Re: What you do with old account

[Adam Tauno Williams]

On Tue, 2020-06-09 at 15:51 +0200, Albert Shih wrote:> 
> After switching to cyrus imap, I think about how to do that.
> If I'm correct I cannot just copy the file somewhere else, because cyrus
> database would keep the information about the existance of the mailbox, so
> what will the «state of the art» way to remove a mail account and all the
> mail.
> And how what would be the «state of the art» way to put it back ?

I create a calendar event [task] to delete the mailbox and otherwise
just leave it. If the account itself is disabled it cannot be accessed.

Putting things back-into a mailstore is too much of a pain with current
storage prices.

-- 
Adam Tauno Williams, awill...@whitemice.org
Multi-Modal Activists Against Auto Dependent Development
resisting the unAmerican socialists of the Motorist hegemony
http://www.mmaaadd.org 

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: FWD: Confused about Deleted and Expunged

[Adam Tauno Williams]

> I found some entries like:
> [...] cyrus/imap[5918]: Expunged 1 messages from
> test.tld!user.test.spam
> What is the difference between the above entry and the below entry
> (lower and capital
> expunged)?
> [...] cyrus/cyr_expire[14039]: Expired 0 and expunged 0 out of 144674
> messages from 818
> mailboxes
> The "Expunged" message should come from some imap-client (don't know
> which)? 

Yes, an IMAP client issued an EXPUNGE.  

> The "expunged" are from the command line execution of
> "/usr/sbin/cyrus expire [...]".

This looks for Expunged messages to Expire.

It is a three phased delete; which is beautiful.

Message Deleted  (becomes candidate for expunge)
  -> Message Expunged (becomes candidate for expiration) 
  -> Message Expired

The first two steps are performed by the client/user.  The final step
is performed by the administrator, expressed via the server's policy as
defined in cyrus.conf.



Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: FWD: Confused about Deleted and Expunged

[Adam Tauno Williams]

> This command seems to work on Ubuntu 18.04. (cyrus-imapd 2.5.10-
> 3ubuntu1)
> In /usr/sbin there is no cyr_expire but now i found a
> /usr/lib/cyrus/bin/cyr_expire
> The result is the same, no files were deleted, the log file entry is
> the same as when i
> use the "/usr/sbin/cyrus expire [..]" command
> Can anybody confirm this "/usr/sbin/cyrus expire [..]" command on
> Ubuntu?

What happens if you su to the cyrus user and try to run the command you
see in cyrus.conf ?

-- 
Adam Tauno Williams, awill...@whitemice.org
Multi-Modal Activists Against Auto Dependent Development
resisting the unAmerican socialists of the Motorist hegemony
http://www.mmaaadd.org 

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: caldav and invitation

[Adam Tauno Williams]

> i ve got this in the log
> imip_send_sendmail(t...@test.domain.com): Sendmail process terminated 
> normally, exit status 0
> But if i look in the calendar of titi or in the mailbox I see nothing (I 
> ve have been testing with thunderbird and evolution)
> There is nothing explaining well how it is supposed to work in the  
> cyrus documentation so maybe i'm missing something
> does someone could explain what to expect when i invite someone in a even

Do you have "server handles invitations" in the account setup in
Evolution?

-- 
Adam Tauno Williams, awill...@whitemice.org
Multi-Modal Activists Against Auto Dependent Development
resisting the unAmerican socialists of the Motorist hegemony
http://www.mmaaadd.org 

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: 2FA and IMAP

[Adam Tauno Williams]

On Sun, 2019-04-21 at 23:09 +0200, Marcus Schopen wrote:
> Hi,
> 
> a friend wants to restrict access to his mailbox with 2FA. As
> webmailer I use Roundcube, which offers a 2FA plugin. But in the end
> this is pointless, because besides the webmailer there is also the
> native IMAP access available. Is it therefore possible to restrict
> the access to a single IMAP account to a certain IP so that this
> mailbox can only be accessed via the Roundcube?

I doubt it, but maybe.  

All the authentication stuff is handled by SASL - not really Cyrus -
and SASL is deeply configurable.

https://www.cyrusimap.org/sasl/

-- 
Adam Tauno Williams, awill...@whitemice.org
Multi-Modal Activists Against Auto Dependent Development
resisting the unAmerican socialists of the Motorist hegemony
http://www.mmaaadd.org 

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: Question for upgrading

[Adam Tauno Williams]

On Mon, 2018-12-17 at 10:40 +0100, Egoitz Aurrekoetxea wrote:
> I think (and say think :) )I finally found a method. Although I'm
> testing it deeply... it seems (say seems too :) ) 2.4 is compatible
> with a mail spool in 2.3 (at least with my config). So I'll try to
> upgrade first to 2.4 and later to 3.0 setting up a replication from
> 2.4 to 3.0. Would be fine if Bron, Ellie or someone at Fastmail could
> tell something about it to us :) :)

Yes, I have performed an in-place upgrade of 2.3 to 2.4.  Other than
some delay due to index reconstruction it went very smoothly.

The only issues I recall is that some users got some deleted messages
back after the reconstruct, and there were some mailboxes which lost
Seen status;  I never figured out why [they were related to that
handful of users which somehow always have problems with everything].

-- 
Executive Committee Vice-Chair
Michigan Association of Railroad Passengers
537 Shirley St NE Grand Rapids, MI 49503-1754 Phone: 616.581.8010
E-mail: awill...@whitemice.org GPG#D95ED383 


Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: CentOS 6, cyrus-imapd 2.3.16-15.el6, postfix 2.6.6-8.el6, procmail 3.22-25.1.el6_5.1, squirrelmail 1.4.22-5.el6

[Adam Tauno Williams]

> Squirrelmail and (local for now) imapd.  But I cannot figure out how
> to either get cyrus-imapd to either access the local mail spool
> (/var/spool/mail) 

You can't.  Cyrus virtuously replaces /var/spool/mail.  Postfix
delivers mail into Cyrus, which stores it - and the **ONLY** way mail
is accessed is via Cyrus (IMAP, POP, JMAP).

You should configure Postfix to deliver to Cyrus via LMTP (local mail
transport protocol).

mailbox_transport = lmtp:unix:/var/lib/imap/socket/lmtp

[root@aleph ~]# fuser -u /var/lib/imap/socket/lmtp
/var/lib/imap/socket/lmtp:  4611(cyrus) 23327(cyrus)

> mailboxes.  When I forcably use deliver to try to deliver mail
> (manually  calling the deliver program, it says the mailboxes don't
> exist.  cyradm says  they do, but cannot reconstruct them or make sub
> mailboxes (permission denied).  Very strange.  What am I missing?

I haven't used deliver in decades.  Using LMTP avoids all the hazards
of old-school 'file processing'


Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: Cyrus (Sieve) and external programs

[Adam Tauno Williams]

> sa-learn would be the way to go, but my spamassassin is not on the
> same server as my mailboxes. I tried solution with a common mailbox
> and something like fetchmail on my spamassassin machine, but could
> not get it to work as I intended.
> You are right about learning based on user experience, but as it is a
> score based learning I would like to try to see how it goes. Maybe
> I'll come to regret it but well...

The fetchmail method works.

In the spamd home directory create a .fetchmailrc file like:

poll aleph.wmmi.net protocol IMAP:
user {user} with password {secret}

Where {user} is a system account with access to the user.{user}.SPAM
folders.

Then you want to run:
fetchmail --verbose --keep --all --norewrite  --folder
'user.{user}.SPAM' --mda '/usr/bin/sa-learn --spam'  AS THE "spamd"
USER for each user.

It works for smallish systems.   Easily enough adapted to learn from
one centralized folder provided your mail client has an easy way to get
SPAM reported messages into that folder.


-- 
Meetings Coordinator, Michigan Association of Railroad Passengers
537 Shirley St NE Grand Rapids, MI 49503-1754 Phone: 616.581.8010
E-mail: awill...@whitemice.org GPG#D95ED383 Web: http://www.marp.org

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: message "unable to setsocketopt(IP_TOS)" in logs

[Adam Tauno Williams]

On Fri, 2018-02-16 at 08:55 +0100, Chentao Credungtao via Info-cyrus
wrote:
> cyrus/master[7082]: unable to setsocketopt(IP_TOS) service
> lmtpunix/unix: Operation not supported 
> cyrus/master[7082]: unable to setsocketopt(IP_TOS) service
> notify/unix: Operation not supported 

It is likely just the configuration of your host/nodes/whatevers.

ToS is frequently disabled as it is deprecated.  ToS comes from RFC1349
which was obsoleted by RFC2474 and RFC2475.  So in many cases the
failure of the call is treated as a non-critical event.

RFC2474, which obsoletes ToS, was released in December of 1999.

Some routers might still pay attention to ToS bits, but probably not.
And many routers will rewrite your ToS to zero either way.

You can happily ignore these messages.

If you want to dig further you will have to try to grant the process
the CAP_NET_ADMIN capability, which might make it work.

Capabilities are what allow you to do things like run ping as non-root.

# sudo getcap /usr/bin/ping
/usr/bin/ping = cap_net_raw+ep

So you can add the capability to the Cyrus binaries if it is important
to you;  provided the feature is supported in the underlying OS.

sudo setcap  cap_net_admin+ep {application}

Note that there are potential security issues created by giving
applications capabilities.

-- 
Adam Tauno Williams <mailto:awill...@whitemice.org> GPG D95ED383

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: Why Cyrus?

[Adam Tauno Williams]

> > I'd say it's the better choice for large-scale deployments with
> > tens and hundreds of thousands of users.
> Cyrus does not require creating users on the mail server which I 
> have always believed is a big security plus.

+1  Cyrus having its own identity management has been a big plus; the
server as kind of a service-sandbox.

> > > I use Cyrus because Dovecot did not excist at the time I wanted
> > > to go away from Washington IMAP. 
> > I'm in the same boat. 
>  The same kind of thing for me because there was not much around in
> the late 90's in the way of IMAP servers.

Same here.  I migrated from UW l-o-n-g ago as UW so desperately
struggled with large mailboxes.

> > Right, but for a new deployment I would at least consider Dovecot.
> > I've never administrated a Dovecot server, but it is definitely
> > much easier to set up than Cyrus. 
>  I am not so sure about that now.

Agree [but, honestly, I've never understood the cyrus-is-complicated
bit].  Cyrus is self-contained, which makes it much easier to
administer.

> I believe Cyrus was designed to solve the mailstore problem at scale
> from the outset.

This.

-- 
Meetings Coordinator, Michigan Association of Railroad Passengers
537 Shirley St NE Grand Rapids, MI 49503-1754 Phone: 616.581.8010
E-mail: awill...@whitemice.org GPG#D95ED383 Web: http://www.marp.org

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: Thunderbird and "Login to server failed".

[Adam Tauno Williams]

On Thu, 2017-10-05 at 16:50 +0200, Dr. Peer-Joachim Koch wrote:
> Yes, seems to work. (-n 5 -> -n 50 - no problems any more).
> Has anybody tried to use -c -t (c = caching, t=timeout for cache).
> What about users changing the password 

I have always used caching;  password changes have not been a problem,
a negative response invalidates the cache entry. AFAIK it only caches
positive attempts.

-- 
Meetings Coordinator, Michigan Association of Railroad Passengers
537 Shirley St NE Grand Rapids, MI 49503-1754 Phone: 616.581.8010
E-mail: awill...@whitemice.org GPG#D95ED383 Web: http://www.marp.org

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: list of IMAP extensions

[Adam Tauno Williams]

Quoting Stephen Ingram :

Is there a comprehensive list of IMAP extensions supported by Cyrus-IMAP
2.4.x and 3.x? Not the RFCs, but the actual extensions like QRESYNC and
THREAD=REFS.


So not https://cyrusimap.org/imap/rfc-support.html ?




Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: Error in /var/log/maillog ...

[Adam Tauno Williams]

Quoting "Walter H. via Info-cyrus" :

on my CentOS6 I see this error
Jun 12 08:02:33 mail master[1941]: setrlimit: Unable to set file
descriptors limit to -1: Operation not permitted


It is normal-ish.

It might be useful to look at /etc/security/limits.conf and ulimits in  
general.




Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: Problems with paragraph characters in SASL passwords?

[Adam Tauno Williams]

On Sat, 2017-05-27 at 10:30 -0300, Patrick Boutilier wrote:
> > I am very happy with Cyrus imapd since many years. I am using it to
> > host all IMAP mail boxes of my company. I am using SASL and its
> > tools (mainly saslpasswd2) for password management. The primary
> > IMAP client in the company is Thunderbird.
> > As soon as the password contained a paragraph character ("§"),
> > Cyrus / SASL refused the connection due to a wrong password even
> Works for me from a telnet to port 143 then issuing:
> . login  
> replacing user and password with correct values.
> But it does fail in Thunderbird.

Yep, I have experienced this type of issue numerous times.  A variety
of clients fail to correctly encode the authentication credentials -
particularly if you are using a chat-expect authorization like PLAIN or
LOGIN.   To have something that always works it is best to keep
usernames and passwords to ASCII/UTF-7.

This is not a SASL bug. 

This is an every-client-rolled-their-own issue. :(

-- 
Meetings Coordinator, Michigan Association of Railroad Passengers
537 Shirley St NE Grand Rapids, MI 49503-1754 Phone: 616.581.8010
E-mail: awill...@whitemice.org GPG#D95ED383 Web: http://www.marp.org

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: Did calculating the quota change from 2.3 to 2.5?

[Adam Tauno Williams via Info-cyrus]

> > If you use imapsync, it doesn't know about that, and will upload
> > the same message twice. 2.5 doesn't have the smarts to recognise
> > that it's the same message.
> imapsync can only sync mail the old server knows about. And in the
> end there is more quota used on the new server!?
> The only explanation is the quota on the old server is broken, isn't
> it?

No, IMAP doesn't know about deduplication;  so imapsync between two
servers dededuplicates.  imapsync may also repair damaged or missing
message headers - meaning the messages are no longer are the same - so
a tool like hardlinks will not return you to the same count in du as on
the old server.

And then there is the [virtuous] issue of delayed expunge.

-- 
Adam Tauno Williams <mailto:awill...@whitemice.org> GPG D95ED383
Systems Administrator, Python Developer, LPI / NCLA

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: Migrating mailbox data from Cyrus to MicroSoft Office 365 using their import tool.

[Adam Tauno Williams via Info-cyrus]

On Wed, 2016-06-22 at 17:28 +0200, Eric Luyten via Info-cyrus wrote:
> After trying for a couple of days I have come to the conclusion
> that the Office 365 IMAP import tool uses the LOGIN authentication
> mech while Cyrus requires PLAIN or stronger for proxying to work.
> Even when only announcing AUTH=PLAIN in our server capabilities,
> Microsoft executes LOGIN ... ...

Has anyone gotten this to work using an administrative account [cyrus,
for example] and the "optional UserRoot attribute"?  It seems ideally
suited - but it does not appear to work?

EmailAddress,UserName,Password,UserRoot
fred@office365domain,cyrus,P@assw0rd,user.fred

https://support.office.com/en-us/article/CSV-files-for-IMAP-migration-b
atches-187ce085-9a83-4612-80a2-f562b3049fc2


-- 
Adam Tauno Williams <mailto:awill...@whitemice.org> GPG D95ED383
Systems Administrator, Python Developer, LPI / NCLA

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: Xapian search databases

[Adam Tauno Williams via Info-cyrus]

On Thu, 2016-11-03 at 10:47 +1100, Bron Gondwana via Info-cyrus wrote:
> Just out of interest - is anyone other than Fastmail currently using
> the Cyrus Xapian-based search system?

Not using Xapian.

-- 
Adam Tauno Williams <mailto:awill...@whitemice.org> GPG D95ED383
Systems Administrator, Python Developer, LPI / NCLA



Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: watching and processing a Spam folder for each user

[Adam Tauno Williams via Info-cyrus]

> While I can see this being a neat built-in feature of a mail server
> like Cyrus IMAP, I doubt it exists.  I'd be happy to be corrected.

Good old fecthmail.

fetchmail --verbose --all --norewrite  \
  --folder 'user.awilliam.SPAM' --mda '/usr/bin/sa-learn --spam'

> I wonder if such a beast exists.  I'd love any pointers if anyone
> knows of such.

Yes, you probably already have it installed.


-- 
Adam Tauno Williams <mailto:awill...@whitemice.org> GPG D95ED383
Systems Administrator, Python Developer, LPI / NCLA



signature.asc
Description: This is a digitally signed message part

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: how to deal with mail retention/archival.

[Adam Tauno Williams via Info-cyrus]

On Fri, 2016-08-26 at 12:11 -0500, Jason L Tibbitts III via Info-cyrus
wrote:
> > > > > > "GR(" == Giuseppe Ravasio (LU) via Info-cyrus <
> > > > > > info-cyrus@lists.andrew.cmu.edu> writes:
> GR(> I saw that someone proposed to make a sort of abuse of delayed
> GR(> expunge, but I think that in order to comply with regulatory
> GR(> retention should be better considering some specific software.
> True, but it seems odd (to me, in a situation where I don't have
> infinite money) to have basically two mail servers: one which
> actually
> removes things when the user deletes stuff and one which doesn't.

But that is essentially archival - on-the-same-system is not archival. 
 It is also, potentially, still available to be easily changed;  which
is not good when the intent is retention.

> I guess they can be optimized for different things, but it still 
> seems odd when we already have a server that can store as much mail 
> as you want, provides a means to access and search it with ACLs for 
> auditors and such, and of course is already installed and running.

Do you want to give auditors access to your production systems?  
Generally I want to give them the qualifying information and have them
go away.

> If it were possible to hook the message deletion functions in cyrus 
> to move things to a different place in the hierarchy and then control
> expiry on those differently than the regular folders, it would 
> probably be sufficient.  But that requires code and I don't have the 
> skills to write it.

What you are talking about is "tiered storage".  That has been talked
about in the past - I don't know if anyone has implemented it.

> Certainly not super featureful but frankly
> when the lawyers want something, I just dump mail files on them and 
> let them sort it out.

Exactly!  So perhaps just dump them out of the system in the first
place.


-- 
Adam Tauno Williams <mailto:awill...@whitemice.org> GPG D95ED383
Systems Administrator, Python Developer, LPI / NCLA



Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: how to deal with mail retention/archival.

[Adam Tauno Williams via Info-cyrus]

On Fri, 2016-08-26 at 16:13 +, Shawn Bakhtiar via Info-cyrus wrote:
> > On Aug 26, 2016, at 8:35 AM, Giuseppe Ravasio (LU) via Info-cyrus <
> > info-cyrus@lists.andrew.cmu.edu> wrote:
> > I saw that someone proposed to make a sort of abuse of delayed
> > expunge,
> > but I think that in order to comply with regulatory retention 
> > should be better considering some specific software.
> I don't see how using delayed expunge would really be consider abuse,
> the documentation makes mention of its use for this very reason.

+1


> We use rsync to make a duplicate of the email spool to a file server
> at regular intervals, which eventually makes its way to tape.


Same here.  And always_bcc to a shared folder which is dumped to an
MBOX file via fetchmail at an interval.  Those can be archived or even
shipped off-site.

> Although we don't have regulatory requirements I've had to do a few
> recoveries and have done so without problem. 

I always advise people to be hesitant about "we don't have regulatory
requirements" as if you are a legal corporation of any kind, in almost
all of the 50 states [United States], you are under data retention
rules - even if you don't know it.  Which you will discover when you
are involved in a law suit - saying "uhh... yeah, we don't have those e
-mails" will not be good.

> > Finding something in the delayed_expunge folders after many years
> > of archive will absolutely be a nightmare!

Most states [again the United States] allow a corporation to have on
file a documented data retention policy that states how long you retain
e-mails;  which if you comply with you will be OK.  The policy just
needs to be 'reasonable'.  For example: where I work we say 120 days. 
 No need - at least for legal reasons - to have years of archives.

Obviously requirements vary by industry - but almost everyone is
actually under some kind of requirement.

-- 
Adam Tauno Williams <mailto:awill...@whitemice.org> GPG D95ED383
Systems Administrator, Python Developer, LPI / NCLA



Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: how to deal with mail retention/archival.

[Adam Tauno Williams via Info-cyrus]

On Fri, 2016-08-26 at 10:07 -0400, Alvin Starr via Info-cyrus wrote:
> Well the MTA still does not deal with archival because it will need
> to be passed through to Yet Another MDA to handle the archival and
> management process.

I'm not sure what you mean.  You can archive to a 'shared' folder or
into an MBOX to be processed by something which rotates content.

> For the pure archival of the input/output stream including duplicate
> deliveries and all spam always_bcc into YAMDA would work.

always_bcc and delayed expunge work for us.

> In my thinking Cyrus is responsible for the storage and management of
> email so archival would be a part of that process.

It has to be the MTAs responsibility as Cyrus very possibly does not
see *sent* mail; or messages which are somehow otherwise routed.

-- 
Adam Tauno Williams <mailto:awill...@whitemice.org> GPG D95ED383
OpenGroupware Developer <http://www.opengroupware.us/>



Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: [POLL] Cyrus ACLs and group names

[Adam Tauno Williams via Info-cyrus]

On Tue, 2015-11-17 at 07:40 +1100, Bron Gondwana via Info-cyrus wrote:
> For those of you using Cyrus with group ACLs, how are your groups
> named?
> I know with the auth_unix backend, they are
> 'group:'.  What I've seen from CMU's groups is that they
> are of the form ':'.

Ours are group:

-- 
Adam Tauno Williams <mailto:awill...@whitemice.org> GPG D95ED383
Systems Administrator, Python Developer, LPI / NCLA



Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: delprune on a single mailbox

[Adam Tauno Williams via Info-cyrus]

globally in cyrus.conf delprune is set to
> > > > delprunecmd="/usr/sbin/cyrus expire -E 1 -X 7 -D 7"
> > > > at=0501
> > > > For a single mailbox I don't want to keep deleted mails for 7
> > > > days,
> > > > but
> > > > expire them immediately or once a day per cron. How to do that?
> > > Forogt to say that delete_mode and expunge_mode is set to
> > > delayed.
> > > Via cron this should work for an immediate cleanup/expire:
> > You can set an expire annotation per mailbox.  
> How do I do that? From cyr_expire manpage:
> "The value of the /vendor/cmu/cyrus-imapd/expire annotation is
> inherited by all children of the given mailbox, so an entire mailbox
> tree can be expired by seting a single annotation on the root of that
> tree. If a mailbox does not have a /vendor/cmu/cyrus-imapd/expire
> annotation set on it (or does not inherit one), then no messages are
> expired from the mailbox."

Via cyradm -

cyrus.example.com> mboxcfg user.adam expire 365 
cyrus.example.com> info user.adam 
{user.adam}: 
  condstore: false 
  duplicatedeliver: false 
  expire: 365 
  lastpop:  
  lastupdate: 13-Aug-2008 19:37:31 -0400 
  partition: default 
  sharedseen: false 
  size: 12325671

AFAIK the annotations supported by cyradm/mboxcfg are:

* comment – A free-form text comment or description to be attached to
the mailbox.
* condstore – This annotation is only supported in the 2.3.x release
series starting with 2.3.3 although its use is not recommended until
2.3.8. As of the 2.4.x release series CONDSTORE functionality is
enabled on all mailboxes regardless of annotation and attempting to set
this annotation will result in a permission denied message. On releases
where this annotation is supported setting a value of “true” will
enable CONDSTORE functionality1.
* expire – If an expire value is provided messages will be
automatically deleted from the mailbox once the specified number of
days has elapsed.
* news2mail - 
* sharedseen - Enables the use of a shared \Seen flag on messages
rather than a per-user \Seen flag. The 's' right in the mailbox ACL
still controls whether a user can set the shared \Seen flag.
* sieve – In the case of a shared folder the “sieve” parameter
specifies the name of a global SIEVE script that will be used for every
message delivered to the folder.  This value is ignored for personal
mailboxes (mailboxes including and subordinate to a user's INBOX).
* squat – Flags the mailbox to be included for indexing when the SQUAT
process performs index generation.


> But is it possible to expunge a message immediately when it's deleted
> by client and not with the next expire run?

Not if delayed expunge is enabled AFAIK; that would defeat the purpose.

-- 
Adam Tauno Williams <mailto:awill...@whitemice.org> GPG D95ED383
OpenGroupware Developer <http://www.opengroupware.us/>



Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: delprune on a single mailbox

[Adam Tauno Williams via Info-cyrus]

On Sun, 2015-11-01 at 14:40 +0100, Marcus Schopen via Info-cyrus wrote:
> Am Sonntag, den 01.11.2015, 13:35 +0100 schrieb Marcus Schopen via
> Info-cyrus:
> > Hi,
> > globally in cyrus.conf delprune is set to
> > delprunecmd="/usr/sbin/cyrus expire -E 1 -X 7 -D 7" at=0501
> > For a single mailbox I don't want to keep deleted mails for 7 days,
> > but
> > expire them immediately or once a day per cron. How to do that?
> Forogt to say that delete_mode and expunge_mode is set to delayed.
> Via cron this should work for an immediate cleanup/expire:

You can set an expire annotation per mailbox.  Downside is that I
believe the annotation will be 'inherited' but subordinate mailboxes;
which stinks for some use-cases.


> su - cyrus -c "/usr/sbin/cyrus expire -E 1 -X 0 -D 0 -v -p
> user.mailboxname"

FYI, I believe with the very latest Cyrus the "su -" is unnecessary as
it will automatically handle the context change when run as root.


-- 
Adam Tauno Williams <mailto:awill...@whitemice.org> GPG D95ED383
Systems Administrator, Python Developer, LPI / NCLA



Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: Shared folder permissions

[Adam Tauno Williams]

On Thu, 2015-07-30 at 19:09 +0100, John wrote:
 I set the ACL to lrswiptek and it then shows as lrswipktecd. Have I 
 missed a database migration step at some point in the past? The 
 current server is running 2.4.12 (and I have a project to move it all 
 to 2.5.x soon).

Don't use d  w if you want fine-grained permissions control; old d, r
 w imply other permissions.  If I recall correctly: d = t+x and w
implies d.


-- 
Adam Tauno Williams mailto:awill...@whitemice.org GPG D95ED383
Systems Administrator, Python Developer, LPI / NCLA


Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: Using Roundcube with cyrus?

[Adam Tauno Williams]

On Thu, 2015-02-12 at 00:35 +0100, Marcus Schopen wrote:
 Am Dienstag, den 03.02.2015, 10:10 -0600 schrieb Patrick Goetz:
  Argh!  That was it.  I thought I had removed this, but it must have 
  re-appeared while I was substituting configuration options in and out 
  while trying to get this to work.
  Thanks so much for your help!
 For performance check imapproxy too. I've installed imapproxy on
 roundcube side and connect via openvpn to cyrus on another host.

With any webmail interface you will want to use imapproxy.

-- 
Adam Tauno Williams mailto:awill...@whitemice.org GPG D95ED383
Systems Administrator, Python Developer, LPI / NCLA


Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: User mail spool partitioning mystery

[Adam Tauno Williams]

On Fri, 2015-01-16 at 14:57 -0600, Patrick Goetz wrote: 
 I have a couple of existing cyrus 2.3.16 installs with this partitioning 
 configuration in imapd.conf:
defaultpartition: default
partition-default: /home/cyrus/mail
 I create users using cyradm:  cm user.myuser
 and the user mail spool folder has this heirarchy:
mail
  |
a
| user
| auser1
 I just assumed that this structure was built in to cyrus; however on my 
 new 2.4.17 install the partition settings in imapd.conf are similar:
defaultpartition: default
partition-default: /srv/cyrus
unixhierarchysep: yes   --- (now using this)
 however all newly created users (cyradm:  cm user/myuser) are dumped 
 into a single folder:
cyrus
  |
user
  | myuser
 I simply can't find any difference in the configuration files that 
 result in this discrepancy.  Was the [a-z] partitioning in the 2.3.16 
 install baked in to the Debian cyrus package I used, say in cyradm?

The difference is directory hashing,  which apparently you had turned on
previously and how have disabled.

To get the old behavior I believe you want:

  fulldirhash: false
  hashimapspool: true

Perhaps the default values changed between these versions.

-- 
Adam Tauno Williams mailto:awill...@whitemice.org GPG D95ED383
Systems Administrator, Python Developer, LPI / NCLA


Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: User mail spool partitioning mystery

[Adam Tauno Williams]

On Fri, 2015-01-16 at 17:02 -0600, Patrick Goetz wrote: 
 That's it! Thanks for the heads up!  I assumed that all the spool hash 
 options only applied when you actually have more than one partition, 
 which I don't.

Yep, the phrasing in the man-page is not clear.  In the past it has
confused me as well.

 Unfortunately this is going to complicate my ability to use the 
 excellent migration plan outlined by Nic Berstein on 2014-12-19. 
 mailboxes.db will know about the spool files in their old, hashed 
 location, which I'd like to get rid of, since all the mail resides on 
 one physical partition anyway, so having it set up this way just adds 
 unnecessary directory structures.

I do not see how they add unnecessary directory structures, the point
of hashing is to avoid very large [fat] directories by making the tree
deeper and more narrow verses fat and shallow.  In some cases [albeit in
large part historic] this improves performance due to technicalities of
file-system operation.

I would recommend just keeping the hashes if that is what you have now.
There no significant benefit to eliminating them.

-- 
Adam Tauno Williams mailto:awill...@whitemice.org GPG D95ED383
Systems Administrator, Python Developer, LPI / NCLA


Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: cyrus 2.4.17 -- file descriptor limit set to -1?

[Adam Tauno Williams]

On Thu, 2015-01-15 at 11:17 +, Geoff Winkless wrote: 
 RLIM_INFINITY is defined as ~0ULL, at least on my system. If it's cast
 to a signed value, that will come out at -1, no?
 My problem with systemd isn't that it doesn't work,

It works.

 it's that it's all-pervasive and viral, and forces people who've been
 using standard unix mechanisms for 20 years to learn something
 completely different for no visible concrete advantage.

There are many advantages, but this is not the place to debate the
much-debated systemd.

Resource contol on modern LINUX systems is managed via cgroups.  This
was added to the kernel quite some time ago to avoid all the ulimit
nonsense and concomitant hacks.

https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Resource_Management_Guide/ch01.html

Systemd relies on cgroups.

cgroups are a huge step forward and make administration much easier and
more flexible.

I do not know what distribution you are using but /etc/security/limits
is generally still effective as well.  If you want to run unlimited
change it to:

default:
fsize = -1

- which has been the correct way to do this for a very long time.

 As a user rather than a sysadmin it 

If you are running an IMAP host then you are a sysadmin. 


-- 
Adam Tauno Williams mailto:awill...@whitemice.org GPG D95ED383
Systems Administrator, Python Developer, LPI / NCLA


Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: LAS shoutout for FastMail

[Adam Tauno Williams]

On Mon, 2015-01-12 at 10:28 +1100, Robert Norris wrote: 
 Thanks for the heads up! Its pretty exciting to see all the interest
 in JMAP :)

Is there / will there be JMAP support in/for Cyrus IMAPd? 
-- 
Adam Tauno Williams mailto:awill...@whitemice.org GPG D95ED383
Systems Administrator, Python Developer, LPI / NCLA


Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: sieve vacation with start and end date

[Adam Tauno Williams]

On Sun, 2014-12-28 at 10:20 +0100, Marcus Schopen wrote: 
 does sieve vacation understand a start and end date? Something like this
 does not work:
 ---
 require [date, relational, vacation];
 if allof(currentdate :value ge date 2007-06-30,
  currentdate :value le date 2007-07-07)
 { vacation :days 7  I'm away during the first week in July.; }
 ---
 System: cyrus 2.4.12 on Ubuntu 12.04 LTS

It may or may not;  depends on what extensions/plugins are activated in
your SIEVE.  Is the above documented syntax from somewhere?

Horde's Ingo application uses regular expressions to match dates in
order to implement vacation start/end.  I believe date matching in SIEVE
is a relatively recent thing, and I am not sure to what level it is
implemented [anywhere].

-- 
Adam Tauno Williams mailto:awill...@whitemice.org GPG D95ED383
Systems Administrator, Python Developer, LPI / NCLA


Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: sieve vacation with start and end date

[Adam Tauno Williams]

On Tue, 2014-12-30 at 08:39 -0500, Adam Tauno Williams wrote: 
 On Sun, 2014-12-28 at 10:20 +0100, Marcus Schopen wrote: 
  does sieve vacation understand a start and end date? Something like this
  does not work:
  ---
  require [date, relational, vacation];
  if allof(currentdate :value ge date 2007-06-30,
   currentdate :value le date 2007-07-07)
  { vacation :days 7  I'm away during the first week in July.; }
  ---
  System: cyrus 2.4.12 on Ubuntu 12.04 LTS
 It may or may not;  depends on what extensions/plugins are activated in
 your SIEVE.  Is the above documented syntax from somewhere?

It looks like there is an open bug.

Implement date extension (rfc5260) 
https://bugzilla.cyrusimap.org/show_bug.cgi?id=3724

 Horde's Ingo application uses regular expressions to match dates in
 order to implement vacation start/end.  I believe date matching in SIEVE
 is a relatively recent thing, and I am not sure to what level it is
 implemented [anywhere].

-- 
Adam Tauno Williams mailto:awill...@whitemice.org GPG D95ED383
Systems Administrator, Python Developer, LPI / NCLA


Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: restore from cyrdump

[Adam Tauno Williams]

On Tue, 2014-12-16 at 16:58 -0600, Patrick Goetz wrote: 
 On 12/16/2014 01:42 PM, Andrew Morgan wrote:
  I forgot about one additional thing we do - we dump the mailboxes.db to
  a flat file once an hour via cron.  That would allow us to (mostly)
  recover from a corrupted mailboxes.db file.  Just like a full restore,
  we would need to run a reconstruct on every mailbox, I think.
 I thought the whole point of reconstruct was to rebuild mailboxes.db, 
 but then I took another look at the reconstruct man page and noticed:
-m NOTE: CURRENTLY UNAVAILABLE
   Rebuild the mailboxes file. Use whatever data in the
   existing  mailboxes file it can scavenge, then scans
   all partitions listed in the imapd.conf(5) file for
   additional mailboxes.
 now it's no longer clear to me what reconstruct does.  I guess rebuild 
 the {configdir}/user/prefix/username/cyrus.* files?

Yes.  If one restores message files to a mailbox folder then reconstruct
will add them back in as messages.  I have had to do this in the past -
but now with delayed expunge... I cannot remember the last time I needed
to use it.

It was more commonly used back when Cyrus IMAPd was somewhat less
awesome than it is now.  As of 2.4.x I've used the dumps primarily just
as (a) paranoia and (b) change auditing.  I have put back annotions and
some other small stuff by looking at dumps.  I doubt it has much role in
a full-restore unless you are trying to recover from corruption [which I
have experienced in the past due to a crappy EMC storage controller, not
fun].

-- 
Adam Tauno Williams mailto:awill...@whitemice.org GPG D95ED383
Systems Administrator, Python Developer, LPI / NCLA


Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: Possible to authorize as different user?

[Adam Tauno Williams]

Quoting Steinar Kaarø steinar.ka...@ntnu.no:
 A related feature in Cyrus does not seem to work as stated in the man page:
 imapmagicplus: 0
 Only list a restricted set of mailboxes via IMAP by using  
 userid+namespace  syntax  as  the  authentication/authorization id.  
 Using userid+ (with an empty namespace) will list only subscribed  
 mailboxes.
 Providing a namespace after + does not have any effect, and a  
 comment in the source says that this is not implemented.

You should file a bug if that is the case.

I have never heard of such a feature.


Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: annotation_definitions and other options in imapd.conf

[Adam Tauno Williams]

Quoting Patrick Goetz pgo...@mail.utexas.edu:
 This is from the imapd.conf man page:
annotation_definitions: none
  File containing external (third-party) annotation definitions.
 - Does anyone have any idea what this means or what this is used for?

Defining custom annotation strings?  The server does not let you stuff  
anything the client wants into the annotation database, it has to be a  
an approved string.

 Also, there are any number of options in imapd.conf that don't make any
 sense to me.  For example,
auth_mech:
 - Isn't this handled by SASL?

Partially, yes.  Don't forget that identity management is AAA - three  
As, not one.  Authorization, Authentication, Accounting.

autocreatequota:
  If  nonzero,  normal  users  may create their own IMAP accounts by
  creating the mailbox INBOX.  The user's quota is set to the  value
  if it is positive, otherwise the user has unlimited quota.
 - How can you create an INBOX if you don't already have an IMAP account?

There is no such thing as an IMAP account (again AAA not A).  You  
authenticate to the IMAP server, and then you create a mailbox.  Or  
the administrator has provisioned one of the auto-create patches.

defaultacl: anyone lrs
  The Access Control List (ACL) placed on a newly-created
  (non-user) mailbox that does not have a parent mailbox.
 - That sounds interesting; how does one go about creating a non-user
 mailbox?

??? A shared mailbox.  See sharedprefix.   I suggest you need to  
spend a bit more time with Cyrus and general IMAP documentation.

implicit_owner_rights: lkxa:
  The implicit Access Control List (ACL) for the owner of a mailbox.
 - Why wouldn't the default include t?  It seems weird that owners can
 deleted mailboxes but not messages by default.

I've never had occasion to set such a directive.  But some people have  
bizarre configurations or need to support broken e-mail clients.

ldap_* options
   - Again, I thought all authentication is handled by SASL?

Again, it is AAA not A.

 In the debian version of /etc/cyrus.con, this comment appears:
# this is only necessary if idlemethod is set to idled in imapd.conf
#idled  cmd=idled
 - idlemethod is not a listed option in `man imapd.conf`

Is this a current version of Cyrus?  I suspect this is a bit of Debian  
fossilization.



Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: Possible to authorize as different user?

[Adam Tauno Williams]

Quoting Steinar Kaarø steinar.ka...@ntnu.no:
 Is it possible to authorize as a different user when logging into Cyrus
 using an ordinary mail client? From what I understand this is only

Is it possible to authorize as a different user when logging into  
Cyrus --- Yes, that is just SASL.  Do this all the time.

using an ordinary mail client --- Almost certainly not.

 possible in Cyrus when using SASL PLAIN, but are there any clients that
 support the authorization part of the PLAIN mechanism?

None that I am aware of.

Probably Mulberry did, as it supported *everything*; but is very  
moribund if not simply gone [licensing was always bizarre].





Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: Cyrus-imapd can't find my mail

[Adam Tauno Williams]

On Fri, 2014-09-12 at 14:03 -0700, John Oliver wrote: 
 I'm pretty certain this is because it just doesn't know where to look,
 but I'm not sure how to tell it :-(
 I was using http://www.linuxmail.info/postfix-dovecot-ldap-centos-5/ as
 a guide, but needed to switch to cyrus-imapd  I think cyrus doesn't know
 how to look in /var/vmail/ as the vmail user.

cyrus doesn't know how to look in /var/vmail/ as the vmail user

Neither does a dolphin know how to fly; that documentation is not about
Cyrus.

Try reconstructing the mailbox after you put message files back.

  sudo -u cyrus  /usr/lib/cyrus-imapd/reconstruct -r -k -f user.fred

Paths may vary based upon distribution and packages.

Use the Cyrus documentation available @
http://cyrusimap.org/docs/cyrus-imapd/ and/or take a look at the Cyrus
chapter in my `book` @
http://sourceforge.net/projects/coils/files/WMOGAG.pdf/download

Comments on documentation are appreciated.  Writing documentation is
hard - feedback helps; sometimes if you understand something your
explanation has holes only the less advanced reader can point out.

-- 
Adam Tauno Williams mailto:awill...@whitemice.org GPG D95ED383
Systems Administrator, Python Developer, LPI / NCLA


Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: Mail not visible after restore from backup.

[Adam Tauno Williams]

On Mon, 2014-09-15 at 10:12 -0400, Tom Plancon wrote: 
 I inherited this installation, unfortunately! 
 I'm running reconstruct inside cyradm. Running version inside
 cyradm I get this:

I do not believe that way of accessing the reconstruct feature supports
options.  Use the reconstruct utility.

  sudo -u cyrus  /usr/lib/cyrus-imapd/reconstruct -r -k -f user.fred

Paths may vary based upon distribution and packages.

I believe this in covered in the Cyrus documentation available @
http://cyrusimap.org/docs/cyrus-imapd/ and/or take a look at the Cyrus
chapter in my `book` @
http://sourceforge.net/projects/coils/files/WMOGAG.pdf/download

Comments on documentation are appreciated. 
-- 
Adam Tauno Williams mailto:awill...@whitemice.org GPG D95ED383
Systems Administrator, Python Developer, LPI / NCLA


Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: imap cyrus

[Adam Tauno Williams]

  are you telling me that cyrus-imap does not work together with qmail-ldap ?
  Are you serious ?
 Please let's keep the discussion on the mailing list. And please do not 
 top-post.
 Frankly speaking, I do not care for qmail-ldap. qmail is a software dead 
 since over a decade.

Postfix maps can almost certainly emulate whatever qmail-ldap is doing.

 My point was that the mail structure cyrus-imapd uses is not Maildir. 

+1  Cyrus is *not* Maildir.

-- 
Adam Tauno Williams mailto:awill...@whitemice.org GPG D95ED383
Systems Administrator, Python Developer, LPI / NCLA


Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: replication

[Adam Tauno Williams]

On Mon, 2014-04-21 at 22:34 +0600, Eugene M. Zheganin wrote:
 If I'm using replication, and master goes offline for a moment, and I 
 have some mail delivered on replica (from SMTP, beacuse I kinda have 
 SMTP configured to deliver on localhost, and IMAP master is also a CARP 
 master), how do I handle this situtation when master is back online (and 
 the mail starts to be delivered on master, and some mail is technically 
 lost, because it's on replica) ?

If this happens, and you cut-over mail delivery, the slave should become
the master.  They should flip roles.  Cyrus replication is not
multi-master [at least not yet - that will be an awesome day].

-- 
Adam Tauno Williams mailto:awill...@whitemice.org GPG D95ED383
Systems Administrator, Python Developer, LPI / NCLA


Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: cyrus sieve redirect action and SPF

[Adam Tauno Williams]

On Thu, 2014-04-17 at 12:27 +0300, Deniss wrote:
 Original envelope From of an email is used when redirect is set in sieve
 to resend the mail to another email address.
 This plays bad with SPF.
 May be the mails should be send from user's own email while 'Reply-To:'
 header become set to point to the original sender ?

But then it wouldn't be redirect anymore;  a feature of redirect is
that it does not monkey about with the message.  What you want is a
forward action.

-- 
Adam Tauno Williams mailto:awill...@whitemice.org GPG D95ED383
Systems Administrator, Python Developer, LPI / NCLA


Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: Outlook 2013

[Adam Tauno Williams]

On Thu, 2014-02-27 at 21:58 +0100, Paul van der Vlis wrote:
 I would like to tell that I got some private mails telling that Outlook
 2013 does not work well with imap.

I have several users using Outlook with Cyrus IMAPd; it works without
issue.  At least from 2003 and later.   

One tip is to disable Exchange extensions, but other than that no
hacking is required.

-- 
Adam Tauno Williams mailto:awill...@whitemice.org GPG D95ED383
Systems Administrator, Python Developer, LPI / NCLA


Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: Sieve service terminated abnormally

[Adam Tauno Williams]

On Thu, 2014-02-27 at 15:34 -0300, Fabio S. Schmidt wrote:

 I'm running Cyrus 2.4.14 with Aggregator and this messages appears
 several times on my frontend logs: 
 service sieve pid 10238 in BUSY state: terminated abnormally

I have not seen that message.  Do you end up with a core file?

 What does this mean? Do I have to increase the maxchild for the sieve
 service or my clients are doing something wrong?

Are you clients unable to connect after this message?

-- 
Adam Tauno Williams mailto:awill...@whitemice.org GPG D95ED383
Systems Administrator, Python Developer, LPI / NCLA


Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: mail archiving -- large mail stores [mailpiler]

[Adam Tauno Williams]

On Wed, 2014-02-05 at 06:35 +0100, mayak wrote:
 hi all,
 i just ran across this project: http://www.mailpiler.org
 is there an argument to do that, or just create an archive user in cyrus
 that  has a multi-multi gigabyte mail drop?

Thanks for the link, that looks very interesting;  but I'd just have
Postfix shove a copy of every passing message into the service.  Not
sure that Cyrus would play a role in archiving.

I have archived to Cyrus in the past but the mailboxes become truly
enormous rather quickly when accumulating all mail.  And Cyrus's
indexing services do not really seem up to indexing an entire year's
etc.. pile of mail.

Have you tried mailpiler yourself?

-- 
Adam Tauno Williams mailto:awill...@whitemice.org GPG D95ED383
Systems Administrator, Python Developer, LPI / NCLA


Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: Help on quota usage.

[Adam Tauno Williams]

On Fri, 2014-02-14 at 13:56 +0100, Eric Luyten wrote:
 On Fri, February 14, 2014 1:30 pm, mayak wrote:
  On 02/14/2014 12:41 PM, Anant Athavale wrote:
  for one user, the lq user.xx is showing 1.6 GB, where as actual usage on
  file system is less than 1 GB.  I want to know, how can get where is the
  additional quota sitting in /var/spool/imap partition for user xxx.
 The underlying filesystem MAY have compression capabilities, which will most
 certainly lead to 'du' returning a lower value than Cyrus 'list quota'.

+1.  The utilization of the underlying storage and the value calculated
by Cyrus may not correspond 1:1 for a variety of reasons [although, I
guess one might expect them to the close-ish - unless delayed expunge,
deduplication, etc... features are used].  I have seen the filesystem
and Cyrus quota values differ into both directions [fq  fq] for
apparently valid reasons.



Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: Protecting message files acess even from root

[Adam Tauno Williams]

On Sat, 2014-02-01 at 11:38 -0200, Fabio S. Schmidt wrote:
 Thanks Sven, I really appreciate your considerations, especially about
 the encryption of the SMTP traffic.
 I will test Mandatory Access Control (MCS), like Se-linux(YES, I know
 that NSA wrote it) or Apparmor for instance, and customising SUDO:
 http://pubs.gpaterno.com//2009/protecting-confidential-files-selinux-2009.pdf
 Sorry for not being specific from the beginning, but this research is
 for a government e-mail system, and we really need to ensure that even
 administrators cannot access the messages, encrypted or not.

Please come back with what you discover.  This is an interesting
question.



Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: MDOSEQ per Mailbox setting

[Adam Tauno Williams]

On Fri, 2013-07-05 at 09:41 +0200, lst_ho...@kwsoft.de wrote:
 Is this list dead or the question not clear/interesting?
 I have not seen a single post beside me??

There are regular, at least daily [on average], posts to this list.

What is the question?



Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: MDOSEQ per Mailbox setting

[Adam Tauno Williams]

On Fri, 2013-07-05 at 12:47 +0200, lst_ho...@kwsoft.de wrote:
 Zitat von Mogens Melander mog...@fumlersoft.dk:
  A search on google for MDOSEQ return only your post to the
  list.
  A grep for MDOSEQ in the source for cyrus-imapd-2.4.16
  does not reveal anything. The word MDOSEQ was not anywhere
  in the source tree.
 Sh...
 Typo in the subjet. It should be MODSEQ of course as described in the  
 first mail to the list.
 http://tools.ietf.org/html/rfc4551

I believe this falls under the label condstore in Cyrus [???].  In
2.3.x you could toggle it on via mboxcfg in cyradm per-mailbox.  In
Cyrus 2.4.x it is just on.



Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: Cannot see entries in folders when using MS Outlook 2013

[Adam Tauno Williams]

On Mon, 2013-04-15 at 09:56 +0200, Ulrich Jakobus wrote:
 Thanks, Janne, but this is not the problem (we have set these XLIST based on
 this blog, but this affects only the names and usage of special folders).

Possibly Exchange Extensions are enabled?   I don't know if this still
applies to Outlook 15 but I have seen extensions create some bizarre
problems over the years.

Tools - Options - Other - Advanced - Options - Add-In Manager -
Uncheck Exchange Extensions property.

Outlook2003/Tools/Options/Other/AdvancedOptions/COM Add-Ins/ remove
anything that is not essential

 The problem is rather that I cannot see any e-mails in any folders (i.e.
 special folders but also any other folders) on the server and local e-mails
 (when manually copying in there) are not copied back from client to server
 when using Outlook 2013 and Cyrus 2.4.9, it works fine with Outlook 2010 and
 Cyrus 2.4.9 and Outlook 2013 also worked fine with our previous version of
 Cyrus 2.2.13.



Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: How Do i get last lgin date for all my users

[Adam Tauno Williams]

On Sat, 2013-04-13 at 12:56 +0100, Charles Bradshaw wrote: 
 Attached is a little perl script which parses /var/log/maillog and lists
 the last time users logged in.

This seems very unreliable, slow, and hacky.  When I login to my e-mail
the system typically tells me the last time I logged in [at least to
that app].  Doesn't the meta-data in the IMAP server 'know' this
information?

The underlying authentication system [PAM via lastlog, etc...] might
also have this information.  If your authentication system is LDAP then
the DSA might know this as well.

   Assuming Linux?UNIX,
   log onto the machine, run the command: last
   This does only work, if IMAP users are system users - which most of
   the time is not the case.

Yep.


Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: Conversion from maildir to Cyrus

[Adam Tauno Williams]

On Wed, 2013-03-27 at 21:15 +0100, Paul van der Vlis wrote: 
 A customer asks me to convert an excisting installation what uses
 Evolution, pop3 and maildir to Cyrus.
 When I would copy the files and run reconstruct or use deliver I expect
 to loose the flags like read.

Not necessarily, those can be explicitly applied via IMAP.

I believe the imapcopy / imaputils project(s) have some maildir-to-imap
migration tool, maybe.  I remember something like that.

For POP - there aren't really any flags, except maybe seen, but that
depends on the provider.

 What would be a good way to convert this? It's about 100+ users who are
 all on one server.
 Would it be an idea to install an imap server like Courier or Dovecot
 what can do maildir and then use imapsync to Cyrus?



Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: MD5 Passwords in MySql?

[Adam Tauno Williams]

On Tue, 2013-03-26 at 10:17 +, Charles Bradshaw wrote: 
 Thanks Guys
 I think it's finally sunk in. DIGEST-MD5 and CRAM-MD5 are mutually
 exclusive with hashed passwords.
 D'oh! I think I even posted that fact in answer to a previous thread.

No problem, it happens to us all.  Yesterday I posted two messages to
lists relating to issues that as soon as I posted them I found the
answers right there in the documentation.  Right there!  I swear I had
already looked twice. 



Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: MD5 Passwords in MySql?

[Adam Tauno Williams]

On Mon, 2013-03-25 at 11:40 +, Charles Bradshaw wrote: 
 Yes I understand and accept the weakness of MD5. In the world of
 exponentially increasing processing power there will always be weakness,
 of ANY scheme.
 The question is not however about the efficacy of encryption methods!
 It's about how to achieve password hashing in a mysql database.
 I have indicated how to use AES. Its' strength however is compromised by
 the necessity of revealing the key in many places.
 I would be most great-full, if anybody KNOWS:
 Is there a way to store MD5 hashed passwords when using the mysql
 plugin?

I have no clue.  BUT I still wonder what the end-goal is.  If you are
actually worried about theft of the underlying database then it would
seem volume encryption is the correct answer - encrypt the entire
database, on disk.  That isn't hard and doesn't require modification of
any software.

Anyway, storing essentially clear-text credentials in the authorization
database (be it a KDC, an LDAP server, an Active Directory server,
etc...) is normal, accepted, and common.  Most worthwhile authorization
schemes require an 'effectively' clear-text secret on both ends.  Guard
the credential database and ensure communication channels are secure
[encrypted].  Make /etc/passwd useless is an abandoned meme, you
cannot win that fight.

 Security through obscurity is always a bad principle.  

No one here is recommending that or stating that it is.

 On Mon, 2013-03-25 at 08:59 +1030, Daniel O'Connor wrote:
  On 25/03/2013, at 7:33, Charles Bradshaw b...@bradcan.homelinux.com wrote:
   That seems very wrong to me.
   It might be a kludge, but it's not wrong. It avoids storing plain text
   passwords, which are always a risk. The purpose of MD5 digest is to make
   passwords truly private to the user. Not even root knows users passwords
   when stored in shadow(MD5).
   The only risk to shadow passwords is a brute force attack which is
   relatively easy to detect and foil.
  FYI a single round of MD5 is considered quite weak these days.
  The whole point of hashing a password is to make it difficult to find a 
  password if the password DB is leaked. MD5 is no longer sufficient for this 
  (even with salt).
  A modern GPU can brute force billions of passwords per second and humans 
  suck at generating them.



Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: MD5 Passwords in MySql?

[Adam Tauno Williams]

On Mon, 2013-03-25 at 17:03 -0500, Scott Lambert wrote:
 On Mon, Mar 25, 2013 at 09:32:16PM +, Charles Bradshaw wrote:
  Andy
  Thanks for the link. If you read on you will see that while PAM allows
  storage of encrypted passwords in mysql, DIGEST-MD5 and CRAM-MD5 can
  then NOT be used. That's definitely as step in the wrong direction.
  I'm coming to the conclusion that I need understand the code well enough
  to add something to cyrus, but sadly I'm just too old to grok the tangle
  of C.
 Basically, Digest-MD5 and CRAM-MD5 avoid passing the cleartext
 password across the wire by hashing something with the cleartext
 password.  These authentication methods require that the cleartext
 password be known (or at least recoverable) by the server and the
 client.

Yep, which was pointed out originally.  If the cred store is encrypted
it needs to be a two-way crypt [can be decrypted].  So you basically
have a crypted filesystem store anyway.

 Therefore, the server cannot be using a non-reversible hash of the
 password for its password store.
 You can store cleartext passwords in your password database and
 avoid passing passwords in cleartext across the wire.
 OR
 You can store hashed passwords in your password database and pass
 cleartext passwords over the wire, hopefully inside an SSL/TLS
 connection.

+1

 If you use crypted MD5 hashed passords in your database, you will
 have to disable Digest-MD5 and CRAM-MD5 in your SASL auth mechanisms.
 My system is not running in that configuration so I am not certain
 that you can tell saslauthd to use a mysql database for encrypted
 password storage.

I use saslauthd to a PostgreSQL database that stores crypted passwords -
but it can only do PLAIN/LOGIN in that configuration, none of the newer
mechs that all the cool kids are using.



Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: MD5 Passwords in MySql?

[Adam Tauno Williams]

On Sun, 2013-03-24 at 14:21 +, Charles Bradshaw wrote:
 In my /etc/imapd.conf I'm using:
 sasl_auxprop_plugin:sql
 sasl_sql_engine:mysql
 I want to store MD5 hashed passwords in my database. Is this possible?

I would *assume* that the database doesn't much care about the
hashing/encoding of the password/secret - I'd *assume* it just stores
and retrieves it.

Concerns for the validity of the secret are up-the-stack, is SASL
proper, and not in the storage plugin.

I could be wrong;  I've mostly dealt with storing credentials in LDAP.

 I was thinking about modifying the sql plugin to MD5 the password before
 comparison, but...

That seems wrong to me.  Can't you just tell SASL via configuration that
you want to use MD5?

 I'm no C programmer so understanding sql.c (the plugin source) is quite
 beyond me. It looks as though we just check for the presence of the
 password and don't actual compare passwords! Surely I'm wrong here?

That is what I would *assume* it does. And correctly.

 I could use a symmetric encryption, eg AES, and place the necessary
 decrypt in the sasl_sql_select statement, but that seems a bit pointless
 since the key is now visible in various logs.

That seems very wrong to me.

I wonder why you care are credentials are stored; is SASL authentication
not working?


Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: Fwd: Public Key for Cyrus IMAPD

[Adam Tauno Williams]

On Wed, 2013-03-20 at 09:23 +0800, Gene Leung wrote:
 It seems no one care about the public key.  Then, why still put the
 signature file there for download?  Or any other way for verify the
 integrity of the download.

no one cares is a bit harsh for 24hrs without a response.

This list is primarily people who use / administer Cyrus IMAPd.  And I'd
wager most of those people use Cyrus from a package.

Packagers are ones who care most about things like checksums, and they
probably don't pay much attention to this list.  I also wouldn't be
surprised these days if packagers didn't work directly from a git
checkout and just skipped the tgz.

 Any where I can find the pubic key for verify the files downloaded of
 the Cyrus IMAP software?

Anyway, nope, I do not see a checksum/sumkey at
ftp://ftp.cyrusimap.org/cyrus-imapd/




Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: Good webmail client software for cyrus?

[Adam Tauno Williams]

On Sun, 2013-03-10 at 20:08 +, Charles Bradshaw wrote:
 I am now researching how to provide a HTTP (webmail style) MAU as an
 alternative to a bunch of IMAP feature lacking, or otherwise broken,
 desktop user agents.
 I also need to source a GUI mailbox/password server management tool.
 Currently I'm using MySql Workbench for password management and cyradm
 command line for mailbox configuration.

Horde probably provides everything you are looking for; it is VERY
feature-complete, standards compliant, and well supported.

http://www.horde.org/

 I'm hoping to combine the above management features in one web enabled
 system.
 I see Zimbra and roundcube. The former commercial, the latter open
 source, appear to provide the required technical solutions. Although it
 is slightly unclear that either provide configurable password management
 capable of interfacing to MySql.

Horde's user / group / password support is extremely flexible.

 Neither of the above are ideal. The first because it isn't open source.
 The latter because it is written in PHP. A paradigm I am too old to
 become proficient in.

PHP is the platform of just apps.  AFAIK there is no supported / current
webmail interface in Java / .NET.  PHP is nothing to be afraid of, it is
simple to deploy and support;  certainly more so that Python or other
web-server alternatives.

 I have two questions therefore:
 First has anybody got any insight into any other good open source
 solutions?

Horde.



Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: imap client that supports passing authorization id

[Adam Tauno Williams]

On Mon, 2013-02-25 at 11:08 +0100, Rudy Gevaert wrote:
 Hello cyrus users,
 Do any of u know of any desktop imap-client, but not mulburry, that 
 supports passing the authorization id?

I am not aware of any.  Neither am I aware of any that support IMAP ACLs
[settings, viewing, etc...] or SIEVE.  Very sad.

If someone else knows of any I'd love to hear about it.


Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: Cyrus 2.5

[Adam Tauno Williams]

On Wed, 2013-02-13 at 12:45 +1100, Greg Banks wrote:
 On Wed, Jan 30, 2013, at 11:04 PM, Bron Gondwana wrote:
  On Wed, Jan 30, 2013, at 07:06 PM, Pepe Charli wrote:
   Hi
Is there any estimate about when we can expect cyrus 2.5?
  Soon, honestly.  We keep getting caught up with other things.
Will it include the search engine based on Xapian?
  Probably not.
 Definitely not.  The Xapian support is based on a large lump of work
 which adds a completely new message_t object API.  This is far too large
 a change to be pushing into 2.5 at this stage.  This is how far ahead
 the fastmail branch is relative to cmu/master:
  150 files changed, 41392 insertions(+), 4627 deletions(-)
 Also, we want to get some more operational experience with Xapian before
 inflicting it on other folks.  If you're adventurous the code is out
 there at https://github.com/gnb/cyrus-imapd/tree/fastmail
 It's time to draw a line in the sand and throw 2.5 over
  the fence,
 Absolutely.

Agree,  there is some great sounding stuff in 2.5.x already.

FYI,  I'll throw in a case of beer to anyone who closes this one -
  https://bugzilla.cyrusimap.org/show_bug.cgi?id=3617

http://www.freedomsponsors.org/core/offer/187/sieve-scripts-assigned-to-folders-are-not-executed

-- 
Adam Tauno Williams  GPG D95ED383
Systems Administrator, Python Developer, LPI / NCLA


Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: Single sign on with NT Login

[Adam Tauno Williams]

On Thu, 2013-02-14 at 11:57 +0530, Ram wrote:
 I need to implement NT Login such a way that if a user is logged in to 
 the desktop , he is also automatically logged in to the email server ( 
 when using outlook / thunderbird etc)
 I need to replicate how outlook works with Exchange. The users may use 
 windows login from any desktop and he is auto logged in to his own email 
 account

This is primarily a client support issue and an issue of how your domain
is configured.

If you really are using an NT4 domain then you may be able to get NTLM
authentication to work; at least with Outlook.  That can provide
single-sign on.

Aside: if you are really using an NT4 domain - upgrade, yesterday.

If you are using an Active Directory domain then use Kerberos / GSSAPI.
This would work, no problem.  Kerberos rocks!

-- 
Adam Tauno Williams  GPG D95ED383
Systems Administrator, Python Developer, LPI / NCLA


Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: Reconstruct a Single Folder

[Adam Tauno Williams]

On Mon, 2013-02-11 at 13:56 +0100, Kaiser Martin wrote:
 I have a Problem to reconstruct a Single folder.
 If I run,
 sudo -u cyrus /usr/lib/cyrus/bin/reconstruct -fr  user/wieder/cc
 I see this error
 user.wieder.cc uid 1 not found
 user.wieder.cc uid 2 not found
 user.wieder.cc uid 3 not found
 user.wieder.cc uid 4 not found
 user.wieder.cc uid 5 not found

Do the corresponding files exist?  Such as 1., 2.?

-- 
Adam Tauno Williams  GPG D95ED383
Systems Administrator, Python Developer, LPI / NCLA


Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: Can anyone explain localhost phenomenon?

[Adam Tauno Williams]

On Sun, 2013-02-03 at 15:42 +0100, Gabor Gombas wrote:
 IIRC MySQL tries to use an UNIX socket instead of TCP for connecting to
 the server when it sees the localhost string. If e.g. sendmail runs
 chrooted, then it won't see the MySQL server's socket, therefore it
 won't be able to connect.

What happens if, instead of the literal localhost, you say
127.0.0.1.  Hi-jacking the localhost string seems wrong, but it might
be accepted/well-known behavior at this point.  And possibly buried in
the MySQL library [and not in SASL; in fact, I'd wager that is true.
Shortcuts and general funny-business is pretty much MySQL's primary
prerogative].



Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: Can anyone explain localhost phenomenon?

[Adam Tauno Williams]

On Mon, 2013-02-04 at 12:19 +, Charles Bradshaw wrote:
 On: Mon, 04 Feb 2013 06:29:56 -0500, Adam wrote:
  On Sun, 2013-02-03 at 15:42 +0100, Gabor Gombas wrote:
   IIRC MySQL tries to use an UNIX socket instead of TCP for connecting to
   the server when it sees the localhost string. If e.g. sendmail runs
   chrooted, then it won't see the MySQL server's socket, therefore it
   won't be able to connect.
  What happens if, instead of the literal localhost, you say
  127.0.0.1.  Hi-jacking the localhost string seems wrong, but it might
  be accepted/well-known behavior at this point.  And possibly buried 
  in the MySQL library [and not in SASL; in fact, I'd wager that is true.
  Shortcuts and general funny-business is pretty much MySQL's primary
  prerogative].
 Yes 127.0.0.1 instead of localhost works... it's down to somebodies ghost in
 the machine then!

rant
No, don't blame the ghosts, they are innocent.  This behavior is the
fault of an idjit;  somebody very much alive built that behavior into
libmysql, believing they were being clever.  This HACK has cost hours to
innumerable people who assume what is in a config file means what it
obviously should mean - only it doesn't.
/rant

-- 
Adam Tauno Williams  GPG D95ED383
Systems Administrator, Python Developer, LPI / NCLA


Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: alternative login names

[Adam Tauno Williams]

On Mon, 2013-02-04 at 14:25 +0100, Wolfgang Rosenauer wrote:
 I actually needed a pointer into the right direction and I guess that
 is one.
 I've never used sasl ldapdb though and I have a hard time figuring out
 how and what to do.

I have some examples for using ldapdb @
http://www.wmmi.net/documents/LDAP103.pdf

 From the documentation I found it's also not clear to me if a crypted
 userPassword as I use in my LDAP can be used in that setup.

H.  I can't recall off the top of my head.  I believe it SHOULD be
possible to do LOGIN/PLAIN auth via ldapdb.

 If I understand correctly all the hard work to match usernames in done
 via some regexp which should be powerful enough to let me search the
 login name in uid and mail attributes?

Yes, the matching regex is key.  And confusing, at first.

 Or did you actually refer to a different mapping in LDAP?
 Is there some sort of HOWTO somewhere or is all the information really
 spread in openldap, sasl and imapd documentation only?

Maybe the above PDF will help?


-- 
Adam Tauno Williams  GPG D95ED383
Systems Administrator, Python Developer, LPI / NCLA


Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: Need guidelines on how to migrate a Cyrus-Imapd server

[Adam Tauno Williams]

On Mon, 2013-02-04 at 15:01 +0100, Thibault Le Meur wrote:
 Le 01/02/2013 17:03, Thibault Le Meur a écrit :
  Thanks for the hints
  I'll go the rsync way then... pity I would have loved to understand what
  kind of file is to be fed to the sync_client -u -f command, in order
  to give it a try..
 Replying to myself,
 According to an old thread 
 (http://lists.andrew.cmu.edu/pipermail/info-cyrus/2007-September/026772.html),
  
 the file format is:
 USER $username
 USER $username2
 It is also confirmed that the only way to have singleinstancestore 
 preserved is to run the sync_client with the -f option so that all 
 synchs are done in the same run.
 However it seems that the cache which is used to detect the duplicates 
 is rather low (UUID cache on the server side: 1000) so that single 
 intance deduplication may not be very efficient.
 Unless this has changed, I agree that the best way to initialize the 
 replica is to use rsync and then convert the databases. I'll give it a try.

Correct, from a thread in 2007:

quote
Message UUIDs are used to replicate the single instance store (see
docs/text/install-replication). This won't have much effect when you
first replicate a mailstore as sync_server in 2.3 only tracks the last
few thousand messages that have been uploaded. It becomes much more
effective  when a replica has been seeded and you switch to rolling
replication.
/quote

quote
sync_server maintains a fairly modest UUID cache on the server side:
1000 messages in 2.3. A restart is negotiated after each UPLOAD command.
/quote

It really does seem best to seed the replica, initially, via rsync
[WATCH THOSE PERMISSIONS!] then to engage rolling replication - the
replica should become current.

Something like -

rsync \
--verbose  --recursive \
--perms --owner --group --times \
--links --hard-links --delete \
$master:$root $replica:$root

I also like the  --numeric-ids assuming your uidNumber/gidNumber is the
same between systems.  That saves a lot of pointless NSS calls.

-- 
Adam Tauno Williams  GPG D95ED383
Systems Administrator, Python Developer, LPI / NCLA


Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: Restrict access to a single client device

[Adam Tauno Williams]

On Fri, 2013-02-01 at 14:31 +0530, Ram wrote:
 On 02/01/2013 01:20 AM, Dale J Chatham wrote:
  You use SMTP authentication through postfix or sendmail.  Google [ mail
  authentication relay   ] and you should find lots of howtos.
  I'm setting it up to use a sasldb to authenticate external users in
  order to keep them apart from UNIX users.  Be very certain that you use
  STARTTLS or some form of authentication for email.  Also, if you're
  allowing internet access to e-mail, you'll want to use imaps or https.
 The idea is that end users configure their email  on Desktop, Laptop , 
 Phone , tablet, Ipad ... ( The list is getting longer every day )

Yes.

 So copies of the mail are floating everywhere.
 This raises a security concern
 I cant block access totally from outside.
 Employees should be allowed access from outside office , but only from 
 the designated Laptop.
 One way would be to ask everyone to VPN to the office for mails , Is 
 there anyway else.

This really sounds like a solution for PKI.  Issue a certificate to the
device and demand that the device and the server *mutually* agree based
on that [currently the client device has to recognize the server's
certificate].  This means you (a) have to manage certificates and (b)
the client device / application has to be able to perform PKI.  I
believe (b) is true in most cases.

I'm currently also trying to figure this out.


Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: Need guidelines on how to migrate a Cyrus-Imapd server

[Adam Tauno Williams]

On Fri, 2013-02-01 at 10:43 +0100, Thibault Le Meur wrote:
 I'm trying to migrate a Cyrus-Imapd serveur running on an old machine to 
 a new virtual machine environement and I'd like to have to guidelines on 
 how to proceed.
 I've first thought about using the Cyrus-Imapd replication feature, but 
 the first import using sync_client was causing he target server to use 
 far more space on disk that the used space ont he original serveur. My 
 guess is that the hardlinks dedeuplication was not preserved during this 
 transfer. 

That is easy to check.  On the target does the listing of a mailbox look
the same (on the filesystem) in terms of the reference count column?

...
-rw---  1 cyrus mail 2464 Feb  1 05:00 521985.
-rw---  1 cyrus mail 2629 Feb  1 05:00 521986.
-rw---  2 cyrus mail 4441 Feb  1 05:02 521987.
-rw---  1 cyrus mail 2834 Feb  1 05:03 521988.
...

The second column greater than 1 means there is hard-linking occurring,
and hard-links are the backbone of duplicate suppression.

Are you sure that duplicate suppression was enabled on the replica?

 I don't know if this is due to the way I'v ran the tool or if 
 this is a limitation of sync_client itself. Can someone answer me on 
 this ? If sync_client is able to preserve hardlinks deduplication, what 
 would be the correct way to run it (I've not found the syntax expected 
 for the client-list-file in the command sync_client -u -f 
 client-list-files so I used a for loop and ran sync_client 
 indicidually on each user).

I'm certain that is does support it;  I see lots of duplicate
suppression on my replica.   I certainly didn't do anything special to
make it replicate that way.

I have duplicatesuppression: yes set on the replica.

 Then, I've tried the rsync solution (synching the mailbox directory and 
 config directory), but I'm switching to a 64bits OS so I'll have to 
 convert the databases and import them. Is it a recommended solution ?

I believe that skiplist is 32bit/64bit neutral.  So convert to skiplist
first, on the working server.  KILL BERKELEY!!  You want to do that
anyway.
-- 
Adam Tauno Williams 
System Administrator, OpenGroupware Developer, LPI / CNA
Fingerprint 8C08 209A FBE3 C41A DD2F A270 2D17 8FA4 D95E D383


Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: Is it OK for users to use either of a pair of replicated servers ?

[Adam Tauno Williams]

On Fri, 2013-02-01 at 10:01 +, John wrote:
 Hello, I have just set up a second server for a small email group and I 
 now have replication working between them. 

Great.

 I was very happy to note that it replicates both ways.

It does???  What version is this?

 My use-case is basically this: to have two servers, one acting as a 
 primary and another as a backup. The primary will be the one that goes 
 out to the internet to grab emails for users. Apart from that difference 
 the two servers are identical. Either can take on the primary role. 
 Users can connect their IMAP email clients to either server. One of the 
 pair runs sync_server and the other regularly connects to it to keep the 
 two servers in sync. It's a basic configuration intended for use by a 
 small number of people.

As far as I know that will not work.

 I'd like to confirm that the replication mechanism implemented with 
 sync_server and sync_client is ok for this kind of set-up. It certainly 
 appears to work just fine like this but I haven't found anything in the 
 documentation saying that two-way replication like this is ok (i.e. 
 where users can log in to either server).

I believe that multi-master is a feature for 2.5.x.


Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: Need guidelines on how to migrate a Cyrus-Imapd server

[Adam Tauno Williams]

On Fri, 2013-02-01 at 13:20 +0100, Thibault Le Meur wrote:

  On Fri, 2013-02-01 at 10:43 +0100, Thibault Le Meur wrote:
  Are you sure that duplicate suppression was enabled on the replica? 
 Yes I'm sure, and a simple find have quickly confrimed this.
 find . -type f -a \! -links 1 -ls
 ..
 141637005   32 -rw---  12 cyrusmail30678 sept. 20
 18:42 ./obfustcated-username/12307.
 ...

Then something is deduplicating.

  I have duplicatesuppression: yes set on the replica. 
 I thought that duplicatesuppression was a different thing.

Ah, yes, it is.  We are talking about single-instance-store.

That is the singleinstancestore directive.

 What I'm trying to achieve is to keep the Single Instance Store
 property on my replica
 (http://cyrusimap.web.cmu.edu/docs/cyrus-imapd/2.4.7/overview.php#singleinstance)

Yep.

 In this case, since I use a single sync_client process per user, it is
 logical that hardlinks between mailboxes can't be preserved. 

True, I guess that makes sense.I believe I did an initial migration
using rsync and they fired up the sync-server to keep it up to date /
get the last changes.  But it was some time ago.  It certainly dedupp'ed
going forward.   Perhaps sync-ing across different versions may effect
it as well.

  I believe that skiplist is 32bit/64bit neutral. So convert to
  skiplist first, on the working server. KILL BERKELEY!! You want to
  do that anyway.
 Yes it seems so. 
 When you say Kill Berkeley, do you mean that the DB should saty in
 Skiplist format even on the production server (and not converted back
 to Berkeley)? If yes, do you have any URL describing the procedure ?

Yes, production 2.4.x boxes should be using Skiplist.

The cvt_cyrusdb will convert databases between formats.


Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: Is it OK for users to use either of a pair of replicated servers ?

[Adam Tauno Williams]

On Fri, 2013-02-01 at 16:15 +, John wrote:
 Further to my last message, I've updated my master so now both servers 
 report the same version:
 version: v2.4.17 d1df8aff 2012-12-01
 I'd like to understand some error messages that I am getting and what I 
 should do to resolve them...
 On the replica:
 syncserver[8816]: higher last_uid on replica user.myuser - 57628  57629
 syncserver[8816]: higher modseq on replica user.myuser - 36186  36187

A modseq is very much like an etag or a ctag in HTTP/WebDAV.  It is a
value that gets incremented with every change.  So the the modseq on the
slave is greater than the modseq on the master... something is out of
sync.

 On the master:
 sync_client[5197]: MAILBOX received NO response: IMAP_MAILBOX_CRC 
 Checksum Failure
 sync_client[5197]: CRC failure on sync for user.myuser, trying full update
 sync_client[5197]: SYNCNOTICE: record mismatch with replica: user.myuser 
 more recent on master

Aren't you connecting to the slave and making changes?  That would make
sense then, the master and the replica are constantly getting
out-of-sync.  Replication is one-way.

 Despite these messages, my replication appears to be working but I can't 
 as yet be 100% sure. I'd like to understand the above and try and stop 
 them if I can...

Because it is constantly recovering, as these messages indicate.  2.4.x
replication is quite reliable and recovers from inconsistencies most of
the time.

 I can't find any documentation detailing what the above means, and I'm 
 not that familiar with the internals of the imap server, so I'd really 
 appreciate some pointers...

-- 
Adam Tauno Williams  GPG D95ED383
Systems Administrator, Python Developer, LPI / NCLA


Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: Mailbox does not exist question (NO it is NOT the answer!)

[Adam Tauno Williams]

On Thu, 2013-01-24 at 19:17 +, Charles Bradshaw wrote:
 I have enabled debug. (in imapd.conf debug: yes). Now when I start a telnet
 imap session /var/log/maillog has this:
 Jan 24 13:25:59 dell2600 imap[4507]: accepted connection
 Jan 24 13:25:59 dell2600 master[4549]: about to exec 
 /usr/lib/cyrus-imapd/imapd
 Jan 24 13:25:59 dell2600 imap[4549]: executed
 Jan 24 13:25:59 dell2600 imap[4549]: IOERROR: opening
 /var/lib/imap/user_deny.db: No such file or directory
 Is this the problem?
 How do I create user_deny.db ?

No, it is OK for user_deny to not exist.  [this is a chronically
confusing message;  you can't really tell DEBUG 'error' messages from
real error messages].

 Telnet session still does NOT report the presence of INBOX:

I don't understand this statement.

 $ telnet localhost imap
 Trying ::1...
 Connected to localhost.
 Escape character is '^]'.
 * OK [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE STARTTLS AUTH=PLAIN
 AUTH=CRAM-MD5 AUTH=DIGEST-MD5 SASL-IR] dell2600.bradcan.homelinux.com Cyrus
 IMAP v2.4.14-Fedora-RPM-2.4.14-1.fc17 server ready
 a1 LOGIN b...@bradcan.homelinux.com wH3x14or
 a1 OK [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE ACL RIGHTS=kxte QUOTA
 MAILBOX-REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT CHILDREN
 MULTIAPPEND BINARY CATENATE CONDSTORE ESEARCH SORT SORT=MODSEQ SORT=DISPLAY
 THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE LIST-EXTENDED WITHIN
 QRESYNC SCAN XLIST URLAUTH URLAUTH=BINARY X-NETSCAPE LOGINDISABLED
 COMPRESS=DEFLATE IDLE] User logged in
 SESSIONID=dell2600.bradcan.homelinux.com-4597-1359054779-1
 a2 LIST  *
 a2 OK Completed (0.000 secs)
 I am at a complete loss to understand how it is possible that mail is
 delivered, but at the same time the INBOX is not being identified during the
 imap session.
 Is there some way to increase the bebug level of imapd ?

Have you enabled telemetry logging for that user?

Does the mailbox in question appear in the mailbox list?

-- 
Adam Tauno Williams  GPG D95ED383
Systems Administrator, Python Developer, LPI / NCLA


Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: Stripping of attachments using Horde 4/IMP 5.

[Adam Tauno Williams]

On Mon, 2012-12-31 at 10:33 +0100, Simon Matter wrote:
  The databases used are:
  -rw--- 1 cyrus mail 144 Dec  9 09:29 ./annotations.db
  ./annotations.db: Cyrus skiplist DB
  -rw--- 1 cyrus mail 144 Dec 30 11:30 ./db.backup1/annotations.db
  ./db.backup1/annotations.db: Cyrus skiplist DB
  -rw--- 1 cyrus mail 1882668 Dec 30 11:30 ./db.backup1/mailboxes.db
  ./db.backup1/mailboxes.db: Cyrus skiplist DB
  -rw--- 1 cyrus mail 144 Dec 30 11:00 ./db.backup2/annotations.db
  ./db.backup2/annotations.db: Cyrus skiplist DB
  -rw--- 1 cyrus mail 1882668 Dec 30 11:00 ./db.backup2/mailboxes.db
  ./db.backup2/mailboxes.db: Cyrus skiplist DB
  -rw--- 1 cyrus mail 18038784 Dec 30 11:30 ./deliver.db
  ./deliver.db: Berkeley DB (Btree, version 9, native byte-order)

I can't image how the delivery database would create the problem you
describe; so I'd doubt it is that.

Irregardless of where the data is physically stored, does the filesystem
pass an fsck?

  I don't have backtrace?  I am using RHEL rpms.

That doesn't in any way prevent you from generating a backtrace.  You
have a core file, just use gdb to generate the backtracr.

 Unfortunately we can also not see what has been changed in the patched
 RPMs you got from RH.
  But, is it OK to use NetApp Storage for /var/lib/imap file system?
 NetApp often sounds like NFS but you told us you are not using NFS but FC
 attached disks? If so I don't know why it shouldn't work exactly as local
 disks would.

+1 An FC or iSCSI attached volume *is* as a local disk.

 But when I hear Horde/IMP I remember a problem that some people hit after
 upgrading Horde/IMP. I don't remember what it was but you should find it
 in the archives. IIRC it has been fixed in the latest version of
 cyrus-imapd.


-- 
Adam Tauno Williams  GPG D95ED383
Systems Administrator, Python Developer, LPI / NCLA


Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: Stripping of attachments using Horde 4/IMP 5.

[Adam Tauno Williams]

On Sun, 2012-12-30 at 12:23 +0530, an...@isac.gov.in wrote:
 Dear experts,
 I had extensive discussion on this issue in Horde/IMP mailing list.   
 Later I reported the problem in RedHat Bugzilla.  The details of the  
 problem are also part of bugzilla.
 https://bugzilla.redhat.com/show_bug.cgi?id=885620
 Though patch for cyrus-imapd was given to me for testing, I was  
 suppose to reproduce the problem in another server.  I am unable to  
 reproduce the problem.  Now, I have a feeling that, the problem may be  
 due to /var/lib/imap residing in NetApp storage (though not NFS).
 I have a feeling, the problem may solve, if I make /var/lib/imap part  
 of OS disk.  Your opinion please...

Are you using Berkley databases?  If it does seg-fault what does the
backtrace look like? [I don't see a backtrace in the bug report, just a
core file; but the core isn't really useful unless one has the same
version of the software].

-- 
Adam Tauno Williams  GPG D95ED383
Systems Administrator, Python Developer, LPI / NCLA


Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: cyrus and Outlook subfolder crawling

[Adam Tauno Williams]

On Thu, 2012-12-13 at 10:43 +0100, Marcus Schopen wrote:
 I've got a problem with a Outlook 2010 client. The client is accessing a
 10 GB cyrus imap account and crawling with high a frequency like crazy
 through each subfolders which fills the mail logfile and causes a
 noticeable higher load. This never stops unless the Outook client is
 closed. I'm not familiar with Outlook and to my mind this is not a cyrus
 problem, but does anybody know to say Outlook to stop this annoying
 behaviour.

Can you unsubscribe from subfolders?  If so, does doing so stop the mad
crawl?  Perhaps there is a folder, or more likely a message in a folder,
that the Outlook client doesn't like - and it is then restarting its
'sync' over and over.

Are Exchange extensions disabled?  I've seen them cause various kinds of
wierdness.

  Tools - Options - Other - Advanced - Options - Add-In Manager -
Uncheck Exchange Extensions property.
  
or

  Tools / Options / Other / Advanced Options / COM Add-Ins/ remove
anything that isnt essential, (we remove everything)

Those may not correspond to your version of Outlook.

Although it may make matters much worse [temporarily] you might want to
turn on telemetry for that user to see if there is a protocol error
somewhere.

But clients just walking folders shouldn't generally drive massive
syslog traffic;  perhaps you are logging mail at the DEBUG level?  Don't
do that, it is better to use telemetry logs selectively.



-- 
Adam Tauno Williams awill...@whitemice.org


Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: Fwd: Too many entries of mystore: reusing txn....

[Adam Tauno Williams]

On Sun, 2012-12-09 at 10:49 +0530, Anant Athavale wrote:

 As you say, the imap DEBUG logs are coming to maillog.  RHEL 6.3 ships
 with Rsyslogd and also it looks like cyrus-imapd is compiled to use
 MAIL_LOG facility.  (I tried local6.info /var/log/imapd.log. but it
 did log anything in imapd.log ).
 I am attaching rsyslog.conf (Not modified).  What I ultimately want is
 'maillog should not contain imap logs.  And imapd.log should contain
 all logs related to cyrus/imapd with only info level logs.  '
 As I could not achieve it in short span of time, I have released the
 system, but, would like to do that in near future.  Any pointers to
 achieve?

Yes.  Give up on syslog.  Seriously.  The model provided by syslog is
very simplistic and kludgy.  Just use syslog as a transport to get
messages into an NMS, and sort, categorize, and record them there.

We send all our syslog messages to ZenOSS.  There syslog messages can be
mapped into categories, prioritized [and discarded], recorded, viewed,
and generate notifications.  And you get a user interface to do it all
in, and a coherent way to backup/restore all your machinations.

Syslog messages from imapd have a tag of imapd, and messages from
postfix have a tag of postfix, which is almost invisible in syslog
itself.  So you have the host of origin, the tag, the facility, and the
level [and the text of the message] all to work with to categorize [and
potentially discard] any way you want.

Obviously you want to discard DEBUG messages as the syslog level - that
is just too much noise for anything.  But a decent host for you NMS can
handle a surprising load of messages.

-- 
Adam Tauno Williams awill...@whitemice.org


Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: Injecting a mail folder into a users inbox/restore from backup

[Adam Tauno Williams]

On Wed, 2012-12-05 at 11:47 +0100, Lars Schimmer wrote:
 Hi!
 Aas I never needed to do it yet, I want to ask for the best way to
 restore users email which got lost...
 Situation: running cyrus on debian with users and mailboxes.
 User deleted on accident a folder in his INBOX (and cyrus did unlinked
 the files and removed the folder from disk already).
 I do backup from the INBOX structures on disk every night (in a basic
 simple way, see it as a snapshot of the mail disks of cyrus).
 Now I need a good way to inject the old folder user.xyz.INBOX.Folder
 into the live cyrus system.
 Is it easier to create a new user and copy with imap client?
 Or just copy the folder content into a new created folder on users inbox?

I typically just copy the message file(s) back, or in this case the
folder, and run reconstruct -r -f -k -s user.dude.  Hasn't failed me
yet.

A more elegant way would be nice, but until there is some type of
dump/restore format, moving files around is what you've got.
-- 
Adam Tauno Williams 
System Administrator, OpenGroupware Developer, LPI / CNA
Fingerprint 8C08 209A FBE3 C41A DD2F A270 2D17 8FA4 D95E D383


Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: Cyrus IMAP 2.3 EOL?

[Adam Tauno Williams]

On Wed, 2012-11-21 at 18:21 +0100, Bron Gondwana wrote:
 On Wed, Nov 21, 2012, at 05:31 PM, Egoitz Aurrekoetxea Aurre wrote:
  Good morning,
  Does Cyrus IMAP 2.3.18 get still supported by Cyrus IMAP team?.
 Just security updates really, why?

Cyrus IMAP 2.4.x is much nicer all around;  if you are on 2.3.x I'd
recommend upgrading.  Other than some re-indexing pain, it is seemless
and leaves you on a considerably better product.


Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: Making sub-folder email reappear after recovery from backup

[Adam Tauno Williams]

On Fri, 2012-11-02 at 11:16 -0400, Gordon Marler wrote:
 Can't find this mentioned in the docs or with any search I've done on 
 the mailing list, so here goes:
 - Upgraded from 2.4.10 to 2.4.16 after losing my 2.4.10 system, but 
 having mail spool backed up
 - After moving to the 2.4.16 system, able to see Inbox for accounts
 - Had to make sub-folders reappear with command like (Thank you mailing 
 list for that tidbit!):
reconstruct -p default -rf user.gmarler.Subfolder
 - Now I can see the Inbox, Subfolders, Sub-subfolders, etc in Thunderbird
 BUT - Only Inbox has visible emails - All of the subfolders appear to 
 be empty, but there are definitely mails in them on the mail spool.
 Looks like I forgot a step somewhere.  Where have I gone wrong?

reconstruct, with the -r [recursive] and -f [examine filesystem for
mailboxes] options.


Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: Problems posting to lists

[Adam Tauno Williams]

On Thu, 2012-10-25 at 16:46 -0200, Rodrigo Abrantes Antunes wrote:
 Hi, I'm using mailman to post to a list but some users don't receive
 the messages, when I post to the list I see this in mail.log for one
 of the members of the list that didn't receive the message:
 Oct 25 08:15:31 srv-mail-pel postfix/smtp[5685]: 243872924C:
 to=vladi...@pelotas.ifsul.edu.br, relay=127.0.0.1[127.0.0.1]:10023,
 conn_use=10, delay=0.83, delays=0.16/0.47/0/0.21, dsn=2.0.0,
 status=sent (250 2.0.0 Ok, id=04503-16-10, from
 MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as CDC1B291F8)
 Oct 25 08:17:27 srv-mail-pel cyrus/lmtp[13074]: duplicate_mark:
 20121025081521.horde.nwzihuv4cn9qire5ncoz...@webmail.pelotas.ifsul.edu.br 
 .vladimir+@.sieve.   1351160247 0
 Oct 25 08:17:27 srv-mail-pel postfix/pipe[5695]: CDC1B291F8:
 to=vladi...@pelotas.ifsul.edu.br, relay=cyrus, delay=115,
 delays=0.04/92/0/23, dsn=2.0.0, status=sent (delivered via cyrus
 service)

Huh, that really looks like it *was delivered* to me.  Are you sure it
isn't really in the mailbox?  Can you go to the user's mailbox [on disk]
and grep the files for the messageID?

NOTE: status=sent (delivered via cyrus service)

 Here is what mailman's people said:
 This message was delivered from Mailman to Postfix and then delivered
 by Postfix to Cyrus, possibly because this was to a local user and
 Cyrus is acting as the LDA, or possibly for some other reason, but in
 any case, if the mail wasn't delivered to the user, this is a question
 for Cyrus.

It is either Cyrus or Postfix [the MTA].  It does look like Mailman is
doing his job.


Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: keep cyrus in sync with cold standby

[Adam Tauno Williams]

On Tue, 2012-10-16 at 17:26 +0200, Marcus Schopen wrote:
 I'm thinking about a strategy to keep my cyrus server (2.2.13 on Ubuntu
 10.04 LTS) in sync with a cold standby server. This hasn't to be a
 live/hot sync and I'd like to keep it as simple as possible. A sync
 delay up to 30 minutes is acceptable for this small setup (250 Accounts,
 80 GB mail storage, 5 emails per minute), but I don't want to stop cyrus
 while doing the snyc.
 Cyrus replication seems to be the most reasonable way, but I'm sitting
 on Ubuntu 10.04 LTS, which comes with cyrus 2.2.13 and I can't find any
 newer backports. Centos 6.x with Cyrus 2.3.16 could be an alternative
 setup, but I'm not sure if 2.3.16 is also to old for stable
 replication. :/

Late 2.3.x [including 2.3.16] were stable.  And the replicate worked.

I'd just use Cyrus' replication.  That way you know you have a
consistent replicate - and you can authenticate to the replica and check
on it if you want, see that yep, it is the same.   Other alternatives
provide a backup you *believe* is good, but you don't know until you try
it, and then you find out it is busted.

 DRBD could be an option but I never had DRBD running within a parallels
 virtualisation (bare metal setup); might be a timing/performance problem
 with a lot of very small files?
 Do I run in bad problems if I just run a simple rsync
 of /var/lib/cyrus, /var/spool/cyrus/ and /var/spool/sieve/ and dump
 mailboxes.db (skiplist) with ctl_mboxlist -d every 30 minutes? Is
 there a way give cyrus a flush of its databases without stopping it?

rsync will work, but if it is against a live instance you may need to
reconstruct before you bring it back up.  It will work 99.44% of the
time but it can be time-consuming and is just adding another step.


Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: DBERROR's

[Adam Tauno Williams]

On Fri, 2012-10-12 at 05:06 -0400, akb427 wrote:
 I have an installation of Cyrus IMAP 2.2.13 on 32-bit linux, with the
 database copied over from an earlier version. 

That is really very old.

 It appears to work just fine, but is sometimes issuing error messages
 of the form: 
 DBERROR: mystore: error storing (long nasty 8-bit string) DB_PAGE_NOTFOUND: 
 Requested page not found

This is probably a Berkley DB thing.  I'd convert your database from BDB
to skiplist, and just get away from BDB forever.  Then upgrade to at
least 2.3, preferably 2.4.

Berkley DB == bugs


Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: Modifying Cyrus IMAP to ease a migration to Gmail?

[Adam Tauno Williams]

  servers and to the systems we have running the GAMME tool.  For the
 custom front-end server I think it should be possible to modify the
 source code that handles the authorization to bypass the normal
 process.

There is no need to modify any code;  SASL can already do this.  A user
can have multiple passwords, so if one of those matches your global
password.

If your Cyrus install supports saslauthd for PLAIN/LOGIN authentication
and saslauthd is using PAM you can add the pam_allow [which always
succeeds] or some other module, PAM modules stack and one can be marked
as 'sufficient'.


Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: branch 2.4 on prod

[Adam Tauno Williams]

On Mon, 2012-09-24 at 23:05 +0200, Bron Gondwana wrote: 
 On Mon, Sep 24, 2012, at 11:30 AM, Deniss Gaplevsky wrote:
  hello,
  i have a question to Brong as main powering force of cyrus development.
  I know cyrus is used at fastmail/opera for serving a lot of users.
  But stable branch 2.4 has a lot of performance related issues - like
  statuscache usage, grisly index lookups, etc - fixed in 2.5 which is not
  stable and not available as tarballs so far.
  Im curious what is the cyrus branch/version in use at Fastmail/Opera
  currently ? How well it is compatible to cyrus 2.4 branch ?
 We're running master + our local patches in production at FastMail.
 You may have noticed a bunch of work last week on master - I'm pushing
 as much time as I can into preparing for a real 2.5 release.  Even if
 it doesn't include everything we want, we can do a 2.6 more quickly next
 time.  

And more frequent, but less monumental, 'major' version jumps is nice,
BTW.  2.3.x -- 2.4.x was a huge [and a bit scary] jump.   Slowly
letting the awesome soak in is preferred.

BTW, 2.4.x may have some warts, but performance is still much improved
over 2.3.x; at least in my experience.


signature.asc
Description: This is a digitally signed message part

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: Email not appearing in list, but files exist on disk

[Adam Tauno Williams]

On Thu, 2012-08-30 at 22:00 -0300, francis picabia wrote: 
 On Thu, Aug 30, 2012 at 5:45 PM, Michael Menge
 michael.me...@zdv.uni-tuebingen.de wrote:
  IMHO the mails have been marked as deleted, but not expunged by the
  webmailer. Most clients will not show these mails by default and some
  (e.g. Horde/IMP) count unread mails which are marked as deleted in the
  summary view.
  By exiting with Thunderbird these messages got expunged.
 Thanks for the response.  I recovered missing files from tape backup,
 did a reconstruct again and now the messages are all there.
 Very strange because usually Horde displays messages ready
 for expunge with a line strike out, and I had tested the view
 from both dimp and imp before doing any reconstruct.

Horde does have a preference [user setting] to hide deleted and (IIRC)
a settings [admin, aka conf.php and lockable prefs.php values] that
effect display-deleted options.


signature.asc
Description: This is a digitally signed message part

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: auxprop ldapdb

[Adam Tauno Williams]

On Tue, 2012-08-28 at 12:46 +0200, zorg wrote:
 the documentation is not very clear to me
 If I want to use auxprop with ldapdb
 Do i have to store my user password in clear in ldap or is the another 
 solution

Technically, no.  Generally, yes.

I have some information  examples concerning ldapdb @
http://www.wmmi.net/documents/LDAP103.pdf [starting around slide 13].

People get uneasy about storing clear-text in the DSA but it doesn't
bother me.  You are either storing it in the DSA or  sending it over
the wire!  Which is worse?  And if someone breaches the security of your
DSA / DC then you are humped anyway.

 For the moment I m using saslauthd.conf but I wonder if I can use 
 auxprop to be more secure

Yes, then you can use much more secure authentication mechanisms such as
digest.  Clear text auth with encrypted stored passwords is like buying
a handgun to protect your home but always leaving the doors and windows
wide open.


signature.asc
Description: This is a digitally signed message part

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: 4096 file descriptors

[Adam Tauno Williams]

On Wed, 2012-08-22 at 14:43 -0400, Ron Vachiyer wrote: 
 Quick question about filedescriptors.  On Centos6, cyrus 2.3.16 seems
 to be able to open 4096 FDs ;
 master[27121]: retrying with 4096 (current max)
 ulimit -a says 1024;
 open files  (-n) 1024
 I am looking to increase this, and have found some documentation
 saying to increse file-max in /proc.  However, file-max already has a
 much larger number;
 cat /proc/sys/fs/file-max
 1201105

Yep

 The only way I have found so far is to add a ulimit -n 8192
 in /etc/rc.d/init.d/cyrus-imapd

man pam_limits

 Is there a more generic/cleaner way to do this?

Yep, you can setup a limits.conf file that adjusts limits per user, per
group, etc... 


signature.asc
Description: This is a digitally signed message part

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Bug#3642, Special Use Folders, Config

[Adam Tauno Williams]

https://bugzilla.cyrusimap.org/show_bug.cgi?id=3642

Regarding special-user folders, how do these folders get flagged as
such?  Or is this not available [really usable] in 2.4?  The bug applied
a patch to 2.4.x but the roadmap lists this for 2.5.


signature.asc
Description: This is a digitally signed message part

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: CC destinations dropped

[Adam Tauno Williams]

On Thu, 2012-07-19 at 19:22 -0400, brian wrote:
 A client of mine is complaining about not receiving certain messages. 
 Her colleague is also being sent them and receives them just fine. She 
 insists that they are not being sent to her junk folder and that she has 
 no filters that might be moving them elsewhere.

You can check for existence of a SIEVE [filter] script
in /var/lib/imap/sieve/{letter}/{username} [you path may vary a little,
but something like that].

You can grep -d recurse
{message-id} /var/lib/spool/imap/{letter}/user/{username}/* to see if it
is really there.  It may be there event if deleted and expunged if
delayedexpunge is enabled.

Otherwise it is almost certainly an MTA issue.

 I believe the problem does not involve postfix, as pipe appears to be 
 sending both. It looks to me as if lmtpunix is looking at just the one 
 address and thinks there's a duplicate. Note the two duplicate_check 
 lines, both of which reference the julia account. I've sent a test 
 message and indeed the duplicate_check again referenced only the julia 
 account again, and admin did not receive it.

Where is the e-mail coming from?  It is possible it really is a
duplicate message-id?  some real-world devices recycle message ids [our
Xerox document centers do].

postfix/pipe[26606]: 66E757A25FC: to=ad...@domain.org, 
 relay=procmail, delay=0.2, delays=0.16/0/0/0.04, dsn=2.0.0, status=sent 
 (delivered via procmail service)
postfix/pipe[26606]: 66E757A25FC: to=ju...@domain.org, 
 relay=procmail, delay=0.2, delays=0.16/0/0/0.04, dsn=2.0.0, status=sent 
 (delivered via procmail service)

delivered via procmail ???


signature.asc
Description: This is a digitally signed message part

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: Globally shared folder

[Adam Tauno Williams]

On Tue, 2012-07-17 at 15:42 +0530, Ram wrote:
 I am using cyrus on linux
 I want to create a folder that has read / write access given to all users.
 Any new user added to cyrus must get access to this automaticall
 Is this possible ?

In cyradm or your other tool just grant permissions to anyone - this
represents any authenticated user.

$ cyradm ...
 setaclmailbox {$yourmailbox} anyone {$rights}


signature.asc
Description: This is a digitally signed message part

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: problem Outlook not recieving mail from mailbox

[Adam Tauno Williams]

On Sat, 2012-06-23 at 07:58 +0800, JonL wrote:
 I'm having an issue where the mail is going to the mailbox and that I
 can verify, but for some reason Outlook 2003 cannot connect to the
 mail server although I can ping from server to client and from client
 to server.  Something is stopping the connection from happening.
 Since I'm fairly new to this would appreciate some help.
 I can telnet to the image server and I only get the  following:
 * OK linux-srv Cyrus IMAP4 v2.2.12 server ready
 Any help would be greatly appreciated

Perhaps Outlook is configured to use SSL [which uses a different port]
or TLS and the server is not configured to support TLS.

[BTW: Both Outlook 2003 and Cyrus 2.2 are very old;  Cyrus 2.2 is
extremely old.]

Have you disabled the Exchange extensions?  These can interfere with
'normal' IMAP connections, especially in Outlook 2003.

Tools - Options - Other - Advanced - Options - Add-In Manager -
Uncheck Exchange Extensions property.





signature.asc
Description: This is a digitally signed message part

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: IMAP error reported by server. Invalid body section.

[Adam Tauno Williams]

On Thu, 2012-06-21 at 13:07 -0300, Rodrigo Abantes Antunes wrote:
 The source from horde3 is exactly the same as horde4

That is expected.  It isn't the message but the interpretation of the
message.  These evil messages contain many named parts separated by a
boundry (the boundry value is declared in the header of the message).
Then parts of a message can refer to other parts of the message.  So
either H4 can't correctly [or incorrectly!] parse the message into parts
by boundry or one part references another part that isn't found.

It would be useful to ask this question on the Horde / IMP mail list.

  and I think all  
 the message parts are there, at least there is a body/body. If you  
 want I can forward you the message to your personal mail.

It isn't body stuff but the parts of the message as they are referred
to in the HTML.


signature.asc
Description: This is a digitally signed message part

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: I/O error moving mailbox

[Adam Tauno Williams]

On Thu, 2012-06-21 at 11:57 +0200, Javier Sánchez-Arévalo Díaz wrote:
 I'm experiencing some problems moving a mailbox from one partition
 (default) to another (part3).
 I have already moved more than 19000 mailboxes from default to
 part3 but I don't know why I'm unable to move 
 user.col1901

If you tail your mail / messages log do you see any messages when you
try to move the mailbox?

 When I try to do It I receive the next error:
 [...]
 localhost renm user.col1901 user.col1901 part3
 renamemailbox: System I/O error
 [...]
 I have checked permissions and even I have given 777 to this mailbox:

It probably isn't a good idea to mess with filesystem permissions.  As
long as everything is owned by your cyrus user it should be just fine.



signature.asc
Description: This is a digitally signed message part

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: IMAP error reported by server. Invalid body section.

[Adam Tauno Williams]

On Wed, 2012-06-20 at 18:20 -0300, Rodrigo Abantes Antunes wrote:
 Hi, I use horde webmail and I thought my problem was related to horde  
 but like they said it isn't, it's something to do with cyrus, I'd like  
 your help to discover what could I do to solve this. My problem is  
 described here:
 http://bugs.horde.org/ticket/11223

If you look at the source of the message [view message source from your
'old' Horde server'] you should be able to tell if all the message parts
actually exist.  Or have you tried viewing the message in Thunderbird or
Evolution?



signature.asc
Description: This is a digitally signed message part

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: Self compiled Cyrus 2.4.16 does not talk to self compiled Cyrus SASL 2.1.25

[Adam Tauno Williams]

On Tue, 2012-06-19 at 11:17 +0200, Eric Luyten wrote:
 (hitting the same wall over and over again when upgrading)
 Cyrus SASL is working/looking in /var/state/saslauthd all
 right, but Cyrus 2.4 appears to be writing elsewhere, and
 we cannot find out where exactly.

Are you sure it is loading your compiled libraries and not your
distributions 'defacto' ones?  [ldd /usr/lib/cyrus/bin/imapd - your
should see a reference to your SASL libraries]

BTW - why are you self-compiling?  Really good packages exist for lots
of distributions.

 Have tried 'saslauthd_path' option in /etc/imapd.conf to
 no avail.

So when you run testsaslauthd it works?

 I pretty much copied our Cyrus 2.3 configuration files over
 to the test environment


signature.asc
Description: This is a digitally signed message part

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: unsubscribe

[Adam Tauno Williams]

On Mon, 2012-05-21 at 11:32 +, Ian Eiloart wrote:
 On 18 May 2012, at 14:45, Adrian Kovacs wrote
 Using the mechansims described in the List-Unsubscribe header:
 List-Unsubscribe: 
 Having said that, European Union countries usually require that the
 mechanisms be easy to use. In my view, that means that they should be
 described in the message footer (not hidden in a header). The more
 obvious paths from the URLs listed in the footer require cyrus.edu
 accounts for unsubscription.

This behavior has been *standard* for decades.  A good mail client even
provides an option - I view a message from the Cyrus list in Evolution
and Message - Maillist - Unsubscribe is right there as an option.

You are using Exchange [ + Outlook? ];  so I'm pretty sure that option
is there on your screen somewhere.

 The argument that list members ought to be able to find the
 List-Unsubscribe header because they're email professionals doesn't
 wash.

You mail client should recognize the presence of this header and provide
an option.   And looking at message headers is hardly a 'profession'
level action.


signature.asc
Description: This is a digitally signed message part

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/

Re: what does cyrus support through ldap?

[Adam Tauno Williams]

On Tue, 2012-04-24 at 11:00 +0200, Martin Kraus wrote:
 Hi. I hoped that cyrus would be managable through ldap but that doesn't
 seem to be the case. Is the cyrus ldap support strictly for authentication?
 It's just that sasl can do that as well. 
 I'd like to know if there are other options to managing mailboxes besides
 calling perl scripts.

I agree that the perl scripts are a pain; but all they do is make IMAP
connections.  You can do just about anything via IMAP.  There are
bindings floating around in Python  PHP as well that 'wrap' those
operations.  Someone using one of these to expose an API via SOAP,
XML-RPC, etc... would be very handy.

  I need to come up with some kind of a graphical
 interface to manage mailboxes and I'm looking for the available options to
 interface with cyrus. 

There is gyrus and support for Cyrus in several of the web-admin type
utilities.



signature.asc
Description: This is a digitally signed message part

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/

Re: (important) cyrus-imapd 2.4.16 released

[Adam Tauno Williams]

On Thu, 2012-04-19 at 11:00 +0100, Jeroen van Meeuwen wrote: 
 Hi there,
 
 I'm forwarding this message posted to the announcement mailing list 
 originally, to let you know any upgrades should target 2.4.16 as opposed to 
 2.4.15.
 
 We are pleased to announce the release of Cyrus IMAPd 2.4.16.
 [1] https://bugzilla.cyrusimap.org/show_bug.cgi?id=3651

The bug contains the comment:
Can we please confirm/deny this only breaks systems with fulldirhash: 1 
configured?

Is the answer to that question Yes;  sites that do not specify
fulldirhash or have a fulldirhash: 0 in their imapd.conf are not
affected and do not need to rehash.

The correct rehash procedure is to execute -
/usr/lib/cyrus-imapd/rehash -v -F /etc/imapd.conf

[at least on my boxes rehash does not have a manual page; and rehash
--help or rehash -? just errors]



signature.asc
Description: This is a digitally signed message part

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/

rehash docs [cyrus-imapd 2.4.16 released]

[Adam Tauno Williams]

 Is the answer to that question Yes;  sites that do not specify
 fulldirhash or have a fulldirhash: 0 in their imapd.conf are not
 affected and do not need to rehash.
 The correct rehash procedure is to execute -
 /usr/lib/cyrus-imapd/rehash -v -F /etc/imapd.conf
 [at least on my boxes rehash does not have a manual page; and rehash
 --help or rehash -? just errors]

There is no mention of rehash on
http://cyrusimap.web.cmu.edu/docs/cyrus-imapd/2.3.16/man.php either.


signature.asc
Description: This is a digitally signed message part

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/

Re: SIEVE Scripts on a shared folder

[Adam Tauno Williams]

Quoting Adam Tauno Williams awill...@whitemice.org:
 On Wed, 2011-12-14 at 11:38 -0500, Adam Tauno Williams wrote:
 Eh, my version is currently -
 cyrus-imapd-2.4.12-2
 cyrus-imapd-utils-2.4.12-2
 Created
 https://bugzilla.cyrusimap.org/show_bug.cgi?id=3617

Is there any special debugging or logging I can do related to SIEVE?


Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/

Re: After being moved, messages remain in both folders on the server

[Adam Tauno Williams]

Quoting Eric Luyten eric.luy...@vub.ac.be:
 On Tue, April 3, 2012 6:05 pm, Mikhail T. wrote:
 On 03.04.2012 12:01, info-cyrus-requ...@lists.andrew.cmu.edu wrote:
 All links are contained within one user's mailbox hierarchy.
 Must be incomplete COPY operations, as Bron suggested.
 I always use Thunderbird's Move option -- never Copy... Yours,
 Thunderbird may have a 'Move' option but the IMAP protocol does not.
 'Moving' a message translates to a COPY followed by an EXPUNGE.

True; but if the server supports UIDPLUS (allowing individual messages  
to be expunged) vs. expunging the entire folder (or not expunging at  
all) - and - the client supports that extensions... then move  
behaves more consistently.  I have no idea if TB supports / uses  
UIDPLUS per-message-expunge.


Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/