > From: Scott M. Likens [mailto:[EMAIL PROTECTED]
> > > > Sent: Friday, April 07, 2006 10:30 PM
> > > > To: Sascha Bieler
> > > > Cc: info-cyrus@lists.andrew.cmu.edu
> > > > Subject: Re: Too slow
> > > >
> > > > Don't use ext3?
> > > >
> > > > Honestly ext2/3 is fine and dandy, but gentoo does +S
> > > > the /var/imap folder, so everything has to call a sync()
> > > >
> > > > That is slow on ext2/3, perhaps reiserfs or xfs would be better
> > > > for you?
> > > >
> > > > On Fri, 7 Apr 2006 20:58:57 +0200
> > > > "Sascha Bieler" <[EMAIL PROTECTED]> wrote:
> > > >
> > > > > Hi  there,
> > > > >
> > > > > I am running cyrus-imapd-2.1.12 on  a Gentoo Linux with kernel
> > > > > 2.6.15.
> > > > >
> > > > > Got a Pentium 4 Xeon 2,8 GHz and 2 GB Ram. The cyruspartition
> > > > > is ext3 on a SCSI RAID 5.
> > > > >
> > > > > hdparm -tT /dev/sda says:
> > > > >
> > > > > /dev/sda:
> > > > >  Timing cached reads:   2316 MB in  2.00 seconds = 1158.00
> > > > > MB/sec Timing buffered disk reads:   80 MB in  3.01 seconds
> > > > > =  26.58 MB/sec
> > > > >
> > > > >
> > > > >
> > > > > Everythings working just fine, but when I want to delete an
> > > > > email it's so slowly...
> > > > >
> > > > > Has anyone a hint for me?
> > > > >
> > > > > Greetings
> > > > >
> > > > > Sascha
> > > > >
> > > > > 
> > > > > Cyrus Home Page: http://asg.web.cmu.edu/cyrus
> > > > > Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
> > > > > List Archives/Info:
> > > > > http://asg.web.cmu.edu/cyrus/mailing-list.html
> > > > >
> > > > >
> > > > >
> > > > >
> > > >
> > > >
> > > > --
> > > > "What does one want when one is engaged in the sexual act?
> > > > That everything around you give you its utter attention
> > > > Think only of you, care only for you...
> > > > Every man wants to be a tyrant when he fornicates"
> > > >
> > >
> > >
> > >
> > > 
> > >
> > >
> > 
> > 
> > --
> > "What does one want when one is engaged in the sexual act?
> > That everything around you give you its utter attention
> > Think only of you, care only for you...
> > Every man wants to be a tyrant when he fornicates"
> > 
> 
> 
> 
> !DSPAM:4437006883861002057823!
> 
> 


-- 
"What does one want when one is engaged in the sexual act?
That everything around you give you its utter attention
Think only of you, care only for you...
Every man wants to be a tyrant when he fornicates"


Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Re: Spam control

[Scott M. Likens]

Martin Schiøtz wrote:
> Hi
>
> I have installed Postfix, Cyrus, Cyrus-sasl, web-cyradm. Every thing
> is using postgres for storing usernames, passwords etc. I'm using lmtp
> for local delivery from Postfix/smtp to Cyrus. All mailboxes are
> virtual.
>
> My next step is to install Spam control. My plan is to use
> Spamassassin with dcc, razor, pyzor and bayes system. A want mail
> users to be able to disable and enable spam control. I also wan't mail
> users that has enabled spam control to train (sa-laern) and keep their
> own bayes database.
>
> I have configured a similar system that does these things but with
> sendmail, uw-imap and procmail. But How can I do this with
> postfix/cyrus and virtual bailboxes?
>
> I can see a lot docs about postfix, cyrus and amavisd-new but can
> amavis-new work with personal bayes db and sa-learn etc.?
>
> Best regards,
> Martin
> 
> Cyrus Home Page: http://asg.web.cmu.edu/cyrus
> Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
>
> !DSPAM:4498169d112837914635202!
>
>
Personally I setup DSPAM against Exim, very nicely.  It doesn't really
use any RBL's just Baysian.

It's very straight forward, Exim > Dspam > LMTP for delivery.

I've had very little hickups, and quite honestly it is the best user
interface, and is the least cpu cost.  Takes .05seconds per email
roughly to scan it, and process it.

The cgi-bin/web-ui allows a user to retrain email with ease, and deliver
mail that was concidered spam by accident.  It's well worth it in my
opinion.

Take a look at it,

http://dspam.nuclearelephant.com/


Scott

Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Re: compile problem

[Scott M. Likens]

Your problem is that 'cc' is not found, if you read from here.

>  cc -c  -I../../lib -I../.. -I../../et
> -I/opt/tools/cyrus-sasl/include -I/opt/tools/openssl/include
> -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -xarch=v8 -D_TS_ERRNO -xO3
> -xspace -xildoff
> -DVERSION=\"1.00\" -DXS_VERSION=\"1.00\" -KPIC 
> "-I/usr/perl5/5.8.4/lib/sun4-solaris-64int/CORE"  -DPERL_POLLUTE
> IMAP.c sh: cc: not found

it tells you that 'cc' not found, and from reading here,

> /usr/sfw/bin/gcc -c -I.. -I./../lib -I../et -I/opt/tools/bdb/include 

Note, that's gcc, not cc.  However, it's clear that your using Forte
Suite compiler arguments, and yet you run gcc.  You're problem is two
fold, one is path, two is that perl was not built with gcc, but cc.

You may need to rebuild perl with gcc, so that it's in line with your
'gcc' in your system.  Otherwise you can do some dirty hacking and ln
-sf, and pray it all works.

G'luck

On Mon, 24 Jul 2006 19:17:52 +0200
Pavel Stratil <[EMAIL PROTECTED]> wrote:

> Hi all,
> 
> I still have one problem when compiling cyrus with perl. For some
> reason I don't quite get, the perl part of the compilation believes
> that I am using sun's compiler but I'm using the GNU compiler. The
> problem seems to be only in the perl. I tried to edit the
> perl/imap/makefile with this:
> 
> old:
> CCCDLFLAGS = -KPIC
> CCFLAGS = -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -xarch=v8
> -D_TS_ERRNO OPTIMIZE = -xO3 -xspace -xildoff
> 
> new:
> CCCDLFLAGS = -fPIC
> CCFLAGS = -mcpu=ultrasparc -Wall -pipe -fomit-frame-pointer
> OPTIMIZE = -O3
> 
> but didnt succeed. Look at the compiler flags when working on imtest
> 
> ### Making all in /root/system/install/cyrus-imapd-2.3.7/imtest
> /usr/sfw/bin/gcc -c -I.. -I./../lib -I../et -I/opt/tools/bdb/include  
> -I/opt/tools/openssl/include  -I/opt/tools/cyrus-sasl/include 
> -DHAVE_CONFIG_H -mcpu=ultrasparc -O3 -Wall -pipe -fomit-frame-pointer 
> imtest.c
> imtest.c: In function `main':
> imtest.c:2482: warning: int format, pid_t arg (arg 3)
> imtest.c:2608: warning: dereferencing type-punned pointer will break 
> strict-aliasing rules
> /usr/sfw/bin/gcc -L/opt/tools/openssl/lib -R/opt/tools/openssl/lib 
> -L/opt/tools/bdb/lib -R/opt/tools/bdb/lib -lnsl -lsocket -lresolv 
> -lmalloc -o imtest imtest.o ../lib/libcyrus.a ../lib/libcyrus_min.a 
> -L/opt/tools/cyrus-sasl/lib  -R/opt/tools/cyrus-sasl/lib -lsasl2
> -lgss -lresolv -lresolv  -lresolv   -L/opt/tools/bdb/lib
> -R/opt/tools/bdb/lib -ldb-4.4 -lssl -lcrypto -lrt
> 
> in contrast to
> 
> ### Making all in /root/system/install/cyrus-imapd-2.3.7/perl
> ### Making all in /root/system/install/cyrus-imapd-2.3.7/perl/imap
> Checking if your kit is complete...
> Looks good
> Writing Makefile for Cyrus::IMAP
> cp IMAP/Admin.pm blib/lib/Cyrus/IMAP/Admin.pm
> cp IMAP.pm blib/lib/Cyrus/IMAP.pm
> cp IMAP/Shell.pm blib/lib/Cyrus/IMAP/Shell.pm
> cp IMAP/IMSP.pm blib/lib/Cyrus/IMAP/IMSP.pm
> /usr/bin/perl /usr/perl5/5.8.4/lib/ExtUtils/xsubpp  -typemap 
> /usr/perl5/5.8.4/lib/ExtUtils/typemap -typemap typemap  IMAP.xs > 
> IMAP.xsc && mv IMAP.xsc IMAP.c
> cc -c  -I../../lib -I../.. -I../../et -I/opt/tools/cyrus-sasl/include 
> -I/opt/tools/openssl/include  -D_LARGEFILE_SOURCE
> -D_FILE_OFFSET_BITS=64 -xarch=v8 -D_TS_ERRNO -xO3 -xspace -xildoff
> -DVERSION=\"1.00\" -DXS_VERSION=\"1.00\" -KPIC 
> "-I/usr/perl5/5.8.4/lib/sun4-solaris-64int/CORE"  -DPERL_POLLUTE
> IMAP.c sh: cc: not found
> *** Error code 1
> make: Fatal error: Command failed for target `IMAP.o'
> Current working
> directory /root/system/install/cyrus-imapd-2.3.7/perl/imap *** Error
> code 1 The following command caused the error:
> for d in  imap sieve; \
> do \
> (cd $d; echo "### Making" all "in" `pwd`;   \
> if [ -f Makefile.PL ]; then \
>LIB_RT="-lrt" \
>BDB_LIB="-L/opt/tools/bdb/lib
> -R/opt/tools/bdb/lib -ldb-4.4" BDB_INC="-I/opt/tools/bdb/include" \
>OPENSSL_LIB="-L/opt/tools/openssl/lib 
> -L/opt/tools/openssl/lib -R/opt/tools/openssl/lib" 
> OPENSSL_INC="-I/opt/tools/openssl/include" \
>SASL_LIB="-L/opt/tools/cyrus-sasl/lib  
> -R/opt/tools/cyrus-sasl/lib -lsasl2" 
> SASL_INC="-I/opt/tools/cyrus-sasl/include" CC="/usr/sfw/bin/gcc" \
>  perl Makefile.PL
> PREFIX=/opt/services/cyrus-imapd; \ fi; \
> make  DESTDIR= all) || exit 1; \
> done
> make: Fatal error: Command failed for target `all'
> Current working directory /root/system/install/cyrus-imapd-2.3.7/perl
> *** Error code 1
> The following command caused the error:
> for d in  man et  lib  sieve master imap  imtest   perl timsieved
> notifyd; \ do \
> (cd $d; echo "### Making" all "in" `pwd`;   \
> make  DESTDIR= all) || exit 1; \
> done
> make: Fatal error: Command failed for target `all'
> 
> 
> Can anyone help please? ... was using
> gmake depend
> make all CFLAGS=-O
> to build that.. thanks in advance,
> 
> Pavel
> 
> 
> !DSPAM:44c

Re: Cyrus failover steps

[Scott M. Likens]

Hi Ilya, there are many methods for failover.

One is heartbeat,

According to "Freshports" you have a version of Heartbeat available.

http://www.freshports.org/sysutils/heartbeat/

it's web site is http://www.linux-ha.org

Should give you some reading.

Scott

On Fri, 11 May 2007 13:34:20 -0400
Ilya Vishnyakov <[EMAIL PROTECTED]> wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>  
> Hello Cyrus Gurus!
> 
> I set up cyrus replication on our freeBSD 6.2 boxes. I used this
> tutorial. http://cyrusimap.web.cmu.edu/imapd/install-replication.html
> Could someone please suggest a documentation on How to failover from
> one server to another in case of emergency? I googled and googled and
> couldn't find anything. Please point me to the right direction , don't
> let me to ruin all the mailboxes. Thank you in advance.
> 
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1.4.5 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>  
> iD8DBQFGRKkcUZGmaUWxLn8RAm7OAKCp/YyZ86diMaYP0PtaNKejDWM8QwCeK/N4
> BdQJMfZutSS37eqduzqf4MI=
> =NtVI
> -END PGP SIGNATURE-
> 
> 
> Cyrus Home Page: http://cyrusimap.web.cmu.edu/
> Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
> 
> !DSPAM:4644b4fd253086491211187!
> 
> 


-- 
"What does one want when one is engaged in the sexual act?
That everything around you give you its utter attention
Think only of you, care only for you...
Every man wants to be a tyrant when he fornicates"


Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Re: pop3s autentication error

[Scott M. Likens]

Hi Martin,

>From my experience, Windows Mobile 5 and 6 (among PocketPC 2003se/2003)
like to use NTLM, and APOP.  They don't use them properly, and it's
NTLM/APOP ability is broken.

So what I've always had to do is disable NTLM/APOP, as that problem has
existed since PocketPC 2002, and Microsoft hasn't fixed it yet, so I
doubt they ever will.

However you're more then welcome to try and see if they'll fix it for you.

Scott

Martin Schiøtz wrote:
> Hi
>
>> From some brand new PDA like Microsoft OS with an Outlook PDA limted
> version I get some authentication errors:
>
> tail -f /var/log/maillog
> May 23 15:20:51 blackpete pop3s[31197]: accepted connection
> May 23 15:20:51 blackpete master[31374]: about to exec
> /usr/lib/cyrus-imapd/pop3d
> May 23 15:20:51 blackpete pop3s[31374]: executed
> May 23 15:20:52 blackpete pop3s[31197]: starttls: SSLv3 with cipher
> RC4-MD5 (128/128 bits reused) no authentication
> May 23 15:20:54 blackpete pop3s[31197]: badlogin: [62.44.168.212] NTLM
> bad protocol / cancel
>
> I'm using cyrus-imapd-2.3.7 with
> /etc/imapd.conf
> sasl_pwcheck_method:auxprop
> sasl_mech_list: NTLM PLAIN LOGIN CRAM-MD5 DIGEST-MD5
>
> Any ideas?
>
> - Martin
> 
> Cyrus Home Page: http://cyrusimap.web.cmu.edu/
> Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
>
> !DSPAM:465590ed120483047383436!
>
>


Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Re: Ghost emails

[Scott M. Likens]

Looks like one of those is running a sieve script, what is your current
script look like?


On Fri, 8 Jun 2007 09:40:47 +0200
Giuseppe Ravasio <[EMAIL PROTECTED]> wrote:

> Alle 22:11, martedì 5 giugno 2007, Florian Gleixner ha scritto:
> > As far as i understand cyrus imapd, it does not delete the message
> > instantly. It marks the message and
> > the /usr/lib/cyrus/bin/cyr_expire job deletes the message some days
> > later. The delete job is configured in /etc/cyrus.conf
> >   # this is only necessary if using duplicate delivery suppression
> >   delprune  cmd="cyr_expire -E 3" at=0400
> > deletes duplicte messages older than 3 days every day at 4am.
> >
> > But i did not yet fully understand the entire process.
> 
> In the logs i see thoose lines every times a message is delivered
> (and i see this one, and every other message in my inbox!)...
> Jun  8 09:34:44 thot lmtpunix[10927]: accepted connection
> Jun  8 09:34:44 thot lmtpunix[10927]: lmtp connection preauth'd as
> postman Jun  8 09:34:44 thot lmtpunix[10927]: duplicate_check: 
> <[EMAIL PROTECTED]>
> user.gravasio0 Jun  8 09:34:44 thot lmtpunix[10927]: mystore:
> starting txn 2147490592 Jun  8 09:34:44 thot lmtpunix[10927]:
> mystore: committing txn 2147490592 Jun  8 09:34:44 thot
> lmtpunix[10927]: duplicate_mark:
> <[EMAIL PROTECTED]> user.gravasio
> 1181288084 2913 Jun  8 09:34:44 thot lmtpunix[10927]: mystore:
> starting txn 2147490593 Jun  8 09:34:44 thot lmtpunix[10927]:
> mystore: committing txn 2147490593 Jun  8 09:34:44 thot
> lmtpunix[10927]: duplicate_mark:
> <[EMAIL PROTECTED]> [EMAIL PROTECTED]
> 1181288084 0
> 
> I think that the duplicate_mark is only a Debug message meaning that
> this ID is committed to the duplicate check DB.
> 
> I'm wrong?
> Anyone could explain how duplicate check works? and/or how to read
> thoose log lines?
> 
> Beppe
> 
> Cyrus Home Page: http://cyrusimap.web.cmu.edu/
> Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
> 
> !DSPAM:46695f5273191822916521!
> 
> 


-- 
"What does one want when one is engaged in the sexual act?
That everything around you give you its utter attention
Think only of you, care only for you...
Every man wants to be a tyrant when he fornicates"


Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Re: Ghost emails

[Scott M. Likens]

Attached is my current sieve script, you'll differences, modify it for
yours, and see if that helps for you.

Scott

On Fri, 8 Jun 2007 16:09:45 +0200
Giuseppe Ravasio <[EMAIL PROTECTED]> wrote:

> Alle 15:57, venerdì 8 giugno 2007, Scott M. Likens ha scritto:
> > Looks like one of those is running a sieve script, what is your
> > current script look like?
> 
> Yes... 
> my courrent sieve script is something like:
> require 
> ["fileinto","reject","vacation","imapflags","relational","comparator-i;ascii-numeric","regex","notify"];
> if
> header :contains "X-Spam-Flag" "YES"
> {
> fileinto "INBOX/Z_Spam";
> stop;
> }
> 
> the sieve script of the user with gost emails is:
> 
> if address :all :comparator "i;ascii-casemap" :is 
> ["From", "Sender", "Resent-From"] ["[EMAIL PROTECTED]",
> "[EMAIL PROTECTED]"]  { discard;
> stop;
> }
> 
> if address :all :comparator "i;ascii-casemap" :is 
> ["From", "Sender", "Resent-From" ["[EMAIL PROTECTED]", "[EMAIL PROTECTED]"]
> { discard;
> stop;
> }
> 
> Beppe
> 
> Cyrus Home Page: http://cyrusimap.web.cmu.edu/
> Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
> 
> !DSPAM:46696a2180703413410412!
> 
> 




sieve
Description: Binary data

Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Re: [SOLVED] trying to turn on sieve and getting auth errors?

[Scott M. Likens]

Mike,

You should be seeing that error logged rather consistantly
in /var/log/messages, or if you add the debug of local0 to syslog, you
can see more 'detail'.

Scott

On Mon, 27 Aug 2007 10:36:39 -0500
Mike Eggleston <[EMAIL PROTECTED]> wrote:

> On Mon, 27 Aug 2007, Mike Eggleston might have said:
> 
> > I have a working cyrus 2.3.1 on fedora core 5 with the lastest
> > patches. I know sieve is running as I get response from both
> > 'telnet $host sieve' and 'sivtest $host'. The responses though look
> > like sieve is requiring that I start TLS. I have plain text auth (I
> > think I do) setup and working pulling the user account and password
> > from openldap on the same box.
> 
> I copied /usr/lib/sasl2/libplain* to this box that I'm testing and
> the "PLAIN" auth mechanisms appeared. Is there any way to have an
> error logged that /etc/imapd.conf specifies PLAIN, but there is
> no /usr/lib/sasl2/libplain* found?
> 
> Mike
> 
> Cyrus Home Page: http://cyrusimap.web.cmu.edu/
> Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
> 
> 
> 
> 
> 
> !DSPAM:46d2fa1a78701804284693!
> 
> 


-- 
"What does one want when one is engaged in the sexual act?
That everything around you give you its utter attention
Think only of you, care only for you...
Every man wants to be a tyrant when he fornicates"


Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Re: Cyrus lagging accepting IMAP connections

[Scott M. Likens]

On note #3, I imagine changing to a 2.6 kernel has to do with the
entropy pool in /dev/random as it differs in 2.4 from 2.6

Scott

Andy Fiddaman wrote:
> On Tue, 11 Sep 2007, Rick Kunkel wrote:
>
> ; # telnet mail 143
> ; Trying xxx.xxx.xxx.xxx...
> ; Connected to mail.
> ; Escape character is '^]'.
> ;
> ; And then it just kinda sits.  Sometimes, after 30 seconds or so
> ;
> ; * OK mail Cyrus IMAP4 v2.2.13-Debian-2.2.13-10 server ready
>
> Generally this kind of delay is due to one of the following things:
>
> o DNS problem
>   The reverse DNS lookup is timing out for the client, or the server
>   interface (if using virtualdomains).
>
> o Insufficient entropy for sasl
>   When a lot of users are connecting, sasl can block because it hasn't
>   enough entropy - recompile SASL to use /dev/urandom instead of
>   /dev/random.
>
> o Linux 2.6 kernel
>   Some people have reported this with Linux 2.6 and solved it by reverting
>   to 2.4, I haven't seen any details on exactly what the problem is
>   though..
>
> HTH,
>
> A.
> 
> Cyrus Home Page: http://cyrusimap.web.cmu.edu/
> Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
>
>
> !DSPAM:46e702a881421849679482!
>
>
>   



Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Re: Cyrus lagging accepting IMAP connections

[Scott M. Likens]

Rick,

This problem is related to Debian using /dev/random instead of /dev/urandom.

Short term solution would be to rm /dev/random

mknod /dev/random c 1 9

The other solution for you would be to recompile the sources and change
the configure to use urandom instead of random... You can search the
archives and search for urandom on how to do that.

Scott

Rick Kunkel wrote:
> Hello all,
>
> I'm new to Cyrus.  Historically, I've used Qpopper, Sendmail, and UW IMAP. 
> We recently switched to Cyrus for IMAP.  It came highly recommended...
>
> We've got this on a darned burly machine, running some very recent version 
> of Debian, with a fast CPU, 4GB RAM, and fast SAS drives.  When testing 
> the thing, before it went into production, everything worked awesomely. 
> However, having loaded it with 2300 users, it's suddenly acting 
> erratically.  (Incidentally, of the 2300 users, almost all are POP users, 
> which seems to be working fine.  A few hundred -- at most -- are IMAP, and 
> they are split between squirrelmail users and a handful that use standard 
> MUAs.)
>
> The server acts as if it's low on resources or something, or has hit some 
> kind of connection limit.  It's speedy as heck WHEN it does it what's it's 
> supposed to, but that initial connection is sketchy.  For the first 30 
> seconds after you restart it, it's generally good, but it goes downhill 
> from there.
>
> Testing with telnet exhibits this behavior.  Here's a sample session...
>
> # telnet mail 143
> Trying xxx.xxx.xxx.xxx...
> Connected to mail.
> Escape character is '^]'.
>
>
> And then it just kinda sits.  Sometimes, after 30 seconds or so
>
> * OK mail Cyrus IMAP4 v2.2.13-Debian-2.2.13-10 server ready
>
>
> We're currently using the following line in cyrus.conf for imapd:
>
> imap  cmd="imapd" listen="imap" prefork=1
>
>
> We've messed with tons of different settings here, to little avail.
>
> There don't seem to be any salient log entries.
>
> Anyone have any ideas?
>
> Thanks,
>
> Rick Kunkel
> 
> Cyrus Home Page: http://cyrusimap.web.cmu.edu/
> Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
>
>
> !DSPAM:46e6fb8c80805986443841!
>
>
>   


Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Re: Cyrus lagging accepting IMAP connections

[Scott M. Likens]

1. Not likely, but not impossible... To Quote a source

The /dev/random device hands out "high-quality" random bits, up to the
limit of the "random" information it has been seeded with. The
/dev/urandom device does not have this limitation. It continues to hand
out bits of decreasing quality as long as it is polled.

2. mknod /dev/random c 1 8 (you may need to chmod it to ensure it can be
read of course)

3. You can use aptitude to get the SASL source, then using the Debian
Modified/patched Sources, you can run configure and then install it into
a temporary directory and then create a .deb out of that, however you
will want to freeze that afterwards so you don't download an updated
version that sets you back.

Alternatively, you can report the bug to the debian people, and have
them re-compile it to use /dev/urandom instead of /dev/random and save
you the effort.  However that may take a few days.

If you wish to make your own package, you can read this
http://linuxdevices.com/articles/AT8047723203.html

Additionally Google will be your friend on how to build Debian Packages,
as I haven't done so in quite some time thankfully.

Scott

Rick Kunkel wrote:
> Hm!  I did some additional reading after receiving this, and it seems
> that pursuing the random number generator path is the way to go...
>
> A coupla quick questions (that I think are likely going to be answered
> with "it depends" answers):
>
> 1.  Is nuking /dev/random in the way described going to have adverse
> affects on other elements/services?
>
> 2.  If, andter going this, I want to restore /dev/random to what it
> was beforehand, how would I go about doing that?
>
> 3.  We used aptitude (in all its inflexibility) to install sasl.  Does
> anyone know if there is an easy way to change this compile-time flag,
> but still use aptitude to install SASL?  (Probably off-topic for this
> list, I admit.)
>
> Thanks!
>
> Rick Kunkel
>
> On Tue, 11 Sep 2007, Scott M. Likens wrote:
>
>> Rick,
>>
>> This problem is related to Debian using /dev/random instead of
>> /dev/urandom.
>>
>> Short term solution would be to rm /dev/random
>>
>> mknod /dev/random c 1 9
>>
>> The other solution for you would be to recompile the sources and change
>> the configure to use urandom instead of random... You can search the
>> archives and search for urandom on how to do that.
>>
>> Scott
>>
>> Rick Kunkel wrote:
>>> Hello all,
>>>
>>> I'm new to Cyrus.  Historically, I've used Qpopper, Sendmail, and UW
>>> IMAP.
>>> We recently switched to Cyrus for IMAP.  It came highly recommended...
>>>
>>> We've got this on a darned burly machine, running some very recent
>>> version
>>> of Debian, with a fast CPU, 4GB RAM, and fast SAS drives.  When testing
>>> the thing, before it went into production, everything worked awesomely.
>>> However, having loaded it with 2300 users, it's suddenly acting
>>> erratically.  (Incidentally, of the 2300 users, almost all are POP
>>> users,
>>> which seems to be working fine.  A few hundred -- at most -- are
>>> IMAP, and
>>> they are split between squirrelmail users and a handful that use
>>> standard
>>> MUAs.)
>>>
>>> The server acts as if it's low on resources or something, or has hit
>>> some
>>> kind of connection limit.  It's speedy as heck WHEN it does it
>>> what's it's
>>> supposed to, but that initial connection is sketchy.  For the first 30
>>> seconds after you restart it, it's generally good, but it goes downhill
>>> from there.
>>>
>>> Testing with telnet exhibits this behavior.  Here's a sample session...
>>>
>>> # telnet mail 143
>>> Trying xxx.xxx.xxx.xxx...
>>> Connected to mail.
>>> Escape character is '^]'.
>>>
>>>
>>> And then it just kinda sits.  Sometimes, after 30 seconds or so
>>>
>>> * OK mail Cyrus IMAP4 v2.2.13-Debian-2.2.13-10 server ready
>>>
>>>
>>> We're currently using the following line in cyrus.conf for imapd:
>>>
>>> imapcmd="imapd" listen="imap" prefork=1
>>>
>>>
>>> We've messed with tons of different settings here, to little avail.
>>>
>>> There don't seem to be any salient log entries.
>>>
>>> Anyone have any ideas?
>>>
>>> Thanks,
>>>
>>> Rick Kunkel
>>> 
>>> Cyrus Home Page: http://cyrusimap.web.cmu.edu/
>>> Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
>>> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
>>>
>>>
>>>
>>>
>>>
>>>
>>
>>
>
>
> !DSPAM:46e7181084202125116682!
>
>


Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Re: Slower after migration from 2.1 to 2.2

[Scott M. Likens]

Paul,

Which Mail Client is your user using?

Additionally have you tried to run reconstruct or squatter on his INBOX
to see the difference?

(replace the $PREFIX with where your cyrus bin utilities are, and
username with the username in question)
$PREFIX/bin/reconstruct -r -f user.username

or

$PREFIX/bin/squatter -r -v user.username

Beyond that, it's really a guessing game without more information... You
can additionally enable logging so you can see every command his mail
client makes and what the server responds with (which can be beneficial)

cd /var/imap/log (create the directory if it doesn't exist)

then mkdir username (replace username with their username)

ensure that the directory's above are owned by cyrus:mail and then you
can find a file in /var/imap/log/username

like for me,

[EMAIL PROTECTED] /var/imap/log/damm $ ls -l
total 8
-rw--- 1 cyrus mail 1359 Sep 19 15:50 12133
-rw--- 1 cyrus mail 3946 Sep 19 15:51 12157

then inside there you can actually see the connection like...

<1190242306<3 select "INBOX.Drafts"
>1190242306>* FLAGS (\Answered \Flagged \Draft \Deleted \Seen)
* OK [PERMANENTFLAGS (\Answered \Flagged \Draft \Deleted \Seen \*)] 
* 2 EXISTS
* 0 RECENT
* OK [UIDVALIDITY 1131130979] 
* OK [UIDNEXT 359] 
* OK [NOMODSEQ] Sorry, modsequences have not been enabled on this mailbox
* OK [URLMECH INTERNAL]
3 OK [READ-WRITE] Completed
<1190242306<4 getquotaroot "INBOX.Drafts"
>1190242306>* QUOTAROOT INBOX.Drafts
4 OK Completed

Between all of the above, I think we can give you a good answer.

Scott

Paul van der Vlis wrote:
> Rudy Gevaert schreef:
>   
>> Paul van der Vlis wrote:
>> 
>>> Hello,
>>>
>>> A customer wanted a new machine, and I used Cyrus 2.2 (Debian Etch).
>>> Before I used Debian Sarge with Cyrus 2.1. I just copied all data to the
>>> new machine, installed Cyrus 2.2 and saw no problem. So I did no
>>> conversion to another database type or something like that.
>>>
>>> Now my customer says the new machine IMAP is slower then the old one.
>>>   
>> Try to identify what the user means with slower.  Maybe he means, during
>> login.
>> 
>
> When he switches between folders in the same mailbox.
>
> With regards,
> Paul van der Vlis.
>
>
>
>
>   


Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Re: Slower after migration from 2.1 to 2.2

[Scott M. Likens]

Paul van der Vlis wrote:
> Scott M. Likens schreef:
>   
>> Paul,
>>
>> Which Mail Client is your user using?
>> 
>
> Thunderbird 2.0.0.0 (Dutch Windows version),
>
>   
Looks fine, except when changing folders it logs in again... so if
there's a plaintextdelay defined in /etc/imapd.conf that would 'exhibit'
some slowdown... so every time he changes a folder, TBird logs in
again... it's not very good about using only 1 connection and keeping it
open.

So that may be your culprit... in that case, you can go into Account
Settings and turn on "Secure Authentication" if you have configured
Cyrus to allow CRAM-MD5 Secrets.
>> Additionally have you tried to run reconstruct or squatter on his INBOX
>> to see the difference?
>>
>> (replace the $PREFIX with where your cyrus bin utilities are, and
>> username with the username in question)
>> $PREFIX/bin/reconstruct -r -f user.username
>> 
>
> Ah, that's "cyrreconstruct" on my system.
>
>   
>> or
>>
>> $PREFIX/bin/squatter -r -v user.username
>> 
>
> No, I have not.
> I will study what I need to backup before doing this.
>
> Do I need to turn Cyrus off before doing this?
>
>   
No you don't, squatter can be run while Cyrus is :)  Infact, you can
have it run in /etc/cyrus.conf like I do.

such as,

  squatter cmd="squatter" period=14400

It's benefit is mainly for when 'searching' in inbox's... however I've
found it can be beneficial.
>> Beyond that, it's really a guessing game without more information... You
>> can additionally enable logging so you can see every command his mail
>> client makes and what the server responds with (which can be beneficial)
>>
>> cd /var/imap/log (create the directory if it doesn't exist)
>>
>> then mkdir username (replace username with their username)
>>
>> ensure that the directory's above are owned by cyrus:mail and then you
>> can find a file in /var/imap/log/username
>>
>> like for me,
>>
>> [EMAIL PROTECTED] /var/imap/log/damm $ ls -l
>> total 8
>> -rw--- 1 cyrus mail 1359 Sep 19 15:50 12133
>> -rw--- 1 cyrus mail 3946 Sep 19 15:51 12157
>>
>> then inside there you can actually see the connection like...
>>
>> <1190242306<3 select "INBOX.Drafts"
>> 
>>> 1190242306>* FLAGS (\Answered \Flagged \Draft \Deleted \Seen)
>>>   
>> * OK [PERMANENTFLAGS (\Answered \Flagged \Draft \Deleted \Seen \*)] 
>> * 2 EXISTS
>> * 0 RECENT
>> * OK [UIDVALIDITY 1131130979] 
>> * OK [UIDNEXT 359] 
>> * OK [NOMODSEQ] Sorry, modsequences have not been enabled on this mailbox
>> * OK [URLMECH INTERNAL]
>> 3 OK [READ-WRITE] Completed
>> <1190242306<4 getquotaroot "INBOX.Drafts"
>> 
>>> 1190242306>* QUOTAROOT INBOX.Drafts
>>>   
>> 4 OK Completed
>>
>> Between all of the above, I think we can give you a good answer.
>> 
>
> Thanks for your help!
>
> Do I only need to make a directory to turn logging on? Strange.
>
> I read in the debian-specific manual: "If you upgrade from cyrus 2.1,
> all you need to do is to upgrade the database files from the old
> database backend to the new one".
>
> The old database backend (db4.2) is in this version of Debian. So
> upgrading is not needed, I think? Or does he mean something else?
>
> With regards,
> Paul van der Vlis.
>
>
>
>
>   

You might want to check your logs to see if he's not having any errors
with his .sub and .seen files... that may be happening.  Additionally if
he is logging in via PLAINTEXT there is a delay there possibly in
/etc/imapd.conf

As far as making that directory it turns on some extensive debugging
information.  It will tell you everything going on including any errors
sent back to the client that may not be shown at all.

If i'd take a guess you might have some slowdown with the database
files It's been awhile since I ran 2.2, but I believe in
/etc/imapd.conf there should be an option to define what type is
(db_nosync, skiplist, etc) ... and if that's so you can always convert
to skiplist (there's a utility that can be found by searching the IMAP
archives) and you will find some speed up with that.

Scott


Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Re: need help recovering from disk crash

[Scott M. Likens]

Hi,

If you have a dump of the mailbox's (ctl_mboxlist) then you can restore
those, personally I back those up weekly as well as /var/spool/imap

If you don't, re-add the users, then do reconstruct -r -f user.username
(obviously replace username with the username in question) and it will
reconstruct the mailbox and find all the folders for you and add them to
the mailboxes db.

Then do that on all your users, and you should be good.

As far as 2.3.9 vs. 2.2... if you're only dealing with the message
spool... it should be easy to massage it together.  if you're trying to
bring back duplicate, sieve, seen, etc... it might be a hassle.

Rather vague email I just wrote... but you seemed to have the basics... 
if not reply all.

Scott

[EMAIL PROTECTED] wrote:
> I lost my OS drive on my home server, the mail partition was on a raid array 
> and survived, I have some of the rest of the config info, but it looks like I 
> lost the configdir contents (the directories are still there, but the files 
> are 
> missing) I may be able to recover some stuff from lost+found if I can get 
> hints 
> on what to search for.
>
> now, to make things more interesting, the old system was running gentoo and 
> has 
> cyrus 2.3.recent on it
>
> the new system is ubuntu with 2.2.something on it (I couldn't get a recent 
> gentoo installer to run reliably on this hardware)
>
> can I make this work or should I compile 2.3.9?
>
> with reconstruct -m now working how can I recover the mailbox?
>
> the good news is that I only have 3 users on the system (with about 3G of 
> mail 
> in several hundred folders betwen us) so manual fixes may be practical
>
> the config files were saved, and are:
>
> #cat imapd.conf |grep -v "^#" |grep "^[a-z]"
> configdirectory:/var/imap
> partition-default:  /movies/imap
> sievedir:   /var/imap/sieve
> virtdomains:yes
> admins: cyrus
> hashimapspool:  yes
> allowanonymouslogin:no
> allowplaintext: yes
> sasl_pwcheck_method: auxprop
> sasl_auxprop_plugin: sasldb
> sasl_mech_list: PLAIN
>
>
> # cat cyrus.conf |grep -v "^ *#" |grep "[a-z]"
>recover   cmd="ctl_cyrusdb -r"
>idled cmd="idled"
>imap  cmd="imapd" listen="imap2" prefork=0
>pop3  cmd="pop3d" listen="pop-3" prefork=0
>imaps cmd="imapd -s" listen="imaps" prefork=0
>pop3s cmd="pop3d -s" listen="pop3s" prefork=0
>sieve cmd="timsieved" listen="sieve" prefork=0
>lmtpunix  cmd="lmtpd" listen="/var/imap/socket/lmtp" prefork=0
>checkpointcmd="ctl_cyrusdb -c" period=30
>delprune  cmd="ctl_deliver -E 3" period=1440
>tlsprune  cmd="tls_prune" period=1440
> [EMAIL PROTECTED]:/etc# cat cyrus.conf |grep -v "^ *#" |grep "[a-z{}]"
> START {
>recover   cmd="ctl_cyrusdb -r"
>idled cmd="idled"
> }
> SERVICES {
>imap  cmd="imapd" listen="imap2" prefork=0
>pop3  cmd="pop3d" listen="pop-3" prefork=0
>imaps cmd="imapd -s" listen="imaps" prefork=0
>pop3s cmd="pop3d -s" listen="pop3s" prefork=0
>sieve cmd="timsieved" listen="sieve" prefork=0
>lmtpunix  cmd="lmtpd" listen="/var/imap/socket/lmtp" prefork=0
> }
> EVENTS {
>checkpointcmd="ctl_cyrusdb -c" period=30
>delprune  cmd="ctl_deliver -E 3" period=1440
>tlsprune  cmd="tls_prune" period=1440
> }
>
> David Lang
> 
> Cyrus Home Page: http://cyrusimap.web.cmu.edu/
> Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
>
>
> !DSPAM:46f8b94b179948275421122!
>
>
>   


Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Re: Delivery and fetching of new email inconsistent

[Scott M. Likens]

Brian,

Here's a stupid question... might be from my ignorance, or just oversight.

But if the email is delivered to an INBOX, unless the client supports
notification... it won't be notified of the new email until it does a
Send/Receive and then it will be aware of it.

I mention this because many Clients such as Outhouse (Outlook) don't
support that kind of notification, so you end up having people setting
their send/receieve time to 60seconds.

Now I notice in your logs it says * 1 Recent... at least in one of them,
so it seems that Cyrus is notifying the IMAP Connection.  Now it comes
down to if the client ignores it or not.  (as you use idled you should
be good in this area).

So then it comes down to which Clients are you using, and if they
support the notification of new email to 'refresh' the INBOX.  I know
Outlook Express, and Outlook don't support that... and they are rather
unbearable for an IMAP connection for most users I run into. 

However Thunderbird works just dandy Long drawn out mail for more
information I guess...

Thanks

Scott

Brian Wong wrote:
> List,
> I am in the process of migrating to Cyrus IMAP. I have a test server
> (CentOS 5 x86_64) with several accounts and I look forward to placing
> the IMAP server in production but I have recently noticed a problem.
>
> Certain emails that are delivered into a mailbox are not visible to
> the email client. I believe this may have to do with consecutive
> emails to the same mailbox with minimal time between the deliveries,
> but I can not consistently reproduce the problem. In this case, two
> separate and different emails are delivered and only the first is
> visible. I do not believe this is a client specific problem. I have
> the general log files indicating delivery and protocol telemetry logs
> for the user in question.
>
> It is not until I log out and log back in do I see the second message.
>
> The relevant log snippets mentioned above are attached.
> Name: server.log (evidence of consecutive delivery)
> Name: user_tel.log (from line 259; evidence of only first message
> visible, but not second)
> Name: user_tel-2.log (evidence that upon log out and log in, second
> message appears)
> Name: imapd.conf (for completeness)
> Name: cyrus.conf (for completeness)
>
> Bear with me as I am not well versed in IMAP protocol specifics.
> The user telemetry logs show that the IDLE daemon notified the client
> of a new message through the EXISTS command. When the IMAP client then
> does a FETCH command, the server only returns the first of the two
> delivered messages. (user_tel.log)
>
> The server is built with the following options
> ./configure --enable-idled --enable-murder --enable-replication
> --enable-listext --with-ldap --with-openssl --with-sasl --with-snmp
> --without-bdb --with-cyrus-user=cyrus --with-cyrus-group=cyrus
>
> I am also using the "Parse Received: headers for internaldate" patch
> from http://cyrus.brong.fastmail.fm/. I believe this is needed to
> retain INTERNALDATE when migrating.
>
> Could the patch from fastmail be the culprit?
> What other steps can I take to help troubleshoot this problem?
>
>
> !DSPAM:47017a8383425432119130!
>   
> 
>
> 
> Cyrus Home Page: http://cyrusimap.web.cmu.edu/
> Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
>
> !DSPAM:47017a8383425432119130!
>   


Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Re: Date problem after migration

[Scott M. Likens]

I'll put in my 10cents as it's not really on topic for this mailing list.

When converting from a qmail+courier IMAP solution to Zimbra *ugh* I had
a similar problem in this case Zimbra had a solution.

imapsync --ssl1 --ssl2 --host1 #HOST1# --host2 #HOST2# \
--authuser1 cyrus --password1 #PASSWORD1# --authuser2 cyrus \
--password2 #PASSWORD2# --authmech1 PLAIN --authmech2 PLAIN \
--subscribe --user1 #USER# --user2 #USER# \
--delete2 --expunge --expunge2 --syncinternaldates

Adding --syncinternaldates

Additionally I found using --user2 %USER%\tb

They added it to fix Thunderbird actually, but tied in with
syncinternaldates and the other portion the only annoyance was loosing
the unique identifier scheme (we had alot of pop3 users and there is no
central scheme for UIDL what so ever so the same message can be
re-downloaded 8000x)

Another thing if you're moving from a broken setup to a working setup
you may want to look at,

--useheader: Use this header to compare messages on both sides.
 Ex: Message-ID or Subject or Date.

good old fashion regexp.

Off hand it's not very useful, but using --syncinternaldates is always
good to use I found.

Scott


Andrew Morgan wrote:
> On Tue, 9 Oct 2007, Guillaume Postaire wrote:
>
>   
>> Hi all,
>>
>> We just have done a migration from a very old Cyrus stand alone
>> installation to a new one with murder.
>>
>> During the migration everything went ok and no user complaint, so we
>> destroy our old mailbox.
>>
>> Shortly after that one of our user notice a huge problem with outlook
>> that we don't reproduce with thunderbird (put here whatever imap
>> compliant client). All the mail older than the migration have the date
>> of the migration in outlook. It seems that outlook don't use the header
>> date (wich are ok in the plain text storage) but another information
>> that come from cyrus.
>>
>> We try to analyse what happen and discover we forget to use "
>> --syncinternaldates" with imapsync. We simulate some migration and this
>> problem don't exist if we had this.
>>
>> How could we correct the date stored in cyrus ?
>>
>> Here is the command we use for migration
>> imapsync --ssl1 --ssl2 --host1 #HOST1# --host2 #HOST2# \
>> --authuser1 cyrus --password1 #PASSWORD1# --authuser2 cyrus \
>> --password2 #PASSWORD2# --authmech1 PLAIN --authmech2 PLAIN \
>> --subscribe --user1 #USER# --user2 #USER# \
>> --delete2 --expunge --expunge2
>> 
>
> We had the same problem here, but just told our users to suck it up.  :)
>
> I suppose you could create some script to read the Date: header from each 
> message and set the message file mtime to match.  You would probably need 
> to reconstruct the mailbox after that to pick up the change.
>
> Or, you can tell Outlook to sort on the Date: header rather than the 
> arrival time of the message.
>
>   Andy
> 
> Cyrus Home Page: http://cyrusimap.web.cmu.edu/
> Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
>
>
> !DSPAM:470bda5c77459552314630!
>
>
>   


Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Re: How to bind imap to 2 interfaces

[Scott M. Likens]

You pretty much answered your own question,

However, I will spell it out.


imaplocal   cmd="imapd" listen="localhost:imap" prefork=5
imapeth0cmd="imapd" listne="ipofeth0:imap" prefork=5


Now of course you will want to replace ipofeth0 with the IP address on
eth0.  if you have multiple IP address's on eth0, you may want to make
more entry's for each IP address.

Cheers

Scott

Tornoci Laszlo wrote:
> Hi,
>
> I have a server with eth0, eth1 and localhost network interfaces. I want 
> to have cyrus to service imap on eth0 and localhost, but NOT on eth1.
>
> After reading man cyrus.conf, I can make cyrus to listen on all 3 
> interfaces:
>imap  cmd="imapd" listen="imap" prefork=5
> or just on one of them:
>imap  cmd="imapd" listen="localhost:imap" prefork=5
>
> How to make it listen exactly on localhost and eth0?
>
>   Yours: Laszlo
> 
> Cyrus Home Page: http://cyrusimap.web.cmu.edu/
> Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
>
>
> !DSPAM:471e54f974051218716433!
>
>
>   


Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

RE: mail subject's problem

[Scott M. Likens]

The reason why it's doing this is because cyrus or your MTA is stripping
the 8th bit.  It's a very simple option in imapd.conf to set, if you
need to either man it, or read the docs you'll find the exact option to
stop that.

Thanks and goodbye

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of David Chang
Sent: Thursday, February 20, 2003 7:40 PM
To: Cyrus-Info

Hi all:
I am a Chinese user in cyrus.
There are a strange problem in email Subject's display problem.

If i send a mail with Chinese words in subject field from outlook
express to 
myself.When i received this mail from cyrus-imap i found,that the
Subject looks 
like "XXX?" .Anybody can tell me why ? 

Imapd server is:
cyrus-imapd-2.1.12
cyrus-sasl-2.1.12

David Chang

RE: lmtp read error

[Scott M. Likens]

Why aren't you using unix:/var/spool/imap/lmtp

There is absolutely no reason to use TCP LMTP unless you have to.  In this
case since it's obvious you are not using Cyrus Murder and don't need the
proxy's to pass the messages back to the backend servers.

Save us all some patience.  Put that in the method to deliver, and be done
with it.

Thanks, goodbye... good riddance.



---

The word bipartisan usually means some larger-than-usual deception is being
carried out. - George Carlin

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Mitrana Cristian
Sent: Wednesday, March 26, 2003 5:46 PM
To: [EMAIL PROTECTED]

* Morgan Sackett <[EMAIL PROTECTED]> [26-03-03 16:37]:

> You are correct about the MX records, though mail addressed directly to
> the machine gets delivered correctly.  As far as I have read, LMTP does
> not require or use MX records.  The socket method gives me a "connection
> refused" error.
>
> lmtpd is running.  Here is the appropriate sections of my cyrus.conf file:
>
>  # at least one LMTP is required for delivery
>  lmtpunix  cmd="lmtpd" listen="/var/imap/socket/lmtp" prefork=1
>  #  lmtp cmd="lmtpd" listen="/var/imap/socket/lmtp" prefork=0
>  lmtp  cmd="lmtpd" listen="63.105.30.19:lmtp" prefork=1
>

Unless localhost=63.105.30.19 then your lmtpd server
is not listening to localhost network address. So obviossly
postfix won't deliver the messages, nor telnet will connect
to localhost:lmtp.

 mitu

RE: lmtp read error

[Scott M. Likens]

If you are getting connection refused trying to connect to the socket, then
you have the line commented out in the configuration file for the binding of
the lmtp socket.

I've used lmtp over socket for quite some time and found it to be the best
method to date.



---

The word bipartisan usually means some larger-than-usual deception is being
carried out. - George Carlin
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Henrique de
Moraes Holschuh
Sent: Wednesday, March 26, 2003 6:52 PM
To: [EMAIL PROTECTED]

On Wed, 26 Mar 2003, Rob Siemborski wrote:
> Not that Cyrus Murder is the only reason the use TCP LMTP.  Its entirely
> reasonable to have your MTA on a separate machine and have delivery to
> cyrus happen via TCP LMTP over the network.

Indeed. That's my setup exactly.  However, I just run lmtpd -a, bound to a
private network where only the LMTP servers and the SMTP servers are
connected to.  Thus, no authorization worries, and no SASL overhead.

> Though, if your MTA is sharing a machine with cyrus, its generally to
> your advantage to use the unix socket.

It is MUCH faster to use Unix sockets in most OSes, for one thing...

--
  "One disk to rule them all, One disk to find them. One disk to bring
  them all and in the darkness grind them. In the Land of Redmond
  where the shadows lie." -- The Silicon Valley Tarot
  Henrique Holschuh

Connection limiting.

[Scott M. Likens]

I haven't seen anything in the documentation about limiting a user connections.

Is it possible to limit a user to only connect twice, per user name?

I ask because there is crappy antivirus software that makes 2-3 connections, 
and it's a little annoying and can bog things up.

I've looked over imapd.conf and haven't really read anything about this in the 
mailing list, so maybe I missed something

I did see 
# Minimum time between POP mail fetches in minutes
popminpoll: 1

but does that mean a user can logout, and log back in, and if he logs in before 
his 60seconds are up he can't fetch?

and also is there something similar for imap perhaps?

Thanks

-- 
"What does one want when one is engaged in the sexual act?
That everything around you give you its utter attention
Think only of you, care only for you...
Every man wants to be a tyrant when he fornicates"

---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Re: Sieve 2.2 not working

[Scott M. Likens]

require "fileinto";
if address :contains :all ["from"] "[EMAIL PROTECTED]" {
fileinto "INBOX.Servers.Periodic";}
elsif address :contains :all ["to", "cc", "bcc"] 
"[EMAIL PROTECTED]"{
discard;}
elsif address :contains :all ["to", "cc", "bcc"]
else {
   fileinto "INBOX";}


that's a small exert from my script.

Enjoy

On Tue, 10 May 2005 22:55:06 +0100
"John Lane" <[EMAIL PROTECTED]> wrote:

> Hello,
> 
> I have been trying to get Sieve working, to no avail. Having scoured
> the mailing lists / google, I've found other people with the same
> problem but can't find a solution.
> 
> My configuration comprises postfix, procmail and cyrus-imap. It is all
> working as expected except for Sieve.
> 
> I'm running Cyrus-IMAP 2.2.12, and Cyrus-SASL 2.1.20. My received
> e-mails are showing "X-Sieve: CMU Sieve 2.2" so I guess that proces
> Sieve is compiled in and being called.
> 
> This is my test script (email address changed) :
> require ["reject","fileinto"];
> 
>   if address :is :all "From" "[EMAIL PROTECTED]"
>   {
> reject "testing";
>   }
> 
> I have successfully installed this using sieveshell and it is
> correctly installed in the sievedir defined in imapd.conf and has a
> symlink "defaultbc" pointing to it.
> 
> I have successfully got the sieve test program to report the expected
> output:
> -bash-2.05b# ./test /tmp/msg
> /var/lib/imap/sieve/t/testuser/sievetest.bc rejecting message
> '/tmp/msg' with 'testing'
> 
> (note here that the test prog requires the byte-code version of the
> script - I couldn't find this point documented anywhere)
> 
> However, When I send a mail into the server the sieve script has no
> effect. Otherwise the system is fine.
> 
> Any suggestions would be greately appreciated.
> 
> Thanks,
> John
> 
> 
> (i've also tried the below script which doesn't work either)
> require ["reject"];
> reject "testing";
> 
> 
> 
> 
> !DSPAM:42813321112958089135640!


-- 
"What does one want when one is engaged in the sexual act?
That everything around you give you its utter attention
Think only of you, care only for you...
Every man wants to be a tyrant when he fornicates"

---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Re: Sieve 2.2 not working

[Scott M. Likens]

uh bypassing procmail? very simple.

deliver via lmtp

mailbox_transport = lmtp:unix:/var/run/cyrus/socket/lmtp

On Thu, 12 May 2005 00:44:18 +0100
"John Lane" <[EMAIL PROTECTED]> wrote:

> Ok, As I was getting nowhere I delved into the code.
> 
> This is what is happening...
> 
> When I send a message "deliver" is used to send it into cyrus.
> 
> Code in "imap/lmtpd.c" gets executed in a function called "deliver".
> 
> This has two bits of code for mail delivery, the first is
> "case 1: shared mailbox request" and the second is
> "case 2: ordinary user, might have Sieve script"
> 
> One would expect the code in case 2 to be called but what
> was happening is the code in case 1 is being called.
> 
> This decision is made based on the value of a variable called
> "user" being null for case 1 and set to a value for case 2.
> 
> I tracked this down to my procmail configuration where I had the
> following:
> 
> DELIVER="$/usr/bin/deliver -a $USER -m user.$USER"
> 
> It was missing the user id at the end. I changed it to...
> 
> DELIVER="$/usr/bin/deliver -a $USER -m user.$USER $USER"
> 
> And Sieve now fires as expected. HOWEVER... I have another problem
> 
> I have a test sieve script that does a "reject" but the mail never
> gets returned to the sender (although Sieve does try!!!).
> 
> The problem ocurs when I use procmail, the "Return-Path" setting
> in the e-mail gets changed by procmail from the real sender to the
> unix id that procmail is run as. The message is delivered to this user
> rather than the original sender.
> 
> Has anyone come across this before and is there a solution ?
> 
> BTW my MTA is postfix and the above problem does not happen when I
> configure postfix to send directly to cyrus (i.e. bypass procmail).
> 
> Thanks,
> John
> 
> 
> 
> 
> 
> ---
> Cyrus Home Page: http://asg.web.cmu.edu/cyrus
> Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
> 
> !DSPAM:42829e6171311869725949!
> 
> 


-- 
"What does one want when one is engaged in the sexual act?
That everything around you give you its utter attention
Think only of you, care only for you...
Every man wants to be a tyrant when he fornicates"

---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Re: Postfix -> DSPAM -> Cyrus IMAPd

[Scott M. Likens]

Since I use Postfix + DSPAM + Cyrus, I'll chime in.

On Debian sid, with DSPAM built by me.

[EMAIL PROTECTED]> ls -l /usr/local/bin/dspam 
 ~ -r-xr-sr-x  1 dspam mail 1515934 May 11 16:32
/usr/local/bin/dspam

[EMAIL PROTECTED]> ls -l   
/var/run/cyrus/socket total 0
srwxrwxrwx  1 root root 0 May 31 10:46 lmtp
srwxrwxrwx  1 root root 0 May 31 10:46 notify
[EMAIL PROTECTED]> 
/var/run/cyrus/socket

from main.cf

mailbox_command = sed '1{/^From /d;}' | /usr/local/bin/dspam
--deliver=innocent --user $USER -- -d %u

from dspam.conf

TrustedDeliveryAgent "/usr/sbin/cyrdeliver" # Cyrus

UntrustedDeliveryAgent "/usr/sbin/cyrdeliver $u"

of course I built with dspam with /usr/sbin/cyrdeliver.

Trust root
Trust mail
Trust mailnull
Trust smmsp
Trust daemon
Trust nobody

config.status from dspam

dspam config.status 3.4.6
configured by ./configure, generated by GNU Autoconf 2.59,
  with options \"'--prefix=/usr/local' '--enable-broken-return-codes'
'--enable-daemon' '--with-mysql=/usr'
'--with-mysql-includes=/usr/include/mysql'
'--with-mysql-libraries=/usr/lib'
'--with-delivery-agent=/usr/bin/cyrdeliver'
'--with-storage-driver=mysql_drv' '--with-logdir=/var/log/dspam'
'--enable-feature=chained,whitelist,noise'
'--enable-preferences-extension' '--enable-neural-networking'
'--enable-long-usernames' '--enable-virtual-users'
'--enable-domain-scale' '--with-dspam-owner=dspam'
'--with-dspam-group=mail' '--enable-parse-to-header' 'CC=gcc'\"

hope that helps some.


On Tue, 31 May 2005 12:48:37 -0500
"Gerald D. Anderson" <[EMAIL PROTECTED]> wrote:

> Greetings all,
> 
>   I'm having a problem that makes me think I'm just over looking
> something silly, but for the life of me, I can't figure out what.   I
> am sending emails from postfix to dspam as a mailbox_command:
> 
> /mailbox_command = /usr/bin/dspam --deliver=innocent --user $USER/
> 
> This seems to be working fine.  Then I have dspam set up to use cyrus
> imap as the LDA:
> 
> /TrustedDeliveryAgent "/usr/lib/cyrus/deliver %u"
> 
> #
> # Untrusted Delivery Agent: Specifies the local delivery agent and
> arguments # DSPAM should use when delivering mail and running in
> untrusted user mode. # Because DSPAM will not allow pass-through
> arguments to be specified to # untrusted users, all arguments should
> be specified here. Use %u to specify # the user DSPAM is processing
> mail for. This configuration parameter is only
> # necessary if you plan on allowing untrusted processing.
> #
> UntrustedDeliveryAgent "/usr/lib/cyrus/deliver %u"/
> 
> When dspam does this, I'm getting permission denied from lmtp:
> 
> /status=bounced (Command died with status 255: "/usr/bin/dspam
> --deliver=innocent --user $USER". Command output: couldn't connect to
> lmtpd: Permission denied_ 421 4.3.0 deliver: couldn't connect to
> lmtpd_ 14536: [5/31/2005 6:27:16] Delivery agent returned error, exit
> code: 75, command line: /usr/lib/cyrus/deliver gander
> 
> /By default, dspam runs as UID dspam, and is set 4711 :
> 
> /-rws--x--x  1 dspam dspam 163152 May 29 10:34 /usr/bin/dspam/
> 
> The permissions on the lmtp socket:
> 
> /srwxrwxrwx   1 root  root   0 May 29 10:04 lmtp
> 
> 
> /I have tried setting dspam to setuid root:root, and setuid cyrus:mail
> with no effect.  There is something here that I am definitely not
> understanding.  Has anybody seen this, or see something stupid that
> I'm doing?
> 
> I appreciate any help at all!
> 
> Thanks,
> 
> Gerald
> 
> 
> P.S.  My cyrus.conf just to make sure:
> 
> 
> /# $Header:
> /var/cvsroot/gentoo-x86/net-mail/cyrus-imapd/files/cyrus.conf,v 1.4
> 2004/07/18 04:02:23 dragonheart Exp $
> 
> # Standard standalone server configuration.
> 
> START {
>   # Do not delete this entry!
>   recover   cmd="ctl_cyrusdb -r"
> 
>   # This is only necessary if using idled for IMAP IDLE.
>   #idledcmd="idled"
> }
> 
> # UNIX sockets start with a slash and are put into /var/imap/socket.
> SERVICES {
>   # Add or remove based on preferences.
>   imap  cmd="imapd" listen="imap2" prefork=0
>   pop3  cmd="pop3d" listen="pop-3" prefork=0
> 
>   # Don't forget to generate the needed keys for SSL or TLS
>   # (see doc/html/install-configure.html).
>   #imapscmd="imapd -s" listen="imaps" prefork=0
>   #pop3scmd="pop3d -s" listen="pop3s" prefork=0
> 
>   sieve cmd="timsieved" listen="sieve" prefork=0
> 
>   # at least one LMTP is required for delivery
>   #lmtp cmd="lmtpd" listen="lmtp" prefork=0
>   lmtpunix  cmd="lmtpd" listen="/var/imap/socket/lmtp" prefork=0
> 
>   # this is only necessary if using notifications
>   #notify   cmd="notifyd" listen="/var/imap/socket/notify"
> proto="udp" prefork=1
> }
> 
> EVENTS {
>   # This is required.
>   checkpointcmd="ctl_cyrusdb -c" period=30
> 
>   # This is only necessary if using duplicate delivery suppression.
>   delprune 

Re: deleteaclmailbox: group: fails

[Scott M. Likens]

Only thing I can honestly think of is dumb mailboxes.db into a text
file, edit it out, and re-import it.

ala ctl_mboxlist



On Fri, 24 Jun 2005 12:21:24 +0200 (CEST)
"Simon Matter" <[EMAIL PROTECTED]> wrote:

> >> Josh Whitver on Tuesday, June 21, 2005 at 3:13 PM -0600 wrote:
> >>>Hello all,
> >>>
> >>>I'm setting up group-based ACLs
> >> [for shared mailboxes]
> >>>on my Tiger server box, and at one point I made an oopsie.  So I'm
> >>> trying
> >>> to
> >>>delete those ACLs but it's
> >> [cyrus]
> >>>not letting me.  A sample cyradm transcript is as follows:
> >>>
> >>>localhost> lam UHS/News
> >>>cyrusadmin lrswipcda
> >>>group:uhs lrsp
> >>>anyone p
> >>>localhost> dam UHS/News group:uhs
> >>>deleteaclmailbox: group:uhs: Invalid identifier
> >>
> >> Sorry to be a bother, but does anyone have some ideas on what's
> >going on > here?
> >
> > The group uhs doesn't exist. Looks like a bug to me that you can't
> > remove an ACL if the identifier doesn't exist. Does someone know
> > more about this?
> 
> I tried to fix it with attached patch but it doesn't work at all -
> which is what I expected, bash is the only thing I really understand.
> From what I can think of, with every ACL operation except remove, it's
> okay to check whether an identifier really exists. But for remove, it
> should be possible to remove an ACL even if the identifier has been
> removed before.
> 
> Anyone out there to help?
> 
> Simon
> 
> >
> >> Thanks!
> >> --
> >> Josh Whitver
> >> [EMAIL PROTECTED] / [EMAIL PROTECTED]
> >> The best way to make a fire with two sticks is to make sure one of
> >them > is
> >> a
> >> match.
> >>
> >> ---
> >> Cyrus Home Page: http://asg.web.cmu.edu/cyrus
> >> Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
> >> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
> >>
> >>
> >
> >
> > ---
> > Cyrus Home Page: http://asg.web.cmu.edu/cyrus
> > Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
> > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
> >
> >
> 
> 
> !DSPAM:42bbeace63395372410069!


-- 
"What does one want when one is engaged in the sexual act?
That everything around you give you its utter attention
Think only of you, care only for you...
Every man wants to be a tyrant when he fornicates"

---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Re: backslash in addresses?

[Scott M. Likens]

It seems unrealistic to me to expect a mailer to 'accept' backslashes in
email address's.  Let alone, sieve,etc.

I would ask what brought you to use backslashes in email address's,
because not even Exchange uses them really.  (Cept for logging in)

But yes you would need to rebuild sieve to support \'s, and currently
you'd have to build support for it to support it.  So by all means, make
it, and send it to the list and if people love it maybe it'll become a
part of cyrus permanently.



On Wed, 13 Jul 2005 14:25:26 -0500
[EMAIL PROTECTED] wrote:

> Quoting David R Bosso <[EMAIL PROTECTED]>:
> 
> > It doesn't appear to be allowed by RFC2822 in local-part as it 
> > appears in "specials" and not "atext".
> >
> > 
> 
> In which case I guess there's no way to have timsived accept an
> address containing backslash?  Other then editing timsived source and
> recompiling?
> 
> 
> This message was sent using IMP, the Internet Messaging Program.
> 
> 
> ---
> Cyrus Home Page: http://asg.web.cmu.edu/cyrus
> Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
> 
> !DSPAM:42d56e3755103319363784!
> 
> 


-- 
"What does one want when one is engaged in the sexual act?
That everything around you give you its utter attention
Think only of you, care only for you...
Every man wants to be a tyrant when he fornicates"

---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Re: Messages don't show up in imap view...

[Scott M. Likens]

I'll bite.

Did you perhaps copy them physically? and if so did you do a
reconstruct?

Or did you do a IMAP to IMAP copy?  Please be more specific about how
you copied them.

On Fri, 26 Aug 2005 01:50:31 -0400
Forrest Aldrich <[EMAIL PROTECTED]> wrote:

> I just finished copying a few thousand (grin) messages to various 
> folders on my new Cyrus installation (2.2).
> 
> One of the folders, email from 2002, is not showing up with any mail
> via  the imap client (Thunderbird, in my case), yet I see the messages
> in the  physical directory mailstore.
> 
> I don't believe Thunderbird is the issue here, as other items are
> working.
> 
> I tried restarting the master process, and stopping then restarting,
> no  luck.
> 
> What could he wrong here?
> 
> I'm guessing so many messages were transferring that perhaps something
> 
> got mangled - perhaps I need to rebuild the indices, or...
> 
> 
> 
> Thanks.
> 
> 
> 
> Cyrus Home Page: http://asg.web.cmu.edu/cyrus
> Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
> 
> !DSPAM:430ef31c47901637174690!
> 
> 


-- 
"What does one want when one is engaged in the sexual act?
That everything around you give you its utter attention
Think only of you, care only for you...
Every man wants to be a tyrant when he fornicates"


Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Re: cannot authenticate to server cyrus

[Scott M. Likens]

ls -lo /usr/local/etc/sasl*

More then likely it just can't open sasldb

On Mon, 05 Sep 2005 02:44:32 -0600
RYAN vAN GINNEKEN <[EMAIL PROTECTED]> wrote:

> I have done all u suggested but still having problems
> %cyradm localhost
> IMAP Password:
>Login failed: user not found at
> /usr/local/lib/perl5/site_perl/5.8.6/mach/Cyrus/IMAP/Admin.pm line 118
> cyradm: cannot authenticate to server with  as cyrus
> 
> this is found in the auth.log file
> Sep  4 17:57:49 tokyo perl: No worthy mechs found
> Sep  4 17:57:55 tokyo imap[87817]: Could not open db
> Sep  4 17:57:55 tokyo imap[87817]: Could not open db
> Sep  4 17:57:55 tokyo imap[87817]: badlogin: localhost.computerking.ca
> [::1] plaintext cyrus SASL(-13): user not found: checkpass failed
> 
> 
> here are some of my conf I have remove some of the mechs read
> somewhere that it might help created cyrus.conf and Cyrus.conf the are
> both the same not sure which one  i need
> 
> tokyo.computerking.ca > /usr/local/lib/sasl2 #l
> total 110
> -rw-r--r--  1 root  wheel 64 Sep  4 17:46 Cyrus.conf
> -rw-r--r--  1 root  wheel 26 Feb 17  2005 Sendmail.conf
> -rw-r--r--  1 root  wheel 64 Sep  4 17:11 cyrus.conf
> -rw-r--r--  1 root  wheel  12538 Feb 17  2005 liblogin.a
> lrwxr-xr-x  1 root  wheel 13 Feb 17  2005 liblogin.so ->
> liblogin.so.2 -rwxr-xr-x  1 root  wheel  15346 Feb 17  2005
> liblogin.so.2 -rw-r--r--  1 root  wheel  12518 Feb 17  2005 libplain.a
> lrwxr-xr-x  1 root  wheel 13 Feb 17  2005 libplain.so ->
> libplain.so.2 -rwxr-xr-x  1 root  wheel  15244 Feb 17  2005
> libplain.so.2 -rw-r--r--  1 root  wheel  18616 Feb 17  2005
> libsasldb.a lrwxr-xr-x  1 root  wheel 14 Feb 17  2005 libsasldb.so
> -> libsasldb.so.2 -rwxr-xr-x  1 root  wheel  19867 Feb 17  2005
> libsasldb.so.2
> drwxr-xr-x  2 root  wheel512 Sep  4 17:56 removed
> -rw-r--r--  1 root  wheel181 Aug 18  2004 smtpd.conf
> 
> cyrus.conf and Cyrus.conf
> pwcheck_method: auxprop
> sasldb_path: /usr/local/etc/sasldb2.db
> 
> sendmail.conf is this even being used i use postfix
> pwcheck_method: saslauthd
> 
> smtp.conf this was working with my postfix bincIMAP combo hope it
> still does should i be using auxprop here too or will that break
> postfix and bincIMAP
> 
> # This sets smtpd to authenticate using the saslauthd daemon.
> pwcheck_method: saslauthd
> # This allows only plain and login as the authentication mechanisms.
> mech_list: plain login
> 
> I recompiled cyrus with
> 
> 
> Cyrus Home Page: http://asg.web.cmu.edu/cyrus
> Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
> 
> Cyrus Home Page: http://asg.web.cmu.edu/cyrus
> Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
> 
> !DSPAM:431c23f647831337897253!
> 
> 


-- 
"What does one want when one is engaged in the sexual act?
That everything around you give you its utter attention
Think only of you, care only for you...
Every man wants to be a tyrant when he fornicates"


Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Re: permission denied creating mailbox

[Scott M. Likens]

try admins: cyrus

not the other crap


On Wed, 07 Sep 2005 13:35:33 -0600
RYAN vAN GINNEKEN <[EMAIL PROTECTED]> wrote:

> Hello again all i am still having problems creating mailboxes please
> help
> 
> #su cyrus
> %whoami
> cyrus
> %cyradm localhost
> IMAP Password:
>  localhost.computerking.ca> whoami
> cyrus
> localhost.computerking.ca> cm user.test10
> createmailbox: Permission denied
> 
> this is happening in /var/log/messages
> Sep  7 12:58:23 tokyo perl: No worthy mechs found
> Sep  7 12:58:26 tokyo imap[5100]: no user in db
> Sep  7 12:58:26 tokyo imap[5100]: login: localhost.computerking.ca
> [::1] cyrus plaintext User logged in
> 
> this in /var/log/auth.log
> Sep  7 12:58:23 tokyo perl: No worthy mechs found
> Sep  7 12:58:26 tokyo imap[5100]: no user in db
> 
> permissions on /var/imap 777 for testing
> drwxrwxrwx  10 cyrus   cyrus 512 Sep  7 12:58 imap
> 
> permissions on /var/spool/imap 777 for testing
> drwxrwxrwx   3 cyrus  cyrus   512 Sep  4 16:26 imap
> 
> I have the cyrus user in the db
> [EMAIL PROTECTED]: userPassword
> [EMAIL PROTECTED]: userPassword
> [EMAIL PROTECTED]: userPassword
> 
> I have the cyrus user as an admin in /etc/imapd.conf
> configdirectory: /var/imap
> partition-default: /var/spool/imap
> admins: rmvg cyrus
> #sasl_pwcheck_method: saslauthd
> sasl_pwcheck_method: auxprop
> 
> 
> 
> Cyrus Home Page: http://asg.web.cmu.edu/cyrus
> Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
> 
> Cyrus Home Page: http://asg.web.cmu.edu/cyrus
> Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
> 
> !DSPAM:431f476258161151121505!
> 
> 


-- 
"What does one want when one is engaged in the sexual act?
That everything around you give you its utter attention
Think only of you, care only for you...
Every man wants to be a tyrant when he fornicates"


Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Re: Question - Daemon Problem

[Scott M. Likens]

I'm sure you figured this out by now, but cyrus is to be run via the
master process, and not via inetd.

If you would read the manual, you will find ti most enlightening.


On Tue, 13 Sep 2005 10:52:44 +0200
<[EMAIL PROTECTED]> wrote:

> Greetings
> I use imapd 2.2.12, i have no init or other start scripts .
> When i start imapd over xinetd, or when i start the pop3 client
> (pop3d) over  xinetd the error below is in logs
> Connecting to pop3 or imapd after this error isnt possible (no daemon
> /  imap/pop3d running)
> Ps: i did looked into the faq (thx tp andrew) but there are no lines
> with  imap etc, like in FAQ answer.
> Thx for help
> 
> Sep 12 17:25:39 mail imapd: could not getenv(CYRUS_SERVICE); exiting
> Sep 12 17:25:40 mail imapd: could not getenv(CYRUS_SERVICE); exiting
> Sep 12 17:25:41 mail pop3d: could not getenv(CYRUS_SERVICE); exiting
> Sep 12 17:25:42 mail pop3d: could not getenv(CYRUS_SERVICE); exiting
> 
> 
> Cyrus Home Page: http://asg.web.cmu.edu/cyrus
> Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
> 
> !DSPAM:43269e18204822096689099!
> 
> 


-- 
"What does one want when one is engaged in the sexual act?
That everything around you give you its utter attention
Think only of you, care only for you...
Every man wants to be a tyrant when he fornicates"


Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Re: timsieved sasl missing

[Scott M. Likens]

I run Cyrus on sid, and I see tons of stuff in /usr/lib/sasl2

"IMPLEMENTATION" "Cyrus timsieved v2.1.18-IPv6-Debian-2.1.18-2.0.1"
"SASL" "PLAIN GSSAPI DIGEST-MD5 NTLM LOGIN CRAM-MD5"
"SIEVE" "fileinto reject envelope vacation imapflags notify subaddress
relational regex"

as you can tell, where they should be.

* OK desolation.livid.dk Cyrus IMAP4 v2.1.18-IPv6-Debian-2.1.18-2.0.1
server ready
C01 CAPABILITY

* CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS
NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND SORT
THREAD=ORDEREDSUBJECT THREAD=REFERENCES IDLE AUTH=GSSAPI AUTH=DIGEST-MD5
AUTH=NTLM AUTH=CRAM-MD5 ANNOTATEMORE C01 OK Completed

Long story short, this is how your Cyrus should respond, port 143 on the
2nd, port 2000 on the first.

All I had to do is tweak imapd.conf, nothing more.


 On Sat, 29 Oct 2005 12:15:00 -0700 (PDT)

> 
> On Sat, 29 Oct 2005, Ken Murchison wrote:
> 
> > Andrew Morgan wrote:
> >> 
> >> I've been trying to setup timsieved on my test cyrus box (v2.2.12),
> >but I  > seem to be missing something, probably obvious.
> >> 
> >> I have a working installation of cyrus with imap, imaps, and lmtp. 
> >I use  > saslauthd.  I added a stanza for timsieved in cyrus.conf,
> >and I can  > successfully telnet to the sieve port.  sivtest returns
> >the following: > 
> >> -
> >> [EMAIL PROTECTED] config]# sivtest -a cyrus localhost
> >> S: "IMPLEMENTATION" "Cyrus timsieved v2.2.12"
> >> S: "SIEVE" "fileinto reject envelope vacation imapflags notify
> >subaddress  > relational comparator-i;ascii-numeric regex"
> >> S: "STARTTLS"
> >> S: OK
> >> Authentication failed. generic failure
> >> Security strength factor: 0
> >> -
> >> 
> >> It never asks me for a password, and I appear to be missing a SASL 
> >> capabilities line following the IMPLEMENTATION line.  I don't know
> >why  > sieve isn't detecting my sasl settings from imapd.conf.  Here
> >are my sasl  > settings:
> >
> > If you try imtest, do you get any AUTH= capabilities (I'm
> > guessing  not).  I'm sure its detecting your SASL settings, but its
> > not finding your  SASL plugins.  Where did you install them?  If
> > they aren't in /usr/lib/sasl2,  you can just make a symlink from
> > directory to directory.
> 
> I don't see an AUTH= capabilities with imtest.  I'm using the
> Debian  sarge libsasl2 package, which installed libsasldb libraries in
> 
> /usr/lib/sasl2/.  However, I am using 'saslauthd -a pam', so I don't 
> expect it to be looking for the sasl plugins anyways.
> 
>   Andy
> 
> Cyrus Home Page: http://asg.web.cmu.edu/cyrus
> Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
> 
> !DSPAM:4363d3ec297094190714843!
> 
> 


-- 
"What does one want when one is engaged in the sexual act?
That everything around you give you its utter attention
Think only of you, care only for you...
Every man wants to be a tyrant when he fornicates"


Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Re: Berkeley DB 4.4.16 released...

[Scott M. Likens]

Personally, when I hand build my Cyrus Servers, I end up putting DB3 on
it.

Because quite frankly i've found more responsiveness with DB3, and less
'insane' errors that make no clear sense to me.

That, and you can patch db3, and not worry about someone releasing a
new version that breaks your patch anymore.

It's great running old software, and making it work the way it should
be(tm) to begin with.


On Sat, 19 Nov 2005 13:16:38 +0100
Nikola Milutinovic <[EMAIL PROTECTED]> wrote:

> Ken Murchison wrote:
> 
> > [EMAIL PROTECTED] wrote:
> >
> >> http://www.sleepycat.com/products/bdb.html
> >
> >
> > Great!  I'm still applying 4.3 compat fixes.
> 
> 
> You lazy bones, you! :-)
> 
> Seriously, how important is it to upgrade? I'm running all my
> production servers - Tru64 UNIX on DEC Alpha (No, it is not HP, nor
> Compaq, I do not recognize those assholes as the bearers of the brand
> Alpha and Tru64) - on Berkeley DB 4.2.52 + patches. They run smoothly.
> 
> Would I gain anything by upgrading (and recompiling all my packages)
> to BDB 4.3 or 4.4?
> 
> Providing, of course, Ken can fix Cyrus source to be compatible with
> 4.4 branch... That shouldn't take more than few hours, right Ken?
> >8-))
> 
> Nix.
> 
> Cyrus Home Page: http://asg.web.cmu.edu/cyrus
> Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
> 
> !DSPAM:437f3ba175726945060641!
> 
> 


-- 
"What does one want when one is engaged in the sexual act?
That everything around you give you its utter attention
Think only of you, care only for you...
Every man wants to be a tyrant when he fornicates"


Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Re: Moving IMAP mails to an another server

[Scott M. Likens]

You forgot /var/imap (or it's equivilent)

Which stores the 'seen' database.

You can of course archive it and copy it over, but you'll more then
likely have to do a db_dump and try and import it.  Because it may not
be the same exact version of bdb.  If that is of course the case, you'd
have to dump/restore it.

Otherwise, live with the small price you paid.  Mark all as read, and
be happy!



On Tue, 22 Nov 2005 14:27:48 +0100
Balazs Pocze <[EMAIL PROTECTED]> wrote:

> Hi!
> 
> So, I had to change my old imap server for a new one, but I don't
> know how to move the imap datas.
> On the old server I do the following:
> 
> #su - cyrus -c "/usr/sbin/ctl_mboxlist -d" > /srv/backup/mboxlist (It 
> runs debian)
> 
> and then make a tar.gz backup of the /var/spool/cyrus/mail directory
> on the new computer I make the following:
> 
> #cat mboxlist | su - cyrus -c "/usr/local/cyrus/cin/ctl_mboxlist
> -u" # that restores the database
> #su - cyrus -c "/usr/local/cyrus/bin/reconstruct"   # it creates the 
> entries
> the I unpack the tar archive of the mailboxes.
> 
> (I create the users on saslbd, etc. )
> but there is my problem:
> all messages are unread, and that is not exactly what I need.
> Or I make something wrong?
> Please help me.
> 
> Best regards,
>  banyek
> 
> P.s.: Sorry for my english, it is not so good, I know, but I hope it
> is understandable ;-)
> 
> Cyrus Home Page: http://asg.web.cmu.edu/cyrus
> Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
> 
> !DSPAM:43832cd176551421865887!
> 
> 


-- 
"What does one want when one is engaged in the sexual act?
That everything around you give you its utter attention
Think only of you, care only for you...
Every man wants to be a tyrant when he fornicates"


Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Re: SASL issues - can login once then not at all

[Scott M. Likens]

Hi JB, I think your problem is you're including plugins you do not need.

If you'd like my 10cents, you should 'rm' the plugins or 'mv' them so
that SASL no longer finds them.

cd /usr/lib/sasl2;ls
desolation ~ # cd /usr/lib/sasl2
desolation sasl2 # ls
libanonymous.la libdigestmd5.la libplain.la
libanonymous.so libdigestmd5.so libplain.so
libanonymous.so.2   libdigestmd5.so.2   libplain.so.2
libanonymous.so.2.0.21  libdigestmd5.so.2.0.21  libplain.so.2.0.21
libcrammd5.la   liblogin.la libsasldb.la
libcrammd5.so   liblogin.so libsasldb.so
libcrammd5.so.2 liblogin.so.2   libsasldb.so.2
libcrammd5.so.2.0.21liblogin.so.2.0.21  libsasldb.so.2.0.21

As you can see, you can 'mv' those libdigestmd5.* and libcrammd5.so.*
if you do not want them to be supported.

Same with otp, and others.  As far as the imapd staying alive, I will
let someone else answer that since I do not have that problem.

But if you'd like, you can enlighten us with some more details of your
setup, what OS (eg linux, solaris) and what distro if applicable with
gcc version and whatnot.

The more details, the more we can help.

Thanks,



On Wed, 28 Dec 2005 14:18:19 +1000
JB Hewitt <[EMAIL PROTECTED]> wrote:

> Thanks for your reply Andreas,
> 
> testsaslauthd works flawlessly everytime.  I have indeed have the
> "sasl_mech_list: plain login" line in my imapd.conf also...
> 
> It's quite strange as it works the first time I start the cyrus
> server up, and then any subsequent times results in failure.
> For instance, here is an example of the login process...
> [EMAIL PROTECTED]:~# /etc/init.d/cyrus21 start
> Starting Cyrus IMAPd: cyrmaster.
> [EMAIL PROTECTED]:~# cyradm -u jb localhost
> IMAP Password:
>   soapbox> lm
> user.jb (\HasNoChildren) user.test2 (\HasNoChildren)
> user.johnblade (\HasNoChildren)
> soapbox> exit
> [EMAIL PROTECTED]:~# cyradm -u jb localhost
> Password:
> cyradm: cannot authenticate to server as user jb
> [EMAIL PROTECTED]:~#
> 
> 
> Reading the log files from this attempt looks like this for mail.log:
> Dec 28 14:12:56 soapbox cyrus/imapd[21453]: accepted connection
> Dec 28 14:12:59 soapbox cyrus/imapd[21453]: login: soapbox[127.0.0.1]
> jb plaintext
> Dec 28 14:13:00 soapbox cyrus/imapd[21453]: accepted connection
> Dec 28 14:13:02 soapbox cyrus/imapd[21453]: badlogin:
> soapbox[127.0.0.1] DIGEST-MD5 [SASL(-13): user not found: no secret
> in database] Dec 28 14:14:05 soapbox cyrus/master[21446]: process
> 21453 exited, status 0
> 
> and for auth.log
> Dec 28 14:16:37 soapbox cyrus/imapd[21498]: OTP unavailable because
> can't read/w
> rite key database /etc/opiekeys: No such file or directory
> Dec 28 14:16:37 soapbox cyrus/imapd[21498]: DIGEST-MD5 server step 1
> Dec 28 14:16:37 soapbox perl: DIGEST-MD5 client step 2
> Dec 28 14:16:39 soapbox cyrus/imapd[21498]: DIGEST-MD5 server step 2
> Dec 28 14:16:39 soapbox cyrus/imapd[21498]: no secret in database
> Dec 28 14:16:42 soapbox perl: NTLM client step 1
> Dec 28 14:16:42 soapbox cyrus/imapd[21498]: NTLM server step 1
> Dec 28 14:16:42 soapbox cyrus/imapd[21498]: client flags: 207
> Dec 28 14:16:42 soapbox perl: NTLM client step 2
> Dec 28 14:16:42 soapbox perl: No worthy mechs found
> Dec 28 14:17:01 soapbox CRON[21507]: (pam_unix) session opened for
> user root by
> (uid=0)
> Dec 28 14:17:01 soapbox CRON[21507]: (pam_unix) session closed for
> user root
> 
> 
> Any ideas?
> 
> 
> > If you use saslauthd, you forgot to suppress DIGEST-MD5. saslauthd
> > can only
> > handle plain and login. Add something like "sasl_mech_list: plain
> > login" to
> > your imapd.conf.
> >
> > If saslauthd itself works, you can test with "testsaslauthd".
> >
> 
> 
> --
> Regards,
>   JB Hewitt
> Business: http://www.stcpl.com.au
> Blog: http://blade.lansmash.com
> Best LAN ever: http://www.lansmash.com
> How to ask a ?: http://www.catb.org/~esr/faqs/smart-questions.html
> 
> 
> !DSPAM:43b227e559135939618124!


-- 
"What does one want when one is engaged in the sexual act?
That everything around you give you its utter attention
Think only of you, care only for you...
Every man wants to be a tyrant when he fornicates"


Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Re: cyrus-imapd + dspam

[Scott M. Likens]

On Tue, 31 Jan 2006 10:03:05 +0200
maxxik <[EMAIL PROTECTED]> wrote:

> Hello info-cyrus,
> 
>   Does anybody here use this sheaf ? )
> 
yep, works fantastic.


-- 
"What does one want when one is engaged in the sexual act?
That everything around you give you its utter attention
Think only of you, care only for you...
Every man wants to be a tyrant when he fornicates"


Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html