Hi Nic! Here is some of the information you mentioned.
We use the RPM packages from the yum repositories. Old Server: OS: Oracle Linux 6.10 Postfix: postfix-2.6.6-8 Cyrus: cyrus-imapd-2.3.16-15 New Server: OS: Centos 8.2.2004 Postfix: postfix-3.3.1-12 Cyrus: cyrus-imapd-3.0.7-16 Permissions on the inbox: I did not have the "anyone p" ACL. I added that. I also add the "a" to the testuser ACL. Neither of these helped. I also gave Cyrus the "All" ACLs on the inbox. This made no difference. localhost> lam user.testuser cyrus lrswipkxtecda testuser lrswipkxtecda anyone p We do not use the autocreate feature. We create the accounts using an inhouse tool. On Thu, Oct 15, 2020 at 7:07 PM Nic Bernstein <[email protected]> wrote: > Ezsra, > You haven't told us which versions of Cyrus you both were using, on the > old server, and are now using, on the new server. A lot of things have > changed between v2.X and 3.X, including many "default" settings. Also, > whose builds of Cyrus are you using? Did you build your own, or did they > come from repositories, or what? Again, this matters both for the old and > new versions. > > Lastly, what are the permissions on the mailbox involved? As the admin > user, use the "lam user/<username>" command in 'cyradm' to check this. The > user's 'inbox', 'user/<username>' should have permissions like this: > > localhost> lam user/testuser > anyone p > testuser lrswipcda > > That "anyone p" is necessary for Posting permissions, allowing program > delivery to the mailbox. > > And out of curiosity, does the mailbox actually exist? By default, newer > Cyrus IMAPd do not autocreate mailboxes, or at least doesn't do so in the > same way it used to. You mention EL6 and CentOS. Older Redhat-ish Cyrus > packages included their own autocreate, which I believe was enabled by > default. Now, in 3.X, there's a new mechanism, and by default it's not > enabled. Your configurations do not show any autocreate settings. > > Check the man page for imapd.conf(5) for details on this. In particular, > search for this: > > autocreate_post: 0 > If enabled, when lmtpd(8) receives an incoming mail for an > INBOX that does not exist, then the INBOX is > automatically created by lmtpd(8) and delivery of the message > continues. > > Also look into the 'autocreate_inbox_folders' setting, which may hold a > list of folders, such as Drafts, Sent, Trash, etc. to create along with > Inbox. > > Cheers, > -nic > > On 10/15/20 2:11 PM, Ezsra McDonald wrote: > > Well, I did not make any discoveries. I was trying not to make everyone > look at my configs but that seems to be my next step. > > FILE: /etc/saslauthd.conf > ------------------------------------------------------ > ldap_servers: ldap://ldap.example.com <http://ldap.xample.com> > ldap_search_base: ou=people,dc=example,dc=com > ldap_filter: uid=%U > > FILE: /etc/cyrus.conf > ------------------------------------------------------ > START { > # do not delete this entry! > recover cmd="ctl_cyrusdb -r" > } > SERVICES { > # add or remove based on preferences > imap cmd="imapd" listen="imap" prefork=5 > imaps cmd="imapd -s" listen="imaps" prefork=1 > # these are only necessary if receiving/exporting usenet via NNTP > # these are only necessary if using HTTP for CalDAV, CardDAV, or RSS > # at least one LMTP is required for delivery > lmtpunix cmd="lmtpd" listen="/var/lib/imap/socket/lmtp" prefork=1 > # this is only necessary if using notifications > } > EVENTS { > # this is required > checkpoint cmd="ctl_cyrusdb -c" period=30 > # this is only necessary if using duplicate delivery suppression, > # Sieve or NNTP > delprune cmd="cyr_expire -E 3" at=0400 > # Expire data older than 28 days. > deleteprune cmd="cyr_expire -E 4 -D 28" at=0430 > expungeprune cmd="cyr_expire -E 4 -X 28" at=0445 > # this is only necessary if caching TLS sessions > tlsprune cmd="tls_prune" at=0400 > } > DAEMON { > # this is only necessary if using idled for IMAP IDLE > } > > FILE: /etc/cyrus.conf > ------------------------------------------------------ > admins: cyrus > configdirectory: /var/lib/imap > proc_path: /var/lib/imap/proc > mboxname_lockpath: /var/lib/imap/lock > duplicate_db_path: /var/lib/imap/db/deliver.db > ptscache_db_path: /var/lib/imap/db/ptscache.db > statuscache_db_path: /var/lib/imap/db/statuscache.db > tls_sessions_db_path: /var/lib/imap/db/tls_sessions.db > defaultpartition: default > partition-default: /var/spool/imap > sievedir: /var/lib/imap/sieve > lmtpsocket: /var/lib/imap/socket/lmtp > idlesocket: /var/lib/imap/socket/idle > notifysocket: /var/lib/imap/socket/notify > syslog_prefix: cyrus > hashimapspool: true > virtdomains: off > popminpoll: 1 > conversations: 1 > conversations_db: twoskip > specialusealways: 1 > allowplaintext: 0 > sasl_pwcheck_method: saslauthd > sasl_auto_transition: no > tls_server_cert: /etc/pki/cyrus-imapd/cyrus-imapd.pem > tls_server_key: /etc/pki/cyrus-imapd/cyrus-imapd.key > tls_client_ca_dir: /etc/ssl/certs > tls_session_timeout: 1440 > tls_ciphers: > TLSv1+HIGH:!aNULL:!eNULL:!LOW:!MD5:!EXPORT:!DES:!3DES:!RC4:@STRENGTH > tls_prefer_server_ciphers: 1 > tls_versions: tls1_2 > allowanonymouslogin: no > serverinfo: off > > *Test login results:* > > Test SaslAuthd > ------------------------------------------------------ > ~$ testsaslauthd -u testuser -p 'NOT_FOR_DISPLAY' > 0: OK "Success." > > Test imap > ------------------------------------------------------ > ~$ imtest -m login -u testuser -a testuser -t "" localhost > S: * OK [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE STARTTLS LOGINDISABLED > AUTH=GSS-SPNEGO AUTH=GSSAPI SASL-IR] server ready > C: S01 STARTTLS > S: S01 OK Begin TLS negotiation now > verify error:num=18:self signed certificate > TLS connection established: TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 > (256/256 bits) > C: C01 CAPABILITY > S: * CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE ACL RIGHTS=kxten QUOTA > MAILBOX-REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT CHILDREN > MULTIAPPEND BINARY CATENATE CONDSTORE ESEARCH SEARCH=FUZZY SORT SORT=MODSEQ > SORT=DISPLAY SORT=UID THREAD=ORDEREDSUBJECT THREAD=REFERENCES THREAD=REFS > ANNOTATEMORE ANNOTATE-EXPERIMENT-1 METADATA LIST-EXTENDED LIST-STATUS > LIST-MYRIGHTS LIST-METADATA WITHIN QRESYNC SCAN XLIST XMOVE MOVE > SPECIAL-USE CREATE-SPECIAL-USE DIGEST=SHA1 X-REPLICATION URLAUTH > URLAUTH=BINARY AUTH=GSS-SPNEGO AUTH=GSSAPI AUTH=PLAIN AUTH=LOGIN SASL-IR > XCONVERSATIONS COMPRESS=DEFLATE X-QUOTA=STORAGE X-QUOTA=MESSAGE > X-QUOTA=X-ANNOTATION-STORAGE X-QUOTA=X-NUM-FOLDERS IDLE > S: C01 OK Completed > Please enter your password: > C: L01 LOGIN testuser {9} > S: + go ahead > C: <omitted> > S: L01 OK [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE ACL RIGHTS=kxten QUOTA > MAILBOX-REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT CHILDREN > MULTIAPPEND BINARY CATENATE CONDSTORE ESEARCH SEARCH=FUZZY SORT SORT=MODSEQ > SORT=DISPLAY SORT=UID THREAD=ORDEREDSUBJECT THREAD=REFERENCES THREAD=REFS > ANNOTATEMORE ANNOTATE-EXPERIMENT-1 METADATA LIST-EXTENDED LIST-STATUS > LIST-MYRIGHTS LIST-METADATA WITHIN QRESYNC SCAN XLIST XMOVE MOVE > SPECIAL-USE CREATE-SPECIAL-USE DIGEST=SHA1 X-REPLICATION URLAUTH > URLAUTH=BINARY LOGINDISABLED AUTH=GSS-SPNEGO AUTH=GSSAPI AUTH=PLAIN > AUTH=LOGIN XCONVERSATIONS COMPRESS=DEFLATE X-QUOTA=STORAGE X-QUOTA=MESSAGE > X-QUOTA=X-ANNOTATION-STORAGE X-QUOTA=X-NUM-FOLDERS IDLE] User logged in > SESSIONID=<cyrus-422568-1602786511-1-7349358803894201420> > Authenticated. > Security strength factor: 256 > ^CC: Q01 LOGOUT > Connection closed. > > Test LMTP > ------------------------------------------------------ > ~$ sudo -u postfix swaks --to [email protected] --socket > /var/lib/imap/socket/lmtp --protocol LMTP > [sudo] password for XXXXXXXX: > === Trying /var/lib/imap/socket/lmtp... > === Connected to /var/lib/imap/socket/lmtp. > <- 220 XXXXXXXXXXXXXXXXXXXXXXXXXX server ready > -> LHLO XXXXXXXXXXXXXXXXXXXXXXXXXX > <- 250-XXXXXXXXXXXXXXXXXXXXXXXXXX > <- 250-8BITMIME > <- 250-ENHANCEDSTATUSCODES > <- 250-PIPELINING > <- 250-SIZE > <- 250-AUTH EXTERNAL > <- 250-IGNOREQUOTA > <- 250 Ok SESSIONID=<cyrus-422719-1602786735-1-4293443568200236992> > -> MAIL FROM:<postfix@XXXXXXXXXXXXXXXXXXXXXXXXXX> > <- 250 2.1.0 ok > -> RCPT TO:<[email protected]> > <** 550-Mailbox unknown. Either there is no mailbox associated with this > <** 550-name or you do not have authorization to see it. > <** 550 5.1.1 User unknown > -> QUIT > <- 221 2.0.0 bye > === Connection closed with remote host. > > > *Notes*: > I did notice a difference in the LMTP response from our current production > system. The current production system includes the following in the > response: > > <- 250-STARTTLS > > I do not see that on the new system (Response shown above) with the same > configuration. Curious why or if that has anything to do with it. I am > using a self-signed cert on the new system for testing purposes. Is that > why? Do I need to tell LMTP to accept the cert somehow? > > Thanks > > -Ez > > On Thu, Oct 15, 2020 at 9:32 AM Ezsra McDonald <[email protected]> > wrote: > >> Sebastian, >> Thank you for the response. >> >> I have never heard of this tool but it looks interesting. I will give it >> a try. >> >> Will let you all know if I find anything. >> >> -Ez >> >> >> On Thu, Oct 15, 2020 at 9:28 AM Sebastian Hagedorn <[email protected]> >> wrote: >> >>> >>> Am 15.10.20 um 15:49 schrieb Ezsra McDonald: >>> > I wonder if there is a way to test LMTP manually to verify LMTP can >>> see >>> > the imap accounts? I have not done much with LMTP because it always >>> > worked for us in the past. >>> >>> My favorite tool for mail delivery testing is swaks. You can test LMTP >>> this way: >>> >>> swaks --to YOUR-TEST-USER --socket /var/lib/imap/socket/lmtp --protocol >>> LMTP >>> >>> -- >>> .:.Sebastian Hagedorn - Weyertal 121 (Gebäude 133), Zimmer 2.02.:. >>> .:.Regionales Rechenzentrum (RRZK).:. >>> .:.Universität zu Köln / Cologne University - ✆ +49-221-470-89578.:. >>> >>> *Cyrus <https://cyrus.topicbox.com/latest>* / Info / see discussions > <https://cyrus.topicbox.com/groups/info> + participants > <https://cyrus.topicbox.com/groups/info/members> + delivery options > <https://cyrus.topicbox.com/groups/info/subscription> Permalink > <https://cyrus.topicbox.com/groups/info/T11ac789bb1e97f39-M805fa17aba80742b308a908a> > > > -- > Nic Bernstein > [email protected]https://www.nicbernstein.comhttps://www.linkedin.com/in/nic-b-26577a178/ > > ------------------------------------------ Cyrus: Info Permalink: https://cyrus.topicbox.com/groups/info/T11ac789bb1e97f39-M5168df4341fd5ff249bd1f81 Delivery options: https://cyrus.topicbox.com/groups/info/subscription
