Re: What you do with old account
On Tue, 2020-06-09 at 15:51 +0200, Albert Shih wrote:> > After switching to cyrus imap, I think about how to do that. > If I'm correct I cannot just copy the file somewhere else, because cyrus > database would keep the information about the existance of the mailbox, so > what will the «state of the art» way to remove a mail account and all the > mail. > And how what would be the «state of the art» way to put it back ? I create a calendar event [task] to delete the mailbox and otherwise just leave it. If the account itself is disabled it cannot be accessed. Putting things back-into a mailstore is too much of a pain with current storage prices. -- Adam Tauno Williams, awill...@whitemice.org Multi-Modal Activists Against Auto Dependent Development resisting the unAmerican socialists of the Motorist hegemony http://www.mmaaadd.org Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: FWD: Confused about Deleted and Expunged
> I found some entries like: > [...] cyrus/imap[5918]: Expunged 1 messages from > test.tld!user.test.spam > What is the difference between the above entry and the below entry > (lower and capital > expunged)? > [...] cyrus/cyr_expire[14039]: Expired 0 and expunged 0 out of 144674 > messages from 818 > mailboxes > The "Expunged" message should come from some imap-client (don't know > which)? Yes, an IMAP client issued an EXPUNGE. > The "expunged" are from the command line execution of > "/usr/sbin/cyrus expire [...]". This looks for Expunged messages to Expire. It is a three phased delete; which is beautiful. Message Deleted (becomes candidate for expunge) -> Message Expunged (becomes candidate for expiration) -> Message Expired The first two steps are performed by the client/user. The final step is performed by the administrator, expressed via the server's policy as defined in cyrus.conf. Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: FWD: Confused about Deleted and Expunged
> This command seems to work on Ubuntu 18.04. (cyrus-imapd 2.5.10- > 3ubuntu1) > In /usr/sbin there is no cyr_expire but now i found a > /usr/lib/cyrus/bin/cyr_expire > The result is the same, no files were deleted, the log file entry is > the same as when i > use the "/usr/sbin/cyrus expire [..]" command > Can anybody confirm this "/usr/sbin/cyrus expire [..]" command on > Ubuntu? What happens if you su to the cyrus user and try to run the command you see in cyrus.conf ? -- Adam Tauno Williams, awill...@whitemice.org Multi-Modal Activists Against Auto Dependent Development resisting the unAmerican socialists of the Motorist hegemony http://www.mmaaadd.org Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: caldav and invitation
> i ve got this in the log > imip_send_sendmail(t...@test.domain.com): Sendmail process terminated > normally, exit status 0 > But if i look in the calendar of titi or in the mailbox I see nothing (I > ve have been testing with thunderbird and evolution) > There is nothing explaining well how it is supposed to work in the > cyrus documentation so maybe i'm missing something > does someone could explain what to expect when i invite someone in a even Do you have "server handles invitations" in the account setup in Evolution? -- Adam Tauno Williams, awill...@whitemice.org Multi-Modal Activists Against Auto Dependent Development resisting the unAmerican socialists of the Motorist hegemony http://www.mmaaadd.org Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: 2FA and IMAP
On Sun, 2019-04-21 at 23:09 +0200, Marcus Schopen wrote: > Hi, > > a friend wants to restrict access to his mailbox with 2FA. As > webmailer I use Roundcube, which offers a 2FA plugin. But in the end > this is pointless, because besides the webmailer there is also the > native IMAP access available. Is it therefore possible to restrict > the access to a single IMAP account to a certain IP so that this > mailbox can only be accessed via the Roundcube? I doubt it, but maybe. All the authentication stuff is handled by SASL - not really Cyrus - and SASL is deeply configurable. https://www.cyrusimap.org/sasl/ -- Adam Tauno Williams, awill...@whitemice.org Multi-Modal Activists Against Auto Dependent Development resisting the unAmerican socialists of the Motorist hegemony http://www.mmaaadd.org Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Question for upgrading
On Mon, 2018-12-17 at 10:40 +0100, Egoitz Aurrekoetxea wrote: > I think (and say think :) )I finally found a method. Although I'm > testing it deeply... it seems (say seems too :) ) 2.4 is compatible > with a mail spool in 2.3 (at least with my config). So I'll try to > upgrade first to 2.4 and later to 3.0 setting up a replication from > 2.4 to 3.0. Would be fine if Bron, Ellie or someone at Fastmail could > tell something about it to us :) :) Yes, I have performed an in-place upgrade of 2.3 to 2.4. Other than some delay due to index reconstruction it went very smoothly. The only issues I recall is that some users got some deleted messages back after the reconstruct, and there were some mailboxes which lost Seen status; I never figured out why [they were related to that handful of users which somehow always have problems with everything]. -- Executive Committee Vice-Chair Michigan Association of Railroad Passengers 537 Shirley St NE Grand Rapids, MI 49503-1754 Phone: 616.581.8010 E-mail: awill...@whitemice.org GPG#D95ED383 Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: CentOS 6, cyrus-imapd 2.3.16-15.el6, postfix 2.6.6-8.el6, procmail 3.22-25.1.el6_5.1, squirrelmail 1.4.22-5.el6
> Squirrelmail and (local for now) imapd. But I cannot figure out how > to either get cyrus-imapd to either access the local mail spool > (/var/spool/mail) You can't. Cyrus virtuously replaces /var/spool/mail. Postfix delivers mail into Cyrus, which stores it - and the **ONLY** way mail is accessed is via Cyrus (IMAP, POP, JMAP). You should configure Postfix to deliver to Cyrus via LMTP (local mail transport protocol). mailbox_transport = lmtp:unix:/var/lib/imap/socket/lmtp [root@aleph ~]# fuser -u /var/lib/imap/socket/lmtp /var/lib/imap/socket/lmtp: 4611(cyrus) 23327(cyrus) > mailboxes. When I forcably use deliver to try to deliver mail > (manually calling the deliver program, it says the mailboxes don't > exist. cyradm says they do, but cannot reconstruct them or make sub > mailboxes (permission denied). Very strange. What am I missing? I haven't used deliver in decades. Using LMTP avoids all the hazards of old-school 'file processing' Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Cyrus (Sieve) and external programs
> sa-learn would be the way to go, but my spamassassin is not on the > same server as my mailboxes. I tried solution with a common mailbox > and something like fetchmail on my spamassassin machine, but could > not get it to work as I intended. > You are right about learning based on user experience, but as it is a > score based learning I would like to try to see how it goes. Maybe > I'll come to regret it but well... The fetchmail method works. In the spamd home directory create a .fetchmailrc file like: poll aleph.wmmi.net protocol IMAP: user {user} with password {secret} Where {user} is a system account with access to the user.{user}.SPAM folders. Then you want to run: fetchmail --verbose --keep --all --norewrite --folder 'user.{user}.SPAM' --mda '/usr/bin/sa-learn --spam' AS THE "spamd" USER for each user. It works for smallish systems. Easily enough adapted to learn from one centralized folder provided your mail client has an easy way to get SPAM reported messages into that folder. -- Meetings Coordinator, Michigan Association of Railroad Passengers 537 Shirley St NE Grand Rapids, MI 49503-1754 Phone: 616.581.8010 E-mail: awill...@whitemice.org GPG#D95ED383 Web: http://www.marp.org Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: message "unable to setsocketopt(IP_TOS)" in logs
On Fri, 2018-02-16 at 08:55 +0100, Chentao Credungtao via Info-cyrus wrote: > cyrus/master[7082]: unable to setsocketopt(IP_TOS) service > lmtpunix/unix: Operation not supported > cyrus/master[7082]: unable to setsocketopt(IP_TOS) service > notify/unix: Operation not supported It is likely just the configuration of your host/nodes/whatevers. ToS is frequently disabled as it is deprecated. ToS comes from RFC1349 which was obsoleted by RFC2474 and RFC2475. So in many cases the failure of the call is treated as a non-critical event. RFC2474, which obsoletes ToS, was released in December of 1999. Some routers might still pay attention to ToS bits, but probably not. And many routers will rewrite your ToS to zero either way. You can happily ignore these messages. If you want to dig further you will have to try to grant the process the CAP_NET_ADMIN capability, which might make it work. Capabilities are what allow you to do things like run ping as non-root. # sudo getcap /usr/bin/ping /usr/bin/ping = cap_net_raw+ep So you can add the capability to the Cyrus binaries if it is important to you; provided the feature is supported in the underlying OS. sudo setcap cap_net_admin+ep {application} Note that there are potential security issues created by giving applications capabilities. -- Adam Tauno Williams <mailto:awill...@whitemice.org> GPG D95ED383 Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Why Cyrus?
> > I'd say it's the better choice for large-scale deployments with > > tens and hundreds of thousands of users. > Cyrus does not require creating users on the mail server which I > have always believed is a big security plus. +1 Cyrus having its own identity management has been a big plus; the server as kind of a service-sandbox. > > > I use Cyrus because Dovecot did not excist at the time I wanted > > > to go away from Washington IMAP. > > I'm in the same boat. > The same kind of thing for me because there was not much around in > the late 90's in the way of IMAP servers. Same here. I migrated from UW l-o-n-g ago as UW so desperately struggled with large mailboxes. > > Right, but for a new deployment I would at least consider Dovecot. > > I've never administrated a Dovecot server, but it is definitely > > much easier to set up than Cyrus. > I am not so sure about that now. Agree [but, honestly, I've never understood the cyrus-is-complicated bit]. Cyrus is self-contained, which makes it much easier to administer. > I believe Cyrus was designed to solve the mailstore problem at scale > from the outset. This. -- Meetings Coordinator, Michigan Association of Railroad Passengers 537 Shirley St NE Grand Rapids, MI 49503-1754 Phone: 616.581.8010 E-mail: awill...@whitemice.org GPG#D95ED383 Web: http://www.marp.org Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Thunderbird and "Login to server failed".
On Thu, 2017-10-05 at 16:50 +0200, Dr. Peer-Joachim Koch wrote: > Yes, seems to work. (-n 5 -> -n 50 - no problems any more). > Has anybody tried to use -c -t (c = caching, t=timeout for cache). > What about users changing the password I have always used caching; password changes have not been a problem, a negative response invalidates the cache entry. AFAIK it only caches positive attempts. -- Meetings Coordinator, Michigan Association of Railroad Passengers 537 Shirley St NE Grand Rapids, MI 49503-1754 Phone: 616.581.8010 E-mail: awill...@whitemice.org GPG#D95ED383 Web: http://www.marp.org Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: list of IMAP extensions
Quoting Stephen Ingram: Is there a comprehensive list of IMAP extensions supported by Cyrus-IMAP 2.4.x and 3.x? Not the RFCs, but the actual extensions like QRESYNC and THREAD=REFS. So not https://cyrusimap.org/imap/rfc-support.html ? Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Error in /var/log/maillog ...
Quoting "Walter H. via Info-cyrus": on my CentOS6 I see this error Jun 12 08:02:33 mail master[1941]: setrlimit: Unable to set file descriptors limit to -1: Operation not permitted It is normal-ish. It might be useful to look at /etc/security/limits.conf and ulimits in general. Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Problems with paragraph characters in SASL passwords?
On Sat, 2017-05-27 at 10:30 -0300, Patrick Boutilier wrote: > > I am very happy with Cyrus imapd since many years. I am using it to > > host all IMAP mail boxes of my company. I am using SASL and its > > tools (mainly saslpasswd2) for password management. The primary > > IMAP client in the company is Thunderbird. > > As soon as the password contained a paragraph character ("§"), > > Cyrus / SASL refused the connection due to a wrong password even > Works for me from a telnet to port 143 then issuing: > . login > replacing user and password with correct values. > But it does fail in Thunderbird. Yep, I have experienced this type of issue numerous times. A variety of clients fail to correctly encode the authentication credentials - particularly if you are using a chat-expect authorization like PLAIN or LOGIN. To have something that always works it is best to keep usernames and passwords to ASCII/UTF-7. This is not a SASL bug. This is an every-client-rolled-their-own issue. :( -- Meetings Coordinator, Michigan Association of Railroad Passengers 537 Shirley St NE Grand Rapids, MI 49503-1754 Phone: 616.581.8010 E-mail: awill...@whitemice.org GPG#D95ED383 Web: http://www.marp.org Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Did calculating the quota change from 2.3 to 2.5?
> > If you use imapsync, it doesn't know about that, and will upload > > the same message twice. 2.5 doesn't have the smarts to recognise > > that it's the same message. > imapsync can only sync mail the old server knows about. And in the > end there is more quota used on the new server!? > The only explanation is the quota on the old server is broken, isn't > it? No, IMAP doesn't know about deduplication; so imapsync between two servers dededuplicates. imapsync may also repair damaged or missing message headers - meaning the messages are no longer are the same - so a tool like hardlinks will not return you to the same count in du as on the old server. And then there is the [virtuous] issue of delayed expunge. -- Adam Tauno Williams <mailto:awill...@whitemice.org> GPG D95ED383 Systems Administrator, Python Developer, LPI / NCLA Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Migrating mailbox data from Cyrus to MicroSoft Office 365 using their import tool.
On Wed, 2016-06-22 at 17:28 +0200, Eric Luyten via Info-cyrus wrote: > After trying for a couple of days I have come to the conclusion > that the Office 365 IMAP import tool uses the LOGIN authentication > mech while Cyrus requires PLAIN or stronger for proxying to work. > Even when only announcing AUTH=PLAIN in our server capabilities, > Microsoft executes LOGIN ... ... Has anyone gotten this to work using an administrative account [cyrus, for example] and the "optional UserRoot attribute"? It seems ideally suited - but it does not appear to work? EmailAddress,UserName,Password,UserRoot fred@office365domain,cyrus,P@assw0rd,user.fred https://support.office.com/en-us/article/CSV-files-for-IMAP-migration-b atches-187ce085-9a83-4612-80a2-f562b3049fc2 -- Adam Tauno Williams <mailto:awill...@whitemice.org> GPG D95ED383 Systems Administrator, Python Developer, LPI / NCLA Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Xapian search databases
On Thu, 2016-11-03 at 10:47 +1100, Bron Gondwana via Info-cyrus wrote: > Just out of interest - is anyone other than Fastmail currently using > the Cyrus Xapian-based search system? Not using Xapian. -- Adam Tauno Williams <mailto:awill...@whitemice.org> GPG D95ED383 Systems Administrator, Python Developer, LPI / NCLA Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: watching and processing a Spam folder for each user
> While I can see this being a neat built-in feature of a mail server > like Cyrus IMAP, I doubt it exists. I'd be happy to be corrected. Good old fecthmail. fetchmail --verbose --all --norewrite \ --folder 'user.awilliam.SPAM' --mda '/usr/bin/sa-learn --spam' > I wonder if such a beast exists. I'd love any pointers if anyone > knows of such. Yes, you probably already have it installed. -- Adam Tauno Williams <mailto:awill...@whitemice.org> GPG D95ED383 Systems Administrator, Python Developer, LPI / NCLA signature.asc Description: This is a digitally signed message part Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: how to deal with mail retention/archival.
On Fri, 2016-08-26 at 12:11 -0500, Jason L Tibbitts III via Info-cyrus wrote: > > > > > > "GR(" == Giuseppe Ravasio (LU) via Info-cyrus < > > > > > > info-cyrus@lists.andrew.cmu.edu> writes: > GR(> I saw that someone proposed to make a sort of abuse of delayed > GR(> expunge, but I think that in order to comply with regulatory > GR(> retention should be better considering some specific software. > True, but it seems odd (to me, in a situation where I don't have > infinite money) to have basically two mail servers: one which > actually > removes things when the user deletes stuff and one which doesn't. But that is essentially archival - on-the-same-system is not archival. It is also, potentially, still available to be easily changed; which is not good when the intent is retention. > I guess they can be optimized for different things, but it still > seems odd when we already have a server that can store as much mail > as you want, provides a means to access and search it with ACLs for > auditors and such, and of course is already installed and running. Do you want to give auditors access to your production systems? Generally I want to give them the qualifying information and have them go away. > If it were possible to hook the message deletion functions in cyrus > to move things to a different place in the hierarchy and then control > expiry on those differently than the regular folders, it would > probably be sufficient. But that requires code and I don't have the > skills to write it. What you are talking about is "tiered storage". That has been talked about in the past - I don't know if anyone has implemented it. > Certainly not super featureful but frankly > when the lawyers want something, I just dump mail files on them and > let them sort it out. Exactly! So perhaps just dump them out of the system in the first place. -- Adam Tauno Williams <mailto:awill...@whitemice.org> GPG D95ED383 Systems Administrator, Python Developer, LPI / NCLA Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: how to deal with mail retention/archival.
On Fri, 2016-08-26 at 16:13 +, Shawn Bakhtiar via Info-cyrus wrote: > > On Aug 26, 2016, at 8:35 AM, Giuseppe Ravasio (LU) via Info-cyrus < > > info-cyrus@lists.andrew.cmu.edu> wrote: > > I saw that someone proposed to make a sort of abuse of delayed > > expunge, > > but I think that in order to comply with regulatory retention > > should be better considering some specific software. > I don't see how using delayed expunge would really be consider abuse, > the documentation makes mention of its use for this very reason. +1 > We use rsync to make a duplicate of the email spool to a file server > at regular intervals, which eventually makes its way to tape. Same here. And always_bcc to a shared folder which is dumped to an MBOX file via fetchmail at an interval. Those can be archived or even shipped off-site. > Although we don't have regulatory requirements I've had to do a few > recoveries and have done so without problem. I always advise people to be hesitant about "we don't have regulatory requirements" as if you are a legal corporation of any kind, in almost all of the 50 states [United States], you are under data retention rules - even if you don't know it. Which you will discover when you are involved in a law suit - saying "uhh... yeah, we don't have those e -mails" will not be good. > > Finding something in the delayed_expunge folders after many years > > of archive will absolutely be a nightmare! Most states [again the United States] allow a corporation to have on file a documented data retention policy that states how long you retain e-mails; which if you comply with you will be OK. The policy just needs to be 'reasonable'. For example: where I work we say 120 days. No need - at least for legal reasons - to have years of archives. Obviously requirements vary by industry - but almost everyone is actually under some kind of requirement. -- Adam Tauno Williams <mailto:awill...@whitemice.org> GPG D95ED383 Systems Administrator, Python Developer, LPI / NCLA Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: how to deal with mail retention/archival.
On Fri, 2016-08-26 at 10:07 -0400, Alvin Starr via Info-cyrus wrote: > Well the MTA still does not deal with archival because it will need > to be passed through to Yet Another MDA to handle the archival and > management process. I'm not sure what you mean. You can archive to a 'shared' folder or into an MBOX to be processed by something which rotates content. > For the pure archival of the input/output stream including duplicate > deliveries and all spam always_bcc into YAMDA would work. always_bcc and delayed expunge work for us. > In my thinking Cyrus is responsible for the storage and management of > email so archival would be a part of that process. It has to be the MTAs responsibility as Cyrus very possibly does not see *sent* mail; or messages which are somehow otherwise routed. -- Adam Tauno Williams <mailto:awill...@whitemice.org> GPG D95ED383 OpenGroupware Developer <http://www.opengroupware.us/> Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: [POLL] Cyrus ACLs and group names
On Tue, 2015-11-17 at 07:40 +1100, Bron Gondwana via Info-cyrus wrote: > For those of you using Cyrus with group ACLs, how are your groups > named? > I know with the auth_unix backend, they are > 'group:'. What I've seen from CMU's groups is that they > are of the form ':'. Ours are group: -- Adam Tauno Williams <mailto:awill...@whitemice.org> GPG D95ED383 Systems Administrator, Python Developer, LPI / NCLA Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: delprune on a single mailbox
globally in cyrus.conf delprune is set to > > > > delprunecmd="/usr/sbin/cyrus expire -E 1 -X 7 -D 7" > > > > at=0501 > > > > For a single mailbox I don't want to keep deleted mails for 7 > > > > days, > > > > but > > > > expire them immediately or once a day per cron. How to do that? > > > Forogt to say that delete_mode and expunge_mode is set to > > > delayed. > > > Via cron this should work for an immediate cleanup/expire: > > You can set an expire annotation per mailbox. > How do I do that? From cyr_expire manpage: > "The value of the /vendor/cmu/cyrus-imapd/expire annotation is > inherited by all children of the given mailbox, so an entire mailbox > tree can be expired by seting a single annotation on the root of that > tree. If a mailbox does not have a /vendor/cmu/cyrus-imapd/expire > annotation set on it (or does not inherit one), then no messages are > expired from the mailbox." Via cyradm - cyrus.example.com> mboxcfg user.adam expire 365 cyrus.example.com> info user.adam {user.adam}: condstore: false duplicatedeliver: false expire: 365 lastpop: lastupdate: 13-Aug-2008 19:37:31 -0400 partition: default sharedseen: false size: 12325671 AFAIK the annotations supported by cyradm/mboxcfg are: * comment – A free-form text comment or description to be attached to the mailbox. * condstore – This annotation is only supported in the 2.3.x release series starting with 2.3.3 although its use is not recommended until 2.3.8. As of the 2.4.x release series CONDSTORE functionality is enabled on all mailboxes regardless of annotation and attempting to set this annotation will result in a permission denied message. On releases where this annotation is supported setting a value of “true” will enable CONDSTORE functionality1. * expire – If an expire value is provided messages will be automatically deleted from the mailbox once the specified number of days has elapsed. * news2mail - * sharedseen - Enables the use of a shared \Seen flag on messages rather than a per-user \Seen flag. The 's' right in the mailbox ACL still controls whether a user can set the shared \Seen flag. * sieve – In the case of a shared folder the “sieve” parameter specifies the name of a global SIEVE script that will be used for every message delivered to the folder. This value is ignored for personal mailboxes (mailboxes including and subordinate to a user's INBOX). * squat – Flags the mailbox to be included for indexing when the SQUAT process performs index generation. > But is it possible to expunge a message immediately when it's deleted > by client and not with the next expire run? Not if delayed expunge is enabled AFAIK; that would defeat the purpose. -- Adam Tauno Williams <mailto:awill...@whitemice.org> GPG D95ED383 OpenGroupware Developer <http://www.opengroupware.us/> Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: delprune on a single mailbox
On Sun, 2015-11-01 at 14:40 +0100, Marcus Schopen via Info-cyrus wrote: > Am Sonntag, den 01.11.2015, 13:35 +0100 schrieb Marcus Schopen via > Info-cyrus: > > Hi, > > globally in cyrus.conf delprune is set to > > delprunecmd="/usr/sbin/cyrus expire -E 1 -X 7 -D 7" at=0501 > > For a single mailbox I don't want to keep deleted mails for 7 days, > > but > > expire them immediately or once a day per cron. How to do that? > Forogt to say that delete_mode and expunge_mode is set to delayed. > Via cron this should work for an immediate cleanup/expire: You can set an expire annotation per mailbox. Downside is that I believe the annotation will be 'inherited' but subordinate mailboxes; which stinks for some use-cases. > su - cyrus -c "/usr/sbin/cyrus expire -E 1 -X 0 -D 0 -v -p > user.mailboxname" FYI, I believe with the very latest Cyrus the "su -" is unnecessary as it will automatically handle the context change when run as root. -- Adam Tauno Williams <mailto:awill...@whitemice.org> GPG D95ED383 Systems Administrator, Python Developer, LPI / NCLA Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Shared folder permissions
On Thu, 2015-07-30 at 19:09 +0100, John wrote: I set the ACL to lrswiptek and it then shows as lrswipktecd. Have I missed a database migration step at some point in the past? The current server is running 2.4.12 (and I have a project to move it all to 2.5.x soon). Don't use d w if you want fine-grained permissions control; old d, r w imply other permissions. If I recall correctly: d = t+x and w implies d. -- Adam Tauno Williams mailto:awill...@whitemice.org GPG D95ED383 Systems Administrator, Python Developer, LPI / NCLA Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Using Roundcube with cyrus?
On Thu, 2015-02-12 at 00:35 +0100, Marcus Schopen wrote: Am Dienstag, den 03.02.2015, 10:10 -0600 schrieb Patrick Goetz: Argh! That was it. I thought I had removed this, but it must have re-appeared while I was substituting configuration options in and out while trying to get this to work. Thanks so much for your help! For performance check imapproxy too. I've installed imapproxy on roundcube side and connect via openvpn to cyrus on another host. With any webmail interface you will want to use imapproxy. -- Adam Tauno Williams mailto:awill...@whitemice.org GPG D95ED383 Systems Administrator, Python Developer, LPI / NCLA Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: User mail spool partitioning mystery
On Fri, 2015-01-16 at 14:57 -0600, Patrick Goetz wrote: I have a couple of existing cyrus 2.3.16 installs with this partitioning configuration in imapd.conf: defaultpartition: default partition-default: /home/cyrus/mail I create users using cyradm: cm user.myuser and the user mail spool folder has this heirarchy: mail | a | user | auser1 I just assumed that this structure was built in to cyrus; however on my new 2.4.17 install the partition settings in imapd.conf are similar: defaultpartition: default partition-default: /srv/cyrus unixhierarchysep: yes --- (now using this) however all newly created users (cyradm: cm user/myuser) are dumped into a single folder: cyrus | user | myuser I simply can't find any difference in the configuration files that result in this discrepancy. Was the [a-z] partitioning in the 2.3.16 install baked in to the Debian cyrus package I used, say in cyradm? The difference is directory hashing, which apparently you had turned on previously and how have disabled. To get the old behavior I believe you want: fulldirhash: false hashimapspool: true Perhaps the default values changed between these versions. -- Adam Tauno Williams mailto:awill...@whitemice.org GPG D95ED383 Systems Administrator, Python Developer, LPI / NCLA Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: User mail spool partitioning mystery
On Fri, 2015-01-16 at 17:02 -0600, Patrick Goetz wrote: That's it! Thanks for the heads up! I assumed that all the spool hash options only applied when you actually have more than one partition, which I don't. Yep, the phrasing in the man-page is not clear. In the past it has confused me as well. Unfortunately this is going to complicate my ability to use the excellent migration plan outlined by Nic Berstein on 2014-12-19. mailboxes.db will know about the spool files in their old, hashed location, which I'd like to get rid of, since all the mail resides on one physical partition anyway, so having it set up this way just adds unnecessary directory structures. I do not see how they add unnecessary directory structures, the point of hashing is to avoid very large [fat] directories by making the tree deeper and more narrow verses fat and shallow. In some cases [albeit in large part historic] this improves performance due to technicalities of file-system operation. I would recommend just keeping the hashes if that is what you have now. There no significant benefit to eliminating them. -- Adam Tauno Williams mailto:awill...@whitemice.org GPG D95ED383 Systems Administrator, Python Developer, LPI / NCLA Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: cyrus 2.4.17 -- file descriptor limit set to -1?
On Thu, 2015-01-15 at 11:17 +, Geoff Winkless wrote: RLIM_INFINITY is defined as ~0ULL, at least on my system. If it's cast to a signed value, that will come out at -1, no? My problem with systemd isn't that it doesn't work, It works. it's that it's all-pervasive and viral, and forces people who've been using standard unix mechanisms for 20 years to learn something completely different for no visible concrete advantage. There are many advantages, but this is not the place to debate the much-debated systemd. Resource contol on modern LINUX systems is managed via cgroups. This was added to the kernel quite some time ago to avoid all the ulimit nonsense and concomitant hacks. https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Resource_Management_Guide/ch01.html Systemd relies on cgroups. cgroups are a huge step forward and make administration much easier and more flexible. I do not know what distribution you are using but /etc/security/limits is generally still effective as well. If you want to run unlimited change it to: default: fsize = -1 - which has been the correct way to do this for a very long time. As a user rather than a sysadmin it If you are running an IMAP host then you are a sysadmin. -- Adam Tauno Williams mailto:awill...@whitemice.org GPG D95ED383 Systems Administrator, Python Developer, LPI / NCLA Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: LAS shoutout for FastMail
On Mon, 2015-01-12 at 10:28 +1100, Robert Norris wrote: Thanks for the heads up! Its pretty exciting to see all the interest in JMAP :) Is there / will there be JMAP support in/for Cyrus IMAPd? -- Adam Tauno Williams mailto:awill...@whitemice.org GPG D95ED383 Systems Administrator, Python Developer, LPI / NCLA Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: sieve vacation with start and end date
On Sun, 2014-12-28 at 10:20 +0100, Marcus Schopen wrote: does sieve vacation understand a start and end date? Something like this does not work: --- require [date, relational, vacation]; if allof(currentdate :value ge date 2007-06-30, currentdate :value le date 2007-07-07) { vacation :days 7 I'm away during the first week in July.; } --- System: cyrus 2.4.12 on Ubuntu 12.04 LTS It may or may not; depends on what extensions/plugins are activated in your SIEVE. Is the above documented syntax from somewhere? Horde's Ingo application uses regular expressions to match dates in order to implement vacation start/end. I believe date matching in SIEVE is a relatively recent thing, and I am not sure to what level it is implemented [anywhere]. -- Adam Tauno Williams mailto:awill...@whitemice.org GPG D95ED383 Systems Administrator, Python Developer, LPI / NCLA Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: sieve vacation with start and end date
On Tue, 2014-12-30 at 08:39 -0500, Adam Tauno Williams wrote: On Sun, 2014-12-28 at 10:20 +0100, Marcus Schopen wrote: does sieve vacation understand a start and end date? Something like this does not work: --- require [date, relational, vacation]; if allof(currentdate :value ge date 2007-06-30, currentdate :value le date 2007-07-07) { vacation :days 7 I'm away during the first week in July.; } --- System: cyrus 2.4.12 on Ubuntu 12.04 LTS It may or may not; depends on what extensions/plugins are activated in your SIEVE. Is the above documented syntax from somewhere? It looks like there is an open bug. Implement date extension (rfc5260) https://bugzilla.cyrusimap.org/show_bug.cgi?id=3724 Horde's Ingo application uses regular expressions to match dates in order to implement vacation start/end. I believe date matching in SIEVE is a relatively recent thing, and I am not sure to what level it is implemented [anywhere]. -- Adam Tauno Williams mailto:awill...@whitemice.org GPG D95ED383 Systems Administrator, Python Developer, LPI / NCLA Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: restore from cyrdump
On Tue, 2014-12-16 at 16:58 -0600, Patrick Goetz wrote: On 12/16/2014 01:42 PM, Andrew Morgan wrote: I forgot about one additional thing we do - we dump the mailboxes.db to a flat file once an hour via cron. That would allow us to (mostly) recover from a corrupted mailboxes.db file. Just like a full restore, we would need to run a reconstruct on every mailbox, I think. I thought the whole point of reconstruct was to rebuild mailboxes.db, but then I took another look at the reconstruct man page and noticed: -m NOTE: CURRENTLY UNAVAILABLE Rebuild the mailboxes file. Use whatever data in the existing mailboxes file it can scavenge, then scans all partitions listed in the imapd.conf(5) file for additional mailboxes. now it's no longer clear to me what reconstruct does. I guess rebuild the {configdir}/user/prefix/username/cyrus.* files? Yes. If one restores message files to a mailbox folder then reconstruct will add them back in as messages. I have had to do this in the past - but now with delayed expunge... I cannot remember the last time I needed to use it. It was more commonly used back when Cyrus IMAPd was somewhat less awesome than it is now. As of 2.4.x I've used the dumps primarily just as (a) paranoia and (b) change auditing. I have put back annotions and some other small stuff by looking at dumps. I doubt it has much role in a full-restore unless you are trying to recover from corruption [which I have experienced in the past due to a crappy EMC storage controller, not fun]. -- Adam Tauno Williams mailto:awill...@whitemice.org GPG D95ED383 Systems Administrator, Python Developer, LPI / NCLA Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Possible to authorize as different user?
Quoting Steinar Kaarø steinar.ka...@ntnu.no: A related feature in Cyrus does not seem to work as stated in the man page: imapmagicplus: 0 Only list a restricted set of mailboxes via IMAP by using userid+namespace syntax as the authentication/authorization id. Using userid+ (with an empty namespace) will list only subscribed mailboxes. Providing a namespace after + does not have any effect, and a comment in the source says that this is not implemented. You should file a bug if that is the case. I have never heard of such a feature. Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: annotation_definitions and other options in imapd.conf
Quoting Patrick Goetz pgo...@mail.utexas.edu: This is from the imapd.conf man page: annotation_definitions: none File containing external (third-party) annotation definitions. - Does anyone have any idea what this means or what this is used for? Defining custom annotation strings? The server does not let you stuff anything the client wants into the annotation database, it has to be a an approved string. Also, there are any number of options in imapd.conf that don't make any sense to me. For example, auth_mech: - Isn't this handled by SASL? Partially, yes. Don't forget that identity management is AAA - three As, not one. Authorization, Authentication, Accounting. autocreatequota: If nonzero, normal users may create their own IMAP accounts by creating the mailbox INBOX. The user's quota is set to the value if it is positive, otherwise the user has unlimited quota. - How can you create an INBOX if you don't already have an IMAP account? There is no such thing as an IMAP account (again AAA not A). You authenticate to the IMAP server, and then you create a mailbox. Or the administrator has provisioned one of the auto-create patches. defaultacl: anyone lrs The Access Control List (ACL) placed on a newly-created (non-user) mailbox that does not have a parent mailbox. - That sounds interesting; how does one go about creating a non-user mailbox? ??? A shared mailbox. See sharedprefix. I suggest you need to spend a bit more time with Cyrus and general IMAP documentation. implicit_owner_rights: lkxa: The implicit Access Control List (ACL) for the owner of a mailbox. - Why wouldn't the default include t? It seems weird that owners can deleted mailboxes but not messages by default. I've never had occasion to set such a directive. But some people have bizarre configurations or need to support broken e-mail clients. ldap_* options - Again, I thought all authentication is handled by SASL? Again, it is AAA not A. In the debian version of /etc/cyrus.con, this comment appears: # this is only necessary if idlemethod is set to idled in imapd.conf #idled cmd=idled - idlemethod is not a listed option in `man imapd.conf` Is this a current version of Cyrus? I suspect this is a bit of Debian fossilization. Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Possible to authorize as different user?
Quoting Steinar Kaarø steinar.ka...@ntnu.no: Is it possible to authorize as a different user when logging into Cyrus using an ordinary mail client? From what I understand this is only Is it possible to authorize as a different user when logging into Cyrus --- Yes, that is just SASL. Do this all the time. using an ordinary mail client --- Almost certainly not. possible in Cyrus when using SASL PLAIN, but are there any clients that support the authorization part of the PLAIN mechanism? None that I am aware of. Probably Mulberry did, as it supported *everything*; but is very moribund if not simply gone [licensing was always bizarre]. Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Cyrus-imapd can't find my mail
On Fri, 2014-09-12 at 14:03 -0700, John Oliver wrote: I'm pretty certain this is because it just doesn't know where to look, but I'm not sure how to tell it :-( I was using http://www.linuxmail.info/postfix-dovecot-ldap-centos-5/ as a guide, but needed to switch to cyrus-imapd I think cyrus doesn't know how to look in /var/vmail/ as the vmail user. cyrus doesn't know how to look in /var/vmail/ as the vmail user Neither does a dolphin know how to fly; that documentation is not about Cyrus. Try reconstructing the mailbox after you put message files back. sudo -u cyrus /usr/lib/cyrus-imapd/reconstruct -r -k -f user.fred Paths may vary based upon distribution and packages. Use the Cyrus documentation available @ http://cyrusimap.org/docs/cyrus-imapd/ and/or take a look at the Cyrus chapter in my `book` @ http://sourceforge.net/projects/coils/files/WMOGAG.pdf/download Comments on documentation are appreciated. Writing documentation is hard - feedback helps; sometimes if you understand something your explanation has holes only the less advanced reader can point out. -- Adam Tauno Williams mailto:awill...@whitemice.org GPG D95ED383 Systems Administrator, Python Developer, LPI / NCLA Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Mail not visible after restore from backup.
On Mon, 2014-09-15 at 10:12 -0400, Tom Plancon wrote: I inherited this installation, unfortunately! I'm running reconstruct inside cyradm. Running version inside cyradm I get this: I do not believe that way of accessing the reconstruct feature supports options. Use the reconstruct utility. sudo -u cyrus /usr/lib/cyrus-imapd/reconstruct -r -k -f user.fred Paths may vary based upon distribution and packages. I believe this in covered in the Cyrus documentation available @ http://cyrusimap.org/docs/cyrus-imapd/ and/or take a look at the Cyrus chapter in my `book` @ http://sourceforge.net/projects/coils/files/WMOGAG.pdf/download Comments on documentation are appreciated. -- Adam Tauno Williams mailto:awill...@whitemice.org GPG D95ED383 Systems Administrator, Python Developer, LPI / NCLA Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: imap cyrus
are you telling me that cyrus-imap does not work together with qmail-ldap ? Are you serious ? Please let's keep the discussion on the mailing list. And please do not top-post. Frankly speaking, I do not care for qmail-ldap. qmail is a software dead since over a decade. Postfix maps can almost certainly emulate whatever qmail-ldap is doing. My point was that the mail structure cyrus-imapd uses is not Maildir. +1 Cyrus is *not* Maildir. -- Adam Tauno Williams mailto:awill...@whitemice.org GPG D95ED383 Systems Administrator, Python Developer, LPI / NCLA Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: replication
On Mon, 2014-04-21 at 22:34 +0600, Eugene M. Zheganin wrote: If I'm using replication, and master goes offline for a moment, and I have some mail delivered on replica (from SMTP, beacuse I kinda have SMTP configured to deliver on localhost, and IMAP master is also a CARP master), how do I handle this situtation when master is back online (and the mail starts to be delivered on master, and some mail is technically lost, because it's on replica) ? If this happens, and you cut-over mail delivery, the slave should become the master. They should flip roles. Cyrus replication is not multi-master [at least not yet - that will be an awesome day]. -- Adam Tauno Williams mailto:awill...@whitemice.org GPG D95ED383 Systems Administrator, Python Developer, LPI / NCLA Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: cyrus sieve redirect action and SPF
On Thu, 2014-04-17 at 12:27 +0300, Deniss wrote: Original envelope From of an email is used when redirect is set in sieve to resend the mail to another email address. This plays bad with SPF. May be the mails should be send from user's own email while 'Reply-To:' header become set to point to the original sender ? But then it wouldn't be redirect anymore; a feature of redirect is that it does not monkey about with the message. What you want is a forward action. -- Adam Tauno Williams mailto:awill...@whitemice.org GPG D95ED383 Systems Administrator, Python Developer, LPI / NCLA Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Outlook 2013
On Thu, 2014-02-27 at 21:58 +0100, Paul van der Vlis wrote: I would like to tell that I got some private mails telling that Outlook 2013 does not work well with imap. I have several users using Outlook with Cyrus IMAPd; it works without issue. At least from 2003 and later. One tip is to disable Exchange extensions, but other than that no hacking is required. -- Adam Tauno Williams mailto:awill...@whitemice.org GPG D95ED383 Systems Administrator, Python Developer, LPI / NCLA Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Sieve service terminated abnormally
On Thu, 2014-02-27 at 15:34 -0300, Fabio S. Schmidt wrote: I'm running Cyrus 2.4.14 with Aggregator and this messages appears several times on my frontend logs: service sieve pid 10238 in BUSY state: terminated abnormally I have not seen that message. Do you end up with a core file? What does this mean? Do I have to increase the maxchild for the sieve service or my clients are doing something wrong? Are you clients unable to connect after this message? -- Adam Tauno Williams mailto:awill...@whitemice.org GPG D95ED383 Systems Administrator, Python Developer, LPI / NCLA Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: mail archiving -- large mail stores [mailpiler]
On Wed, 2014-02-05 at 06:35 +0100, mayak wrote: hi all, i just ran across this project: http://www.mailpiler.org is there an argument to do that, or just create an archive user in cyrus that has a multi-multi gigabyte mail drop? Thanks for the link, that looks very interesting; but I'd just have Postfix shove a copy of every passing message into the service. Not sure that Cyrus would play a role in archiving. I have archived to Cyrus in the past but the mailboxes become truly enormous rather quickly when accumulating all mail. And Cyrus's indexing services do not really seem up to indexing an entire year's etc.. pile of mail. Have you tried mailpiler yourself? -- Adam Tauno Williams mailto:awill...@whitemice.org GPG D95ED383 Systems Administrator, Python Developer, LPI / NCLA Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Help on quota usage.
On Fri, 2014-02-14 at 13:56 +0100, Eric Luyten wrote: On Fri, February 14, 2014 1:30 pm, mayak wrote: On 02/14/2014 12:41 PM, Anant Athavale wrote: for one user, the lq user.xx is showing 1.6 GB, where as actual usage on file system is less than 1 GB. I want to know, how can get where is the additional quota sitting in /var/spool/imap partition for user xxx. The underlying filesystem MAY have compression capabilities, which will most certainly lead to 'du' returning a lower value than Cyrus 'list quota'. +1. The utilization of the underlying storage and the value calculated by Cyrus may not correspond 1:1 for a variety of reasons [although, I guess one might expect them to the close-ish - unless delayed expunge, deduplication, etc... features are used]. I have seen the filesystem and Cyrus quota values differ into both directions [fq fq] for apparently valid reasons. Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Protecting message files acess even from root
On Sat, 2014-02-01 at 11:38 -0200, Fabio S. Schmidt wrote: Thanks Sven, I really appreciate your considerations, especially about the encryption of the SMTP traffic. I will test Mandatory Access Control (MCS), like Se-linux(YES, I know that NSA wrote it) or Apparmor for instance, and customising SUDO: http://pubs.gpaterno.com//2009/protecting-confidential-files-selinux-2009.pdf Sorry for not being specific from the beginning, but this research is for a government e-mail system, and we really need to ensure that even administrators cannot access the messages, encrypted or not. Please come back with what you discover. This is an interesting question. Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: MDOSEQ per Mailbox setting
On Fri, 2013-07-05 at 09:41 +0200, lst_ho...@kwsoft.de wrote: Is this list dead or the question not clear/interesting? I have not seen a single post beside me?? There are regular, at least daily [on average], posts to this list. What is the question? Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: MDOSEQ per Mailbox setting
On Fri, 2013-07-05 at 12:47 +0200, lst_ho...@kwsoft.de wrote: Zitat von Mogens Melander mog...@fumlersoft.dk: A search on google for MDOSEQ return only your post to the list. A grep for MDOSEQ in the source for cyrus-imapd-2.4.16 does not reveal anything. The word MDOSEQ was not anywhere in the source tree. Sh... Typo in the subjet. It should be MODSEQ of course as described in the first mail to the list. http://tools.ietf.org/html/rfc4551 I believe this falls under the label condstore in Cyrus [???]. In 2.3.x you could toggle it on via mboxcfg in cyradm per-mailbox. In Cyrus 2.4.x it is just on. Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Cannot see entries in folders when using MS Outlook 2013
On Mon, 2013-04-15 at 09:56 +0200, Ulrich Jakobus wrote: Thanks, Janne, but this is not the problem (we have set these XLIST based on this blog, but this affects only the names and usage of special folders). Possibly Exchange Extensions are enabled? I don't know if this still applies to Outlook 15 but I have seen extensions create some bizarre problems over the years. Tools - Options - Other - Advanced - Options - Add-In Manager - Uncheck Exchange Extensions property. Outlook2003/Tools/Options/Other/AdvancedOptions/COM Add-Ins/ remove anything that is not essential The problem is rather that I cannot see any e-mails in any folders (i.e. special folders but also any other folders) on the server and local e-mails (when manually copying in there) are not copied back from client to server when using Outlook 2013 and Cyrus 2.4.9, it works fine with Outlook 2010 and Cyrus 2.4.9 and Outlook 2013 also worked fine with our previous version of Cyrus 2.2.13. Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: How Do i get last lgin date for all my users
On Sat, 2013-04-13 at 12:56 +0100, Charles Bradshaw wrote: Attached is a little perl script which parses /var/log/maillog and lists the last time users logged in. This seems very unreliable, slow, and hacky. When I login to my e-mail the system typically tells me the last time I logged in [at least to that app]. Doesn't the meta-data in the IMAP server 'know' this information? The underlying authentication system [PAM via lastlog, etc...] might also have this information. If your authentication system is LDAP then the DSA might know this as well. Assuming Linux?UNIX, log onto the machine, run the command: last This does only work, if IMAP users are system users - which most of the time is not the case. Yep. Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Conversion from maildir to Cyrus
On Wed, 2013-03-27 at 21:15 +0100, Paul van der Vlis wrote: A customer asks me to convert an excisting installation what uses Evolution, pop3 and maildir to Cyrus. When I would copy the files and run reconstruct or use deliver I expect to loose the flags like read. Not necessarily, those can be explicitly applied via IMAP. I believe the imapcopy / imaputils project(s) have some maildir-to-imap migration tool, maybe. I remember something like that. For POP - there aren't really any flags, except maybe seen, but that depends on the provider. What would be a good way to convert this? It's about 100+ users who are all on one server. Would it be an idea to install an imap server like Courier or Dovecot what can do maildir and then use imapsync to Cyrus? Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: MD5 Passwords in MySql?
On Tue, 2013-03-26 at 10:17 +, Charles Bradshaw wrote: Thanks Guys I think it's finally sunk in. DIGEST-MD5 and CRAM-MD5 are mutually exclusive with hashed passwords. D'oh! I think I even posted that fact in answer to a previous thread. No problem, it happens to us all. Yesterday I posted two messages to lists relating to issues that as soon as I posted them I found the answers right there in the documentation. Right there! I swear I had already looked twice. Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: MD5 Passwords in MySql?
On Mon, 2013-03-25 at 11:40 +, Charles Bradshaw wrote: Yes I understand and accept the weakness of MD5. In the world of exponentially increasing processing power there will always be weakness, of ANY scheme. The question is not however about the efficacy of encryption methods! It's about how to achieve password hashing in a mysql database. I have indicated how to use AES. Its' strength however is compromised by the necessity of revealing the key in many places. I would be most great-full, if anybody KNOWS: Is there a way to store MD5 hashed passwords when using the mysql plugin? I have no clue. BUT I still wonder what the end-goal is. If you are actually worried about theft of the underlying database then it would seem volume encryption is the correct answer - encrypt the entire database, on disk. That isn't hard and doesn't require modification of any software. Anyway, storing essentially clear-text credentials in the authorization database (be it a KDC, an LDAP server, an Active Directory server, etc...) is normal, accepted, and common. Most worthwhile authorization schemes require an 'effectively' clear-text secret on both ends. Guard the credential database and ensure communication channels are secure [encrypted]. Make /etc/passwd useless is an abandoned meme, you cannot win that fight. Security through obscurity is always a bad principle. No one here is recommending that or stating that it is. On Mon, 2013-03-25 at 08:59 +1030, Daniel O'Connor wrote: On 25/03/2013, at 7:33, Charles Bradshaw b...@bradcan.homelinux.com wrote: That seems very wrong to me. It might be a kludge, but it's not wrong. It avoids storing plain text passwords, which are always a risk. The purpose of MD5 digest is to make passwords truly private to the user. Not even root knows users passwords when stored in shadow(MD5). The only risk to shadow passwords is a brute force attack which is relatively easy to detect and foil. FYI a single round of MD5 is considered quite weak these days. The whole point of hashing a password is to make it difficult to find a password if the password DB is leaked. MD5 is no longer sufficient for this (even with salt). A modern GPU can brute force billions of passwords per second and humans suck at generating them. Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: MD5 Passwords in MySql?
On Mon, 2013-03-25 at 17:03 -0500, Scott Lambert wrote: On Mon, Mar 25, 2013 at 09:32:16PM +, Charles Bradshaw wrote: Andy Thanks for the link. If you read on you will see that while PAM allows storage of encrypted passwords in mysql, DIGEST-MD5 and CRAM-MD5 can then NOT be used. That's definitely as step in the wrong direction. I'm coming to the conclusion that I need understand the code well enough to add something to cyrus, but sadly I'm just too old to grok the tangle of C. Basically, Digest-MD5 and CRAM-MD5 avoid passing the cleartext password across the wire by hashing something with the cleartext password. These authentication methods require that the cleartext password be known (or at least recoverable) by the server and the client. Yep, which was pointed out originally. If the cred store is encrypted it needs to be a two-way crypt [can be decrypted]. So you basically have a crypted filesystem store anyway. Therefore, the server cannot be using a non-reversible hash of the password for its password store. You can store cleartext passwords in your password database and avoid passing passwords in cleartext across the wire. OR You can store hashed passwords in your password database and pass cleartext passwords over the wire, hopefully inside an SSL/TLS connection. +1 If you use crypted MD5 hashed passords in your database, you will have to disable Digest-MD5 and CRAM-MD5 in your SASL auth mechanisms. My system is not running in that configuration so I am not certain that you can tell saslauthd to use a mysql database for encrypted password storage. I use saslauthd to a PostgreSQL database that stores crypted passwords - but it can only do PLAIN/LOGIN in that configuration, none of the newer mechs that all the cool kids are using. Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: MD5 Passwords in MySql?
On Sun, 2013-03-24 at 14:21 +, Charles Bradshaw wrote: In my /etc/imapd.conf I'm using: sasl_auxprop_plugin:sql sasl_sql_engine:mysql I want to store MD5 hashed passwords in my database. Is this possible? I would *assume* that the database doesn't much care about the hashing/encoding of the password/secret - I'd *assume* it just stores and retrieves it. Concerns for the validity of the secret are up-the-stack, is SASL proper, and not in the storage plugin. I could be wrong; I've mostly dealt with storing credentials in LDAP. I was thinking about modifying the sql plugin to MD5 the password before comparison, but... That seems wrong to me. Can't you just tell SASL via configuration that you want to use MD5? I'm no C programmer so understanding sql.c (the plugin source) is quite beyond me. It looks as though we just check for the presence of the password and don't actual compare passwords! Surely I'm wrong here? That is what I would *assume* it does. And correctly. I could use a symmetric encryption, eg AES, and place the necessary decrypt in the sasl_sql_select statement, but that seems a bit pointless since the key is now visible in various logs. That seems very wrong to me. I wonder why you care are credentials are stored; is SASL authentication not working? Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Fwd: Public Key for Cyrus IMAPD
On Wed, 2013-03-20 at 09:23 +0800, Gene Leung wrote: It seems no one care about the public key. Then, why still put the signature file there for download? Or any other way for verify the integrity of the download. no one cares is a bit harsh for 24hrs without a response. This list is primarily people who use / administer Cyrus IMAPd. And I'd wager most of those people use Cyrus from a package. Packagers are ones who care most about things like checksums, and they probably don't pay much attention to this list. I also wouldn't be surprised these days if packagers didn't work directly from a git checkout and just skipped the tgz. Any where I can find the pubic key for verify the files downloaded of the Cyrus IMAP software? Anyway, nope, I do not see a checksum/sumkey at ftp://ftp.cyrusimap.org/cyrus-imapd/ Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Good webmail client software for cyrus?
On Sun, 2013-03-10 at 20:08 +, Charles Bradshaw wrote: I am now researching how to provide a HTTP (webmail style) MAU as an alternative to a bunch of IMAP feature lacking, or otherwise broken, desktop user agents. I also need to source a GUI mailbox/password server management tool. Currently I'm using MySql Workbench for password management and cyradm command line for mailbox configuration. Horde probably provides everything you are looking for; it is VERY feature-complete, standards compliant, and well supported. http://www.horde.org/ I'm hoping to combine the above management features in one web enabled system. I see Zimbra and roundcube. The former commercial, the latter open source, appear to provide the required technical solutions. Although it is slightly unclear that either provide configurable password management capable of interfacing to MySql. Horde's user / group / password support is extremely flexible. Neither of the above are ideal. The first because it isn't open source. The latter because it is written in PHP. A paradigm I am too old to become proficient in. PHP is the platform of just apps. AFAIK there is no supported / current webmail interface in Java / .NET. PHP is nothing to be afraid of, it is simple to deploy and support; certainly more so that Python or other web-server alternatives. I have two questions therefore: First has anybody got any insight into any other good open source solutions? Horde. Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: imap client that supports passing authorization id
On Mon, 2013-02-25 at 11:08 +0100, Rudy Gevaert wrote: Hello cyrus users, Do any of u know of any desktop imap-client, but not mulburry, that supports passing the authorization id? I am not aware of any. Neither am I aware of any that support IMAP ACLs [settings, viewing, etc...] or SIEVE. Very sad. If someone else knows of any I'd love to hear about it. Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Cyrus 2.5
On Wed, 2013-02-13 at 12:45 +1100, Greg Banks wrote: On Wed, Jan 30, 2013, at 11:04 PM, Bron Gondwana wrote: On Wed, Jan 30, 2013, at 07:06 PM, Pepe Charli wrote: Hi Is there any estimate about when we can expect cyrus 2.5? Soon, honestly. We keep getting caught up with other things. Will it include the search engine based on Xapian? Probably not. Definitely not. The Xapian support is based on a large lump of work which adds a completely new message_t object API. This is far too large a change to be pushing into 2.5 at this stage. This is how far ahead the fastmail branch is relative to cmu/master: 150 files changed, 41392 insertions(+), 4627 deletions(-) Also, we want to get some more operational experience with Xapian before inflicting it on other folks. If you're adventurous the code is out there at https://github.com/gnb/cyrus-imapd/tree/fastmail It's time to draw a line in the sand and throw 2.5 over the fence, Absolutely. Agree, there is some great sounding stuff in 2.5.x already. FYI, I'll throw in a case of beer to anyone who closes this one - https://bugzilla.cyrusimap.org/show_bug.cgi?id=3617 http://www.freedomsponsors.org/core/offer/187/sieve-scripts-assigned-to-folders-are-not-executed -- Adam Tauno Williams GPG D95ED383 Systems Administrator, Python Developer, LPI / NCLA Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Single sign on with NT Login
On Thu, 2013-02-14 at 11:57 +0530, Ram wrote: I need to implement NT Login such a way that if a user is logged in to the desktop , he is also automatically logged in to the email server ( when using outlook / thunderbird etc) I need to replicate how outlook works with Exchange. The users may use windows login from any desktop and he is auto logged in to his own email account This is primarily a client support issue and an issue of how your domain is configured. If you really are using an NT4 domain then you may be able to get NTLM authentication to work; at least with Outlook. That can provide single-sign on. Aside: if you are really using an NT4 domain - upgrade, yesterday. If you are using an Active Directory domain then use Kerberos / GSSAPI. This would work, no problem. Kerberos rocks! -- Adam Tauno Williams GPG D95ED383 Systems Administrator, Python Developer, LPI / NCLA Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Reconstruct a Single Folder
On Mon, 2013-02-11 at 13:56 +0100, Kaiser Martin wrote: I have a Problem to reconstruct a Single folder. If I run, sudo -u cyrus /usr/lib/cyrus/bin/reconstruct -fr user/wieder/cc I see this error user.wieder.cc uid 1 not found user.wieder.cc uid 2 not found user.wieder.cc uid 3 not found user.wieder.cc uid 4 not found user.wieder.cc uid 5 not found Do the corresponding files exist? Such as 1., 2.? -- Adam Tauno Williams GPG D95ED383 Systems Administrator, Python Developer, LPI / NCLA Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Can anyone explain localhost phenomenon?
On Sun, 2013-02-03 at 15:42 +0100, Gabor Gombas wrote: IIRC MySQL tries to use an UNIX socket instead of TCP for connecting to the server when it sees the localhost string. If e.g. sendmail runs chrooted, then it won't see the MySQL server's socket, therefore it won't be able to connect. What happens if, instead of the literal localhost, you say 127.0.0.1. Hi-jacking the localhost string seems wrong, but it might be accepted/well-known behavior at this point. And possibly buried in the MySQL library [and not in SASL; in fact, I'd wager that is true. Shortcuts and general funny-business is pretty much MySQL's primary prerogative]. Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Can anyone explain localhost phenomenon?
On Mon, 2013-02-04 at 12:19 +, Charles Bradshaw wrote: On: Mon, 04 Feb 2013 06:29:56 -0500, Adam wrote: On Sun, 2013-02-03 at 15:42 +0100, Gabor Gombas wrote: IIRC MySQL tries to use an UNIX socket instead of TCP for connecting to the server when it sees the localhost string. If e.g. sendmail runs chrooted, then it won't see the MySQL server's socket, therefore it won't be able to connect. What happens if, instead of the literal localhost, you say 127.0.0.1. Hi-jacking the localhost string seems wrong, but it might be accepted/well-known behavior at this point. And possibly buried in the MySQL library [and not in SASL; in fact, I'd wager that is true. Shortcuts and general funny-business is pretty much MySQL's primary prerogative]. Yes 127.0.0.1 instead of localhost works... it's down to somebodies ghost in the machine then! rant No, don't blame the ghosts, they are innocent. This behavior is the fault of an idjit; somebody very much alive built that behavior into libmysql, believing they were being clever. This HACK has cost hours to innumerable people who assume what is in a config file means what it obviously should mean - only it doesn't. /rant -- Adam Tauno Williams GPG D95ED383 Systems Administrator, Python Developer, LPI / NCLA Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: alternative login names
On Mon, 2013-02-04 at 14:25 +0100, Wolfgang Rosenauer wrote: I actually needed a pointer into the right direction and I guess that is one. I've never used sasl ldapdb though and I have a hard time figuring out how and what to do. I have some examples for using ldapdb @ http://www.wmmi.net/documents/LDAP103.pdf From the documentation I found it's also not clear to me if a crypted userPassword as I use in my LDAP can be used in that setup. H. I can't recall off the top of my head. I believe it SHOULD be possible to do LOGIN/PLAIN auth via ldapdb. If I understand correctly all the hard work to match usernames in done via some regexp which should be powerful enough to let me search the login name in uid and mail attributes? Yes, the matching regex is key. And confusing, at first. Or did you actually refer to a different mapping in LDAP? Is there some sort of HOWTO somewhere or is all the information really spread in openldap, sasl and imapd documentation only? Maybe the above PDF will help? -- Adam Tauno Williams GPG D95ED383 Systems Administrator, Python Developer, LPI / NCLA Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Need guidelines on how to migrate a Cyrus-Imapd server
On Mon, 2013-02-04 at 15:01 +0100, Thibault Le Meur wrote: Le 01/02/2013 17:03, Thibault Le Meur a écrit : Thanks for the hints I'll go the rsync way then... pity I would have loved to understand what kind of file is to be fed to the sync_client -u -f command, in order to give it a try.. Replying to myself, According to an old thread (http://lists.andrew.cmu.edu/pipermail/info-cyrus/2007-September/026772.html), the file format is: USER $username USER $username2 It is also confirmed that the only way to have singleinstancestore preserved is to run the sync_client with the -f option so that all synchs are done in the same run. However it seems that the cache which is used to detect the duplicates is rather low (UUID cache on the server side: 1000) so that single intance deduplication may not be very efficient. Unless this has changed, I agree that the best way to initialize the replica is to use rsync and then convert the databases. I'll give it a try. Correct, from a thread in 2007: quote Message UUIDs are used to replicate the single instance store (see docs/text/install-replication). This won't have much effect when you first replicate a mailstore as sync_server in 2.3 only tracks the last few thousand messages that have been uploaded. It becomes much more effective when a replica has been seeded and you switch to rolling replication. /quote quote sync_server maintains a fairly modest UUID cache on the server side: 1000 messages in 2.3. A restart is negotiated after each UPLOAD command. /quote It really does seem best to seed the replica, initially, via rsync [WATCH THOSE PERMISSIONS!] then to engage rolling replication - the replica should become current. Something like - rsync \ --verbose --recursive \ --perms --owner --group --times \ --links --hard-links --delete \ $master:$root $replica:$root I also like the --numeric-ids assuming your uidNumber/gidNumber is the same between systems. That saves a lot of pointless NSS calls. -- Adam Tauno Williams GPG D95ED383 Systems Administrator, Python Developer, LPI / NCLA Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Restrict access to a single client device
On Fri, 2013-02-01 at 14:31 +0530, Ram wrote: On 02/01/2013 01:20 AM, Dale J Chatham wrote: You use SMTP authentication through postfix or sendmail. Google [ mail authentication relay ] and you should find lots of howtos. I'm setting it up to use a sasldb to authenticate external users in order to keep them apart from UNIX users. Be very certain that you use STARTTLS or some form of authentication for email. Also, if you're allowing internet access to e-mail, you'll want to use imaps or https. The idea is that end users configure their email on Desktop, Laptop , Phone , tablet, Ipad ... ( The list is getting longer every day ) Yes. So copies of the mail are floating everywhere. This raises a security concern I cant block access totally from outside. Employees should be allowed access from outside office , but only from the designated Laptop. One way would be to ask everyone to VPN to the office for mails , Is there anyway else. This really sounds like a solution for PKI. Issue a certificate to the device and demand that the device and the server *mutually* agree based on that [currently the client device has to recognize the server's certificate]. This means you (a) have to manage certificates and (b) the client device / application has to be able to perform PKI. I believe (b) is true in most cases. I'm currently also trying to figure this out. Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Need guidelines on how to migrate a Cyrus-Imapd server
On Fri, 2013-02-01 at 10:43 +0100, Thibault Le Meur wrote: I'm trying to migrate a Cyrus-Imapd serveur running on an old machine to a new virtual machine environement and I'd like to have to guidelines on how to proceed. I've first thought about using the Cyrus-Imapd replication feature, but the first import using sync_client was causing he target server to use far more space on disk that the used space ont he original serveur. My guess is that the hardlinks dedeuplication was not preserved during this transfer. That is easy to check. On the target does the listing of a mailbox look the same (on the filesystem) in terms of the reference count column? ... -rw--- 1 cyrus mail 2464 Feb 1 05:00 521985. -rw--- 1 cyrus mail 2629 Feb 1 05:00 521986. -rw--- 2 cyrus mail 4441 Feb 1 05:02 521987. -rw--- 1 cyrus mail 2834 Feb 1 05:03 521988. ... The second column greater than 1 means there is hard-linking occurring, and hard-links are the backbone of duplicate suppression. Are you sure that duplicate suppression was enabled on the replica? I don't know if this is due to the way I'v ran the tool or if this is a limitation of sync_client itself. Can someone answer me on this ? If sync_client is able to preserve hardlinks deduplication, what would be the correct way to run it (I've not found the syntax expected for the client-list-file in the command sync_client -u -f client-list-files so I used a for loop and ran sync_client indicidually on each user). I'm certain that is does support it; I see lots of duplicate suppression on my replica. I certainly didn't do anything special to make it replicate that way. I have duplicatesuppression: yes set on the replica. Then, I've tried the rsync solution (synching the mailbox directory and config directory), but I'm switching to a 64bits OS so I'll have to convert the databases and import them. Is it a recommended solution ? I believe that skiplist is 32bit/64bit neutral. So convert to skiplist first, on the working server. KILL BERKELEY!! You want to do that anyway. -- Adam Tauno Williams System Administrator, OpenGroupware Developer, LPI / CNA Fingerprint 8C08 209A FBE3 C41A DD2F A270 2D17 8FA4 D95E D383 Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Is it OK for users to use either of a pair of replicated servers ?
On Fri, 2013-02-01 at 10:01 +, John wrote: Hello, I have just set up a second server for a small email group and I now have replication working between them. Great. I was very happy to note that it replicates both ways. It does??? What version is this? My use-case is basically this: to have two servers, one acting as a primary and another as a backup. The primary will be the one that goes out to the internet to grab emails for users. Apart from that difference the two servers are identical. Either can take on the primary role. Users can connect their IMAP email clients to either server. One of the pair runs sync_server and the other regularly connects to it to keep the two servers in sync. It's a basic configuration intended for use by a small number of people. As far as I know that will not work. I'd like to confirm that the replication mechanism implemented with sync_server and sync_client is ok for this kind of set-up. It certainly appears to work just fine like this but I haven't found anything in the documentation saying that two-way replication like this is ok (i.e. where users can log in to either server). I believe that multi-master is a feature for 2.5.x. Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Need guidelines on how to migrate a Cyrus-Imapd server
On Fri, 2013-02-01 at 13:20 +0100, Thibault Le Meur wrote: On Fri, 2013-02-01 at 10:43 +0100, Thibault Le Meur wrote: Are you sure that duplicate suppression was enabled on the replica? Yes I'm sure, and a simple find have quickly confrimed this. find . -type f -a \! -links 1 -ls .. 141637005 32 -rw--- 12 cyrusmail30678 sept. 20 18:42 ./obfustcated-username/12307. ... Then something is deduplicating. I have duplicatesuppression: yes set on the replica. I thought that duplicatesuppression was a different thing. Ah, yes, it is. We are talking about single-instance-store. That is the singleinstancestore directive. What I'm trying to achieve is to keep the Single Instance Store property on my replica (http://cyrusimap.web.cmu.edu/docs/cyrus-imapd/2.4.7/overview.php#singleinstance) Yep. In this case, since I use a single sync_client process per user, it is logical that hardlinks between mailboxes can't be preserved. True, I guess that makes sense.I believe I did an initial migration using rsync and they fired up the sync-server to keep it up to date / get the last changes. But it was some time ago. It certainly dedupp'ed going forward. Perhaps sync-ing across different versions may effect it as well. I believe that skiplist is 32bit/64bit neutral. So convert to skiplist first, on the working server. KILL BERKELEY!! You want to do that anyway. Yes it seems so. When you say Kill Berkeley, do you mean that the DB should saty in Skiplist format even on the production server (and not converted back to Berkeley)? If yes, do you have any URL describing the procedure ? Yes, production 2.4.x boxes should be using Skiplist. The cvt_cyrusdb will convert databases between formats. Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Is it OK for users to use either of a pair of replicated servers ?
On Fri, 2013-02-01 at 16:15 +, John wrote: Further to my last message, I've updated my master so now both servers report the same version: version: v2.4.17 d1df8aff 2012-12-01 I'd like to understand some error messages that I am getting and what I should do to resolve them... On the replica: syncserver[8816]: higher last_uid on replica user.myuser - 57628 57629 syncserver[8816]: higher modseq on replica user.myuser - 36186 36187 A modseq is very much like an etag or a ctag in HTTP/WebDAV. It is a value that gets incremented with every change. So the the modseq on the slave is greater than the modseq on the master... something is out of sync. On the master: sync_client[5197]: MAILBOX received NO response: IMAP_MAILBOX_CRC Checksum Failure sync_client[5197]: CRC failure on sync for user.myuser, trying full update sync_client[5197]: SYNCNOTICE: record mismatch with replica: user.myuser more recent on master Aren't you connecting to the slave and making changes? That would make sense then, the master and the replica are constantly getting out-of-sync. Replication is one-way. Despite these messages, my replication appears to be working but I can't as yet be 100% sure. I'd like to understand the above and try and stop them if I can... Because it is constantly recovering, as these messages indicate. 2.4.x replication is quite reliable and recovers from inconsistencies most of the time. I can't find any documentation detailing what the above means, and I'm not that familiar with the internals of the imap server, so I'd really appreciate some pointers... -- Adam Tauno Williams GPG D95ED383 Systems Administrator, Python Developer, LPI / NCLA Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Mailbox does not exist question (NO it is NOT the answer!)
On Thu, 2013-01-24 at 19:17 +, Charles Bradshaw wrote: I have enabled debug. (in imapd.conf debug: yes). Now when I start a telnet imap session /var/log/maillog has this: Jan 24 13:25:59 dell2600 imap[4507]: accepted connection Jan 24 13:25:59 dell2600 master[4549]: about to exec /usr/lib/cyrus-imapd/imapd Jan 24 13:25:59 dell2600 imap[4549]: executed Jan 24 13:25:59 dell2600 imap[4549]: IOERROR: opening /var/lib/imap/user_deny.db: No such file or directory Is this the problem? How do I create user_deny.db ? No, it is OK for user_deny to not exist. [this is a chronically confusing message; you can't really tell DEBUG 'error' messages from real error messages]. Telnet session still does NOT report the presence of INBOX: I don't understand this statement. $ telnet localhost imap Trying ::1... Connected to localhost. Escape character is '^]'. * OK [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE STARTTLS AUTH=PLAIN AUTH=CRAM-MD5 AUTH=DIGEST-MD5 SASL-IR] dell2600.bradcan.homelinux.com Cyrus IMAP v2.4.14-Fedora-RPM-2.4.14-1.fc17 server ready a1 LOGIN b...@bradcan.homelinux.com wH3x14or a1 OK [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE ACL RIGHTS=kxte QUOTA MAILBOX-REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY CATENATE CONDSTORE ESEARCH SORT SORT=MODSEQ SORT=DISPLAY THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE LIST-EXTENDED WITHIN QRESYNC SCAN XLIST URLAUTH URLAUTH=BINARY X-NETSCAPE LOGINDISABLED COMPRESS=DEFLATE IDLE] User logged in SESSIONID=dell2600.bradcan.homelinux.com-4597-1359054779-1 a2 LIST * a2 OK Completed (0.000 secs) I am at a complete loss to understand how it is possible that mail is delivered, but at the same time the INBOX is not being identified during the imap session. Is there some way to increase the bebug level of imapd ? Have you enabled telemetry logging for that user? Does the mailbox in question appear in the mailbox list? -- Adam Tauno Williams GPG D95ED383 Systems Administrator, Python Developer, LPI / NCLA Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Stripping of attachments using Horde 4/IMP 5.
On Mon, 2012-12-31 at 10:33 +0100, Simon Matter wrote: The databases used are: -rw--- 1 cyrus mail 144 Dec 9 09:29 ./annotations.db ./annotations.db: Cyrus skiplist DB -rw--- 1 cyrus mail 144 Dec 30 11:30 ./db.backup1/annotations.db ./db.backup1/annotations.db: Cyrus skiplist DB -rw--- 1 cyrus mail 1882668 Dec 30 11:30 ./db.backup1/mailboxes.db ./db.backup1/mailboxes.db: Cyrus skiplist DB -rw--- 1 cyrus mail 144 Dec 30 11:00 ./db.backup2/annotations.db ./db.backup2/annotations.db: Cyrus skiplist DB -rw--- 1 cyrus mail 1882668 Dec 30 11:00 ./db.backup2/mailboxes.db ./db.backup2/mailboxes.db: Cyrus skiplist DB -rw--- 1 cyrus mail 18038784 Dec 30 11:30 ./deliver.db ./deliver.db: Berkeley DB (Btree, version 9, native byte-order) I can't image how the delivery database would create the problem you describe; so I'd doubt it is that. Irregardless of where the data is physically stored, does the filesystem pass an fsck? I don't have backtrace? I am using RHEL rpms. That doesn't in any way prevent you from generating a backtrace. You have a core file, just use gdb to generate the backtracr. Unfortunately we can also not see what has been changed in the patched RPMs you got from RH. But, is it OK to use NetApp Storage for /var/lib/imap file system? NetApp often sounds like NFS but you told us you are not using NFS but FC attached disks? If so I don't know why it shouldn't work exactly as local disks would. +1 An FC or iSCSI attached volume *is* as a local disk. But when I hear Horde/IMP I remember a problem that some people hit after upgrading Horde/IMP. I don't remember what it was but you should find it in the archives. IIRC it has been fixed in the latest version of cyrus-imapd. -- Adam Tauno Williams GPG D95ED383 Systems Administrator, Python Developer, LPI / NCLA Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Stripping of attachments using Horde 4/IMP 5.
On Sun, 2012-12-30 at 12:23 +0530, an...@isac.gov.in wrote: Dear experts, I had extensive discussion on this issue in Horde/IMP mailing list. Later I reported the problem in RedHat Bugzilla. The details of the problem are also part of bugzilla. https://bugzilla.redhat.com/show_bug.cgi?id=885620 Though patch for cyrus-imapd was given to me for testing, I was suppose to reproduce the problem in another server. I am unable to reproduce the problem. Now, I have a feeling that, the problem may be due to /var/lib/imap residing in NetApp storage (though not NFS). I have a feeling, the problem may solve, if I make /var/lib/imap part of OS disk. Your opinion please... Are you using Berkley databases? If it does seg-fault what does the backtrace look like? [I don't see a backtrace in the bug report, just a core file; but the core isn't really useful unless one has the same version of the software]. -- Adam Tauno Williams GPG D95ED383 Systems Administrator, Python Developer, LPI / NCLA Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: cyrus and Outlook subfolder crawling
On Thu, 2012-12-13 at 10:43 +0100, Marcus Schopen wrote: I've got a problem with a Outlook 2010 client. The client is accessing a 10 GB cyrus imap account and crawling with high a frequency like crazy through each subfolders which fills the mail logfile and causes a noticeable higher load. This never stops unless the Outook client is closed. I'm not familiar with Outlook and to my mind this is not a cyrus problem, but does anybody know to say Outlook to stop this annoying behaviour. Can you unsubscribe from subfolders? If so, does doing so stop the mad crawl? Perhaps there is a folder, or more likely a message in a folder, that the Outlook client doesn't like - and it is then restarting its 'sync' over and over. Are Exchange extensions disabled? I've seen them cause various kinds of wierdness. Tools - Options - Other - Advanced - Options - Add-In Manager - Uncheck Exchange Extensions property. or Tools / Options / Other / Advanced Options / COM Add-Ins/ remove anything that isnt essential, (we remove everything) Those may not correspond to your version of Outlook. Although it may make matters much worse [temporarily] you might want to turn on telemetry for that user to see if there is a protocol error somewhere. But clients just walking folders shouldn't generally drive massive syslog traffic; perhaps you are logging mail at the DEBUG level? Don't do that, it is better to use telemetry logs selectively. -- Adam Tauno Williams awill...@whitemice.org Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Fwd: Too many entries of mystore: reusing txn....
On Sun, 2012-12-09 at 10:49 +0530, Anant Athavale wrote: As you say, the imap DEBUG logs are coming to maillog. RHEL 6.3 ships with Rsyslogd and also it looks like cyrus-imapd is compiled to use MAIL_LOG facility. (I tried local6.info /var/log/imapd.log. but it did log anything in imapd.log ). I am attaching rsyslog.conf (Not modified). What I ultimately want is 'maillog should not contain imap logs. And imapd.log should contain all logs related to cyrus/imapd with only info level logs. ' As I could not achieve it in short span of time, I have released the system, but, would like to do that in near future. Any pointers to achieve? Yes. Give up on syslog. Seriously. The model provided by syslog is very simplistic and kludgy. Just use syslog as a transport to get messages into an NMS, and sort, categorize, and record them there. We send all our syslog messages to ZenOSS. There syslog messages can be mapped into categories, prioritized [and discarded], recorded, viewed, and generate notifications. And you get a user interface to do it all in, and a coherent way to backup/restore all your machinations. Syslog messages from imapd have a tag of imapd, and messages from postfix have a tag of postfix, which is almost invisible in syslog itself. So you have the host of origin, the tag, the facility, and the level [and the text of the message] all to work with to categorize [and potentially discard] any way you want. Obviously you want to discard DEBUG messages as the syslog level - that is just too much noise for anything. But a decent host for you NMS can handle a surprising load of messages. -- Adam Tauno Williams awill...@whitemice.org Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Injecting a mail folder into a users inbox/restore from backup
On Wed, 2012-12-05 at 11:47 +0100, Lars Schimmer wrote: Hi! Aas I never needed to do it yet, I want to ask for the best way to restore users email which got lost... Situation: running cyrus on debian with users and mailboxes. User deleted on accident a folder in his INBOX (and cyrus did unlinked the files and removed the folder from disk already). I do backup from the INBOX structures on disk every night (in a basic simple way, see it as a snapshot of the mail disks of cyrus). Now I need a good way to inject the old folder user.xyz.INBOX.Folder into the live cyrus system. Is it easier to create a new user and copy with imap client? Or just copy the folder content into a new created folder on users inbox? I typically just copy the message file(s) back, or in this case the folder, and run reconstruct -r -f -k -s user.dude. Hasn't failed me yet. A more elegant way would be nice, but until there is some type of dump/restore format, moving files around is what you've got. -- Adam Tauno Williams System Administrator, OpenGroupware Developer, LPI / CNA Fingerprint 8C08 209A FBE3 C41A DD2F A270 2D17 8FA4 D95E D383 Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Cyrus IMAP 2.3 EOL?
On Wed, 2012-11-21 at 18:21 +0100, Bron Gondwana wrote: On Wed, Nov 21, 2012, at 05:31 PM, Egoitz Aurrekoetxea Aurre wrote: Good morning, Does Cyrus IMAP 2.3.18 get still supported by Cyrus IMAP team?. Just security updates really, why? Cyrus IMAP 2.4.x is much nicer all around; if you are on 2.3.x I'd recommend upgrading. Other than some re-indexing pain, it is seemless and leaves you on a considerably better product. Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Making sub-folder email reappear after recovery from backup
On Fri, 2012-11-02 at 11:16 -0400, Gordon Marler wrote: Can't find this mentioned in the docs or with any search I've done on the mailing list, so here goes: - Upgraded from 2.4.10 to 2.4.16 after losing my 2.4.10 system, but having mail spool backed up - After moving to the 2.4.16 system, able to see Inbox for accounts - Had to make sub-folders reappear with command like (Thank you mailing list for that tidbit!): reconstruct -p default -rf user.gmarler.Subfolder - Now I can see the Inbox, Subfolders, Sub-subfolders, etc in Thunderbird BUT - Only Inbox has visible emails - All of the subfolders appear to be empty, but there are definitely mails in them on the mail spool. Looks like I forgot a step somewhere. Where have I gone wrong? reconstruct, with the -r [recursive] and -f [examine filesystem for mailboxes] options. Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Problems posting to lists
On Thu, 2012-10-25 at 16:46 -0200, Rodrigo Abrantes Antunes wrote: Hi, I'm using mailman to post to a list but some users don't receive the messages, when I post to the list I see this in mail.log for one of the members of the list that didn't receive the message: Oct 25 08:15:31 srv-mail-pel postfix/smtp[5685]: 243872924C: to=vladi...@pelotas.ifsul.edu.br, relay=127.0.0.1[127.0.0.1]:10023, conn_use=10, delay=0.83, delays=0.16/0.47/0/0.21, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=04503-16-10, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as CDC1B291F8) Oct 25 08:17:27 srv-mail-pel cyrus/lmtp[13074]: duplicate_mark: 20121025081521.horde.nwzihuv4cn9qire5ncoz...@webmail.pelotas.ifsul.edu.br .vladimir+@.sieve. 1351160247 0 Oct 25 08:17:27 srv-mail-pel postfix/pipe[5695]: CDC1B291F8: to=vladi...@pelotas.ifsul.edu.br, relay=cyrus, delay=115, delays=0.04/92/0/23, dsn=2.0.0, status=sent (delivered via cyrus service) Huh, that really looks like it *was delivered* to me. Are you sure it isn't really in the mailbox? Can you go to the user's mailbox [on disk] and grep the files for the messageID? NOTE: status=sent (delivered via cyrus service) Here is what mailman's people said: This message was delivered from Mailman to Postfix and then delivered by Postfix to Cyrus, possibly because this was to a local user and Cyrus is acting as the LDA, or possibly for some other reason, but in any case, if the mail wasn't delivered to the user, this is a question for Cyrus. It is either Cyrus or Postfix [the MTA]. It does look like Mailman is doing his job. Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: keep cyrus in sync with cold standby
On Tue, 2012-10-16 at 17:26 +0200, Marcus Schopen wrote: I'm thinking about a strategy to keep my cyrus server (2.2.13 on Ubuntu 10.04 LTS) in sync with a cold standby server. This hasn't to be a live/hot sync and I'd like to keep it as simple as possible. A sync delay up to 30 minutes is acceptable for this small setup (250 Accounts, 80 GB mail storage, 5 emails per minute), but I don't want to stop cyrus while doing the snyc. Cyrus replication seems to be the most reasonable way, but I'm sitting on Ubuntu 10.04 LTS, which comes with cyrus 2.2.13 and I can't find any newer backports. Centos 6.x with Cyrus 2.3.16 could be an alternative setup, but I'm not sure if 2.3.16 is also to old for stable replication. :/ Late 2.3.x [including 2.3.16] were stable. And the replicate worked. I'd just use Cyrus' replication. That way you know you have a consistent replicate - and you can authenticate to the replica and check on it if you want, see that yep, it is the same. Other alternatives provide a backup you *believe* is good, but you don't know until you try it, and then you find out it is busted. DRBD could be an option but I never had DRBD running within a parallels virtualisation (bare metal setup); might be a timing/performance problem with a lot of very small files? Do I run in bad problems if I just run a simple rsync of /var/lib/cyrus, /var/spool/cyrus/ and /var/spool/sieve/ and dump mailboxes.db (skiplist) with ctl_mboxlist -d every 30 minutes? Is there a way give cyrus a flush of its databases without stopping it? rsync will work, but if it is against a live instance you may need to reconstruct before you bring it back up. It will work 99.44% of the time but it can be time-consuming and is just adding another step. Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: DBERROR's
On Fri, 2012-10-12 at 05:06 -0400, akb427 wrote: I have an installation of Cyrus IMAP 2.2.13 on 32-bit linux, with the database copied over from an earlier version. That is really very old. It appears to work just fine, but is sometimes issuing error messages of the form: DBERROR: mystore: error storing (long nasty 8-bit string) DB_PAGE_NOTFOUND: Requested page not found This is probably a Berkley DB thing. I'd convert your database from BDB to skiplist, and just get away from BDB forever. Then upgrade to at least 2.3, preferably 2.4. Berkley DB == bugs Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Modifying Cyrus IMAP to ease a migration to Gmail?
servers and to the systems we have running the GAMME tool. For the custom front-end server I think it should be possible to modify the source code that handles the authorization to bypass the normal process. There is no need to modify any code; SASL can already do this. A user can have multiple passwords, so if one of those matches your global password. If your Cyrus install supports saslauthd for PLAIN/LOGIN authentication and saslauthd is using PAM you can add the pam_allow [which always succeeds] or some other module, PAM modules stack and one can be marked as 'sufficient'. Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: branch 2.4 on prod
On Mon, 2012-09-24 at 23:05 +0200, Bron Gondwana wrote: On Mon, Sep 24, 2012, at 11:30 AM, Deniss Gaplevsky wrote: hello, i have a question to Brong as main powering force of cyrus development. I know cyrus is used at fastmail/opera for serving a lot of users. But stable branch 2.4 has a lot of performance related issues - like statuscache usage, grisly index lookups, etc - fixed in 2.5 which is not stable and not available as tarballs so far. Im curious what is the cyrus branch/version in use at Fastmail/Opera currently ? How well it is compatible to cyrus 2.4 branch ? We're running master + our local patches in production at FastMail. You may have noticed a bunch of work last week on master - I'm pushing as much time as I can into preparing for a real 2.5 release. Even if it doesn't include everything we want, we can do a 2.6 more quickly next time. And more frequent, but less monumental, 'major' version jumps is nice, BTW. 2.3.x -- 2.4.x was a huge [and a bit scary] jump. Slowly letting the awesome soak in is preferred. BTW, 2.4.x may have some warts, but performance is still much improved over 2.3.x; at least in my experience. signature.asc Description: This is a digitally signed message part Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Email not appearing in list, but files exist on disk
On Thu, 2012-08-30 at 22:00 -0300, francis picabia wrote: On Thu, Aug 30, 2012 at 5:45 PM, Michael Menge michael.me...@zdv.uni-tuebingen.de wrote: IMHO the mails have been marked as deleted, but not expunged by the webmailer. Most clients will not show these mails by default and some (e.g. Horde/IMP) count unread mails which are marked as deleted in the summary view. By exiting with Thunderbird these messages got expunged. Thanks for the response. I recovered missing files from tape backup, did a reconstruct again and now the messages are all there. Very strange because usually Horde displays messages ready for expunge with a line strike out, and I had tested the view from both dimp and imp before doing any reconstruct. Horde does have a preference [user setting] to hide deleted and (IIRC) a settings [admin, aka conf.php and lockable prefs.php values] that effect display-deleted options. signature.asc Description: This is a digitally signed message part Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: auxprop ldapdb
On Tue, 2012-08-28 at 12:46 +0200, zorg wrote: the documentation is not very clear to me If I want to use auxprop with ldapdb Do i have to store my user password in clear in ldap or is the another solution Technically, no. Generally, yes. I have some information examples concerning ldapdb @ http://www.wmmi.net/documents/LDAP103.pdf [starting around slide 13]. People get uneasy about storing clear-text in the DSA but it doesn't bother me. You are either storing it in the DSA or sending it over the wire! Which is worse? And if someone breaches the security of your DSA / DC then you are humped anyway. For the moment I m using saslauthd.conf but I wonder if I can use auxprop to be more secure Yes, then you can use much more secure authentication mechanisms such as digest. Clear text auth with encrypted stored passwords is like buying a handgun to protect your home but always leaving the doors and windows wide open. signature.asc Description: This is a digitally signed message part Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: 4096 file descriptors
On Wed, 2012-08-22 at 14:43 -0400, Ron Vachiyer wrote: Quick question about filedescriptors. On Centos6, cyrus 2.3.16 seems to be able to open 4096 FDs ; master[27121]: retrying with 4096 (current max) ulimit -a says 1024; open files (-n) 1024 I am looking to increase this, and have found some documentation saying to increse file-max in /proc. However, file-max already has a much larger number; cat /proc/sys/fs/file-max 1201105 Yep The only way I have found so far is to add a ulimit -n 8192 in /etc/rc.d/init.d/cyrus-imapd man pam_limits Is there a more generic/cleaner way to do this? Yep, you can setup a limits.conf file that adjusts limits per user, per group, etc... signature.asc Description: This is a digitally signed message part Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Bug#3642, Special Use Folders, Config
https://bugzilla.cyrusimap.org/show_bug.cgi?id=3642 Regarding special-user folders, how do these folders get flagged as such? Or is this not available [really usable] in 2.4? The bug applied a patch to 2.4.x but the roadmap lists this for 2.5. signature.asc Description: This is a digitally signed message part Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: CC destinations dropped
On Thu, 2012-07-19 at 19:22 -0400, brian wrote: A client of mine is complaining about not receiving certain messages. Her colleague is also being sent them and receives them just fine. She insists that they are not being sent to her junk folder and that she has no filters that might be moving them elsewhere. You can check for existence of a SIEVE [filter] script in /var/lib/imap/sieve/{letter}/{username} [you path may vary a little, but something like that]. You can grep -d recurse {message-id} /var/lib/spool/imap/{letter}/user/{username}/* to see if it is really there. It may be there event if deleted and expunged if delayedexpunge is enabled. Otherwise it is almost certainly an MTA issue. I believe the problem does not involve postfix, as pipe appears to be sending both. It looks to me as if lmtpunix is looking at just the one address and thinks there's a duplicate. Note the two duplicate_check lines, both of which reference the julia account. I've sent a test message and indeed the duplicate_check again referenced only the julia account again, and admin did not receive it. Where is the e-mail coming from? It is possible it really is a duplicate message-id? some real-world devices recycle message ids [our Xerox document centers do]. postfix/pipe[26606]: 66E757A25FC: to=ad...@domain.org, relay=procmail, delay=0.2, delays=0.16/0/0/0.04, dsn=2.0.0, status=sent (delivered via procmail service) postfix/pipe[26606]: 66E757A25FC: to=ju...@domain.org, relay=procmail, delay=0.2, delays=0.16/0/0/0.04, dsn=2.0.0, status=sent (delivered via procmail service) delivered via procmail ??? signature.asc Description: This is a digitally signed message part Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Globally shared folder
On Tue, 2012-07-17 at 15:42 +0530, Ram wrote: I am using cyrus on linux I want to create a folder that has read / write access given to all users. Any new user added to cyrus must get access to this automaticall Is this possible ? In cyradm or your other tool just grant permissions to anyone - this represents any authenticated user. $ cyradm ... setaclmailbox {$yourmailbox} anyone {$rights} signature.asc Description: This is a digitally signed message part Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: problem Outlook not recieving mail from mailbox
On Sat, 2012-06-23 at 07:58 +0800, JonL wrote: I'm having an issue where the mail is going to the mailbox and that I can verify, but for some reason Outlook 2003 cannot connect to the mail server although I can ping from server to client and from client to server. Something is stopping the connection from happening. Since I'm fairly new to this would appreciate some help. I can telnet to the image server and I only get the following: * OK linux-srv Cyrus IMAP4 v2.2.12 server ready Any help would be greatly appreciated Perhaps Outlook is configured to use SSL [which uses a different port] or TLS and the server is not configured to support TLS. [BTW: Both Outlook 2003 and Cyrus 2.2 are very old; Cyrus 2.2 is extremely old.] Have you disabled the Exchange extensions? These can interfere with 'normal' IMAP connections, especially in Outlook 2003. Tools - Options - Other - Advanced - Options - Add-In Manager - Uncheck Exchange Extensions property. signature.asc Description: This is a digitally signed message part Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: IMAP error reported by server. Invalid body section.
On Thu, 2012-06-21 at 13:07 -0300, Rodrigo Abantes Antunes wrote: The source from horde3 is exactly the same as horde4 That is expected. It isn't the message but the interpretation of the message. These evil messages contain many named parts separated by a boundry (the boundry value is declared in the header of the message). Then parts of a message can refer to other parts of the message. So either H4 can't correctly [or incorrectly!] parse the message into parts by boundry or one part references another part that isn't found. It would be useful to ask this question on the Horde / IMP mail list. and I think all the message parts are there, at least there is a body/body. If you want I can forward you the message to your personal mail. It isn't body stuff but the parts of the message as they are referred to in the HTML. signature.asc Description: This is a digitally signed message part Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: I/O error moving mailbox
On Thu, 2012-06-21 at 11:57 +0200, Javier Sánchez-Arévalo Díaz wrote: I'm experiencing some problems moving a mailbox from one partition (default) to another (part3). I have already moved more than 19000 mailboxes from default to part3 but I don't know why I'm unable to move user.col1901 If you tail your mail / messages log do you see any messages when you try to move the mailbox? When I try to do It I receive the next error: [...] localhost renm user.col1901 user.col1901 part3 renamemailbox: System I/O error [...] I have checked permissions and even I have given 777 to this mailbox: It probably isn't a good idea to mess with filesystem permissions. As long as everything is owned by your cyrus user it should be just fine. signature.asc Description: This is a digitally signed message part Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: IMAP error reported by server. Invalid body section.
On Wed, 2012-06-20 at 18:20 -0300, Rodrigo Abantes Antunes wrote: Hi, I use horde webmail and I thought my problem was related to horde but like they said it isn't, it's something to do with cyrus, I'd like your help to discover what could I do to solve this. My problem is described here: http://bugs.horde.org/ticket/11223 If you look at the source of the message [view message source from your 'old' Horde server'] you should be able to tell if all the message parts actually exist. Or have you tried viewing the message in Thunderbird or Evolution? signature.asc Description: This is a digitally signed message part Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Self compiled Cyrus 2.4.16 does not talk to self compiled Cyrus SASL 2.1.25
On Tue, 2012-06-19 at 11:17 +0200, Eric Luyten wrote: (hitting the same wall over and over again when upgrading) Cyrus SASL is working/looking in /var/state/saslauthd all right, but Cyrus 2.4 appears to be writing elsewhere, and we cannot find out where exactly. Are you sure it is loading your compiled libraries and not your distributions 'defacto' ones? [ldd /usr/lib/cyrus/bin/imapd - your should see a reference to your SASL libraries] BTW - why are you self-compiling? Really good packages exist for lots of distributions. Have tried 'saslauthd_path' option in /etc/imapd.conf to no avail. So when you run testsaslauthd it works? I pretty much copied our Cyrus 2.3 configuration files over to the test environment signature.asc Description: This is a digitally signed message part Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: unsubscribe
On Mon, 2012-05-21 at 11:32 +, Ian Eiloart wrote: On 18 May 2012, at 14:45, Adrian Kovacs wrote Using the mechansims described in the List-Unsubscribe header: List-Unsubscribe: Having said that, European Union countries usually require that the mechanisms be easy to use. In my view, that means that they should be described in the message footer (not hidden in a header). The more obvious paths from the URLs listed in the footer require cyrus.edu accounts for unsubscription. This behavior has been *standard* for decades. A good mail client even provides an option - I view a message from the Cyrus list in Evolution and Message - Maillist - Unsubscribe is right there as an option. You are using Exchange [ + Outlook? ]; so I'm pretty sure that option is there on your screen somewhere. The argument that list members ought to be able to find the List-Unsubscribe header because they're email professionals doesn't wash. You mail client should recognize the presence of this header and provide an option. And looking at message headers is hardly a 'profession' level action. signature.asc Description: This is a digitally signed message part Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
Re: what does cyrus support through ldap?
On Tue, 2012-04-24 at 11:00 +0200, Martin Kraus wrote: Hi. I hoped that cyrus would be managable through ldap but that doesn't seem to be the case. Is the cyrus ldap support strictly for authentication? It's just that sasl can do that as well. I'd like to know if there are other options to managing mailboxes besides calling perl scripts. I agree that the perl scripts are a pain; but all they do is make IMAP connections. You can do just about anything via IMAP. There are bindings floating around in Python PHP as well that 'wrap' those operations. Someone using one of these to expose an API via SOAP, XML-RPC, etc... would be very handy. I need to come up with some kind of a graphical interface to manage mailboxes and I'm looking for the available options to interface with cyrus. There is gyrus and support for Cyrus in several of the web-admin type utilities. signature.asc Description: This is a digitally signed message part Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
Re: (important) cyrus-imapd 2.4.16 released
On Thu, 2012-04-19 at 11:00 +0100, Jeroen van Meeuwen wrote: Hi there, I'm forwarding this message posted to the announcement mailing list originally, to let you know any upgrades should target 2.4.16 as opposed to 2.4.15. We are pleased to announce the release of Cyrus IMAPd 2.4.16. [1] https://bugzilla.cyrusimap.org/show_bug.cgi?id=3651 The bug contains the comment: Can we please confirm/deny this only breaks systems with fulldirhash: 1 configured? Is the answer to that question Yes; sites that do not specify fulldirhash or have a fulldirhash: 0 in their imapd.conf are not affected and do not need to rehash. The correct rehash procedure is to execute - /usr/lib/cyrus-imapd/rehash -v -F /etc/imapd.conf [at least on my boxes rehash does not have a manual page; and rehash --help or rehash -? just errors] signature.asc Description: This is a digitally signed message part Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
rehash docs [cyrus-imapd 2.4.16 released]
Is the answer to that question Yes; sites that do not specify fulldirhash or have a fulldirhash: 0 in their imapd.conf are not affected and do not need to rehash. The correct rehash procedure is to execute - /usr/lib/cyrus-imapd/rehash -v -F /etc/imapd.conf [at least on my boxes rehash does not have a manual page; and rehash --help or rehash -? just errors] There is no mention of rehash on http://cyrusimap.web.cmu.edu/docs/cyrus-imapd/2.3.16/man.php either. signature.asc Description: This is a digitally signed message part Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
Re: SIEVE Scripts on a shared folder
Quoting Adam Tauno Williams awill...@whitemice.org: On Wed, 2011-12-14 at 11:38 -0500, Adam Tauno Williams wrote: Eh, my version is currently - cyrus-imapd-2.4.12-2 cyrus-imapd-utils-2.4.12-2 Created https://bugzilla.cyrusimap.org/show_bug.cgi?id=3617 Is there any special debugging or logging I can do related to SIEVE? Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
Re: After being moved, messages remain in both folders on the server
Quoting Eric Luyten eric.luy...@vub.ac.be: On Tue, April 3, 2012 6:05 pm, Mikhail T. wrote: On 03.04.2012 12:01, info-cyrus-requ...@lists.andrew.cmu.edu wrote: All links are contained within one user's mailbox hierarchy. Must be incomplete COPY operations, as Bron suggested. I always use Thunderbird's Move option -- never Copy... Yours, Thunderbird may have a 'Move' option but the IMAP protocol does not. 'Moving' a message translates to a COPY followed by an EXPUNGE. True; but if the server supports UIDPLUS (allowing individual messages to be expunged) vs. expunging the entire folder (or not expunging at all) - and - the client supports that extensions... then move behaves more consistently. I have no idea if TB supports / uses UIDPLUS per-message-expunge. Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/