Re: [CentOS] cyrus: socket options
On 03/16/2018 10:21 PM, Alexander Dalloz wrote: Am 16.03.2018 um 13:07 schrieb hw: [...] # lmtp cmd="lmtpd -a" listen="lmtp:127.0.0.1" prefork=4 lmtpunix cmd="lmtpd -a" listen="/var/lib/imap/socket/lmtp" prefork=4 [...] Both definitions are wrong: 1) the lmtp line man cyrus.conf listen= The UNIX or internet socket to listen on. This string field is required and takes one of the following forms: path [ host : ] port So listen="lmtp:127.0.0.1" is utterly nonsense. It would be listen="127.0.0.1:lmtp" if you want to restrict access to localhost. Right, that must have come from all the experimentation and gone unnoticed. 2) the lmtpunix line man lmtpd -a Preauthorize connections initiated on an internet socket, instead of requiring LMTP AUTH. This should only be used for connections coming from trusted hosts. So no pre-auth on the unix socket. I read it such that '-a' means I don´t need to worry about authorization. Do you mean to say it should only be used when the socket is not a file? If that is so, the manpage should say that, and it should say what the option does when the socket is a file. Maybe it´s ignored for files, maybe it breaks stuff. The manpage does not say that authorization is omitted when the socket is a file, so what does it actually say? And why do you define a prefork of 4? Why not? The server has 4 cores, and I haven´t read any suggestions yet about how many processes should be preforked. I can imagine it might not make sense or not work at all when the socket is a file and that it might not make sense when the socket is not a file because there are no other hosts connecting. IIRC exim can spawn processes to do deliveries, so it might yet make sense despite no other hosts connect. Alexander ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] cyrus: socket options
On 03/16/2018 08:14 PM, Alexander Dalloz wrote:
Am 16.03.2018 um 13:07 schrieb hw:
Hi,
what are the following messages supposed to tell me and does this
indicate a problem?
# systemctl status cyrus-imapd
[...]
master[3766]: unable to setsocketopt(IP_TOS): Operation not supported
master[3766]: unable to setsocketopt(IP_TOS): Operation not supported
[...]
That's cyrus-imapd itself failing and has nothing to do with Exim.
Well, it probably means that a socket option can not be set. That can
mean that the socket can not be used at all or that the socket can be
used just not as well.
That socket option makes it so that the TOS bit on all packets is being
set. I don´t see how that would be required here, so maybe the socket
works nonetheless.
Exim says it can not connect to the lmtp socket even when selinux
doesn´t get in the way. The configuration looks like this:
cyrus.conf (none of the two options work):
[...]
# lmtp cmd="lmtpd -a" listen="lmtp:127.0.0.1" prefork=4
lmtpunix cmd="lmtpd -a" listen="/var/lib/imap/socket/lmtp"
prefork=4
[...]
Providing just a snipped from the complete configuration of cyrus-imapd
is insufficient.
It´s currently this:
# standard standalone server implementation
START {
# do not delete this entry!
recover cmd="ctl_cyrusdb -r"
# this is only necessary if using idled for IMAP IDLE
idled cmd="idled"
}
# UNIX sockets start with a slash and are put into /var/lib/imap/sockets
SERVICES {
# add or remove based on preferences
# imapcmd="imapd" listen="127.0.0.1:imap" prefork=2
imaps cmd="imapd -s" listen="imaps" prefork=1
# pop3cmd="pop3d" listen="pop3" prefork=3
# pop3s cmd="pop3d -s" listen="pop3s" prefork=1
sieve cmd="timsieved" listen="gupta:sieve" prefork=0
# managesieve cmd="timsieved" listen="gupta:sieve" prefork=0
# sieve cmd="timsieved" listen="4190" prefork=1
# these are only necessary if receiving/exporting usenet via NNTP
# nntp cmd="nntpd" listen="nntp" prefork=3
# nntps cmd="nntpd -s" listen="nntps" prefork=1
# at least one LMTP is required for delivery
lmtp cmd="lmtpd -a" listen="lmtp" prefork=1
# lmtpunixcmd="lmtpd -a" listen="/var/lib/imap/socket/lmtp"
prefork=1
# this is only necessary if using notifications
notifycmd="notifyd" listen="/var/lib/imap/socket/notify"
proto="udp" prefork=1
}
EVENTS {
# this is required
checkpointcmd="ctl_cyrusdb -c" period=30
# this is only necessary if using duplicate delivery suppression,
# Sieve or NNTP
delprune cmd="cyr_expire -E 3" at=0400
# this is only necessary if caching TLS sessions
tlsprune cmd="tls_prune" at=0400
}
Apparently exim can not use the lmtp socket because of a permissions
problem. Not using the socket works except that timsieved appears not
to be able to find any authentication mechanics. I can connect to it
but not authenticate:
# sivtest -u hw -v gupta
S: "IMPLEMENTATION" "Cyrus timsieved v2.4.17-Fedora-RPM-2.4.17-13.el7"
S: "SIEVE" "comparator-i;ascii-numeric fileinto reject vacation
imapflags notify envelope relational regex subaddress copy"
S: "STARTTLS"
S: "UNAUTHENTICATE"
S: OK
Authentication failed. generic failure
Security strength factor: 0
logout
OK "Logout Complete"
Connection closed.
I didn´t get to figure this out yet.
exim.conf:
[...]
begin transports
# cyrus_ltcp:
# driver = smtp
# protocol = lmtp
# delivery_date_add
# envelope_to_add
# return_path_add
# hosts = localhost
# allow_localhost
lmtp_socket:
driver = lmtp
socket = /var/lib/imap/socket/lmtp
delivery_date_add
envelope_to_add
return_path_add
# ls -la /var/lib/imap/socket/lmtp
srwxrwxrwx. 1 root root 0 Mar 16 12:58 /var/lib/imap/socket/lmtp
I have this working on the old server (which doesn´t run Centos) and
am trying to migrate it to the new one (which runs Centos 7.4). The
version of cyrus and sasl are the same on both machines.
So cyrus-imapd and cyrus-sasl are not the ones shipped by CentOS?
They are from packages installed by yum and just happen to be the same
versions as on the old server. I can´t tell if the same compiling
options were used, though.
What´s the problem with Centos that these things don´t just work as
they usually do?
It works on CentOS, I can assure you that.
Hopefully so ...
Alexander
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] cyrus: socket options
Am 16.03.2018 um 13:07 schrieb hw: [...] # lmtp cmd="lmtpd -a" listen="lmtp:127.0.0.1" prefork=4 lmtpunix cmd="lmtpd -a" listen="/var/lib/imap/socket/lmtp" prefork=4 [...] Both definitions are wrong: 1) the lmtp line man cyrus.conf listen= The UNIX or internet socket to listen on. This string field is required and takes one of the following forms: path [ host : ] port So listen="lmtp:127.0.0.1" is utterly nonsense. It would be listen="127.0.0.1:lmtp" if you want to restrict access to localhost. 2) the lmtpunix line man lmtpd -a Preauthorize connections initiated on an internet socket, instead of requiring LMTP AUTH. This should only be used for connections coming from trusted hosts. So no pre-auth on the unix socket. And why do you define a prefork of 4? Alexander ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] cyrus: socket options
Am 16.03.2018 um 13:07 schrieb hw: Hi, what are the following messages supposed to tell me and does this indicate a problem? # systemctl status cyrus-imapd [...] master[3766]: unable to setsocketopt(IP_TOS): Operation not supported master[3766]: unable to setsocketopt(IP_TOS): Operation not supported [...] That's cyrus-imapd itself failing and has nothing to do with Exim. Exim says it can not connect to the lmtp socket even when selinux doesn´t get in the way. The configuration looks like this: cyrus.conf (none of the two options work): [...] # lmtp cmd="lmtpd -a" listen="lmtp:127.0.0.1" prefork=4 lmtpunix cmd="lmtpd -a" listen="/var/lib/imap/socket/lmtp" prefork=4 [...] Providing just a snipped from the complete configuration of cyrus-imapd is insufficient. exim.conf: [...] begin transports # cyrus_ltcp: # driver = smtp # protocol = lmtp # delivery_date_add # envelope_to_add # return_path_add # hosts = localhost # allow_localhost lmtp_socket: driver = lmtp socket = /var/lib/imap/socket/lmtp delivery_date_add envelope_to_add return_path_add # ls -la /var/lib/imap/socket/lmtp srwxrwxrwx. 1 root root 0 Mar 16 12:58 /var/lib/imap/socket/lmtp I have this working on the old server (which doesn´t run Centos) and am trying to migrate it to the new one (which runs Centos 7.4). The version of cyrus and sasl are the same on both machines. So cyrus-imapd and cyrus-sasl are not the ones shipped by CentOS? What´s the problem with Centos that these things don´t just work as they usually do? It works on CentOS, I can assure you that. Alexander ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] cyrus: socket options
Hi, what are the following messages supposed to tell me and does this indicate a problem? # systemctl status cyrus-imapd [...] master[3766]: unable to setsocketopt(IP_TOS): Operation not supported master[3766]: unable to setsocketopt(IP_TOS): Operation not supported [...] Exim says it can not connect to the lmtp socket even when selinux doesn´t get in the way. The configuration looks like this: cyrus.conf (none of the two options work): [...] # lmtpcmd="lmtpd -a" listen="lmtp:127.0.0.1" prefork=4 lmtpunix cmd="lmtpd -a" listen="/var/lib/imap/socket/lmtp" prefork=4 [...] exim.conf: [...] begin transports # cyrus_ltcp: # driver = smtp # protocol = lmtp # delivery_date_add # envelope_to_add # return_path_add # hosts = localhost # allow_localhost lmtp_socket: driver = lmtp socket = /var/lib/imap/socket/lmtp delivery_date_add envelope_to_add return_path_add # ls -la /var/lib/imap/socket/lmtp srwxrwxrwx. 1 root root 0 Mar 16 12:58 /var/lib/imap/socket/lmtp I have this working on the old server (which doesn´t run Centos) and am trying to migrate it to the new one (which runs Centos 7.4). The version of cyrus and sasl are the same on both machines. What´s the problem with Centos that these things don´t just work as they usually do? ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
