Moving mailboxes
Hi, we're using Cyrus 2.3.8. Our primary Cyrus partition is getting full. We've added another one and all new users are created there. Still we need to move some users from the old one to the new one. I know how to do that (rename user/xxx user/xxx new). I have successfully moved my own mailboxes. The thing is: how do I make sure that users being moved don't access their mailboxes? I know I can check if somebody is currently logged in by checking the files in /var/lib/imap/proc, but there doesn't seem to be a way to temporarily disable login on an individual basis, is there? So I guess I'll have to change the user's password temporarily? How do other people deal with this? -- .:.Sebastian Hagedorn - RZKR-R1 (Gebäude 52), Zimmer 18.:. Zentrum für angewandte Informatik - Universitätsweiter Service RRZK .:.Universität zu Köln / Cologne University - ✆ +49-221-478-5587.:. .:.:.:.Skype: shagedorn.:.:.:. pgpfHJ0licZSl.pgp Description: PGP signature Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Moving mailboxes
Labdien Sebastian, Wednesday, May 23, 2007, 10:53:58 AM, Jus rakstijat: SH we're using Cyrus 2.3.8. Our primary Cyrus partition is getting full. We've SH added another one and all new users are created there. Still we need to SH move some users from the old one to the new one. I know how to do that SH (rename user/xxx user/xxx new). I have successfully moved my own mailboxes. SH The thing is: how do I make sure that users being moved don't access their SH mailboxes? I know I can check if somebody is currently logged in by SH checking the files in /var/lib/imap/proc, but there doesn't seem to be a SH way to temporarily disable login on an individual basis, is there? As here Cyrys server mostly is accesed by day, we have shedeules scripts, tad move users across partitions at night, and never had any problems. Somehow even if user was logged in @ that exact time. About same subject - anyone knows any php code / library that could help do this same renamemailbox from php scripts? And is there anywa quick way to change default-partition ? So when autocreate mailbox executes, is uses some random or whatever id for partitions? -- kristaps Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Connection throttling POP3.
On Tue, May 22, 2007 at 11:14:49AM -0400, Robert Banz wrote: *security people seem to obsess on perfect solutions. It bothers me. No, _real_ security people know that there is NO perfect solution. You always have to balance the cost of the defenses with the cost of the thing you want to protect. Gabor -- - MTA SZTAKI Computer and Automation Research Institute Hungarian Academy of Sciences - Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Misdelivered messages
In the past week or so, we've had trouble with spam being delivered to the wrong recipients. It's difficult to explain, so I'll use an example: [EMAIL PROTECTED] and [EMAIL PROTECTED] are local users receiving hundreds of spam per hour. None of it is addressed to them. Their email addresses don't appear anywhere in the message source. The messages in hackxx's account appear to be the same messages that xxmelser is receiving. Most of the misdirected messages seem to be addressed to other local users, such as [EMAIL PROTECTED] or [EMAIL PROTECTED] To further confuse the issue, this only happens with spam. A legitimate message mailed to [EMAIL PROTECTED] goes through to xxmilton's account and doesn't appear in the other users' mailboxes. The *only* clue I have found is that most of these spams that get misdirected have a gap between the To: and the address in the message header, like this: To: [EMAIL PROTECTED] Does anyone have any clue what might be going on here? Thanks DC Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Misdelivered messages
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - --On Wednesday, May 23, 2007 09:37:59 AM -0400 Dana Canfield [EMAIL PROTECTED] wrote: In the past week or so, we've had trouble with spam being delivered to the wrong recipients. It's difficult to explain, so I'll use an example: Does anyone have any clue what might be going on here? Thanks DC The To: header is as easily forged as the From: header in a message. It could be that, or the spammers could be simply using BCC. We're seeing more of this as well. -paul - -- Paul D. Engle| Rice University Sr. Systems Administrator| Information Technology - MS119 (713) 348-4702 | P.O. Box 1892 [EMAIL PROTECTED] | Houston, TX 77251-1892 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.6 (GNU/Linux) iD8DBQFGVEgdCpkISWtyHNsRAojjAKDwi7n/cPrTw6mLISRpj31/fN1ebgCfRgyZ CaGUGfJ1uLgUYHovdZfm6gQ= =QgE0 -END PGP SIGNATURE- Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
RE: Misdelivered messages
From Dana Canfield on Wednesday, May 23, 2007 9:38 AM [EMAIL PROTECTED] and [EMAIL PROTECTED] are local users receiving hundreds of spam per hour. None of it is addressed to them. Their email addresses don't appear anywhere in the message source. The messages in hackxx's account appear to be the same messages that xxmelser is receiving. Most of the misdirected messages seem to be addressed to other local users, such as [EMAIL PROTECTED] or [EMAIL PROTECTED] The messages almost certainly are addressed to those who received them and are not misdelivered. Delivery of messagea is based on the SMTP envelope recipients, not what it in the message headers. Sometimes you will find the envelope recipient in a Received: header for reference, but some MTAs or delivery agents do not record it anywhere. If you check your MTA logs, you should be able to verify the envelope address and that delivery was correct. You can easily create this same situation with a normal mail client, just send a message To: one address and Bcc: to another. The Bcc: recipient will see a message that is apparently not to them, according to the To: header, yet they received it because they were listed in the envelope. In any case, everything is probably working just as it is supposed to. David Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Misdelivered messages
Ah yes, I don't know why the whole bcc: notion didn't occur to me. Too many long days this week, I guess. Thanks to all those who replied! DC Paul Engle wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - --On Wednesday, May 23, 2007 09:37:59 AM -0400 Dana Canfield [EMAIL PROTECTED] wrote: In the past week or so, we've had trouble with spam being delivered to the wrong recipients. It's difficult to explain, so I'll use an example: Does anyone have any clue what might be going on here? Thanks DC The To: header is as easily forged as the From: header in a message. It could be that, or the spammers could be simply using BCC. We're seeing more of this as well. -paul - -- Paul D. Engle| Rice University Sr. Systems Administrator| Information Technology - MS119 (713) 348-4702 | P.O. Box 1892 [EMAIL PROTECTED] | Houston, TX 77251-1892 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.6 (GNU/Linux) iD8DBQFGVEgdCpkISWtyHNsRAojjAKDwi7n/cPrTw6mLISRpj31/fN1ebgCfRgyZ CaGUGfJ1uLgUYHovdZfm6gQ= =QgE0 -END PGP SIGNATURE- Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Misdelivered messages
Recipient addresses don't have to appear anywhere in the message. And in spam the To: header is often garbage. Ignore that. Look at the system log records written by your MTA (Postfix?) to see who the recipients were. Joseph Brennan Lead Email Systems Engineer Columbia University Information Technology --On Wednesday, May 23, 2007 9:37 -0400 Dana Canfield [EMAIL PROTECTED] wrote: In the past week or so, we've had trouble with spam being delivered to the wrong recipients. It's difficult to explain, so I'll use an example: [EMAIL PROTECTED] and [EMAIL PROTECTED] are local users receiving hundreds of spam per hour. None of it is addressed to them. Their email addresses don't appear anywhere in the message source. The messages in hackxx's account appear to be the same messages that xxmelser is receiving. Most of the misdirected messages seem to be addressed to other local users, such as [EMAIL PROTECTED] or [EMAIL PROTECTED] To further confuse the issue, this only happens with spam. A legitimate message mailed to [EMAIL PROTECTED] goes through to xxmilton's account and doesn't appear in the other users' mailboxes. The *only* clue I have found is that most of these spams that get misdirected have a gap between the To: and the address in the message header, like this: To: [EMAIL PROTECTED] Does anyone have any clue what might be going on here? Thanks DC Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Connection throttling POP3.
David S. Madole wrote: If you are talking about the suggestion I made, which looked like this: iptables -A INPUT -p tcp --dport 22 \ -m state --state NEW \ -m recent --update --seconds 60 -j DROP iptables -A INPUT -p tcp --dport 22 \ -m state --state NEW \ -m recent --set -j ACCEPT then you did not read it right. It limits to one connection per IP address per minute. Each source address is kept track of in enforcing the limit. Using the --hitcount option in addition to the --seconds option, you can also create limits such as a maximum of four connections in two minutes, etc. David Wow, I never played with recent before but it's quite handy. Thanks for pointing this out. I'm already added a number of rules to protect various things. schu Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html