Re: NFS Cyrus (urgent!)
On Wednesday, December 12, 2001 01:10:35 PM -0500 Alex Pilosov [EMAIL PROTECTED] wrote: +-- | I think both of these are linux-only at the moment. | | Probably nothing exists for solaris. Irix has cxfs (cluster-xfs) which | does this. [...] +-X8 CXFS is available for Solaris but it isn't cheap. /Michael -- This space intentionally left non-blank.
Re: Webmail for Cyrus Imap ?
Robert Scussel schrieb am Wed, Dec 12, 2001 at 09:51:21PM -0500: * Thanks, first of all for the help getting cyrus working with * saslauthd-pam... * * I have been trying for days now to get the latest IMP(3.0) with the * latest Horde(2.0) to work with cyrus. The problem now is that imp tries * to use the protocol imap to logon, which then tries to logon via * * CRAM-MD5, sasldb2, and even kerberos * * It doesn't appear to try pam/plain/saslauthd login. Most webmailers I saw (e.g. aeromail, twig) did a CAPABILITY upon connect and tried to do the most secure authentication first. So if your server lists CRAM-MD5 in its capability list, the webmailer will try that before trying PLAIN. We debugged this down to the code of imap-2001 which is the library that is mostly used by PHP for IMAP issues. So if you set up a PHP webmailer, you can't help this behaviour because its hardcoded into the lib. We finally did a very nasty workaround: As we use LDAP-via-PAM as authen- tication backend, we do not need the sasldb - and when completely removing /etc/sasldb, Cyrus IMAP stops sending CRAM-MD5 in its capability list. - Birger
lmtpd with fatal memleak ?
while doing a stresstest on our mailserver we had a big problem after the first 100mails (sent in 2 seconds) due to the fact that one of two running lmtpd-processes consumed 1GB of memory, which was to much for our system and resulted in neverending swapping until I killed all related mail-processes. I couldnt reproduce the problem and on further tests there was no similar problem. (oh yes, we had other problems - I'm not happy with our emailserver - it cannot deal with more than 3mails per second in average for one hour or so. While this is not a realistic number and we dont have a problem with our 100 mails per hour I expected it to handle a bigger load.) Nevertheless I'm worried if this happens again - even on less load. lmtpd is invoked via cyrus-master-process when deliver is called from our procmailscript. thnx, peter -- mag. peter pilsl phone: +43 676 3574035 fax : +43 676 3546512 email: [EMAIL PROTECTED] sms : [EMAIL PROTECTED] pgp-key available
Group ACLs
Hello. Does anybody obtain proper group ACLs in Cyrus IMAP? I ask succeeders to contact me, if possible. Now I see absolutely no difference between name acl and group:name acl contexts. Means, if I am a member of group name in either /etc/group and|or PAM pam_group.so database, this ACL is just ignored. If I explicitly login to IMAP as group:name (using dumb pam_permit.so), then everything is OK: I am granted the desired rights. It seems to be hardly possible to manage big userlists at individual level, without effective groups. Qestions about it are present in info-cyrus... but answers are missing. Alexey
bandwidth???
Hi there all! The question of bandwith on a leased line:- What is the rule of thumb for an IMAP session in kilobytes/second? Or the same question backwards:- If I have a 512kb/s line, how many *concurrent* sessions could be run? 50? 250? The same line will be used for the MTA (Postfix) Craig Skinner. -- Get your free email from www.linuxmail.org Powered by Outblaze
deliver fails on nonunix lmtp-socket
I try to replace the unix-lmtpd-socket with a 'real' socket, cause I want use lmtpd for other applications too. however, if I do so, deliver wont work anymore: # cat /tmp/m | /usr/cyrus/bin/deliver -a cyrus peter couldn't connect to lmtpd: Invalid argument 421 4.3.0 deliver: couldn't connect to lmtpd # cat /tmp/m | /usr/cyrus/bin/deliver -l -a cyrus peter connect failed: Connection refused 421 4.3.0 deliver: connect failed and imapd.log reveals in both cases: Dec 13 14:29:50 server deliver[24093]: connect(/data/imap/config/socket/lmtp) failed: Connection refused but my cyrus.conf: # at least one LMTP is required for delivery lmtp cmd=lmtpd listen=lmtp prefork=1 # lmtpunix cmd=lmtpd listen=/data/imap/config/socket/lmtp prefork=0 lmtpd is listening on 2003 and - yes - I've killed all questionable processes. dont know why deliver still tries to access the unix-socket. cyrus.conf should be the only place where this socket is defined ... !!?? thnx, peter -- mag. peter pilsl phone: +43 676 3574035 fax : +43 676 3546512 email: [EMAIL PROTECTED] sms : [EMAIL PROTECTED] pgp-key available
Re: deliver fails on nonunix lmtp-socket
The problem is that deliver *only* works with unix lmtpd sockets. So, how we dealt with the issue in our environment is run with both lines in the cyrus.conf file, allowing either TCP connections or unix socket connections. Then we configured sendmail to use the TCP connection when delivering the mail to LMTP. If some external application needs to use deliver for any reason, then that will work too, since deliver will use the unix socket. It is too bad that deliver doesn't read the cyrus.conf file to determine what sockets are available and to use what it finds (giving preference to the TCP socket if they are both turned on). Scott --On Thursday, December 13, 2001 2:40 PM +0100 Peter Pilsl [EMAIL PROTECTED] wrote: I try to replace the unix-lmtpd-socket with a 'real' socket, cause I want use lmtpd for other applications too. however, if I do so, deliver wont work anymore: # cat /tmp/m | /usr/cyrus/bin/deliver -a cyrus peter couldn't connect to lmtpd: Invalid argument 421 4.3.0 deliver: couldn't connect to lmtpd # cat /tmp/m | /usr/cyrus/bin/deliver -l -a cyrus peter connect failed: Connection refused 421 4.3.0 deliver: connect failed and imapd.log reveals in both cases: Dec 13 14:29:50 server deliver[24093]: connect(/data/imap/config/socket/lmtp) failed: Connection refused but my cyrus.conf: # at least one LMTP is required for delivery lmtp cmd=lmtpd listen=lmtp prefork=1 # lmtpunix cmd=lmtpd listen=/data/imap/config/socket/lmtp # prefork=0 lmtpd is listening on 2003 and - yes - I've killed all questionable processes. dont know why deliver still tries to access the unix-socket. cyrus.conf should be the only place where this socket is defined ... !!?? thnx, peter -- +-=-=-=-=-=-=-=-=-=+=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=+=-=-=-=-=-=-=-=-+ Scott W. Adkinshttp://www.cns.ohiou.edu/~sadkins/ UNIX Systems Engineer mailto:[EMAIL PROTECTED] ICQ 7626282 Work (740)593-9478 Fax (740)593-1944 +-=-=-=-=-=-=-=-=-=+=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=+=-=-=-=-=-=-=-=-+ CNS, HDL Center, Suite 301, Ohio University, Athens, OH 45701-2979
Re: Can't deliver - can't find mailboxes
At 09:52 PM 12/12/01 -0600, you wrote: This is probably an MTA problem. Cyrus does not require anything in /etc/password except possibly for authntication (and you can use LDAP, etc for that instead.)Have you tried calling deliver directly like: /usr/cyrus/bin/deliver jwade /tmp/testmessage well, no, Exim is finding the mailboxes just fine (as tested exim -bv). I'm testing by logging in as myself and using /usr/cyrus/bin/deliver-wrapper user.sjsldap which is the test message. deliver to user.sjsobol works. deliver to user.sjsldap gives me the message that the mailbox does not exist - but it's in /var/spool/imap/user and cyradm can find it. Now, this is weird. deliver-wrapper doesn't work, but deliver apparently does?! (running as Cyrus for deliver, running as sjsobol for deliver-wrapper) Ok. Exim delivers to local imap mailboxes using procmail. I'll change the global procmailrc to use deliver instead of deliver-wrapper and see if that works. But why wouldn't deliver-wrapper work?
Re: lmtpd with fatal memleak ?
We can't help you unless you tell us what version you're running, what operating system, etc. Larry Date: Thu, 13 Dec 2001 13:05:20 +0100 From: Peter Pilsl [EMAIL PROTECTED] while doing a stresstest on our mailserver we had a big problem after the first 100mails (sent in 2 seconds) due to the fact that one of two running lmtpd-processes consumed 1GB of memory, which was to much for our system and resulted in neverending swapping until I killed all related mail-processes. I couldnt reproduce the problem and on further tests there was no similar problem. (oh yes, we had other problems - I'm not happy with our emailserver - it cannot deal with more than 3mails per second in average for one hour or so. While this is not a realistic number and we dont have a problem with our 100 mails per hour I expected it to handle a bigger load.) Nevertheless I'm worried if this happens again - even on less load. lmtpd is invoked via cyrus-master-process when deliver is called from our procmailscript. thnx, peter -- mag. peter pilsl phone: +43 676 3574035 fax : +43 676 3546512 email: [EMAIL PROTECTED] sms : [EMAIL PROTECTED] pgp-key available
Sieve redirect to your own address discards the mail
We are running Cyrus IMAP4 v2.1.0pre, from a CVS of a month or so ago. Some users have sieve scripts that have two `redirect' commands, one specifying another e-mail address, and one specifying their own e-mail address. Their intention is to forward a copy of the mail and also deliver a copy to their INBOX. However, the second copy disappears. Apparently, Cyrus sieve re-mails both copies, but when the copy addressed to the original address is re-delivered, the duplicate supression mechanism discards it. I realize that users should specify `keep' instead of `redirect', but most people assume that redirecting mail to your own address will work, rather than discarding the mail. Could sieve be changed to treat this case as a `keep', bypassing the re-mailing? That sounds like the best solution to me. -- -Gary Mills--Unix Support--U of M Academic Computing and Networking-
Re: Webmail for Cyrus Imap ?
A trick with SASL if you don't use the /etc/sasldb stuff is to compile with --with-dblib=none and it will remove the sasl secrets database code entirely.. We only use Kerberos so we didn't need any of the /etc/sasldb stuff either. [EMAIL PROTECTED] wrote: Robert Scussel schrieb am Wed, Dec 12, 2001 at 09:51:21PM -0500: * Thanks, first of all for the help getting cyrus working with * saslauthd-pam... * * I have been trying for days now to get the latest IMP(3.0) with the * latest Horde(2.0) to work with cyrus. The problem now is that imp tries * to use the protocol imap to logon, which then tries to logon via * * CRAM-MD5, sasldb2, and even kerberos * * It doesn't appear to try pam/plain/saslauthd login. Most webmailers I saw (e.g. aeromail, twig) did a CAPABILITY upon connect and tried to do the most secure authentication first. So if your server lists CRAM-MD5 in its capability list, the webmailer will try that before trying PLAIN. We debugged this down to the code of imap-2001 which is the library that is mostly used by PHP for IMAP issues. So if you set up a PHP webmailer, you can't help this behaviour because its hardcoded into the lib. We finally did a very nasty workaround: As we use LDAP-via-PAM as authen- tication backend, we do not need the sasldb - and when completely removing /etc/sasldb, Cyrus IMAP stops sending CRAM-MD5 in its capability list. - Birger
Re: Can't deliver - can't find mailboxes
At 10:38 AM 12/13/01 -0500, you wrote: At 09:52 PM 12/12/01 -0600, you wrote: This is probably an MTA problem. Cyrus does not require anything in /etc/password except possibly for authntication (and you can use LDAP, etc for that instead.)Have you tried calling deliver directly like: /usr/cyrus/bin/deliver jwade /tmp/testmessage well, no, Exim is finding the mailboxes just fine (as tested exim -bv). I'm testing by logging in as myself and using /usr/cyrus/bin/deliver-wrapper user.sjsldap which is the test message. Let me clarify. /usr/cyrus/bin/deliver sjsldap works /usr/cyrus/bin/deliver-wrapper user.sjsldap does not. My procmailrc uses deliver-wrapper to deliver mail to IMAP folders in my account, and I use my procmailrc as a model for customers with shell accounts that want to use procmail to sort their mail into folders on the Cyrus server. I really need /usr/cyrus/bin/deliver-wrapper user.{LDAP user} to work.
RE: Webmail for Cyrus Imap ?
I LOVE YOU ALL!!! I've been working on this problem with IMP/MD5/php 4 for 3 days now to no avail. Sure enough I removed sasldb and boom! It worked. BTW, does anyone know how to get cyradm to use pam to authenticate an admin (when I try to tell it to use pam, it wont let me in). The only way Ive been able to use cyradm was to saslpasswd the administrator user and then auth off of sasl for that user (but obviously I cant do that anymore If I want IMP to work ). Thanks, Lee -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, December 13, 2001 1:59 AM To: Robert Scussel Cc: [EMAIL PROTECTED] Subject: Re: Webmail for Cyrus Imap ? Robert Scussel schrieb am Wed, Dec 12, 2001 at 09:51:21PM -0500: * Thanks, first of all for the help getting cyrus working with * saslauthd-pam... * * I have been trying for days now to get the latest IMP(3.0) with the * latest Horde(2.0) to work with cyrus. The problem now is that imp tries * to use the protocol imap to logon, which then tries to logon via * * CRAM-MD5, sasldb2, and even kerberos * * It doesn't appear to try pam/plain/saslauthd login. Most webmailers I saw (e.g. aeromail, twig) did a CAPABILITY upon connect and tried to do the most secure authentication first. So if your server lists CRAM-MD5 in its capability list, the webmailer will try that before trying PLAIN. We debugged this down to the code of imap-2001 which is the library that is mostly used by PHP for IMAP issues. So if you set up a PHP webmailer, you can't help this behaviour because its hardcoded into the lib. We finally did a very nasty workaround: As we use LDAP-via-PAM as authen- tication backend, we do not need the sasldb - and when completely removing /etc/sasldb, Cyrus IMAP stops sending CRAM-MD5 in its capability list. - Birger
Re: lmtpd with fatal memleak ?
Starting with the 2.1.0 release (any any builds via CVS), please supply the following information when reporting a problem with Cyrus: 1. Output of the cyradm(1) 'version' command. If you are having problems with Perl, then connect to the server with imtest(1) and use the command: a ID NIL This info will show us the timestamp of the source code, the server platform, as well as most (if not all) of the compile-time options. 2. Contents of imapd.conf. This will show us the run-time configuration. 3. Contents of cyrus.conf. This will show us how your services are configured. Peter Pilsl wrote: while doing a stresstest on our mailserver we had a big problem after the first 100mails (sent in 2 seconds) due to the fact that one of two running lmtpd-processes consumed 1GB of memory, which was to much for our system and resulted in neverending swapping until I killed all related mail-processes. I couldnt reproduce the problem and on further tests there was no similar problem. (oh yes, we had other problems - I'm not happy with our emailserver - it cannot deal with more than 3mails per second in average for one hour or so. While this is not a realistic number and we dont have a problem with our 100 mails per hour I expected it to handle a bigger load.) Nevertheless I'm worried if this happens again - even on less load. lmtpd is invoked via cyrus-master-process when deliver is called from our procmailscript. thnx, peter -- mag. peter pilsl phone: +43 676 3574035 fax : +43 676 3546512 email: [EMAIL PROTECTED] sms : [EMAIL PROTECTED] pgp-key available -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: Sieve redirect to your own address discards the mail
[EMAIL PROTECTED] wrote: We are running Cyrus IMAP4 v2.1.0pre, from a CVS of a month or so ago. Some users have sieve scripts that have two `redirect' commands, one specifying another e-mail address, and one specifying their own e-mail address. Their intention is to forward a copy of the mail and also deliver a copy to their INBOX. However, the second copy disappears. Apparently, Cyrus sieve re-mails both copies, but when the copy addressed to the original address is re-delivered, the duplicate supression mechanism discards it. I realize that users should specify `keep' instead of `redirect', but most people assume that redirecting mail to your own address will work, rather than discarding the mail. Could sieve be changed to treat this case as a `keep', bypassing the re-mailing? That sounds like the best solution to me. How would we determine that they are redirecting to themselves? You'd end up getting into the 'vacation' problem of knowing all of the user's addresses and aliases. I think the users should be educated as to what is happening and on how to use Sieve correctly. Isn't this kind of like walking to the post office to send a letter to yourself, instead of just dropping it on your desk in the first place :^) Even if duplicate suppression was turned off, there is no need for the email to pass back through your MTA and lmtpd again. In fact, you'd get into an endless loop. My $.02 Ken -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
Re: NFS Cyrus (urgent!)
Veritas also has a Clustered Filesystem that will scale to eight nodes. Greg On Wed, Dec 12, 2001 at 11:41:56AM -0500, Larry M. Rosenbaum wrote: These appear to be LINUX products. Are they? Is anything available for Solaris? Are these known to work with Cyrus?
RESOLVED Re: Can't deliver - can't find mailboxes
At 11:08 AM 12/13/01 -0500, you wrote: My procmailrc uses deliver-wrapper to deliver mail to IMAP folders in my account, and I use my procmailrc as a model for customers with shell accounts that want to use procmail to sort their mail into folders on the Cyrus server. I really need /usr/cyrus/bin/deliver-wrapper user.{LDAP user} to work. Ok, the reason that user 'sjsobol' could not use deliver-wrapper on the LDAP mailboxes is simple: The ACL on those mailboxes did not allow user sjsobol to post to them. Setting post access for sjsobol fixed the problem, and I confirmed that it was an ACL issue because I also got the mailbox does not exist message when I tried to use deliver-wrapper to post a message to the mailbox of a non-LDAP user. (The mailbox exists but I am not authorized to post to it, according to the ACL.) I would respectfully suggest to the Cyrus team that in such a case, permission denied is a vastly more accurate and useful error message than mailbox does not exist. I wasted a decent amount of time trying to figure out why I was being told the mailbox wasn't there, when I knew for sure that it was. Thanks to those who offered help.
Re: Sieve redirect to your own address discards the mail
On Thu, Dec 13, 2001 at 11:21:14AM -0500, Ken Murchison wrote: [EMAIL PROTECTED] wrote: We are running Cyrus IMAP4 v2.1.0pre, from a CVS of a month or so ago. Some users have sieve scripts that have two `redirect' commands, one specifying another e-mail address, and one specifying their own e-mail address. Their intention is to forward a copy of the mail and also deliver a copy to their INBOX. However, the second copy disappears. Apparently, Cyrus sieve re-mails both copies, but when the copy addressed to the original address is re-delivered, the duplicate supression mechanism discards it. How would we determine that they are redirecting to themselves? You'd end up getting into the 'vacation' problem of knowing all of the user's addresses and aliases. Well, if the redirect address is the same as the envelope recipient, sieve could take a shortcut and just perform a `keep' operation. I realize that this would not prevent all mail loops, but it covers the most common case. Sendmail with .forward files handles this case correctly. I think the users should be educated as to what is happening and on how to use Sieve correctly. Isn't this kind of like walking to the post office to send a letter to yourself, instead of just dropping it on your desk in the first place :^) According to the sieve documentation, sieve takes great pains not to lose mail, for example, with the implicit keep. Redirecting mail to your own address is a trap for the user, and it may be some time before she even realizes that mail is being lost. Sieve should not be allowing this to happen. Even if duplicate suppression was turned off, there is no need for the email to pass back through your MTA and lmtpd again. In fact, you'd get into an endless loop. Yes, this situation should be avoided at all costs. -- -Gary Mills--Unix Support--U of M Academic Computing and Networking-
Re: Sieve redirect to your own address discards the mail
Gary Mills wrote: On Thu, Dec 13, 2001 at 11:21:14AM -0500, Ken Murchison wrote: [EMAIL PROTECTED] wrote: We are running Cyrus IMAP4 v2.1.0pre, from a CVS of a month or so ago. Some users have sieve scripts that have two `redirect' commands, one specifying another e-mail address, and one specifying their own e-mail address. Their intention is to forward a copy of the mail and also deliver a copy to their INBOX. However, the second copy disappears. Apparently, Cyrus sieve re-mails both copies, but when the copy addressed to the original address is re-delivered, the duplicate supression mechanism discards it. How would we determine that they are redirecting to themselves? You'd end up getting into the 'vacation' problem of knowing all of the user's addresses and aliases. Well, if the redirect address is the same as the envelope recipient, sieve could take a shortcut and just perform a `keep' operation. I realize that this would not prevent all mail loops, but it covers the most common case. Sendmail with .forward files handles this case correctly. Hmm... Well, this won't as-is for the same reason that people need to specify :addresses for vacation. The envelope recipient when retrieved by sieve is unqualified (ie, no domain) and the redirect address is (as is required by the Sieve parser). The vacation draft says that implementations SHOULD know what a users actual email address is, but cmu-sieve doesn't have any way of determining this. Perhaps we should provide a hook for external address lookups based on the envelope recipient. The default behavior could be to simply append the domain. I think the users should be educated as to what is happening and on how to use Sieve correctly. Isn't this kind of like walking to the post office to send a letter to yourself, instead of just dropping it on your desk in the first place :^) According to the sieve documentation, sieve takes great pains not to lose mail, for example, with the implicit keep. Redirecting mail to your own address is a trap for the user, and it may be some time before she even realizes that mail is being lost. Sieve should not be allowing this to happen. Hmm. Sieve provides the implicit keep so that if a user forgets to implement a rule for a particular case (ie, a message passes through the entire ruleset without any disposition) that it will be kept. In the case that you mentioned, ANY redirect action that is successfully sent to the MTA cancels the implicit keep. I agree that it should not be so easy for a user to lose mail, but I'm not sure what the best way to avoid this is. Obviously, redirecting a message to oneself is silly when it can just be kept. Also there is only so much we can to do to protect users from themselves . Ken -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
2.1.0Beta performance questions
hi, Does anyone know what kind of effects have new ways of storing deliver imformation on the overall performance of the server? What is it in comparison to the 2.0.16? thank you in advance. Helmut __ Do You Yahoo!? Check out Yahoo! Shopping and Yahoo! Auctions for all of your unique holiday gifts! Buy at http://shopping.yahoo.com or bid at http://auctions.yahoo.com
Sieve and Razor
-BEGIN PGP SIGNED MESSAGE- Are there any patches and/or suggestions on how to integrate Razor with Sieve? Razor is a collaborative anti-spam tool that uses a hash of spam mail (as submitted by other people or spam traps) to identify incoming spam. All the razor examples show hooks into procmail... Basically, you pipe the full message into razor and it returns a 0 or a 1 depending on whether the message is spam or not. - -- - -rupa -BEGIN PGP SIGNATURE- Version: 2.6.3ia Charset: noconv Comment: Processed by Mailcrypt 3.5.6, an Emacs/PGP interface iQEVAwUBPBmbOHHDM4ucEopdAQHVPAf/XUJo1YI5YG/g2+4s8xno1lmyZZuKKret GkB9/G/VXCJrxBQVGdK+VRBwDh4txM5TuJoNEEcrNtcia/pm9GWdi6JhoIYx0mAM qlSJvdlZqee7oLChSRN641PkNG90X3gzhbaJm5hQLRl4XeALb3PIoSfBjngeSYzi 3uiOM94AjSw2hZY/tjKwq+B/AhViryCuyqzJ52aoUy1UPxCFBdr6yl/7DlStsWqv hIF9DRgQEFUxwElRpGyhwEWoYG6k1YE8NcuZIy73tUUc3lekHiox+tBAYnQ5by+I 8CHyq2tKovFrX5iaips2FjwBihKdCe1Iahdm+X9gDq03bFiOtRjRQg== =bo10 -END PGP SIGNATURE-