Re: setup problem - mail doesn't seem to move?

[Carl Brewer]

I wrote:

 Stuff about my config.

Further to this, user acl checks from cyradm show :

localhost lam user/carl
carl lrswipcda
localhost lam user/carl/Trash
carl lrswipcda
Which is the same as I have seen on a (working properly!)
setup on a RedHat 7.3 server. so I don't *think* the problem
is the acl's?






---
Home Page: http://asg.web.cmu.edu/cyrus
Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Problems with createonpost

[Kevin Moschallski]

Hi i installed my Cyrus-IMAPD 2.2.3 with the patches from   
http://email.uoa.gr/projects/cyrus/autocreate/
when i try to send a mail to a user that does not have a mailbox i get
the following error:

Mar 16 12:41:08 mail master[29564]: about to exec /usr/lib/cyrus/lmtpd
Mar 16 12:41:08 mail lmtpunix[29564]: executed
Mar 16 12:41:08 mail lmtpunix[29564]: accepted connection
Mar 16 12:41:08 mail lmtpunix[29564]: lmtp connection preauth'd as
postman
Mar 16 12:41:08 mail lmtpunix[29564]: autocreateinbox: User
[EMAIL PROTECTED], INBOX failed. Permission denied
Mar 16 12:41:08 mail lmtpunix[29564]: append_check() of
'[EMAIL PROTECTED]' failed (Permission denied)
Mar 16 12:41:08 mail lmtpunix[29564]: accepted connection
Mar 16 12:41:08 mail lmtpunix[29564]: lmtp connection preauth'd as
postman

Does anybody knows why there is no permission or something else?

Thanks for help in advance.

Greets Kevin

-- 
+--+
|Kevin Moschallski |
|Stockacker 48 |
|79252 Stegen  |
|[EMAIL PROTECTED] |
+--+

---
Home Page: http://asg.web.cmu.edu/cyrus
Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Re: Remote User's SMTP relay authorization

[Andrew J Caird]

Quoting John Gibson [EMAIL PROTECTED]:

 Roaming ( my def.) : Users who access the internet from multiple IP 
 addresses most of which are dynamically allocated (therefore unknown in 
 advance).
 
 We do not want to support  permanent email storage at this time.  We 
 just want people to be able to retrieve their mail and provide SMTP 
 sending capability.  We want the IMAP/POP mail server to not require our 
 linux host to have system logins for any of the mail users.  We want a 
 scalable solution which can be flexible when our requirements change. 
  We would prefer to allow users to select their own mail client (or at 
 least provide a list of ones that will work with our setup).
 
 The SMTP sending capability seems to be the biggest issue.
 
 Any suggestions would be much appreciated.

There are two popular ways of doing this.  The first, and preferred by most, is
SMTP AUTH - I believe that support of relaying for roaming, authorized users is
one of the reasons SMTP AUTH exists.  This, however, isn't a Cyrus question,
but an MTA question, and is better researched where ever you find information
about your MTA of choice.  The second is POP-before-SMTP, which is, in general,
a bad hack, but might be worth investigating.  Essentially, there is a third
process (not the POP3d or SMTPd) that looks at the POP logs and tells the SMTPd
that it can allow sending from IP addresses that had recent successful POP
sessions.  This involves a tight integration between your POP server (one of
many) and your SMTP server (again, one of many).  Because of the large number
of possible combinations, this is generally not well supported, but Googling
for pop before send my MTA name my POP server name might turn up
something for you.

Hope this helps, good luck (and, imo, you should use SMTP AUTH+TLS, with SASL
passwords).
--
Andrew Caird
---
Home Page: http://asg.web.cmu.edu/cyrus
Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Re: Problems with createonpost

[Kevin Moschallski]

Sure:

imapd.conf

# $Header:
/home/cvsroot/gentoo-x86/net-mail/cyrus-imapd/files/imapd_2.conf,v 1.1
2002/10/11 14:51:49 raker Exp $
#
# Don't forget to use chattr +S (if you are using ext[23]) 
# when you change these directories (read the docs).
configdirectory:/var/imap
partition-default:  /var/spool/imap
sievedir:   /var/imap/sieve

tls_ca_file:/etc/cyrusimapd/server.pem
tls_cert_file:  /etc/cyrusimapd/server.pem
tls_key_file:   /etc/cyrusimapd/server.pem

# Don't use an everyday user as admin.
admins: cyrus [EMAIL PROTECTED]

hashimapspool:  yes
allowanonymouslogin:no
allowplaintext: yes

# Use this if sieve-scripts could be in ~user/.sieve.
#sieveusehomedir:   yes

# Use saslauthd if you want to use pam for imap.
# But be warned: login with DIGEST-MD5 or CRAM-MD5 
# is not possible using pam.
sasl_mech_list: PLAIN
sasl_pwcheck_method: auxprop
sasl_auxprop_plugin: sql
sasl_password_format: crypt
sasl_sql_user: X
sasl_sql_passwd: X
sasl_sql_hostnames: X
sasl_sql_database: X
sasl_sql_select: SELECT password FROM users WHERE username = '%u' AND
domainname = '%r' AND status = '1'

unixhierarchysep: yes
altnamespace: yes

#virtdomains: yes
#defaultdomain: 3digit.de

postuser: cyrus
defaultacl: anyone p
createonpost: yes
autocreateinboxfolders: Sent | Drafts | Trash | spam | virus
autosubscribeinboxfolders: Sent | Drafts | Trash | spam | virus
autocreatequota: 15000
quotawarn: 90

loginrealms: * moschallski.net 3digit.de pimmelklabauter.de twiceaday.de
erber-lehmbau.de silber-und-mehr.de blumenbindekurse.de

P.S.:maybe somebody knows how too handle with the realm i read somewhere
that loginrealms: * would make the deal but i must add any of the
domains a handle mails for or i get a cross-realm login denied error.


Am Di, den 16.03.2004 schrieb Aristotelis um 14:44:
 On Tue, 16 Mar 2004, Kevin Moschallski wrote:
 
 
   Hello, 
 
 
  Hi i installed my Cyrus-IMAPD 2.2.3 with the patches from   
  http://email.uoa.gr/projects/cyrus/autocreate/
  Does anybody knows why there is no permission or something else?
 
   COuld you please post the configuration file of your setup??
 
 Regards,
   Aristotelis
-- 
+--+
|Kevin Moschallski |
|Stockacker 48 |
|79252 Stegen  |
|[EMAIL PROTECTED] |
+--+

---
Home Page: http://asg.web.cmu.edu/cyrus
Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Re: Remote User's SMTP relay authorization

[Rob Siemborski]

On Mon, 15 Mar 2004, Kendrick Vargas wrote:

 It wouldn't surprise me if some in the know net admins would block this
 too simply cuz it's in an RFC. Therefore, I still like my port better :-)
 Besides, something like 2525 will be easier to remember than 587.

Unlike port 25, port 587 isn't useful for spammers (MTAs are not widely
configured to recieve mail from arbitrary external sources on port 587
-- only from either authenticated sources or atleast senders from that
domain)... So there'd really be no need.

-Rob

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456
Research Systems Programmer * /usr/contributed Gatekeeper

---
Home Page: http://asg.web.cmu.edu/cyrus
Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Re: pop3d proxy

[Rob Siemborski]

On Tue, 16 Mar 2004, Rob Siemborski wrote:

 What is the pop3proxy process doing during all of this?

 Getting the actual times the syscalls take would be helpful too. (-T to
 strace)

[snip]
I don't see how I could strace the pop3proxy. I would
be glad to do so if you have any suggestions.

Sorry, just saw this question...

Configure a process to prefork, then attach strace to the preforked
process, then connect.

-Rob

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456
Research Systems Programmer * /usr/contributed Gatekeeper

---
Home Page: http://asg.web.cmu.edu/cyrus
Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Re: pop3d proxy

[Rob Siemborski]

What is the pop3proxy process doing during all of this?

Getting the actual times the syscalls take would be helpful too. (-T to
strace)

On Mon, 15 Mar 2004, Michael J Farina wrote:

 Ok that worked well. Thanks. It seems to be hanging on a socket read. It
 looks up the address from /etc/host then wait for the connections to start.
 then it flies really fast. here is a blurb.


 read(3, # Begin /etc/hosts (network card..., 4096) = 231
 close(3)= 0
 munmap(0x40365000, 4096)= 0
 socket(PF_INET, SOCK_STREAM, IPPROTO_TCP) = 3
 connect(3, {sa_family=AF_INET, sin_port=htons(110),
 sin_addr=inet_addr(63.xxx.xxx.29)}, 16) = 0
 getpeername(3, {sa_family=AF_INET, sin_port=htons(110),
 sin_addr=inet_addr(63.xxx.xxx.29)}, [16]) = 0
 getsockname(3, {sa_family=AF_INET, sin_port=htons(32775),
 sin_addr=inet_addr(63.xxx.xxx.6)}, [16]) = 0
 brk(0x8066000)  = 0x8066000
 uname({sys=Linux, node=poptester, ...})  = 0
 brk(0x8068000)  = 0x8068000
 read(3,

 Kind of sits right there for a while then it takes off like a run away train
 for a few then stops at that point again.




 - Original Message -
 From: Ken Murchison [EMAIL PROTECTED]
 To: Michael J Farina [EMAIL PROTECTED]
 Cc: [EMAIL PROTECTED]
 Sent: Monday, March 15, 2004 4:08 PM
 Subject: Re: pop3d proxy


  Michael J Farina wrote:
 
   I have the backend server's hostname in /etc/hosts that should make the
   lookup fast and pop3test doesn't seem to take a password on the command
 line
   for rapid fire logins.
 
  -w passwd
 
   I don't see how I could strace the pop3proxy. I would
   be glad to do so if you have any suggestions.
 
 
 
   - Original Message -
   From: Ken Murchison [EMAIL PROTECTED]
   To: Michael J Farina [EMAIL PROTECTED]
   Cc: [EMAIL PROTECTED]
   Sent: Monday, March 15, 2004 3:20 PM
   Subject: Re: pop3d proxy
  
  
  
  Michael J Farina wrote:
  
  
  I am still chasing this pop3 problem. I have now tried PLAIN+TLS for
  
   proxy
  
  authentication. I see the same issue of pop3 proxy being slow. With
 more
  investigation I see that I can open alot of connections on the frontend
  server but they don't see to get passed to the backend. I have tried
  starting master with a -l 1024 and in my cyrus.conf I have preforked 50
  pop3d and maxchild=-1. Nothing seems to make the connection counts
  
   greater.
  
  Could I be hitting some max connection per IP limit that I can't see
  
   when I
  
  connect directly to the backend?
  
  I still think this is network related.  Is it possible that DNS is slow?
Can you strace/truss the process to see what it is doing?  What
  happens if you use pop3test against the proxy, specifying the number of
  logins with the -n option.
  
  
  
  - Original Message -
  From: Michael J Farina [EMAIL PROTECTED]
  To: Ken Murchison [EMAIL PROTECTED]
  Cc: [EMAIL PROTECTED]
  Sent: Friday, March 12, 2004 1:13 PM
  Subject: Re: pop3d proxy
  
  
  
  
  It seems that the delay is in the connection. I have played with the
  
  backlog
  
  
  queue, the max child, and prefork settings without being able to make
 it
  
  any
  
  
  faster. I am logging in a doing a list command. The mailboxes are all
  
  empty
  
  
  so I am not thinking that once the connection is authed it is slow. It
  
   is
  
  just getting the frontend to open enough connections to the backend. I
  
  can't
  
  
  seem to nail down what the problem is. If I connect the stress test to
  
   the
  
  backend it is very fast less than a second a connection. If I can
  
   provide
  
  anymore info let me know. I am looking to have over 150,000 boxes they
  
   are
  
  all pop now but I want to offer IMAP.
  
  --Mike
  
  
  - Original Message -
  From: Ken Murchison [EMAIL PROTECTED]
  To: Michael J Farina [EMAIL PROTECTED]
  Cc: [EMAIL PROTECTED]
  Sent: Friday, March 12, 2004 9:54 AM
  Subject: Re: pop3d proxy
  
  
  
  
  Michael J Farina wrote:
  
  
  
  Ken,
  
 Is there a way to do PLAIN from the frontends to the backends?
 The
  servers I am testing are on a isolated network no network traffic
  
  other
  
  
  than
  
  
  the mail servers. Any help would be appreciated.
 sasl_maximum_layer:0
  
  didn't
  
  
  seem to change the pop3 proxy timing. The server are also dual 1.4s
  
  with
  
  
  2
  
  
  gigs of ram if that helps at all.
  
  You can do PLAIN, but the frontends will also need to use TLS, since
  PLAIN won't be advertised by the backends unless a security layer is
 in
  place.
  
  Are you saying that there is a delay for every command, or for every
  login?  Is your stress test only doing one command per login?
  
  
  
  
  - Original Message -
  From: Ken Murchison [EMAIL PROTECTED]
  To: Michael J Farina [EMAIL PROTECTED]
  Cc: [EMAIL PROTECTED]
  Sent: Thursday, March 11, 2004 4:58 PM
  Subject: Re: pop3d proxy
  
  
  
  
  
  Michael J Farina wrote:
  
  
  
  
  

denying plaintext

[Tarjei Huse]

Hi,

I'm trying to make sure my users only use secure passwords when logging
into my server. Therefore I've used to set:

allowplainwithouttls:no
and
sasl_minimum_layer:128
sasl_mech_list: digest-MD5 CRAM-MD5

However, when I checked my logs, I saw stuff like:
Date hostename imapd[123]: login: hostname[ip] username plaintext

From a place that clearly should not have this happening. 

So I have now added:
allowplaintext: no

as well.

My question is: Is this enough? And, why isn't setting the
sasl_minimum_layer enough to make sure I got encrypted passwords?

Tarjei

-- 
Tarjei Huse
Rådgiver
Bergfald  Co AS
Telefon: 23 00 05 90
Mobiltelefon: 920 63 413
www.bergfald.no

---
Home Page: http://asg.web.cmu.edu/cyrus
Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Low Cost Term Life Insurance

[Alicia . Mcclain]

Welcome to Americas newest
insurance referral network.
We offer term-life coverage at up to 70% off.
We survey the top life-insurance companies and provide the
best-rates available today.
 Smokers may qualify for special rates.

  Get Your Quote Today
  
  If you do not wish to receive these offers in the future,
  un-list yourself
  
  
Confirmation#H91

Re: pop3d proxy

[Rob Siemborski]

On Tue, 16 Mar 2004, Michael J Farina wrote:

 I followed you suggestions and it seems to be hanging when it reads
 /dev/random. If I remove /dev/random it is very fast. I have recreated
 /dev/random and I get the same stutter and slow proxy pops. Without random
 it is very quick. If I can provide anymore info let me know.

Two options -- link /dev/urandom to /dev/random (poor).  Or recompile SASL
with --with-devrandom=/dev/urandom

-Rob


-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456
Research Systems Programmer * /usr/contributed Gatekeeper

---
Home Page: http://asg.web.cmu.edu/cyrus
Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Re: pop3d proxy

[Rob Siemborski]

On Tue, 16 Mar 2004, Michael J Farina wrote:

 That worked like a champ. Thanks


I've added this to the FAQ (sort of surprised it wasn't there already, but
whatever).

-Rob

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456
Research Systems Programmer * /usr/contributed Gatekeeper

---
Home Page: http://asg.web.cmu.edu/cyrus
Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Re: pop3d proxy

[Michael J Farina]

Rob,

That worked like a champ. Thanks

-Mike

- Original Message - 
From: Rob Siemborski [EMAIL PROTECTED]
To: Michael J Farina [EMAIL PROTECTED]
Cc: Ken Murchison [EMAIL PROTECTED]; [EMAIL PROTECTED]
Sent: Tuesday, March 16, 2004 12:41 PM
Subject: Re: pop3d proxy


 On Tue, 16 Mar 2004, Michael J Farina wrote:

  I followed you suggestions and it seems to be hanging when it reads
  /dev/random. If I remove /dev/random it is very fast. I have recreated
  /dev/random and I get the same stutter and slow proxy pops. Without
random
  it is very quick. If I can provide anymore info let me know.

 Two options -- link /dev/urandom to /dev/random (poor).  Or recompile SASL
 with --with-devrandom=/dev/urandom

 -Rob


 -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
 Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456
 Research Systems Programmer * /usr/contributed Gatekeeper

 ---
 Home Page: http://asg.web.cmu.edu/cyrus
 Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
 List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

seen database destroyed - how to recover?

[Prentice Bisbal]

My seen database got corrupted, so I deleted it, based on what I'd read 
on other posts. In the past this worked (I'm only testing a prototype 
system). Today, I did that, and now I can't see ANY of the messages in 
my INBOX, or several other mail folders. I know the messages are still 
in /var/spool/imap.

Why can't I see them at all? Is there any way to fix this?

I've also been getting ominous errors in my log files related to this:

Mar 16 14:37:18 pdb-mail-1 imaps[14699]: login: bobblehead.rutgers.edu 
[128.6.70
.62] prentice plain+TLS User logged in
Mar 16 14:37:18 pdb-mail-1 imaps[14699]: DBERROR: skiplist recovery: 
0090 should
 be ADD or DELETE
Mar 16 14:37:18 pdb-mail-1 imaps[14699]: DBERROR: opening 
/var/lib/imap/user/p/p
rentice.seen: cyrusdb error
Mar 16 14:37:18 pdb-mail-1 imaps[14699]: Could not open seen state for 
prentice
(System I/O error)
Mar 16 14:37:18 pdb-mail-1 imaps[14699]: open: user prentice opened 
INBOX.Sent
Mar 16 14:38:14 pdb-mail-1 imaps[14693]: DBERROR: skiplist recovery: 
0090 should
 be ADD or DELETE
Mar 16 14:38:14 pdb-mail-1 imaps[14693]: DBERROR: opening 
/var/lib/imap/user/p/p
rentice.seen: cyrusdb error
Mar 16 14:38:14 pdb-mail-1 imaps[14693]: Could not open seen state for 
prentice
(System I/O error)
Mar 16 14:38:14 pdb-mail-1 imaps[14693]: open: user prentice opened 
INBOX.deposi
t
Mar 16 14:38:15 pdb-mail-1 imaps[14693]: DBERROR: skiplist recovery: 
0090 should
 be ADD or DELETE
Mar 16 14:38:15 pdb-mail-1 imaps[14693]: DBERROR: opening 
/var/lib/imap/user/p/p
rentice.seen: cyrusdb error
Mar 16 14:38:15 pdb-mail-1 imaps[14693]: Could not open seen state for 
prentice
(System I/O error)
Mar 16 14:38:15 pdb-mail-1 imaps[14693]: open: user prentice opened INBOX.HP

--
Prentice Bisbal
Computer System Administrator
Protein Data Bank
Rutgers University
---
Home Page: http://asg.web.cmu.edu/cyrus
Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Re: Cyrus IMAPd, SASL, GSSAPI, Proxy Authorization

[Rob Siemborski]

On Tue, 16 Mar 2004 [EMAIL PROTECTED] wrote:

 Thanks for the help - I thought proxyservers meant something to do
 with murder ...

 That said, is any finer control available? I don't want to authorize
 jablko to all other users, just admin.

Yes, look at the loginuseacl imapd.conf option.  If enabled, if a user-a
has the 'a' right on user-b's inbox, user-a can authorize as user-b.

-Rob

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456
Research Systems Programmer * /usr/contributed Gatekeeper

---
Home Page: http://asg.web.cmu.edu/cyrus
Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

cyrus stopped working -- corrupted files ?

[Tracy Bost]

Our cyrus server(2.1.15) has been running like a 
charm for about 5 months now on RedHat Enterprise 3 ..
We are also using web-cyradm /postfix(2.0.16) with 
it if it matters.

This morning we had an episode where the pop3 
clients couldn't connect to the server. IMAP was working still fine. Noticed 
that port 110 wasn't open,and re-started cyrus server. Then pop3 and imap quit 
working.Nothing worked. Below is snippet of the cyrus errors logs. I 
noticed in the archive that someone was told to delete all the files under 
/var/imap/db to eliminate errors that were similiar to mine.
I did that and lo and behold everything is 
working again. 

My question is what exactly would cause this 
problem or why would the files under db become corrupt ? 
We naturally want to try and prevent this from 
happening in the future.

Thanks !

Mar 16 08:26:06 AFMAIL1 ctl_cyrusdb[6976]: DBERROR db4: PANIC: 
DB_RUNRECOVERY: Fatal error, run database recovery
Mar 16 09:04:30 AFMAIL1 ctl_cyrusdb[3660]: DBERROR: dbenv-open 
'/var/imap/db' failed: DB_RUNRECOVERY: Fatal error, run database recoveryMar 
16 09:04:30 AFMAIL1 ctl_cyrusdb[3660]: DBERROR: init /var/imap/db: cyrusdb 
errorMar 16 09:04:30 AFMAIL1 ctl_deliver[3659]: DBERROR db4: fatal region 
error detected; run recovery

Re: cyrus stopped working -- corrupted files ?

[Fred W. Bacon]

On Tue, 2004-03-16 at 13:09, Tracy Bost wrote:

 My question is what exactly would cause this problem or why would the
 files under db become corrupt ? 
 We naturally want to try and prevent this from happening in the
 future.
  
 Thanks !
  
 Mar 16 08:26:06 AFMAIL1 ctl_cyrusdb[6976]: DBERROR db4: PANIC:
 DB_RUNRECOVERY: Fatal error, run database recovery
 Mar 16 09:04:30 AFMAIL1 ctl_cyrusdb[3660]: DBERROR: dbenv-open
 '/var/imap/db' failed: DB_RUNRECOVERY: Fatal error, run database
 recovery
 Mar 16 09:04:30 AFMAIL1 ctl_cyrusdb[3660]: DBERROR: init /var/imap/db:
 cyrusdb error
 Mar 16 09:04:30 AFMAIL1 ctl_deliver[3659]: DBERROR db4: fatal region
 error detected; run recovery

I've been seeing this lately myself.  In our case, it appears to happen
anytime we shut the system down, such as rebooting after installing a
new kernel package.  We're running cyrus 2.1.16 on Fedora Core 1.  In my
case, I discovered that I could shutdown the cyrus-imapd service, run
ctl_cyrusdb, run cvt_cyrusdb_all and then restart cyrus-imapd service to
solve the problem.  But it's a pain.  This doesn't happen every time we
restart the system.

I should add that this is on an ext3 file system...which may or may not
be important.

-- 
Fred W. Bacon [EMAIL PROTECTED]
Aerodyne Research, Inc.

---
Home Page: http://asg.web.cmu.edu/cyrus
Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

MySQL authentication options

[Etienne Goyer]

Hi,

I had been doing some research about authenticating user against a MySQL
database, and from what I can see the only option is via PAM through
saslauthd.  Is this correct, or there are other way to do it ?

Thanks !

-- 
Etienne GoyerLinux Québec Technologies Inc.
http://www.LinuxQuebec.com   [EMAIL PROTECTED]
---
Home Page: http://asg.web.cmu.edu/cyrus
Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Re: Clear text password and MySQL

[Joe Rhett]

On Wed, Feb 04, 2004 at 11:41:06AM -0800, Eric S. Pulley wrote:
 In this scenario you are still passing the SALT in clear text to the db 
 but IMO this is much better than having your users logging in with 
 plaintext passwords over an open network.  Especially if your DB is on 
 the same host as cyrus-imap since you can contain it to a socket and not 
 use a network at all for the DB lookups.
 
So what is the gain here, really?  I may be wrong, but I suspect that
you've confused yourself on what you are protecting.  If you aren't using
TLS, then the password is going over the network in cleartext anyway.

If imapd is on a different host than the db, then the encrypted password
is going with the salt... so effectively cleartext.

-- 
Joe Rhett  Chief Geek
[EMAIL PROTECTED]  Isite Services, Inc.
---
Home Page: http://asg.web.cmu.edu/cyrus
Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Re: MySQL authentication options

[Joe Rhett]

 I had been doing some research about authenticating user against a MySQL
 database, and from what I can see the only option is via PAM through
 saslauthd.  Is this correct, or there are other way to do it ?
 
Nope -- you can compile SASL with direct mysql support and skip PAM
entirely.  We use it that way.

-- 
Joe Rhett  Chief Geek
[EMAIL PROTECTED]  Isite Services, Inc.
---
Home Page: http://asg.web.cmu.edu/cyrus
Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Re: Clear text password and MySQL

[Eric S. Pulley]

--On Tuesday, March 16, 2004 2:13 PM -0800 Joe Rhett [EMAIL PROTECTED] 
wrote:

On Wed, Feb 04, 2004 at 11:41:06AM -0800, Eric S. Pulley wrote:
In this scenario you are still passing the SALT in clear text to the db
but IMO this is much better than having your users logging in with
plaintext passwords over an open network.  Especially if your DB is on
the same host as cyrus-imap since you can contain it to a socket and not
use a network at all for the DB lookups.
So what is the gain here, really?  I may be wrong, but I suspect that
you've confused yourself on what you are protecting.  If you aren't using
TLS, then the password is going over the network in cleartext anyway.
If imapd is on a different host than the db, then the encrypted password
is going with the salt... so effectively cleartext.
Yes, you are correct.  However, the SQL query is going over a switched 
network segment you have control over not the Internet at large.  Or even 
better a socket on a black box.  If your config requires you to pass the 
SQL query over an insecure subnet then you should, of course, SSL encode 
the DB connection.  This allows you to use cram or digest at the mail 
client leaving the admin to deal with the security of the backend, not some 
confused user setting up their account.  Plus it still allows the admin 
access to the cleartext password in the DB.

But it all comes down to were you want to take your risks.  I'm not saying 
you shouldn't use TLS/SSL where ever you can in addition to any other 
security you have in place.  This solution is specifically to allow cram 
and digest connection to the imap server from the Internet while still 
having a cleartext password in the SQL table.  I would not recommend it if 
you do not have this requirement.

---
Home Page: http://asg.web.cmu.edu/cyrus
Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Re: Remote User's SMTP relay authorization

[Henrique de Moraes Holschuh]

On Tue, 16 Mar 2004, Andrew J Caird wrote:
 a bad hack, but might be worth investigating.  Essentially, there is a third
 process (not the POP3d or SMTPd) that looks at the POP logs and tells the SMTPd

Nothing that ugly. See the DRAC patch in cyrus contrib/. It is even applied
by default by some vendors (I certainly do this for Debian's package of
cyrus 2.1).

-- 
  One disk to rule them all, One disk to find them. One disk to bring
  them all and in the darkness grind them. In the Land of Redmond
  where the shadows lie. -- The Silicon Valley Tarot
  Henrique Holschuh
---
Home Page: http://asg.web.cmu.edu/cyrus
Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

(Postfix/Cyrus)+SpamAssassin ?

[Ian Beyer]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Has anyone implemented this successfully? If so,how? Everything I've
found from Google uses the old cyrdeliver methods.
- -IMB
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.1 (MingW32)
iD8DBQFAV5CgRGycTB/It0gRAp2nAKCSXjpA6J7Z6nQp6oCQ7IKVf2AinwCeKYUY
i26lmL+gAdc8a4hPBik50xI=
=pwdz
-END PGP SIGNATURE-
---
Home Page: http://asg.web.cmu.edu/cyrus
Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Re: (Postfix/Cyrus)+SpamAssassin ?

[Wil Cooley]

On Tue, 2004-03-16 at 15:41, Ian Beyer wrote:

 Has anyone implemented this successfully? If so,how? Everything I've
 found from Google uses the old cyrdeliver methods.

Postfix main.cf:

mailbox_transport = lmtp:unix:/var/lib/imap/socket/lmtp

For SpamAssassin, I use amavisd-new
(http://www.ijs.si/software/amavisd/).  It doesn't give you all of the
per-user config you can have using SA w/in procmail or other pipeline,
but it's pretty fast and works pretty well.  If you need all the
per-user settings possible with SA, then you do have to use 'deliver'.  

Again in main.cf:

content_filter = smtp-amavis:[127.0.0.1]:10024

And master.cf:
smtp-amavis unix -  -   y -   6  smtp
-o smtp_data_done_timeout=1200
-o disable_dns_lookups=yes
 
127.0.0.1:10025 inet n  -   y -   -  smtpd
-o content_filter=
-o local_recipient_maps=
-o myhostname=localhost.nakedape.priv
-o smtpd_helo_restrictions=
-o smtpd_client_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8

These settings are explained in detail in the amavisd-new docs.

Wil
-- 
Wil Cooley [EMAIL PROTECTED]
Naked Ape Consultinghttp://nakedape.cc
* * * * Linux, UNIX, Networking and Security Solutions * * * *
* Naked Ape Consulting   http://nakedape.cc  *
* Contract Sys Admin   http://nakedape.cc/r/csa  *


signature.asc
Description: This is a digitally signed message part

Re: (Postfix/Cyrus)+SpamAssassin ?

[Scott Russell]

On Tue, 2004-03-16 at 19:13, Wil Cooley wrote:

 For SpamAssassin, I use amavisd-new
 (http://www.ijs.si/software/amavisd/).  It doesn't give you all of the
 per-user config you can have using SA w/in procmail or other pipeline,
 but it's pretty fast and works pretty well.  If you need all the
 per-user settings possible with SA, then you do have to use 'deliver'.  

I was pretty sure I read somewhere on the amavisd mailing list that you
would get it to work with per user settings out of MySQL. Maybe it was
just a fantasy of mine :)

-- 
Scott Russell [EMAIL PROTECTED]
Linux Technology Center System Admin


---
Home Page: http://asg.web.cmu.edu/cyrus
Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Re: pop3d proxy

[Ken Murchison]

Rob Siemborski wrote:

On Tue, 16 Mar 2004, Michael J Farina wrote:


   I followed you suggestions and it seems to be hanging when it reads
/dev/random. If I remove /dev/random it is very fast. I have recreated
/dev/random and I get the same stutter and slow proxy pops. Without random
it is very quick. If I can provide anymore info let me know.


Two options -- link /dev/urandom to /dev/random (poor).  Or recompile SASL
with --with-devrandom=/dev/urandom
Another option is to set allowapop: 0

If pop3d (or pop3proxyd) is slow in providing the banner, its because 
its trying to generate a challenge for APOP.  Disabling APOP should 
solve this.

--
Kenneth Murchison Oceana Matrix Ltd.
Software Engineer 21 Princeton Place
716-662-8973 x26  Orchard Park, NY 14127
--PGP Public Key--http://www.oceana.com/~ken/ksm.pgp
---
Home Page: http://asg.web.cmu.edu/cyrus
Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Re: (Postfix/Cyrus)+SpamAssassin ?

[Wil Cooley]

On Tue, 2004-03-16 at 17:12, Scott Russell wrote:

 I was pretty sure I read somewhere on the amavisd mailing list that you
 would get it to work with per user settings out of MySQL. Maybe it was
 just a fantasy of mine :)

You are correct, however, the granularity of control is much coarser
with amavisd-new.  Basically you can control tag, tag2 and kill levels
per-user/domain/sub-domain.  Using SA through procmail each user can
control nearly every aspect.  Of course, you also cannot use site-wide
Bayesian filtering with the procmail approach.

Wil
-- 
Wil Cooley [EMAIL PROTECTED]
Naked Ape Consultinghttp://nakedape.cc
* * * * * *  Linux Consulting in Portland, Oregon * * * * * *   
*   Naked Ape Consultinghttp://nakedape.cc  *


signature.asc
Description: This is a digitally signed message part

Re: cyrus stopped working -- corrupted files ?

[Tracy Bost]

Exactly. Now that you mention it, its happening everytime I stop the cyrus
server. After deleting the files
under /var/imap  it will work again.

 I discovered that I could shutdown the cyrus-imapd service, run
  ctl_cyrusdb, run cvt_cyrusdb_all and then restart cyrus-imapd service to
  solve the problem.  But it's a pain.  This doesn't happen every time we
  restart the system.

What exactly are the commands you run for this to get it to work this way ?
I tried ctl_cyrusdb -r and am so lost on the cvt_cyrusdb, i was afraid to
get too adventrous with it.


- Original Message - 
From: Tracy Bost [EMAIL PROTECTED]
To: Tracy Bost [EMAIL PROTECTED]
Sent: Tuesday, March 16, 2004 8:47 PM
Subject: Fw: cyrus stopped working -- corrupted files ?



 - Original Message - 
 From: Fred W. Bacon [EMAIL PROTECTED]
 To: [EMAIL PROTECTED]
 Sent: Tuesday, March 16, 2004 6:42 PM
 Subject: Re: cyrus stopped working -- corrupted files ?


  On Tue, 2004-03-16 at 13:09, Tracy Bost wrote:
 
   My question is what exactly would cause this problem or why would the
   files under db become corrupt ?
   We naturally want to try and prevent this from happening in the
   future.
  
   Thanks !
  
   Mar 16 08:26:06 AFMAIL1 ctl_cyrusdb[6976]: DBERROR db4: PANIC:
   DB_RUNRECOVERY: Fatal error, run database recovery
   Mar 16 09:04:30 AFMAIL1 ctl_cyrusdb[3660]: DBERROR: dbenv-open
   '/var/imap/db' failed: DB_RUNRECOVERY: Fatal error, run database
   recovery
   Mar 16 09:04:30 AFMAIL1 ctl_cyrusdb[3660]: DBERROR: init /var/imap/db:
   cyrusdb error
   Mar 16 09:04:30 AFMAIL1 ctl_deliver[3659]: DBERROR db4: fatal region
   error detected; run recovery
 
  I've been seeing this lately myself.  In our case, it appears to happen
  anytime we shut the system down, such as rebooting after installing a
  new kernel package.  We're running cyrus 2.1.16 on Fedora Core 1.  In my
  case, I discovered that I could shutdown the cyrus-imapd service, run
  ctl_cyrusdb, run cvt_cyrusdb_all and then restart cyrus-imapd service to
  solve the problem.  But it's a pain.  This doesn't happen every time we
  restart the system.
 
  I should add that this is on an ext3 file system...which may or may not
  be important.
 
  -- 
  Fred W. Bacon [EMAIL PROTECTED]
  Aerodyne Research, Inc.
 
  ---
  Home Page: http://asg.web.cmu.edu/cyrus
  Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
  List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
 



---
Home Page: http://asg.web.cmu.edu/cyrus
Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html