Re: LMTP AUTH with sendmail?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi! Casper schrieb: i have a murder with different servers like imap smtp, configure cyrus with murder enabled and add the things i wrote before + many other things like authentication and so on... then it work. ok, I see... I was rather looking for a solution without cyrus-murder. It seems to be possible with postfix or exim which seem to have integrated the mail delivery functionality using LMTP (using UNIX or INET socket family) directly into the MTA (can anyone confirm that?), but sendmail seems to rely on the external cyrus deliver program and I don't know how to configure this combination to use LMTP AUTH (without cyrus murder) - if it is possible at all! Has anyone been there before? - - andreas - -- Andreas Haumer | mailto:[EMAIL PROTECTED] *x Software + Systeme | http://www.xss.co.at/ Karmarschgasse 51/2/20 | Tel: +43-1-6060114-0 A-1100 Vienna, Austria | Fax: +43-1-6060114-71 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGFgc+xJmyeGcXPhERApSNAJ4tDNdkmH+hEfMwNJLVNU/ybuCd0ACfXxsq eaT0VLPZxymLb/wgNGdzJZs= =CbPX -END PGP SIGNATURE- Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: cyrus replication validation
On Thu, Apr 05, 2007 at 12:10:14PM -0400, Ilya Vishnyakov wrote: Hello Cyrus Gurus! I was wondering if there is any specific way to check if the replication was done properly? I set up cyrus replication between two servers (documentation I used: http://cyrusimap.web.cmu.edu/imapd/install-replication.html). However, before switching our production servers we would like to make sure that replication was done properly. We checked if the directories are On both servers: find imap/ -type f | awk '!/(cache|index|header)/ {print}' | sort server1.lst find imap/ -type f | awk '!/(cache|index|header)/ {print}' | sort server2.lst and diff -u server1.lst server2.lst WBR. Dmitriy Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: LMTP AUTH with sendmail?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Andrzej! Thanks for your reply! Andrzej Adam Filip schrieb: You use older MAILER(`cyrus'). Take a look at newer MAILER(`cyrusv2'). I *am* using cyrusv2 mailer already (as I wrote in my first mail) Cyrusv2 supports direct LMTP over unix socket. I don't want to use LMTP over unix domain socket (which of course works and of course gives me access control using unix file permissions) but over INET sockets (i.e. LMTP over TCP), as machines running sendmail and cyrus imapd are distinct and connected through a TCP/IP network. As I wrote, I already have LMTP over TCP running, but only with pre-authorization (lmtpd -a) and I want to configure real authentication now if possible... For AUTH over LMTP ask at news:comp.mail.sendmail Ok, I'll try that. Just makes me wonder if anybody here has ever used this setup... - - andreas - -- Andreas Haumer | mailto:[EMAIL PROTECTED] *x Software + Systeme | http://www.xss.co.at/ Karmarschgasse 51/2/20 | Tel: +43-1-6060114-0 A-1100 Vienna, Austria | Fax: +43-1-6060114-71 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGFkACxJmyeGcXPhERAtk6AJ9C85QWr1HjqQU3WCt3N+eGAy8VrwCgwewj dubcnXeOFJeY5g5Rn9jGVSo= =nocR -END PGP SIGNATURE- Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: LMTP AUTH with sendmail?
On Fri, Apr 06, 2007 at 02:41:41PM +0200, Andreas Haumer wrote: Andrzej Adam Filip schrieb: You use older MAILER(`cyrus'). Take a look at newer MAILER(`cyrusv2'). I *am* using cyrusv2 mailer already (as I wrote in my first mail) Cyrusv2 supports direct LMTP over unix socket. I don't want to use LMTP over unix domain socket (which of course works and of course gives me access control using unix file permissions) but over INET sockets (i.e. LMTP over TCP), as machines running sendmail and cyrus imapd are distinct and connected through a TCP/IP network. Here's an example of a mailer definition that does LMTP over TCP: Mlocal, P=[IPC], F=lsDFMnqSmXzwWA5@/:|, S=EnvFromL/HdrFromL, R=EnvToL/HdrToL, E=\r\n, T=DNS/RFC822/X-Unix, A=TCP [cyrus-server-host.domain] lmtp I wrote my own m4 feature to generate this definition. -- -Gary Mills--Unix Support--U of M Academic Computing and Networking- Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: cyrus replication validation
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 hmmm. it shows the equal sizes for both files. thank you. Dmitriy Kirhlarov wrote: On Thu, Apr 05, 2007 at 12:10:14PM -0400, Ilya Vishnyakov wrote: Hello Cyrus Gurus! I was wondering if there is any specific way to check if the replication was done properly? I set up cyrus replication between two servers (documentation I used: http://cyrusimap.web.cmu.edu/imapd/install-replication.html). However, before switching our production servers we would like to make sure that replication was done properly. We checked if the directories are On both servers: find imap/ -type f | awk '!/(cache|index|header)/ {print}' | sort server1.lst find imap/ -type f | awk '!/(cache|index|header)/ {print}' | sort server2.lst and diff -u server1.lst server2.lst WBR. Dmitriy Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGFlLcUZGmaUWxLn8RAl0vAJ9cjGvGj6EDp1TICoXby36tqc/yPwCgkrp+ PiSQGmVFX5NjIlKYNYBxZtM= =DY+E -END PGP SIGNATURE- Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: shared mailboxes with virtual domain setup
We use shared mailboxes with Outlook and Thunderbird, and many other clients. Outlook and T-Bird don't have ACL editors, but Cyrus returns the list of shared mailboxes a user has access to. We recomend our Webmail client for ACL editing. We don't use virtual domains, so I can't say if that would make a difference. Mike -- Michael D. Sofka Sr. Systems Programmer, Postmaster pro tem Rensselaer Polytechnic Institute ==Original message text=== On Tue, 03 Apr 2007 3:04:53 EDT Philippe Trolliet wrote: i got it all working right know. i found out that outlook and thunderbird don´t support acl´s. i´m using the horde client too and there it is possible to define acl´s. ===End of original message text=== Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Mailbox subscriptions in a murder
Hi all. We have a largish (~120,000 user / ~ 485,000 mailboxes) cyrus 2.2 install that is spread across 6 frontends and 4 backends in a murder and I just had an interesting question that I can't seem to answer. We have a number of shared mailboxes that get certain types of messages such as abuse mail and spam reports. Recently more people wish to subscribe to these mailboxes but we have run into a small problem. Most of these people do not have their inboxes on the same backend and therefore they can not subscribe to the shared mailbox using their mail client. Does anyone have a workaround for this or even encountered this problem? I tried editing the subscription file by hand since our subscription_db is set to flat but that did not work. Thanks. -- Eli Ben-Shoshan [EMAIL PROTECTED] Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Mailbox subscriptions in a murder
We do this with cyrus 2.2.12 (2 frontend, 1 master, 3 backend server) no problem. Some of the shared mailboxes are on one server, while subscribers are on another. We run the frontend servers in proxy mode only. Mike -- Michael D. Sofka Sr. Systems Programmer, Postmaster pro tem Rensselaer Polytechnic Institute ==Original message text=== On Fri, 06 Apr 2007 13:55:12 EDT Eli Ben-Shoshan wrote: Hi all. We have a largish (~120,000 user / ~ 485,000 mailboxes) cyrus 2.2 install that is spread across 6 frontends and 4 backends in a murder and I just had an interesting question that I can't seem to answer. We have a number of shared mailboxes that get certain types of messages such as abuse mail and spam reports. Recently more people wish to subscribe to these mailboxes but we have run into a small problem. Most of these people do not have their inboxes on the same backend and therefore they can not subscribe to the shared mailbox using their mail client. Does anyone have a workaround for this or even encountered this problem? I tried editing the subscription file by hand since our subscription_db is set to flat but that did not work. Thanks. -- Eli Ben-Shoshan [EMAIL PROTECTED] Cyrus Home Page: http://cyrusimap.web.cmu.edu/Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twikiList Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html ===End of original message text=== Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Can list mailboxes through impad. limtpd cannot
FORMER 03 | Baltasar Cevc wrote: Hi Stephen, On 05.04.2007, at 15:01, Stephen Forster wrote: I am running cyrus imap 2.2 ( Debian etch package ) and have been trying to configure it to accept connections through lmtpd tcp/ip. I can connect though imapd using telnet, or imtest or cyradm using the admin user listed in /etc/imapd.conf. In each case, the admin user is authenticated, and can list the mailboxes. I'd use lmtpd -a in cyrus.conf to test whether it's an authentication problem. You surely shouldn't leave that setting (preauth connection), but for debugging, it may be useful. Hi Baltasar, Thanks for your reply. I feel as though I have tried everything ( but obviously have missed something ) In any case, I tried lmtpd -a and tested the connections again. Below is the output from lmtptest, cyradm and the imtest to the imapd port. Still no joy via lmtp. # From the lmtptest interaction mail from:[EMAIL PROTECTED] 250 2.1.0 ok rcpt to:[EMAIL PROTECTED] 550-Mailbox unknown. Either there is no mailbox associated with this 550-name or you do not have authorization to see it. 550 5.1.1 User unknown # The output from /var/log/mail.log showing unsuccesful listing of mailbox via lmtp: Apr 6 19:47:47 malthus cyrus/lmtp[4281]: accepted connection Apr 6 19:47:47 malthus cyrus/lmtp[4281]: connection from malthus.kidik.net [81.187.233.169] preauth'd as postman Apr 6 19:53:08 malthus cyrus/lmtp[4281]: verify_user(monkey.kidik.net!user.sforster) failed: Mailbox does not exist ... # cyradm output showing the existence of the '[EMAIL PROTECTED]' mailbox and the open permissions. [EMAIL PROTECTED]:/etc$ cyradm --user cyrus localhost Password: localhost lm user.sforster (\HasNoChildren) [EMAIL PROTECTED] (\HasNoChildren) [EMAIL PROTECTED] (\HasNoChildren) localhost lam usage: listaclmailbox mailbox localhost lam [EMAIL PROTECTED] all lrswipcda anyone lrswipcda localhost # Finally, I list the interaction with imapd using imtest. The '[EMAIL PROTECTED]' mailbox is listed no problem. [EMAIL PROTECTED]:/etc$ imtest -acyrus -u cyrus -m login malthus.kidik.net S: * OK kidik.net Cyrus IMAP4 v2.2.13-Debian-2.2.13-10 server ready C: C01 CAPABILITY S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE AUTH=DIGEST-MD5 AUTH=CRAM-MD5 SASL-IR S: C01 OK Completed Please enter your password: C: L01 LOGIN cyrus {6} S: + go ahead C: omitted S: L01 OK User logged in Authenticated. Security strength factor: 0 C: select [EMAIL PROTECTED] * FLAGS (\Answered \Flagged \Draft \Deleted \Seen) * OK [PERMANENTFLAGS (\Answered \Flagged \Draft \Deleted \Seen \*)] * 0 EXISTS * 0 RECENT * OK [UIDVALIDITY 1173562958] * OK [UIDNEXT 1] C: OK [READ-WRITE] Completed ... Any advice or suggestions gratefully received. Stephen Forster -- Baltasar Cevc _ FORMER 03 GmbH _ infanteriestraße 19 haus 6 eg _ D-80797 muenchen _ http://www.former03.de Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Mailbox subscriptions in a murder
Michael Sofka wrote: We do this with cyrus 2.2.12 (2 frontend, 1 master, 3 backend server) no problem. Some of the shared mailboxes are on one server, while subscribers are on another. We run the frontend servers in proxy mode only. Can you elaborate on proxy mode only mode? Here are the pertinent parts of my cyrus.conf on the frontends: SERVICES { mupdate cmd=mupdate listen=2004 prefork=1 imap cmd=proxyd listen=imap prefork=0 maxchild=4096 imaps cmd=proxyd -s listen=imaps prefork=0 maxchild=4096 pop3 cmd=pop3proxyd listen=pop3 prefork=0 maxchild=1024 pop3s cmd=pop3proxyd -s listen=pop3s prefork=0 maxchild=1024 sieve cmd=timsieved listen=sieve prefork=0 lmtp cmd=lmtpproxyd listen=lmtp prefork=0 maxchild=64 smmapdcmd=smmapd listen=2020 prefork=50 } Thanks. -- Eli Ben-Shoshan [EMAIL PROTECTED] Mike -- Michael D. Sofka Sr. Systems Programmer, Postmaster pro tem Rensselaer Polytechnic Institute ==Original message text=== On Fri, 06 Apr 2007 13:55:12 EDT Eli Ben-Shoshan wrote: Hi all. We have a largish (~120,000 user / ~ 485,000 mailboxes) cyrus 2.2 install that is spread across 6 frontends and 4 backends in a murder and I just had an interesting question that I can't seem to answer. We have a number of shared mailboxes that get certain types of messages such as abuse mail and spam reports. Recently more people wish to subscribe to these mailboxes but we have run into a small problem. Most of these people do not have their inboxes on the same backend and therefore they can not subscribe to the shared mailbox using their mail client. Does anyone have a workaround for this or even encountered this problem? I tried editing the subscription file by hand since our subscription_db is set to flat but that did not work. Thanks. Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: cyrus replication validation
Quoting Dmitriy Kirhlarov ([EMAIL PROTECTED]): On Thu, Apr 05, 2007 at 12:10:14PM -0400, Ilya Vishnyakov wrote: Hello Cyrus Gurus! I was wondering if there is any specific way to check if the replication was done properly? I set up cyrus replication between two servers (documentation I used: http://cyrusimap.web.cmu.edu/imapd/install-replication.html). However, before switching our production servers we would like to make sure that replication was done properly. We checked if the directories are On both servers: find imap/ -type f | awk '!/(cache|index|header)/ {print}' | sort server1.lst find imap/ -type f | awk '!/(cache|index|header)/ {print}' | sort server2.lst and diff -u server1.lst server2.lst Quick mailboxes.db check. ctl_mboxlist -d | md5 on server1 ctl_mboxlist -d | md5 on server2 Both hashes should be identical. Or diff the ctl_mboxlist -d outputs. You should check the subscriptions on the replica too. I don't know of a simple way for you to verify the subscriptions other than software that fetches and compares each each users subscriptions. Subscription replication is the only replication problem I am seeing these days and I haven't had time to look into it. Well, that's not completely true. I have seen some cases where the bits controlling the POP3 UIDL format will differ on the replicas. If all mailboxes were created fairly recently, for some value of recent, or you have no POP3 users, you should not have a problem. I have mailboxes that were originally created with early 1.X and lots of POP3 users. The UIDL format has changed over the years and we have yet another UIDL format that attempts to get around the Outlook problem. The jury is still out on that. The UIDL format difference are only a problem if mail is left on server. John Capo Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Murder / frontend does not connect to backend
Le jeudi 05 avril 2007 à 10:22 -0700, Andrew Morgan a écrit : On Thu, 5 Apr 2007, [EMAIL PROTECTED] wrote: Thanks Here's the frontend config. FYI, users are authenticated against a LDAP server with saslauthd and cyrus, proxy_murder and murder are defined locally on each machine in a sasldb2 database. FRONTEND CONFIG (proxy1) --- admins: cyrus postfix murder lmtp_admins: postman postfix murder mupdate_admins: murder proxyservers: proxy_murder mupdate_server: mupdate.rescom.mi mupdate_port: 3905 mupdate_username: murder mupdate_authname: murder mupdate_password: password mupdate_retry_delay: 10 infra1_password:password imapback_password:password proxy_authname:murder proxy_password:password ---/END FRONTEND --- BACKEND CONFIG (imapback) - servername:imapback.rescom.mi admins: cyrus proxy_murder murder mupdate_admins: murder proxy_murder proxyservers: proxy_murder mupdate_server: mupdate.rescom.mi mupdate_port: 3905 mupdate_username: murder mupdate_authname: murder mupdate_password: password /END BACKEND - MUPDATE (mupdate)-- admins: cyrus murder mupdate_admins: murder /END MUPDATE I chopped out the non-murder config options from above to make it simpler to see. On your frontend you have proxy_authname:murder (so the frontend will connect to the backend as user murder). On the backend you have proxyservers: proxy_murder (so only user proxy_murder is allowed to proxy for other users). I'm pretty sure you should set proxyservers: murder on the backend, or change to proxy_authname: proxy_murder on the frontend (sync those two usernames up). Andy I made the modifications but there is still no network communication between frontend and backend servers. I was just wandering if someone succeeded in a murder setup with Debian Etch and cyrus2.2 packages or if I need to give a try on the 2.3 release ? Thanks and Joyeuses Paques Arnaud Brugnon Opensquad.com Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Murder / frontend does not connect to backend
On Sat, 7 Apr 2007, Arnaud Brugnon wrote: I made the modifications but there is still no network communication between frontend and backend servers. I was just wandering if someone succeeded in a murder setup with Debian Etch and cyrus2.2 packages or if I need to give a try on the 2.3 release ? I use v2.2.13 on Debian, but it is compiled from source. I'm not using the Debian packages. Andy Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: cyrus replication validation
On 06 Apr 2007, at 17:52, John Capo wrote: Quick mailboxes.db check. ctl_mboxlist -d | md5 on server1 ctl_mboxlist -d | md5 on server2 Both hashes should be identical. Or diff the ctl_mboxlist -d outputs. The provided Cyrus tool make_md5 is for validating replication. It would, for instance, have found the recently discussed bug in sync_server that caused random files to be overwritten in the event that sync_server reused a stale staging file. It would probably be cool if there were documentation somewhere that advised people on how to run it and how to use it to validate replication. :wes Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: cyrus replication validation
The provided Cyrus tool make_md5 is for validating replication. It would, for instance, have found the recently discussed bug in sync_server that caused random files to be overwritten in the event that sync_server reused a stale staging file. It would probably be cool if there were documentation somewhere that advised people on how to run it and how to use it to validate replication. We have a patch that helps with this as well see MD5 UUIDs here: http://cyrus.brong.fastmail.fm/ Basically it does two things: 1. You can make the UUIDs of all messages the first 11 bytes of the MD5 of the message 2. You can fetch a computed MD5 of any message on disk via IMAP Using the second, you can do complete validation via IMAP, just iterate through all folders and all messages, get the computed MD5 and compare on both sides. The UUID bit is just designed to help replication when messages are moved between folders, rather than having to resend the entire message on a move, it can just link them from one folder to the other at the replication end. Rob Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html