Re: Attachment corruption when downloading with Thunderbird...
Citerar Raymond T. Sundland raym...@sundland.com: I use Thunderbird exclusively with Cyrus and have never had issues with attachments. Am running cyrus 2.2, but I don't see why 2.3 would suddenly break that functionality. I'm running Thunderbird with Cyrus 2.3 and so far it's worked fine. Br, Ted Bron Gondwana wrote: On Mon, Apr 20, 2009 at 06:15:12PM +, Andy Fiddaman wrote: I'm running Cyrus IMAP 2.3.13 on Solaris (about to upgrade to 2.3.14) and a number of my users who use Thunderbird have reported frequent corruption of attachments. So, has anyone else had any reports of this behaviour or any reason to believe that Thunderbird does not work well with Cyrus? I'm going to enable telemetry for one of the users who has reported this and see if I can see anything relevant in the IMAP session; any suggestions of other places to look would be appreciated. I'd love to see the telemetry. Bron ( wondering if Thunderbird is fetching the encoded size and then fetching it decoded or something?? ) Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
AW: Re: AW: Re: Message contains NUL charac ters - howto dump?
Markus Rebensburg schrieb: Klemens Puritscher schrieb: Phil Brutsche schrieb: The error message is being created by the LMTP service - NUL characters aren't valid in ASCII messages. The email in question is being generated incorrectly somewhere, somehow. thanks for your reply. I know that in the email must be a NUL character, but I cannot see this NUL character during a tcpdump. Do you know, or someone else in this list, who can I safe find this NUL character? Maybe it is a problem of lines ine the email which are longer than the standard allows. Cyrus has a fixed buffer for each line in the email. If the line is longer than this buffer lmtp inserts a terminating string character (NUL) itself. This could be the reason you cannot see the Character in the tcp stream of your mail. We have the same problem with the NUL character here produced by replies to emails with some HTML Attachments which have only one linebreak in the whole file. thanks for this hint. This possibility should I have already fixed, in my exim-config: [...] acl_check_data: deny message = Line too long regex= ^.{4000,} accept [...] (IMHO is the max. line lenght in emails 4000 characters.) Are there other possibilities for the lmtp error Message contains NUL characters? regards, Klemens Regards, Markus What you need to do is either have the MTA reject the message during the DATA portion of the SMTP transaction, or have the MTA remove the NUL characters before it passes the message on to the LMTP service. Yes, this will be the next step. Your email headers indicate you are using Postfix as your MTA, and I am not familiar enough with that to tell you how to do what is necessary. Yes, that's right for outgoing emails. The MTA for incoming emails (mx host) is exim. regards, Klemens Klemens Puritscher wrote: Hello, I have a problem with one of our customers. When he forwards an email with the thunderbird email client (windows version), the lmtp-daemon on my cyrus-imapd (v2.3.13) rejects those emails with the error 554 5.6.0 Message contains NUL characters. ...ok, that's clear, there are NUL characters in the email. But I would show my customer, where the NUL character is. For tests, I generate a testmail, with echo -e From:sen...@example.com\nTo:recipi...@example.com\nSubject: test\n\ntest\test\n.\n mail_with_NUL.txt Now I dump the lmtp-session on the cyrus-imapd host with: tcpdump -vv -XX -s 65535 -n -i eth1 port lmtp and I see the NUL character: ... 0x0230: 7065 6564 2e61 740d 0a0d 0a74 6573 7400 peed.at test. 0x0240: 7465 7374 0d0a 2e0d 0a test. ... 65 = e 73 = s 74 = t 00 = NUL ...ok, fine, I can find the NUL character. But when I dump the lmtp-session with the customer email (which get's the error 554 5.6.0 Message contains NUL characters), I cannot find this NUL character. Can someone tell me, what I did wrong? Thanks in advance. Klemens Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html -- Phil Brutsche p...@optimumdata.com Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Delivery to Shared Folders via authenticated SMTP then LMTP
Hi, I'm having problems getting delivering messages via exim to Shared Folders under cyrus. I've googled around and futzed with configuration options for an entire afternoon and not got very far so I'm wondering if anyone here can help me. First, here's a few words about my configuration. I'm running a Debian etch server with the cyrus-2.2 (2.2.13-10) packages installed. I'm using exim 4.63 as my MTA. Exim's set up to relay outgoing mail via authenticated SMTP and incoming mail for a few domains. SMTP authentication uses the same database as the cyrus IMAP server. Here's how my plaintext exim authenticator works: server_condition = ${if saslauthd{{${local_part:$2}}{$3}{smtpauth}{${domain:$2}}}{1}{0}} I'm using cyrus in virtdomains: userid mode. I'm doing delivery to cyrus over authenticated LMTP via a socket. I'm running lmtp like this: lmtpcmd=lmtpd listen=localhost:lmtp prefork=0 maxchild=20 I have lmtp_admins: exim in /etc/imapd.conf Exim is authenticating to the LMTP server with CRAM-MD5 as user exim. Delivery works for users in all domains. I have no postuser: setting in /etc/imapd.conf so I'm assuming that it's default and I can address shared folders with the +...@domain address. I have created the following shared folders in cyradm: shared.t...@ashurst.eu.org (\HasNoChildren) sha...@ashurst.eu.org (\HasChildren) ...and here are the permissions: sha...@ashurst.eu.org: anyone lrs shared.t...@ashurst.eu.org: exim lrswipcda andy...@ashurst.eu.org lrswipcda anyone lrs I can insert and delete messages in shared.test via IMAP when I'm authenticaed as andy...@ashurst.eu.org Whatever permissions I give to andy...@ashurst.eu.org I can't do insert or delete messages in shared via IMAP when I'm authenticated as andy...@ashurst.eu.org Are top level folders special? With the ACLs above, I ran a test. Sending messages to any user at any domain that I have set up, from anywhere, works fine. I connected to my SMTP server, authenticated as andy...@ashurst.eu.org and sent a message to +shared.t...@ashurst.eu.org. If the mailbox does not exist I get a message saying so. If the mailbox does exist (as configured above) then I get a different error message, so I'm pretty happy that I've got the correct eMail address for the mailbox I created... The message was accepted by exim and then immediately bounced. ... I don't do local part checking at RCPT time in submission mode. Anyway, I switched on the Cyrus session logging for the exim user and here's what I got. It includes the error message that was sent in the bounce message. - -- exim Mon Apr 20 22:57:35 2009 1240264655235 Authenticated! 1240264655MAIL FROM:andy...@ashurst.eu.org SIZE=2523 RCPT TO:+shared.t...@ashurst.eu.org DATA 1240264655250 2.1.0 ok 550-You do not have permission to post a message to this mailbox. 550-Please contact the owner of this mailbox in order to submit 550-your message, or postmaster if you believe you 550-received this message in error. 550 5.7.1 Permission denied 503 5.5.1 No recipients 1240264655QUIT 1240264655221 2.0.0 bye - The log then continues with the successful delivery of the bounce message to andy...@ashurst.eu.org The bounce message doesn't contain the 503 5.5.1 No recipients line: it stops at 550 5.7.1 Permission denied So... It looks like exim is authenticating as the exim user, which is in lmtp_admins. I also tried putting exim in admins and it didn't change anything. Is there anyway of getting more information about who was authenticated and who was authorised? Here's what I get in syslog: - verify_user(ashurst.eu.org!shared.test) failed: Permission denied - Here's the ACL that's on andy...@ashurst.eu.org's INBOX: andy...@ashurst.eu.org lrswipcda ...so exim doesn't have 'p' rights there but it can still deliver mail there. exim isn't in a domain: all the other users are. I'm not sure if that is an issue when using Cyrus in virtdomains: user_id mode, and I haven't got exim configured to connect to lmtp as a different user depending on the domain. RCPT TO: in the error looks like the correct mailbox. MAIL FROM: is a user that has 'p' permission on the mailbox. I don't see an AUTH line tho... I'm authenticating as exim who should be able to authorise as andy...@ashurst.eu.org. How can I be sure that that is happening? If it's not then as exim has 'p' rights on the mailbox it should be able to post as itself anyway. I haven't done anything special in exim as the documentation led me to believe that the authentication automatically falls through. If I give anyone 'p' rights then messages are delivered without errors. As a last ditch attempt, I just reconfigured exim to use PLAIN rather than CRAM-MD5 when authenticating to LMTP so that I could explicitly send the exim authenticated sender along to LMTP. Here's the authentication details I used: - client_send =
Re: imp webmail, cyrus imap and virus filtering
You mean mail already already in your INBOXes received before you have installed your trendmicros filter, or mail sent internally by your user ? In the last case the simple solution is to ask your user to send email directly to your trendmicro ! If this is not possible you can configure your trendmicros as a filter for your postfix ! But if you want keep your trendmicro in front for your incoming email, and have postfix in front for your local users, this is an unusual configuration, ask the postfix mailing list for information to do that ! Regards Hello Alain, I reanalyzed our actual configuration and found that the problem is more limited,because when I send a mail via imp webmail then imp passes the mail to postfix and the antivirus. The problem that remains is about drafts. When a user saves a mail as draft, then it is not sent but simply stored by cyrus. This way the mail is not scanned. The user can use the drafts as a file storage and then recall the files from another PC. Is there a solution for this case ? Thanks Andreas Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: AW: Re: AW: Re: Message contains NUL characters - howto dump?
(IMHO is the max. line lenght in emails 4000 characters.) RFC 2821 sec 4.5.3.1 says the max length is 1000 characters including the two CR LF characters. However if the MTA fixes this, Cyrus won't see it. Sendmail for example breaks long lines at 997 characters and inserts ! CR LF. Joseph Brennan Lead Email Systems Engineer Columbia University Information Technology Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Delivery to Shared Folders via authenticated SMTP then LMTP
Andy Bennett wrote: AB I'm running a Debian etch server with the cyrus-2.2 (2.2.13-10) AB packages installed. I'm using exim 4.63 as my MTA. OK. Not an untypical deployment... AB I have no postuser: setting in /etc/imapd.conf so I'm assuming AB that it's default and I can address shared folders with the AB +...@domain address. The default postuser is the empty string, hence the need for anyone ACLs you're seeing. AB I can insert and delete messages in shared.test via IMAP when I'm AB authenticaed as andy...@ashurst.eu.org AB I connected to my SMTP server, authenticated as AB andy...@ashurst.eu.org and sent a message to AB +shared.t...@ashurst.eu.org. AB The message was accepted by exim and then immediately bounced. AB MAIL FROM:andy...@ashurst.eu.org SIZE=2523 AB RCPT TO:+shared.t...@ashurst.eu.org AB 550-You do not have permission to post a message to this mailbox. AB I don't see an AUTH line tho... I'm authenticating as exim who AB should be able to authorise as andy...@ashurst.eu.org. How can I AB be sure that that is happening? You should have lines in syslog (/var/log/maillog) from lmtpd of the form cyrus/lmtp[PID]: login: MTA.HOSTNAME [MTA.IP] authzid SASL.MECH User logged in The authzid there will be the user as whom Exim authorized. But I don't think that's the problem (see below). ABclient_send = $authenticated_sender^exim^PASSWORD AB I think that should send the exim authenticated sender along AB as the authorisation and exim and PASSWORD along as the AB authentication. It should, but not in the way you want. The SASL authzid isn't what lmtpd evaluates ACLs against. To do what I think you want (ACLs for delivery to shared mailboxes by users employing SMTPA), you need Exim to pass the authenticated user from the SMTP transaction with the MUA into the _MAIL_ line of the LMTP conversation. You want Exim to say: MAIL FROM:andy...@ashurst.eu.org AUTH=andy...@ashurst.eu.org To do that you probably want to add authenticated_sender = $authenticated_id to the definition of your lmtp relay. You can check Cyrus is doing what you expect by using openssl s_client or gnutls-cli to have a manual LMTP conversation with it: - 220 your.cyrus.box LMTP Cyrus v2.3.13-Sirius-2009:2.3.13-5 ready - lhlo authtest - 250-your.cyrus.box - 250-[..] - 250-AUTH PLAIN LOGIN - auth plain base64.nonsense.or.go.back.to.cram-md5 - 235 Authenticated! - mail from:arbitr...@mail.addr AUTH=andy...@ashurst.eu.org - 250 2.1.0 ok - rcpt to:+shared.t...@ashurst.eu.org - 250 2.1.5 ok - data - 354 go ahead etc... Cheers Duncan -- Duncan Gibb - Technical Director Sirius Corporation plc - control through freedom http://www.siriusit.co.uk/ || t: +44 870 608 0063 Debian Cyrus Team https://alioth.debian.org/projects/pkg-cyrus-imapd/ Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Delivery to Shared Folders via authenticated SMTP then LMTP
Hi, Thanks for your reply. You should have lines in syslog (/var/log/maillog) from lmtpd of the form cyrus/lmtp[PID]: login: MTA.HOSTNAME [MTA.IP] authzid SASL.MECH User logged in The authzid there will be the user as whom Exim authorized. But I don't think that's the problem (see below). I do. authzid is exim. ABclient_send = $authenticated_sender^exim^PASSWORD AB I think that should send the exim authenticated sender along AB as the authorisation and exim and PASSWORD along as the AB authentication. It should, but not in the way you want. The SASL authzid isn't what lmtpd evaluates ACLs against. To do what I think you want (ACLs for delivery to shared mailboxes by users employing SMTPA), you need Exim to pass the authenticated user from the SMTP transaction with the MUA into the _MAIL_ line of the LMTP conversation. You want Exim to say: MAIL FROM:andy...@ashurst.eu.org AUTH=andy...@ashurst.eu.org Yes... I think that's what I'm looking for. A review of the logs shows that when I was passing authorisation with client_send = $authenticated_sender^exim^PASSWORD I was getting cyrus/lmtp[PID]: login: MTA.HOSTNAME [MTA.IP] $authenticated_sender PLAIN User logged in instead of the exim one above. ...but anyway. Something more sinister is wrong. I thought that messages were being delivered correctly in non shared folders scenarios because every test message I sent from external relays, such as gmail, were being received. However, the logs show things like this - 1 /var/log/exim4/rejectlog:2009-04-21 16:35:21 H=cp-dublin.purplecloud.com (mx01-dublin.purplecloud.com) [91.194.74.36] F=andy...@btopenworld.com temporarily rejected RCPT andy...@ashurst.eu.org: response to MAIL FROM: from localhost [127.0.0.1] was: 430 Authentication required - At first I thought that this was just for illegitimate mail that wasn't specifying MAIL FROM: properly; I get a lot of spam that is backscatter from bounces. However, I eventually noticed legitimate ones such as traffic to this list - 2009-04-21 15:10:27 H=mx2.andrew.cmu.edu [128.2.11.36] F=info-cyrus-bounces+andyjpb=ashurst.eu@lists.andrew.cmu.edu temporarily rejected RCPT andy...@ashurst.eu.org: response to MAIL FROM: from localhost [127.0.0.1] was: 430 Authentication require - Your reply went to the list and directly to me: the direct one came through but the one from mailman got stuck between my smtp and lmtp servers and was therefore temporarily rejected. For now, I've gone back to using lmtp in lmtp -a mode and it seems to have fixed things... Hopefully all the temporarily rejected mail will start to come through in the next few hours. However, I'm not ready to give up on getting authenticated lmtp and then shared folder delivery working. Why do different things happen when running lmtp -a compared to lmtp and logging in as an lmtp_admin? To do that you probably want to add authenticated_sender = $authenticated_id to the definition of your lmtp relay. I'll give that a go just as soon as I've fixed the normal delivery, thanks. It appeals to my common sense that the two problems are related: Do I need to pass authenticated_sender = exim to lmtp for all cases except when I have an SMTPA sender? Do I also need to grant 'p' rights to exim on users' INBOXes? I'm not really clear why it is sometimes failing and sometimes succeeding in the non shared folders case. You can check Cyrus is doing what you expect by using openssl s_client or gnutls-cli to have a manual LMTP conversation with it: - 220 your.cyrus.box LMTP Cyrus v2.3.13-Sirius-2009:2.3.13-5 ready - lhlo authtest - 250-your.cyrus.box - 250-[..] - 250-AUTH PLAIN LOGIN - auth plain base64.nonsense.or.go.back.to.cram-md5 - 235 Authenticated! - mail from:arbitr...@mail.addr AUTH=andy...@ashurst.eu.org - 250 2.1.0 ok - rcpt to:+shared.t...@ashurst.eu.org - 250 2.1.5 ok - data - 354 go ahead Yeah. I might try that... Although I told exim to avoid TLS with the LMTP server for now so that I might debug it and so I might be able to just telnet to the lmtp port. Thanks for your help. Regards, @ndy -- andy...@ashurst.eu.org http://www.ashurst.eu.org/ http://www.gonumber.com/andyjpb 0x7EBA75FF Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html