Thanks for the help Nic. I regenerated all my user accounts. Everything is testing out good.
Appreciate the assistance. -Ez On Fri, Oct 16, 2020 at 11:29 AM Nic Bernstein <[email protected]> wrote: > Ezsra, > You may need to examine your mailboxes.db to see what the system is > actually doing. Have you made any changes to 'altnamespace:'? > > For more information on the various namespaces, consult this document: > > https://www.cyrusimap.org/3.0/imap/concepts/features/namespaces.html > > To take a look at mailboxes.db, use the ctl_mboxlist(8) command, such as > (paths as on my server): > > $ sudo -u cyrus /usr/lib/cyrus/bin/ctl_mboxlist -d > > You'll see that in the mailboxes.db, the mailbox is still stored with the > dot delimiter, and a carrot "^" is used to represent any literal dot > characters present in a mailbox name. For example, "user.nic.my^mailbox" > in the DB represents "user/nic/my.mailbox" as seen via protocol. > > It sounds to me like you upgraded without taking the upgrade steps in the > necessary order, so your installation may be broken at this point. If > you're still in the testing phase, you may well find it easier to simply > start over; wipe the data on the new server and re-sync it (however you did > that). Otherwise you might be able to correct with a reconstruct(8) > command (read the docs, and mentions of reconstruct in the upgrade docs, > too). > > By the way, the version you're using, 3.07, is fairly old, even for the > 3.0 branch. You may want to look for more recent packages, now, before > making a bunch more work for yourself. The most recent version in 3.0 is > 3.0.14, or jump to 3.2.4. > > Cheers, > -nic > > > On 10/16/20 10:39 AM, Ezsra McDonald wrote: > > Nic, > > I am confused about unixhierarchysep. > > I set it to off. LMTP could not find my testuser inbox when I created the > account user.testuser. > > I set it to on. It still could not find the inbox which I expected. > > I left it set to on and created a new user, user/testuser. Now LMTP seems > happy. I don't mind this setup however we would have to update our inhouse > tools to handle this. > > Any idea why when unixhierarchysep is off I can't use the user.testuser > syntax? > > Progress at least but I prefer not to make the developers modify all the > code for inhouse tools. > > -Ez > > On Fri, Oct 16, 2020 at 10:09 AM Nic Bernstein <[email protected]> > wrote: > >> Ezsra, >> Have you read and followed all of the steps outlined in the Upgrade >> documentation for 3.0? You can find them here: >> >> https://www.cyrusimap.org/3.0/imap/download/upgrade.html >> >> [Note: use that link, since the current stable version is 3.2, and simply >> navigating the website will lead you to the newer version, not the 3.0 >> which you're using.] >> >> If you haven't done these steps, as described, you may need to start >> over. Pay special attention to steps 5 & 6, and follow the links within >> for additional information on settings which have changed, like >> 'unixhierarchysep:' and 'altnamespace:'. >> >> Cheers, >> -nic >> >> On 10/16/20 9:56 AM, Ezsra McDonald wrote: >> >> Hi Nic! >> >> Here is some of the information you mentioned. >> >> We use the RPM packages from the yum repositories. >> >> Old Server: >> OS: Oracle Linux 6.10 >> Postfix: postfix-2.6.6-8 >> Cyrus: cyrus-imapd-2.3.16-15 >> >> New Server: >> OS: Centos 8.2.2004 >> Postfix: postfix-3.3.1-12 >> Cyrus: cyrus-imapd-3.0.7-16 >> >> Permissions on the inbox: >> I did not have the "anyone p" ACL. I added that. I also add the "a" to >> the testuser ACL. Neither of these helped. I also gave Cyrus the "All" ACLs >> on the inbox. This made no difference. >> localhost> lam user.testuser >> cyrus lrswipkxtecda >> testuser lrswipkxtecda >> anyone p >> >> We do not use the autocreate feature. We create the accounts using an >> inhouse tool. >> >> >> >> On Thu, Oct 15, 2020 at 7:07 PM Nic Bernstein <[email protected]> >> wrote: >> >>> Ezsra, >>> You haven't told us which versions of Cyrus you both were using, on the >>> old server, and are now using, on the new server. A lot of things have >>> changed between v2.X and 3.X, including many "default" settings. Also, >>> whose builds of Cyrus are you using? Did you build your own, or did they >>> come from repositories, or what? Again, this matters both for the old and >>> new versions. >>> >>> Lastly, what are the permissions on the mailbox involved? As the admin >>> user, use the "lam user/<username>" command in 'cyradm' to check this. The >>> user's 'inbox', 'user/<username>' should have permissions like this: >>> >>> localhost> lam user/testuser >>> anyone p >>> testuser lrswipcda >>> >>> That "anyone p" is necessary for Posting permissions, allowing program >>> delivery to the mailbox. >>> >>> And out of curiosity, does the mailbox actually exist? By default, >>> newer Cyrus IMAPd do not autocreate mailboxes, or at least doesn't do so in >>> the same way it used to. You mention EL6 and CentOS. Older Redhat-ish >>> Cyrus packages included their own autocreate, which I believe was enabled >>> by default. Now, in 3.X, there's a new mechanism, and by default it's not >>> enabled. Your configurations do not show any autocreate settings. >>> >>> Check the man page for imapd.conf(5) for details on this. In >>> particular, search for this: >>> >>> autocreate_post: 0 >>> If enabled, when lmtpd(8) receives an incoming mail for an >>> INBOX that does not exist, then the INBOX is >>> automatically created by lmtpd(8) and delivery of the message >>> continues. >>> >>> Also look into the 'autocreate_inbox_folders' setting, which may hold a >>> list of folders, such as Drafts, Sent, Trash, etc. to create along with >>> Inbox. >>> >>> Cheers, >>> -nic >>> >>> On 10/15/20 2:11 PM, Ezsra McDonald wrote: >>> >>> Well, I did not make any discoveries. I was trying not to make everyone >>> look at my configs but that seems to be my next step. >>> >>> FILE: /etc/saslauthd.conf >>> ------------------------------------------------------ >>> ldap_servers: ldap://ldap.example.com <http://ldap.xample.com> >>> ldap_search_base: ou=people,dc=example,dc=com >>> ldap_filter: uid=%U >>> >>> FILE: /etc/cyrus.conf >>> ------------------------------------------------------ >>> START { >>> # do not delete this entry! >>> recover cmd="ctl_cyrusdb -r" >>> } >>> SERVICES { >>> # add or remove based on preferences >>> imap cmd="imapd" listen="imap" prefork=5 >>> imaps cmd="imapd -s" listen="imaps" prefork=1 >>> # these are only necessary if receiving/exporting usenet via NNTP >>> # these are only necessary if using HTTP for CalDAV, CardDAV, or RSS >>> # at least one LMTP is required for delivery >>> lmtpunix cmd="lmtpd" listen="/var/lib/imap/socket/lmtp" prefork=1 >>> # this is only necessary if using notifications >>> } >>> EVENTS { >>> # this is required >>> checkpoint cmd="ctl_cyrusdb -c" period=30 >>> # this is only necessary if using duplicate delivery suppression, >>> # Sieve or NNTP >>> delprune cmd="cyr_expire -E 3" at=0400 >>> # Expire data older than 28 days. >>> deleteprune cmd="cyr_expire -E 4 -D 28" at=0430 >>> expungeprune cmd="cyr_expire -E 4 -X 28" at=0445 >>> # this is only necessary if caching TLS sessions >>> tlsprune cmd="tls_prune" at=0400 >>> } >>> DAEMON { >>> # this is only necessary if using idled for IMAP IDLE >>> } >>> >>> FILE: /etc/cyrus.conf >>> ------------------------------------------------------ >>> admins: cyrus >>> configdirectory: /var/lib/imap >>> proc_path: /var/lib/imap/proc >>> mboxname_lockpath: /var/lib/imap/lock >>> duplicate_db_path: /var/lib/imap/db/deliver.db >>> ptscache_db_path: /var/lib/imap/db/ptscache.db >>> statuscache_db_path: /var/lib/imap/db/statuscache.db >>> tls_sessions_db_path: /var/lib/imap/db/tls_sessions.db >>> defaultpartition: default >>> partition-default: /var/spool/imap >>> sievedir: /var/lib/imap/sieve >>> lmtpsocket: /var/lib/imap/socket/lmtp >>> idlesocket: /var/lib/imap/socket/idle >>> notifysocket: /var/lib/imap/socket/notify >>> syslog_prefix: cyrus >>> hashimapspool: true >>> virtdomains: off >>> popminpoll: 1 >>> conversations: 1 >>> conversations_db: twoskip >>> specialusealways: 1 >>> allowplaintext: 0 >>> sasl_pwcheck_method: saslauthd >>> sasl_auto_transition: no >>> tls_server_cert: /etc/pki/cyrus-imapd/cyrus-imapd.pem >>> tls_server_key: /etc/pki/cyrus-imapd/cyrus-imapd.key >>> tls_client_ca_dir: /etc/ssl/certs >>> tls_session_timeout: 1440 >>> tls_ciphers: >>> TLSv1+HIGH:!aNULL:!eNULL:!LOW:!MD5:!EXPORT:!DES:!3DES:!RC4:@STRENGTH >>> tls_prefer_server_ciphers: 1 >>> tls_versions: tls1_2 >>> allowanonymouslogin: no >>> serverinfo: off >>> >>> *Test login results:* >>> >>> Test SaslAuthd >>> ------------------------------------------------------ >>> ~$ testsaslauthd -u testuser -p 'NOT_FOR_DISPLAY' >>> 0: OK "Success." >>> >>> Test imap >>> ------------------------------------------------------ >>> ~$ imtest -m login -u testuser -a testuser -t "" localhost >>> S: * OK [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE STARTTLS LOGINDISABLED >>> AUTH=GSS-SPNEGO AUTH=GSSAPI SASL-IR] server ready >>> C: S01 STARTTLS >>> S: S01 OK Begin TLS negotiation now >>> verify error:num=18:self signed certificate >>> TLS connection established: TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 >>> (256/256 bits) >>> C: C01 CAPABILITY >>> S: * CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE ACL RIGHTS=kxten QUOTA >>> MAILBOX-REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT CHILDREN >>> MULTIAPPEND BINARY CATENATE CONDSTORE ESEARCH SEARCH=FUZZY SORT SORT=MODSEQ >>> SORT=DISPLAY SORT=UID THREAD=ORDEREDSUBJECT THREAD=REFERENCES THREAD=REFS >>> ANNOTATEMORE ANNOTATE-EXPERIMENT-1 METADATA LIST-EXTENDED LIST-STATUS >>> LIST-MYRIGHTS LIST-METADATA WITHIN QRESYNC SCAN XLIST XMOVE MOVE >>> SPECIAL-USE CREATE-SPECIAL-USE DIGEST=SHA1 X-REPLICATION URLAUTH >>> URLAUTH=BINARY AUTH=GSS-SPNEGO AUTH=GSSAPI AUTH=PLAIN AUTH=LOGIN SASL-IR >>> XCONVERSATIONS COMPRESS=DEFLATE X-QUOTA=STORAGE X-QUOTA=MESSAGE >>> X-QUOTA=X-ANNOTATION-STORAGE X-QUOTA=X-NUM-FOLDERS IDLE >>> S: C01 OK Completed >>> Please enter your password: >>> C: L01 LOGIN testuser {9} >>> S: + go ahead >>> C: <omitted> >>> S: L01 OK [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE ACL RIGHTS=kxten >>> QUOTA MAILBOX-REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT >>> CHILDREN MULTIAPPEND BINARY CATENATE CONDSTORE ESEARCH SEARCH=FUZZY SORT >>> SORT=MODSEQ SORT=DISPLAY SORT=UID THREAD=ORDEREDSUBJECT THREAD=REFERENCES >>> THREAD=REFS ANNOTATEMORE ANNOTATE-EXPERIMENT-1 METADATA LIST-EXTENDED >>> LIST-STATUS LIST-MYRIGHTS LIST-METADATA WITHIN QRESYNC SCAN XLIST XMOVE >>> MOVE SPECIAL-USE CREATE-SPECIAL-USE DIGEST=SHA1 X-REPLICATION URLAUTH >>> URLAUTH=BINARY LOGINDISABLED AUTH=GSS-SPNEGO AUTH=GSSAPI AUTH=PLAIN >>> AUTH=LOGIN XCONVERSATIONS COMPRESS=DEFLATE X-QUOTA=STORAGE X-QUOTA=MESSAGE >>> X-QUOTA=X-ANNOTATION-STORAGE X-QUOTA=X-NUM-FOLDERS IDLE] User logged in >>> SESSIONID=<cyrus-422568-1602786511-1-7349358803894201420> >>> Authenticated. >>> Security strength factor: 256 >>> ^CC: Q01 LOGOUT >>> Connection closed. >>> >>> Test LMTP >>> ------------------------------------------------------ >>> ~$ sudo -u postfix swaks --to [email protected] --socket >>> /var/lib/imap/socket/lmtp --protocol LMTP >>> [sudo] password for XXXXXXXX: >>> === Trying /var/lib/imap/socket/lmtp... >>> === Connected to /var/lib/imap/socket/lmtp. >>> <- 220 XXXXXXXXXXXXXXXXXXXXXXXXXX server ready >>> -> LHLO XXXXXXXXXXXXXXXXXXXXXXXXXX >>> <- 250-XXXXXXXXXXXXXXXXXXXXXXXXXX >>> <- 250-8BITMIME >>> <- 250-ENHANCEDSTATUSCODES >>> <- 250-PIPELINING >>> <- 250-SIZE >>> <- 250-AUTH EXTERNAL >>> <- 250-IGNOREQUOTA >>> <- 250 Ok SESSIONID=<cyrus-422719-1602786735-1-4293443568200236992> >>> -> MAIL FROM:<postfix@XXXXXXXXXXXXXXXXXXXXXXXXXX> >>> <- 250 2.1.0 ok >>> -> RCPT TO:<[email protected]> >>> <** 550-Mailbox unknown. Either there is no mailbox associated with this >>> <** 550-name or you do not have authorization to see it. >>> <** 550 5.1.1 User unknown >>> -> QUIT >>> <- 221 2.0.0 bye >>> === Connection closed with remote host. >>> >>> >>> *Notes*: >>> I did notice a difference in the LMTP response from our current >>> production system. The current production system includes the following in >>> the response: >>> >>> <- 250-STARTTLS >>> >>> I do not see that on the new system (Response shown above) with the same >>> configuration. Curious why or if that has anything to do with it. I am >>> using a self-signed cert on the new system for testing purposes. Is that >>> why? Do I need to tell LMTP to accept the cert somehow? >>> >>> Thanks >>> >>> -Ez >>> >>> On Thu, Oct 15, 2020 at 9:32 AM Ezsra McDonald <[email protected]> >>> wrote: >>> >>>> Sebastian, >>>> Thank you for the response. >>>> >>>> I have never heard of this tool but it looks interesting. I will give >>>> it a try. >>>> >>>> Will let you all know if I find anything. >>>> >>>> -Ez >>>> >>>> >>>> On Thu, Oct 15, 2020 at 9:28 AM Sebastian Hagedorn < >>>> [email protected]> wrote: >>>> >>>>> >>>>> Am 15.10.20 um 15:49 schrieb Ezsra McDonald: >>>>> > I wonder if there is a way to test LMTP manually to verify LMTP can >>>>> see >>>>> > the imap accounts? I have not done much with LMTP because it always >>>>> > worked for us in the past. >>>>> >>>>> My favorite tool for mail delivery testing is swaks. You can test LMTP >>>>> this way: >>>>> >>>>> swaks --to YOUR-TEST-USER --socket /var/lib/imap/socket/lmtp >>>>> --protocol LMTP >>>>> >>>>> -- >>>>> .:.Sebastian Hagedorn - Weyertal 121 (Gebäude 133), Zimmer 2.02.:. >>>>> .:.Regionales Rechenzentrum (RRZK).:. >>>>> .:.Universität zu Köln / Cologne University - ✆ +49-221-470-89578.:. >>>>> >>>>> >>> -- >>> Nic Bernstein >>> [email protected]https://www.nicbernstein.comhttps://www.linkedin.com/in/nic-b-26577a178/ >>> >>> *Cyrus <https://cyrus.topicbox.com/latest>* / Info / see discussions >> <https://cyrus.topicbox.com/groups/info> + participants >> <https://cyrus.topicbox.com/groups/info/members> + delivery options >> <https://cyrus.topicbox.com/groups/info/subscription> Permalink >> <https://cyrus.topicbox.com/groups/info/T11ac789bb1e97f39-M5168df4341fd5ff249bd1f81> >> >> >> -- >> Nic Bernstein >> [email protected]https://www.nicbernstein.comhttps://www.linkedin.com/in/nic-b-26577a178/ >> >> > -- > Nic Bernstein > [email protected]https://www.nicbernstein.comhttps://www.linkedin.com/in/nic-b-26577a178/ > > ------------------------------------------ Cyrus: Info Permalink: https://cyrus.topicbox.com/groups/info/T21b8f6684b22530e-M01349e98be55f284b8a850b8 Delivery options: https://cyrus.topicbox.com/groups/info/subscription
