Ezsra,
Have you read and followed all of the steps outlined in the Upgrade
documentation for 3.0? You can find them here:
https://www.cyrusimap.org/3.0/imap/download/upgrade.html
[Note: use that link, since the current stable version is 3.2, and
simply navigating the website will lead you to the newer version, not
the 3.0 which you're using.]
If you haven't done these steps, as described, you may need to start
over. Pay special attention to steps 5 & 6, and follow the links within
for additional information on settings which have changed, like
'unixhierarchysep:' and 'altnamespace:'.
Cheers,
-nic
On 10/16/20 9:56 AM, Ezsra McDonald wrote:
Hi Nic!
Here is some of the information you mentioned.
We use the RPM packages from the yum repositories.
Old Server:
OS: Oracle Linux 6.10
Postfix: postfix-2.6.6-8
Cyrus: cyrus-imapd-2.3.16-15
New Server:
OS: Centos 8.2.2004
Postfix: postfix-3.3.1-12
Cyrus: cyrus-imapd-3.0.7-16
Permissions on the inbox:
I did not have the "anyone p" ACL. I added that. I also add the "a" to
the testuser ACL. Neither of these helped. I also gave Cyrus the "All"
ACLs on the inbox. This made no difference.
localhost> lam user.testuser
cyrus lrswipkxtecda
testuser lrswipkxtecda
anyone p
We do not use the autocreate feature. We create the accounts using an
inhouse tool.
On Thu, Oct 15, 2020 at 7:07 PM Nic Bernstein <[email protected]
<mailto:[email protected]>> wrote:
Ezsra,
You haven't told us which versions of Cyrus you both were using,
on the old server, and are now using, on the new server. A lot of
things have changed between v2.X and 3.X, including many "default"
settings. Also, whose builds of Cyrus are you using? Did you
build your own, or did they come from repositories, or what?
Again, this matters both for the old and new versions.
Lastly, what are the permissions on the mailbox involved? As the
admin user, use the "lam user/<username>" command in 'cyradm' to
check this. The user's 'inbox', 'user/<username>' should have
permissions like this:
localhost> lam user/testuser
anyone p
testuser lrswipcda
That "anyone p" is necessary for Posting permissions, allowing
program delivery to the mailbox.
And out of curiosity, does the mailbox actually exist? By default,
newer Cyrus IMAPd do not autocreate mailboxes, or at least doesn't
do so in the same way it used to. You mention EL6 and CentOS.
Older Redhat-ish Cyrus packages included their own autocreate,
which I believe was enabled by default. Now, in 3.X, there's a
new mechanism, and by default it's not enabled. Your
configurations do not show any autocreate settings.
Check the man page for imapd.conf(5) for details on this. In
particular, search for this:
autocreate_post: 0
If enabled, when lmtpd(8) receives an incoming mail for an
INBOX that does not exist, then the INBOX is
automatically created by lmtpd(8) and delivery of the
message continues.
Also look into the 'autocreate_inbox_folders' setting, which may
hold a list of folders, such as Drafts, Sent, Trash, etc. to
create along with Inbox.
Cheers,
-nic
On 10/15/20 2:11 PM, Ezsra McDonald wrote:
Well, I did not make any discoveries. I was trying not to make
everyone look at my configs but that seems to be my next step.
FILE: /etc/saslauthd.conf
------------------------------------------------------
ldap_servers: ldap://ldap.example.com <http://ldap.xample.com>
ldap_search_base: ou=people,dc=example,dc=com
ldap_filter: uid=%U
FILE: /etc/cyrus.conf
------------------------------------------------------
START {
# do not delete this entry!
recover cmd="ctl_cyrusdb -r"
}
SERVICES {
# add or remove based on preferences
imap cmd="imapd" listen="imap" prefork=5
imaps cmd="imapd -s" listen="imaps" prefork=1
# these are only necessary if receiving/exporting usenet via NNTP
# these are only necessary if using HTTP for CalDAV, CardDAV,
or RSS
# at least one LMTP is required for delivery
lmtpunix cmd="lmtpd" listen="/var/lib/imap/socket/lmtp"
prefork=1
# this is only necessary if using notifications
}
EVENTS {
# this is required
checkpoint cmd="ctl_cyrusdb -c" period=30
# this is only necessary if using duplicate delivery suppression,
# Sieve or NNTP
delprune cmd="cyr_expire -E 3" at=0400
# Expire data older than 28 days.
deleteprune cmd="cyr_expire -E 4 -D 28" at=0430
expungeprune cmd="cyr_expire -E 4 -X 28" at=0445
# this is only necessary if caching TLS sessions
tlsprune cmd="tls_prune" at=0400
}
DAEMON {
# this is only necessary if using idled for IMAP IDLE
}
FILE: /etc/cyrus.conf
------------------------------------------------------
admins: cyrus
configdirectory: /var/lib/imap
proc_path: /var/lib/imap/proc
mboxname_lockpath: /var/lib/imap/lock
duplicate_db_path: /var/lib/imap/db/deliver.db
ptscache_db_path: /var/lib/imap/db/ptscache.db
statuscache_db_path: /var/lib/imap/db/statuscache.db
tls_sessions_db_path: /var/lib/imap/db/tls_sessions.db
defaultpartition: default
partition-default: /var/spool/imap
sievedir: /var/lib/imap/sieve
lmtpsocket: /var/lib/imap/socket/lmtp
idlesocket: /var/lib/imap/socket/idle
notifysocket: /var/lib/imap/socket/notify
syslog_prefix: cyrus
hashimapspool: true
virtdomains: off
popminpoll: 1
conversations: 1
conversations_db: twoskip
specialusealways: 1
allowplaintext: 0
sasl_pwcheck_method: saslauthd
sasl_auto_transition: no
tls_server_cert: /etc/pki/cyrus-imapd/cyrus-imapd.pem
tls_server_key: /etc/pki/cyrus-imapd/cyrus-imapd.key
tls_client_ca_dir: /etc/ssl/certs
tls_session_timeout: 1440
tls_ciphers:
TLSv1+HIGH:!aNULL:!eNULL:!LOW:!MD5:!EXPORT:!DES:!3DES:!RC4:@STRENGTH
tls_prefer_server_ciphers: 1
tls_versions: tls1_2
allowanonymouslogin: no
serverinfo: off
*Test login results:*
Test SaslAuthd*
*
------------------------------------------------------
~$ testsaslauthd -u testuser -p 'NOT_FOR_DISPLAY'
0: OK "Success."
Test imap
------------------------------------------------------
~$ imtest -m login -u testuser -a testuser -t "" localhost
S: * OK [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE STARTTLS
LOGINDISABLED AUTH=GSS-SPNEGO AUTH=GSSAPI SASL-IR] server ready
C: S01 STARTTLS
S: S01 OK Begin TLS negotiation now
verify error:num=18:self signed certificate
TLS connection established: TLSv1.3 with cipher
TLS_AES_256_GCM_SHA384 (256/256 bits)
C: C01 CAPABILITY
S: * CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE ACL RIGHTS=kxten
QUOTA MAILBOX-REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME
UNSELECT CHILDREN MULTIAPPEND BINARY CATENATE CONDSTORE ESEARCH
SEARCH=FUZZY SORT SORT=MODSEQ SORT=DISPLAY SORT=UID
THREAD=ORDEREDSUBJECT THREAD=REFERENCES THREAD=REFS ANNOTATEMORE
ANNOTATE-EXPERIMENT-1 METADATA LIST-EXTENDED LIST-STATUS
LIST-MYRIGHTS LIST-METADATA WITHIN QRESYNC SCAN XLIST XMOVE MOVE
SPECIAL-USE CREATE-SPECIAL-USE DIGEST=SHA1 X-REPLICATION URLAUTH
URLAUTH=BINARY AUTH=GSS-SPNEGO AUTH=GSSAPI AUTH=PLAIN AUTH=LOGIN
SASL-IR XCONVERSATIONS COMPRESS=DEFLATE X-QUOTA=STORAGE
X-QUOTA=MESSAGE X-QUOTA=X-ANNOTATION-STORAGE
X-QUOTA=X-NUM-FOLDERS IDLE
S: C01 OK Completed
Please enter your password:
C: L01 LOGIN testuser {9}
S: + go ahead
C: <omitted>
S: L01 OK [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE ACL
RIGHTS=kxten QUOTA MAILBOX-REFERRALS NAMESPACE UIDPLUS
NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY CATENATE
CONDSTORE ESEARCH SEARCH=FUZZY SORT SORT=MODSEQ SORT=DISPLAY
SORT=UID THREAD=ORDEREDSUBJECT THREAD=REFERENCES THREAD=REFS
ANNOTATEMORE ANNOTATE-EXPERIMENT-1 METADATA LIST-EXTENDED
LIST-STATUS LIST-MYRIGHTS LIST-METADATA WITHIN QRESYNC SCAN XLIST
XMOVE MOVE SPECIAL-USE CREATE-SPECIAL-USE DIGEST=SHA1
X-REPLICATION URLAUTH URLAUTH=BINARY LOGINDISABLED
AUTH=GSS-SPNEGO AUTH=GSSAPI AUTH=PLAIN AUTH=LOGIN XCONVERSATIONS
COMPRESS=DEFLATE X-QUOTA=STORAGE X-QUOTA=MESSAGE
X-QUOTA=X-ANNOTATION-STORAGE X-QUOTA=X-NUM-FOLDERS IDLE] User
logged in SESSIONID=<cyrus-422568-1602786511-1-7349358803894201420>
Authenticated.
Security strength factor: 256
^CC: Q01 LOGOUT
Connection closed.
Test LMTP
------------------------------------------------------
~$ sudo -u postfix swaks --to [email protected]
<mailto:[email protected]> --socket /var/lib/imap/socket/lmtp
--protocol LMTP
[sudo] password for XXXXXXXX:
=== Trying /var/lib/imap/socket/lmtp...
=== Connected to /var/lib/imap/socket/lmtp.
<- 220 XXXXXXXXXXXXXXXXXXXXXXXXXX server ready
-> LHLO XXXXXXXXXXXXXXXXXXXXXXXXXX
<- 250-XXXXXXXXXXXXXXXXXXXXXXXXXX
<- 250-8BITMIME
<- 250-ENHANCEDSTATUSCODES
<- 250-PIPELINING
<- 250-SIZE
<- 250-AUTH EXTERNAL
<- 250-IGNOREQUOTA
<- 250 Ok SESSIONID=<cyrus-422719-1602786735-1-4293443568200236992>
-> MAIL FROM:<postfix@XXXXXXXXXXXXXXXXXXXXXXXXXX>
<- 250 2.1.0 ok
-> RCPT TO:<[email protected] <mailto:[email protected]>>
<** 550-Mailbox unknown. Either there is no mailbox associated
with this
<** 550-name or you do not have authorization to see it.
<** 550 5.1.1 User unknown
-> QUIT
<- 221 2.0.0 bye
=== Connection closed with remote host.
*Notes*:
I did notice a difference in the LMTP response from our current
production system. The current production system includes the
following in the response:
<- 250-STARTTLS
I do not see that on the new system (Response shown above) with
the same configuration. Curious why or if that has anything to do
with it. I am using a self-signed cert on the new system for
testing purposes. Is that why? Do I need to tell LMTP to accept
the cert somehow?
Thanks
-Ez
On Thu, Oct 15, 2020 at 9:32 AM Ezsra McDonald
<[email protected] <mailto:[email protected]>> wrote:
Sebastian,
Thank you for the response.
I have never heard of this tool but it looks interesting. I
will give it a try.
Will let you all know if I find anything.
-Ez
On Thu, Oct 15, 2020 at 9:28 AM Sebastian Hagedorn
<[email protected] <mailto:[email protected]>> wrote:
Am 15.10.20 um 15:49 schrieb Ezsra McDonald:
> I wonder if there is a way to test LMTP manually to
verify LMTP can see
> the imap accounts? I have not done much with LMTP
because it always
> worked for us in the past.
My favorite tool for mail delivery testing is swaks. You
can test LMTP
this way:
swaks --to YOUR-TEST-USER --socket
/var/lib/imap/socket/lmtp --protocol LMTP
--
.:.Sebastian Hagedorn - Weyertal 121 (Gebäude 133),
Zimmer 2.02.:.
.:.Regionales Rechenzentrum (RRZK).:.
.:.Universität zu Köln / Cologne University - ✆
+49-221-470-89578.:.
--
Nic [email protected] <mailto:[email protected]>
https://www.nicbernstein.com
https://www.linkedin.com/in/nic-b-26577a178/
*Cyrus <https://cyrus.topicbox.com/latest>* / Info / see discussions
<https://cyrus.topicbox.com/groups/info> + participants
<https://cyrus.topicbox.com/groups/info/members> + delivery options
<https://cyrus.topicbox.com/groups/info/subscription> Permalink
<https://cyrus.topicbox.com/groups/info/T11ac789bb1e97f39-M5168df4341fd5ff249bd1f81>
--
Nic Bernstein [email protected]
https://www.nicbernstein.com
https://www.linkedin.com/in/nic-b-26577a178/
------------------------------------------
Cyrus: Info
Permalink:
https://cyrus.topicbox.com/groups/info/T11ac789bb1e97f39-M9a11f08fbea261696d868bf7
Delivery options: https://cyrus.topicbox.com/groups/info/subscription
