Nic, I am confused about unixhierarchysep.
I set it to off. LMTP could not find my testuser inbox when I created the account user.testuser. I set it to on. It still could not find the inbox which I expected. I left it set to on and created a new user, user/testuser. Now LMTP seems happy. I don't mind this setup however we would have to update our inhouse tools to handle this. Any idea why when unixhierarchysep is off I can't use the user.testuser syntax? Progress at least but I prefer not to make the developers modify all the code for inhouse tools. -Ez On Fri, Oct 16, 2020 at 10:09 AM Nic Bernstein <[email protected]> wrote: > Ezsra, > Have you read and followed all of the steps outlined in the Upgrade > documentation for 3.0? You can find them here: > > https://www.cyrusimap.org/3.0/imap/download/upgrade.html > > [Note: use that link, since the current stable version is 3.2, and simply > navigating the website will lead you to the newer version, not the 3.0 > which you're using.] > > If you haven't done these steps, as described, you may need to start > over. Pay special attention to steps 5 & 6, and follow the links within > for additional information on settings which have changed, like > 'unixhierarchysep:' and 'altnamespace:'. > > Cheers, > -nic > > On 10/16/20 9:56 AM, Ezsra McDonald wrote: > > Hi Nic! > > Here is some of the information you mentioned. > > We use the RPM packages from the yum repositories. > > Old Server: > OS: Oracle Linux 6.10 > Postfix: postfix-2.6.6-8 > Cyrus: cyrus-imapd-2.3.16-15 > > New Server: > OS: Centos 8.2.2004 > Postfix: postfix-3.3.1-12 > Cyrus: cyrus-imapd-3.0.7-16 > > Permissions on the inbox: > I did not have the "anyone p" ACL. I added that. I also add the "a" to the > testuser ACL. Neither of these helped. I also gave Cyrus the "All" ACLs on > the inbox. This made no difference. > localhost> lam user.testuser > cyrus lrswipkxtecda > testuser lrswipkxtecda > anyone p > > We do not use the autocreate feature. We create the accounts using an > inhouse tool. > > > > On Thu, Oct 15, 2020 at 7:07 PM Nic Bernstein <[email protected]> > wrote: > >> Ezsra, >> You haven't told us which versions of Cyrus you both were using, on the >> old server, and are now using, on the new server. A lot of things have >> changed between v2.X and 3.X, including many "default" settings. Also, >> whose builds of Cyrus are you using? Did you build your own, or did they >> come from repositories, or what? Again, this matters both for the old and >> new versions. >> >> Lastly, what are the permissions on the mailbox involved? As the admin >> user, use the "lam user/<username>" command in 'cyradm' to check this. The >> user's 'inbox', 'user/<username>' should have permissions like this: >> >> localhost> lam user/testuser >> anyone p >> testuser lrswipcda >> >> That "anyone p" is necessary for Posting permissions, allowing program >> delivery to the mailbox. >> >> And out of curiosity, does the mailbox actually exist? By default, newer >> Cyrus IMAPd do not autocreate mailboxes, or at least doesn't do so in the >> same way it used to. You mention EL6 and CentOS. Older Redhat-ish Cyrus >> packages included their own autocreate, which I believe was enabled by >> default. Now, in 3.X, there's a new mechanism, and by default it's not >> enabled. Your configurations do not show any autocreate settings. >> >> Check the man page for imapd.conf(5) for details on this. In particular, >> search for this: >> >> autocreate_post: 0 >> If enabled, when lmtpd(8) receives an incoming mail for an >> INBOX that does not exist, then the INBOX is >> automatically created by lmtpd(8) and delivery of the message >> continues. >> >> Also look into the 'autocreate_inbox_folders' setting, which may hold a >> list of folders, such as Drafts, Sent, Trash, etc. to create along with >> Inbox. >> >> Cheers, >> -nic >> >> On 10/15/20 2:11 PM, Ezsra McDonald wrote: >> >> Well, I did not make any discoveries. I was trying not to make everyone >> look at my configs but that seems to be my next step. >> >> FILE: /etc/saslauthd.conf >> ------------------------------------------------------ >> ldap_servers: ldap://ldap.example.com <http://ldap.xample.com> >> ldap_search_base: ou=people,dc=example,dc=com >> ldap_filter: uid=%U >> >> FILE: /etc/cyrus.conf >> ------------------------------------------------------ >> START { >> # do not delete this entry! >> recover cmd="ctl_cyrusdb -r" >> } >> SERVICES { >> # add or remove based on preferences >> imap cmd="imapd" listen="imap" prefork=5 >> imaps cmd="imapd -s" listen="imaps" prefork=1 >> # these are only necessary if receiving/exporting usenet via NNTP >> # these are only necessary if using HTTP for CalDAV, CardDAV, or RSS >> # at least one LMTP is required for delivery >> lmtpunix cmd="lmtpd" listen="/var/lib/imap/socket/lmtp" prefork=1 >> # this is only necessary if using notifications >> } >> EVENTS { >> # this is required >> checkpoint cmd="ctl_cyrusdb -c" period=30 >> # this is only necessary if using duplicate delivery suppression, >> # Sieve or NNTP >> delprune cmd="cyr_expire -E 3" at=0400 >> # Expire data older than 28 days. >> deleteprune cmd="cyr_expire -E 4 -D 28" at=0430 >> expungeprune cmd="cyr_expire -E 4 -X 28" at=0445 >> # this is only necessary if caching TLS sessions >> tlsprune cmd="tls_prune" at=0400 >> } >> DAEMON { >> # this is only necessary if using idled for IMAP IDLE >> } >> >> FILE: /etc/cyrus.conf >> ------------------------------------------------------ >> admins: cyrus >> configdirectory: /var/lib/imap >> proc_path: /var/lib/imap/proc >> mboxname_lockpath: /var/lib/imap/lock >> duplicate_db_path: /var/lib/imap/db/deliver.db >> ptscache_db_path: /var/lib/imap/db/ptscache.db >> statuscache_db_path: /var/lib/imap/db/statuscache.db >> tls_sessions_db_path: /var/lib/imap/db/tls_sessions.db >> defaultpartition: default >> partition-default: /var/spool/imap >> sievedir: /var/lib/imap/sieve >> lmtpsocket: /var/lib/imap/socket/lmtp >> idlesocket: /var/lib/imap/socket/idle >> notifysocket: /var/lib/imap/socket/notify >> syslog_prefix: cyrus >> hashimapspool: true >> virtdomains: off >> popminpoll: 1 >> conversations: 1 >> conversations_db: twoskip >> specialusealways: 1 >> allowplaintext: 0 >> sasl_pwcheck_method: saslauthd >> sasl_auto_transition: no >> tls_server_cert: /etc/pki/cyrus-imapd/cyrus-imapd.pem >> tls_server_key: /etc/pki/cyrus-imapd/cyrus-imapd.key >> tls_client_ca_dir: /etc/ssl/certs >> tls_session_timeout: 1440 >> tls_ciphers: >> TLSv1+HIGH:!aNULL:!eNULL:!LOW:!MD5:!EXPORT:!DES:!3DES:!RC4:@STRENGTH >> tls_prefer_server_ciphers: 1 >> tls_versions: tls1_2 >> allowanonymouslogin: no >> serverinfo: off >> >> *Test login results:* >> >> Test SaslAuthd >> ------------------------------------------------------ >> ~$ testsaslauthd -u testuser -p 'NOT_FOR_DISPLAY' >> 0: OK "Success." >> >> Test imap >> ------------------------------------------------------ >> ~$ imtest -m login -u testuser -a testuser -t "" localhost >> S: * OK [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE STARTTLS LOGINDISABLED >> AUTH=GSS-SPNEGO AUTH=GSSAPI SASL-IR] server ready >> C: S01 STARTTLS >> S: S01 OK Begin TLS negotiation now >> verify error:num=18:self signed certificate >> TLS connection established: TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 >> (256/256 bits) >> C: C01 CAPABILITY >> S: * CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE ACL RIGHTS=kxten QUOTA >> MAILBOX-REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT CHILDREN >> MULTIAPPEND BINARY CATENATE CONDSTORE ESEARCH SEARCH=FUZZY SORT SORT=MODSEQ >> SORT=DISPLAY SORT=UID THREAD=ORDEREDSUBJECT THREAD=REFERENCES THREAD=REFS >> ANNOTATEMORE ANNOTATE-EXPERIMENT-1 METADATA LIST-EXTENDED LIST-STATUS >> LIST-MYRIGHTS LIST-METADATA WITHIN QRESYNC SCAN XLIST XMOVE MOVE >> SPECIAL-USE CREATE-SPECIAL-USE DIGEST=SHA1 X-REPLICATION URLAUTH >> URLAUTH=BINARY AUTH=GSS-SPNEGO AUTH=GSSAPI AUTH=PLAIN AUTH=LOGIN SASL-IR >> XCONVERSATIONS COMPRESS=DEFLATE X-QUOTA=STORAGE X-QUOTA=MESSAGE >> X-QUOTA=X-ANNOTATION-STORAGE X-QUOTA=X-NUM-FOLDERS IDLE >> S: C01 OK Completed >> Please enter your password: >> C: L01 LOGIN testuser {9} >> S: + go ahead >> C: <omitted> >> S: L01 OK [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE ACL RIGHTS=kxten QUOTA >> MAILBOX-REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT CHILDREN >> MULTIAPPEND BINARY CATENATE CONDSTORE ESEARCH SEARCH=FUZZY SORT SORT=MODSEQ >> SORT=DISPLAY SORT=UID THREAD=ORDEREDSUBJECT THREAD=REFERENCES THREAD=REFS >> ANNOTATEMORE ANNOTATE-EXPERIMENT-1 METADATA LIST-EXTENDED LIST-STATUS >> LIST-MYRIGHTS LIST-METADATA WITHIN QRESYNC SCAN XLIST XMOVE MOVE >> SPECIAL-USE CREATE-SPECIAL-USE DIGEST=SHA1 X-REPLICATION URLAUTH >> URLAUTH=BINARY LOGINDISABLED AUTH=GSS-SPNEGO AUTH=GSSAPI AUTH=PLAIN >> AUTH=LOGIN XCONVERSATIONS COMPRESS=DEFLATE X-QUOTA=STORAGE X-QUOTA=MESSAGE >> X-QUOTA=X-ANNOTATION-STORAGE X-QUOTA=X-NUM-FOLDERS IDLE] User logged in >> SESSIONID=<cyrus-422568-1602786511-1-7349358803894201420> >> Authenticated. >> Security strength factor: 256 >> ^CC: Q01 LOGOUT >> Connection closed. >> >> Test LMTP >> ------------------------------------------------------ >> ~$ sudo -u postfix swaks --to [email protected] --socket >> /var/lib/imap/socket/lmtp --protocol LMTP >> [sudo] password for XXXXXXXX: >> === Trying /var/lib/imap/socket/lmtp... >> === Connected to /var/lib/imap/socket/lmtp. >> <- 220 XXXXXXXXXXXXXXXXXXXXXXXXXX server ready >> -> LHLO XXXXXXXXXXXXXXXXXXXXXXXXXX >> <- 250-XXXXXXXXXXXXXXXXXXXXXXXXXX >> <- 250-8BITMIME >> <- 250-ENHANCEDSTATUSCODES >> <- 250-PIPELINING >> <- 250-SIZE >> <- 250-AUTH EXTERNAL >> <- 250-IGNOREQUOTA >> <- 250 Ok SESSIONID=<cyrus-422719-1602786735-1-4293443568200236992> >> -> MAIL FROM:<postfix@XXXXXXXXXXXXXXXXXXXXXXXXXX> >> <- 250 2.1.0 ok >> -> RCPT TO:<[email protected]> >> <** 550-Mailbox unknown. Either there is no mailbox associated with this >> <** 550-name or you do not have authorization to see it. >> <** 550 5.1.1 User unknown >> -> QUIT >> <- 221 2.0.0 bye >> === Connection closed with remote host. >> >> >> *Notes*: >> I did notice a difference in the LMTP response from our current >> production system. The current production system includes the following in >> the response: >> >> <- 250-STARTTLS >> >> I do not see that on the new system (Response shown above) with the same >> configuration. Curious why or if that has anything to do with it. I am >> using a self-signed cert on the new system for testing purposes. Is that >> why? Do I need to tell LMTP to accept the cert somehow? >> >> Thanks >> >> -Ez >> >> On Thu, Oct 15, 2020 at 9:32 AM Ezsra McDonald <[email protected]> >> wrote: >> >>> Sebastian, >>> Thank you for the response. >>> >>> I have never heard of this tool but it looks interesting. I will give it >>> a try. >>> >>> Will let you all know if I find anything. >>> >>> -Ez >>> >>> >>> On Thu, Oct 15, 2020 at 9:28 AM Sebastian Hagedorn < >>> [email protected]> wrote: >>> >>>> >>>> Am 15.10.20 um 15:49 schrieb Ezsra McDonald: >>>> > I wonder if there is a way to test LMTP manually to verify LMTP can >>>> see >>>> > the imap accounts? I have not done much with LMTP because it always >>>> > worked for us in the past. >>>> >>>> My favorite tool for mail delivery testing is swaks. You can test LMTP >>>> this way: >>>> >>>> swaks --to YOUR-TEST-USER --socket /var/lib/imap/socket/lmtp --protocol >>>> LMTP >>>> >>>> -- >>>> .:.Sebastian Hagedorn - Weyertal 121 (Gebäude 133), Zimmer 2.02.:. >>>> .:.Regionales Rechenzentrum (RRZK).:. >>>> .:.Universität zu Köln / Cologne University - ✆ +49-221-470-89578.:. >>>> >>>> >> -- >> Nic Bernstein >> [email protected]https://www.nicbernstein.comhttps://www.linkedin.com/in/nic-b-26577a178/ >> >> *Cyrus <https://cyrus.topicbox.com/latest>* / Info / see discussions > <https://cyrus.topicbox.com/groups/info> + participants > <https://cyrus.topicbox.com/groups/info/members> + delivery options > <https://cyrus.topicbox.com/groups/info/subscription> Permalink > <https://cyrus.topicbox.com/groups/info/T11ac789bb1e97f39-M5168df4341fd5ff249bd1f81> > > > -- > Nic Bernstein > [email protected]https://www.nicbernstein.comhttps://www.linkedin.com/in/nic-b-26577a178/ > > ------------------------------------------ Cyrus: Info Permalink: https://cyrus.topicbox.com/groups/info/T11ac789bb1e97f39-Me2781cf1d8b3a113120f224e Delivery options: https://cyrus.topicbox.com/groups/info/subscription
