Re: Postfix quota integration
Omni Flux wrote: I've been using a postfix policy daemon to integrate with the current smmapd to perform quota checks. It has a few shortcomings: it does not support virtual domains as is, but I think that would be a minor modification, and IIRC, postfix does not pass the final username to the policy daemon if alias expansion occurs, however, for my uses, this catches nearly all cases of over quota mail. [...] # Most recent version is available at http://www.omniflux.com/devel/ Attached patch to Omni's script introduces the ability for the policy daemon to look up aliases from the file /etc/postfix/quota_aliases. The alias appears on the left, with the email address to look up on the right. First match wins. Eg: [EMAIL PROTECTED] [EMAIL PROTECTED] @alias.example.com [EMAIL PROTECTED] @alias.example.org @alias.example.com Comments are not currently recognised. It's my first attempt at perl, so please be gentle! :-) Ben --- Desktop/cyrquota-pf_policy.pl 2007-06-11 04:23:24.389169827 +0100 +++ cyrquota-pf_policy.pl 2007-06-11 04:22:54.035764203 +0100 @@ -5,6 +5,9 @@ # Author: Omni Flux # Most recent version is available at http://www.omniflux.com/devel/ # +# Edited by Benjamin Donnachie [EMAIL PROTECTED] to add +# initial support for aliases. +# # Policy Daemon code based on postfix-policyd-spf by Meng Weng Wong # available at http://www.openspf.org/ @@ -155,9 +158,11 @@ my $action = $default_response; - if (lc(rhs ($attr{'recipient'})) eq lc($mydomain)) + my $recipient = checkaliases($attr{'recipient'}); + + if (lc(rhs ($recipient)) eq lc($mydomain)) { - print $sock netstring_encode (0 . lhs ($attr{'recipient'})); + print $sock netstring_encode (0 . lhs ($recipient)); my $result = netstring_read ($sock); if (!$result) { syslog (warning = query error); @@ -179,7 +184,7 @@ } else { - syslog (debug = Skipping external domain: %s, rhs ($attr{'recipient'})) if $verbose; + syslog (debug = Skipping external domain: %s, rhs ($recipient)) if $verbose; } print STDOUT action=$action\n\n; @@ -213,3 +218,38 @@ } return $string; } + +sub checkaliases { + +my $key = ; +my $value = ; + +open(FILE, /etc/postfix/quota_aliases); + +while (FILE) { +chomp; +my ($key, $value) = split (/\s+/, $_); + +if ($key eq $_[0]) { +close(FILE); +return $value; +} +elsif ($key =~ /[EMAIL PROTECTED]/) { +if (($key =~ /\@(.*)/) eq ($_[0] =~ /.*\@(.*)/)) { +if ($value =~ /[EMAIL PROTECTED]/) { +close (FILE); +return lhs($_[0]).$value; +} +else { +close (FILE); +return $value; +} +} +} + +} + +close (FILE); +return $_[0]; + +} Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: problem with virtualdomain
JOYDEEP wrote: but the problem is it can't create the mail box automatically. I have providewd the cyrus admin calledcyrus and password to the email admin so that during creation of a new user it also creates an imap account for that user too. Does it work for virtdomains: userid ? What is the exact problem? Post the relevant part of your logs. but that auto-imap creation is not working here. I have to manually do cm user/[EMAIL PROTECTED] every time. Alternatively, try the UoA autocreate patch - http://email.uoa.gr/projects/cyrus/autocreate/ You don't specify which version you're using or how you installed it. However, if you've used a binary install this patch may have already been included - try enabling some of the config options and testing. Ben Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: howto auto create user mailbox ?
JOYDEEP wrote: But I like such an arrangement where user mail box can be created automatically when user successfully log into cyrus. I think I answered that in my email timed 11:23 yesterday. Ben Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: problem with virtualdomain
JOYDEEP wrote: 1 now if I change virtdomains: userid to virtdomains: yes I can't create any mailbox with cm command. it reports permissions denied. I have flipped through the log but no log reports about this . Are you logged in as cyrus? What is the content of the file /etc/hosts? Ben Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: problem with virtualdomain
Benjamin Donnachie wrote: Are you logged in as cyrus? What is the content of the file /etc/hosts? ... and what command line are you using with cyradm? Ben Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: setrlimit: Unable to set file descriptors limit to -1: Operation not permitted
JOYDEEP wrote: setrlimit: Unable to set file descriptors limit to -1: Operation not permitted I seem to recall this either being covered in here before or in the docs. Basically, some operating systems let you set the file descriptor limit to -1, which means unlimited. Some don't and generate that error. You can safely ignore it. Ben Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: problem with virtualdomain
JOYDEEP wrote: Thanks for your kind response. yes I am logged in as cyrus. here is /etc/hosts -- 127.0.0.1 opendingo.com 127.0.0.2 lvps87-230-8-228.dedicated.hosteurope.de lvps87-230-8-228 127.0.0.1 lvps87-230-8-228.opendingo.com 127.0.0.1 localhost -- Cyrus-imapd does a reverse lookup of the IP address you are connecting from, discards the first part and then uses the rest as your domain. If your are connecting over localhost, I can only guess that it is getting opendingo.com in response, discarding opendingo and logging you in as [EMAIL PROTECTED] Hence only allowing you to administer the com domain. Temporarily replace your /etc/hosts file with: 127.0.0.1 localhost and try again with cyradm --user cyrus localhost Or is it possible to stick with virtdomains: userid ? From http://www.lnxsys.ca/docs/postfix-cyrus-FC2/ virtdomains: [userid|yes] With virtdomains: userid, the userid with @domain determines who the person is and what mailbox they should get. With yes, either the @domain or the IP address is used to determine this Ben Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: problem with virtualdomain
Michael Menge wrote: you have set unixhierarchysep: yes so you have to create the mailbox with cm user/[EMAIL PROTECTED] D'oh! Can't believe I missed that... :-/ Ben Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: unsuscribe
[EMAIL PROTECTED] wrote: List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html To unsubscribe, to info-cyrus send email to [EMAIL PROTECTED] with a body of: unsubscribe info-cyrus Ben Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Connection throttling POP3.
Andrew Morgan wrote: I believe there are also some solutions to monitor connections and automatically add IP addresses to the /etc/hosts.deny file, but I've never used them myself. Fail2ban will do this (and more) see http://fail2ban.sourceforge.net/ If your system uses PAM, it's also worth taking a look at pam_abl - see http://www.hexten.net/wiki/index.php/Pam_abl Ben Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Catch All Account
Jonathan Villa wrote: Any ideas? Looks like a postfix issue; try the postfix list - http://www.postfix.org/lists.html Ben Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Postfix quota integration
Benjamin Donnachie wrote: I'll experiment with my postfix version of smmapd over the next few days and will let you know how it goes. I couldn't resist! Look ups of regular mailboxes appears to be working perfectly! :-) Using tcp_tables, postfix can only confirm whether a mailbox exists. It has no provision for dealing with temporary mailbox problems, like over quota... Looks like a policy daemon is the way to go... Ho hum! Ben Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Postfix quota integration
Omni Flux wrote: I was hoping the Postfix version of smmapd would replace this for me, but it looks like that won't be happening soon. After asking on the postfix list when we could expect support for tcp_tables I found this... http://archives.neohapsis.com/archives/postfix/2005-02/0415.html I guess that a postfix version of smmapd just isn't going to happen now. Take care, Ben Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Postfix quota integration
Benjamin Donnachie wrote: I guess that a postfix version of smmapd just isn't going to happen now. It turns out that the postfix v2.5 snapshot includes tcp_tables! :-) I'll experiment with my postfix version of smmapd over the next few days and will let you know how it goes. Take care, Ben Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Postfix quota integration
Benjamin Donnachie wrote: I'll experiment with my postfix version of smmapd over the next few days and will let you know how it goes. I couldn't resist! Look ups of regular mailboxes appears to be working perfectly! :-) I shall do some further testing later. Ben Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
lmtpadinject - alpha version.
I have just released an alpha version of lmtpadinject for testing - see http://www.py-soft.co.uk/~benjamin/download/lmtpadinject-0.02.c This program sits between your MTA and Cyrus and injects plain text adverts into the top of messages. By using an external program, these can be customised to the recipient. It uses LMTP to communicate with the MTA and Cyrus and currently only supports sockets. To compile, just run gcc lmtpadinject-0.02.c -o lmtpadinject -lpthread Then to run just use ./lmtpadinject All configuration parameters are currently at the top of the source file - just edit them according to your system and then recompile. I will be adding support for configuration files and generally tidying the code. Remember, this is alpha quality - use at your own risk! That said, it's working fine on my system with the following config: Postfix --- dspam --- lmtpadinject --- Cyrus || (LMTP) || || V^ ClamAV (Content filter) Please note, I wrote this program for use by a site that donates most of the money raised to charity. Please contact me off list for further information, or if you would like to help with testing. Take care, Ben Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: lmtpadinject - alpha version.
Benjamin Donnachie wrote: I have just released an alpha version of lmtpadinject for testing - see http://www.py-soft.co.uk/~benjamin/download/lmtpadinject-0.02.c I've made some minor changes already to take into account real world messages and the version timed at 16:40 on 2007/05/11 is the latest copy. I didn't release there had been some downloads otherwise I would have bumped up the version number. Take care, Ben Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: lmtpadinject - alpha version.
Benjamin Donnachie wrote: I've made some minor changes already to take into account real world messages and the version timed at 16:40 on 2007/05/11 is the latest copy. Sorry - I lied! Another very minor change so the 23:00hrs version of v0.02 is now the most up-to-date. Think I'll move to svn very soon... Ben Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: is it possible to get multi-domain ?
JOYDEEP wrote: Is it possible to have multi domain if I have multiple domain in ldap ? Try reading the documentation that came with cyrus. Try reading the cyrus wiki. Try using Google. If you still can't find the answer, then come back to us. Ben Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Postfix version of smmapd
Simon Matter wrote: I'm still interested to integrate it into my rpms but only if the encoding issue has been solved. I'm sure people will start using it once it's in the package. Would appear that I've wasted my time - although the tcp_tables protocol is fully documented for postfix, if you dig deeper, it doesn't actually support it yet - not even in the 2.4.x tree. Sigh! Ben Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Patching advice?
I've offered to help write a patch for cyrus so that it adds personalised adverts to the top of incoming emails. Before I continue, I should point out that the organisation concerned donates the money raised to a number of charities. I prefer the solution of patching cyrus, rather than modifying the message before it is delivered, so that cyrus duplicate detection continues to work. I think that the deliver function in lmtpd.c needs modifying but it's taking me some time to get my head around the cyrus internals, particularly as I'm involved in several other projects at the moment. Ideally, what I would like to do is add a configuration file option to enable calling an external program, with configurable (or even set) command line options (eg user name), to modify the message in some way after duplicate detection but before any forwarding with sieve; probably using stdin and stdout. That way the extra functionality can be used for a whole host of different purposes. In this case, the advert will be added by using MIME to wrap the original message but that's irrelevant to this discussion. Consequently, I'd be very grateful if someone could point me to any documentation on the cyrus internals. Though, I'd be incredibly grateful if someone could confirm that I'm on the right track and, perhaps, the best place to insert this code and confirmation of the structures / variables that I need to play with. Many thanks, Ben Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Patching advice?
Benjamin Donnachie wrote: I prefer the solution of patching cyrus, rather than modifying the message before it is delivered, so that cyrus duplicate detection continues to work. Bron Gondwana has kindly advised me that Cyrus duplicate detection works on the Message-Id header, so it's back to plan A and writing a before Cyrus filter instead. Huge thank yous to Bron! :-) Ben Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Postfix version of smmapd
Benjamin Donnachie wrote: I couldn't find anything suitable through Google, so I modified smmapd to work with postfix. Anyone using this? If so, I'll hurry up and tidy it up. It not, it can carry on waiting a little bit longer. Ben Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Postfix version of smmapd
Simon Matter wrote: You may want to have a look at the postfix code which includes functions for encoding/decoding in postfix/src/util/hex_quote.c Thanks for the tip! :-) I intend to add a short section of code to do any decoding and then lower case the command. (I'd also try to do it but whenever I touch a C program I only end up debugging my own segfaults...). :-) I recently spent /ages/ getting some C code to work only to realise that I could have implemented it much quicker and easier in bash with just a hint of perl! Ah well! :-) Ben Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Postfix version of smmapd
Ken Murchison wrote: When the Postfix users out there feel that this code is stable, please attach it to a new bugzilla feature request. Will do! I hope to get it tested properly by the end of the week. Take care, Ben Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Postfix version of smmapd
Benjamin Donnachie wrote: However, tests over telnet were fine and this patch against cyrus-imapd v2.3.7 might be useful to someone... Ah, but it doesn't take care of this... Tested over telnet and seems fine. I will test it further with postfix soon and probably tidy the code. The mailbox test logic was taken from smmapd v.2.3.7 and may also require further testing. Ben /* * Copyright (c) 1998-2003 Carnegie Mellon University. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright *notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright *notice, this list of conditions and the following disclaimer in *the documentation and/or other materials provided with the *distribution. * * 3. The name Carnegie Mellon University must not be used to *endorse or promote products derived from this software without *prior written permission. For permission or any other legal *details, please contact * Office of Technology Transfer * Carnegie Mellon University * 5000 Forbes Avenue * Pittsburgh, PA 15213-3890 * (412) 268-4387, fax: (412) 268-7395 * [EMAIL PROTECTED] * * 4. Redistributions of any form whatsoever must retain the following *acknowledgment: *This product includes software developed by Computing Services * at Carnegie Mellon University (http://www.cmu.edu/computing/). * * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. * * postmapd.c -- postfix local recipient table lookup. * Adapted by Ben Donnachie from smmapd.c -- sendmail socket map daemon * * Postfix table lookups can be directed to a TCP server. * * Request format: * get SPACE key NEWLINE * Lookup data under the specified key * put SPACE key SPACE value NEWLINE * Not currently implemented * * Reply format: * 500 SPACE text NEWLINE * Requested data does not exist. Text describes nature of problem. * 400 SPACE text NEWLINE * Temporary error condition. Text describes nature of problem. * 200 SPACE text NEWLINE * Request was successful. Text contains encoded version of data. * * $Id: postmapd.c,v 1.1.2.1 2007/01/16 05:05:31 benjamin Exp $ * */ #include config.h #ifdef HAVE_UNISTD_H #include unistd.h #endif #include stdio.h #include string.h #include syslog.h #include signal.h #include ctype.h #include acl.h #include append.h #include mboxlist.h #include global.h #include exitcodes.h #include imap_err.h #include mupdate-client.h #include util.h #include xmalloc.h const char *BB; int forcedowncase; extern int optind; struct protstream *map_in, *map_out; /* current namespace */ static struct namespace map_namespace; /* config.c info */ const int config_need_data = 0; /* forward decls */ extern void setproctitle_init(int argc, char **argv, char **envp); int begin_handling(void); void shut_down(int code) __attribute__((noreturn)); void shut_down(int code) { if (map_in) prot_free(map_in); if (map_out) prot_free(map_out); cyrus_reset_stdio(); mboxlist_close(); mboxlist_done(); quotadb_close(); quotadb_done(); cyrus_done(); exit(code); } void fatal(const char* s, int code) { static int recurse_code = 0; if (recurse_code) { /* We were called recursively. Just give up */ exit(code); } recurse_code = code; syslog(LOG_ERR, Fatal error: %s, s); shut_down(code); } /* * run once when process is forked; * MUST NOT exit directly; must return with non-zero error code */ int service_init(int argc, char **argv, char **envp) { int r; if (geteuid() == 0) fatal(must run as the Cyrus user, EC_USAGE); setproctitle_init(argc, argv, envp); signals_set_shutdown(shut_down); signal(SIGPIPE, SIG_IGN); BB = config_getstring(IMAPOPT_POSTUSER); forcedowncase = config_getswitch(IMAPOPT_LMTP_DOWNCASE_RCPT); /* so we can do mboxlist operations */ mboxlist_init(0); mboxlist_open(NULL); /* so we can check the quotas */ quotadb_init(0); quotadb_open(NULL); /* Set namespace */ if ((r = mboxname_init_namespace(map_namespace, 1)) != 0) { syslog(LOG_ERR, error_message(r)); fatal(error_message(r), EC_CONFIG); } return 0; } /* Called by service API to shut down the service */ void service_abort(int
Re: Postfix version of smmapd
Benjamin Donnachie wrote: However, tests over telnet were fine and this patch against cyrus-imapd v2.3.7 might be useful to someone... Ah, but it doesn't take care of this... ENCODING In request and reply parameters, the character %, each non-printing character, and each whitespace character must be replaced by %XX, where XX is the corresponding ASCII hexadecimal character value. The hexadecimal codes can be specified in any case (upper, lower, mixed). The Postfix client always encodes a request. The server may omit the encoding as long as the reply is guaranteed to not contain the % or NEWLINE character. ... yet. Ben Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Quota warnings
Sebastian Hagedorn wrote: You'll have to write this yourself. We have a Perl script for that. It does more than just notify users and is too specific to our setup to share. I use Mark Borrie's quotacheck.pl modified for my system. It should be on Google somewhere. Take care, Ben Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Postfix version of smmapd
I couldn't find anything suitable through Google, so I modified smmapd to work with postfix. Unfortunately, I haven't been able to test it fully yet as the version of postfix with my distro doesn't support tcp look ups (And I'm too lazy to recompile at the moment!). However, tests over telnet were fine and this patch against cyrus-imapd v2.3.7 might be useful to someone... Ben --- smmapd.c2005-07-01 23:13:45.0 +0100 +++ postmapd.c 2007-01-13 21:30:23.0 + @@ -37,42 +37,27 @@ * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. * - * smmapd.c -- sendmail socket map daemon + * postmapd.c -- postfix local recipient table lookup. + * Adapted by Ben Donnachie from smmapd.c -- sendmail socket map daemon * + * Postfix table lookups can be directed to a TCP server. * - * From Sendmail Operations Guide: + * Request format: + * get SPACE key NEWLINE + * Lookup data under the specified key + * put SPACE key SPACE value NEWLINE + * Not currently implemented + * + * Reply format: + * 500 SPACE text NEWLINE + * Requested data does not exist. Text describes nature of problem. + * 400 SPACE text NEWLINE + * Temporary error condition. Text describes nature of problem. + * 200 SPACE text NEWLINE + * Request was successful. Text contains encoded version of data. * - * The socket map uses a simple request/reply protocol over TCP or - * UNIX domain sockets to query an external server. Both requests and - * replies are text based and encoded as netstrings, i.e., a string - * hello there becomes: + * $Id: postmapd.c,v 1.1.1.1 2007/01/13 21:29:45 benjamin Exp $ * - * 11:hello there, - * - * Note: neither requests nor replies end with CRLF. - * - * The request consists of the database map name and the lookup key - * separated by a space character: - * - * mapname key - * - * The server responds with a status indicator and the result (if any): - * - * status result - * - * The status indicator is one of the following upper case words: - * - * OK the key was found, result contains the looked up value - * NOTFOUNDthe key was not found, the result is empty - * TEMPa temporary failure occured - * TIMEOUT a timeout occured on the server side - * PERMa permanent failure occured - * - * In case of errors (status TEMP, TIMEOUT or PERM) the result field - * may contain an explanatory message. - * - * - * $Id: smmapd.c,v 1.1.2.14 2005/07/01 22:13:45 ken3 Exp $ */ #include config.h @@ -334,6 +319,7 @@ } sprintf(buf,%d:cyrus %s,%c,strlen(key)+6,key,4); + // Does this get sent back to postfix? sendto(soc,buf,strlen(buf),0,(struct sockaddr *)sin,sizeof(sin)); x = sizeof(sfrom); @@ -363,59 +349,41 @@ int begin_handling(void) { -int c; -while ((c = prot_getc(map_in)) != EOF) { - int r = 0, sawdigit = 0, len = 0, size = 0; - struct auth_state *authstate = NULL; - char request[MAXREQUEST+1]; - char *mapname = NULL, *key = NULL; - const char *errstring = NULL; - - if (signals_poll() == SIGHUP) { - /* caught a SIGHUP, return */ - return 0; - } + while (SIGHUP != signals_poll()) { - while (isdigit(c)) { - sawdigit = 1; - len = len*10 + c - '0'; -if (len MAXREQUEST || len 0) { -/* we overflowed */ +char request[MAXREQUEST+2]; +char *key = NULL; +const char *errstring = NULL; +int r = 0, length = 0; +struct auth_state *authstate = NULL; + + if (0 == (length = prot_read (map_in, (char *) request, MAXREQUEST+1))) { + fatal(Error reading stream, EC_IOERR); + } + + if (length MAXREQUEST || length 0) { fatal(string too big, EC_IOERR); -} - c = prot_getc(map_in); - } - if (c == EOF) { - errstring = prot_error(map_in); - r = IMAP_IOERROR; - } - if (!sawdigit || c != ':') { - errstring = missing length; - r = IMAP_PROTOCOL_ERROR; - } - if (!r prot_read(map_in, request, len) != len) { - errstring = request size doesn't match length; - r = IMAP_PROTOCOL_ERROR; - } - if (!r (c = prot_getc(map_in)) != ',') { - errstring = missing terminator; - r = IMAP_PROTOCOL_ERROR; - } +} - if (!r) { - request[len] = '\0'; - mapname = request; - if (!(key = strchr(request, ' '))) { - errstring = missing key; + if (strncmp(GET, request, 3) strncmp(get, request, 3)) { + errstring = unknown request; r = IMAP_PROTOCOL_ERROR; - } } - if (!r) { - *key++ = '\0'; + while (length
Re: Sieve - Reject - Backscatter worries
John Thomas wrote: I am still curios if Postfix has accepted the message prior to or after the execution of the sieve script. On my system at least, the sieve scripts are executed once messages have been accepted by postfix and passed to cyrus for delivery. I need to look into it further, but I wonder whether a modified postfix version of smmapd would allow earlier rejection. Ben Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Sieve - Reject - Backscatter worries
John Thomas wrote: I would like (for convenience) to use Sieve to reject certain messages, but do not want to send backscatter. Use discard instead. Ben Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Captive mailbox in Cyrus IMAP?
Nik Conwell wrote: If anybody wants the patch (pretty small) I can send it somewhere appropriate. Please, I'd be interested! :) Ben Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Login attack on cyrus imap
Jim John wrote: We would like to know if there is a way to prevent these types of attacks? Take a look at fail2ban [1] Ben [1] http://fail2ban.sourceforge.net/ Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
[Fwd: Re: [dspam-users] Modification to dspam source for lowercase username with plussed addressing....]
My dspam patch below should be useful for sites running cyrus-imap with plussed addressing. Take care, Ben Original Message I think that should be PlussedUserLowercase, and it might be too specific to use plus as the detail separator (qmail uses - by default, but from memory that's adjustable). The option is intended to complement EnabledPlusedDetail - if that's enabled, then the option PlusedUserLowercase forces the username section to lowercase internally. It was much easier to implement than I thought! --- dspam.c 2006-04-07 20:07:23.322488264 +0100 +++ dspam.c 2006-04-07 22:50:45.443339392 +0100 @@ -1571,6 +1571,8 @@ if (_ds_match_attribute(agent_config, EnablePlusedDetail, on)) { strlcpy(mailbox, username, sizeof(mailbox)); ATX-recipient = mailbox; + if (_ds_match_attribute(agent_config, PlusedUserLowercase, on)) +lc (username, username); plus = index(username, '+'); if (plus) { atsign = index(plus, '@'); I added the following to dspam.conf: # # When using plused addressing, forces dspam to internally use lowercase # usernames. Thus preserving case of the plused address. # PlusedUserLowercase on I've also got the following in imap.conf so that cyrus-imap also forces the username section to lowercase, but leaves the case of the folder (plused detail) alone: lmtp_downcase_rcpt: 1 Ben Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Re[2]: cyrus-imapd + dspam
maxxik [EMAIL PROTECTED] wrote: so .. what about sendmail+dspam+cyrus ? That's exactly that I use - when I'm back on site, I'll send you a copy of my config. -- Benjamin [EMAIL PROTECTED] Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: cyrus-imapd + dspam
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Benjamin Donnachie wrote: so .. what about sendmail+dspam+cyrus ? That's exactly that I use - when I'm back on site, I'll send you a copy of my config. In sendmail.mc I have... FEATURE(`preserve_local_plus_detail')dnl define(`LUSER_RELAY', `error:nouser User unknown')dnl MAILER(local)dnl MAILER_DEFINITIONS ## New mailer specs Mlocal, P=/usr/local/bin/dspam, F=1ulsDFMnPqAh5@/:|, U=cyrus:mail, S=EnvFromL, R=EnvToL/HdrToL, T=DNS/DNS/RFC822/X-Unix, A=dspam --deliver=innocent --user $u -e -m $h -- $u dspam uses LMTP delivery and contains the following: DeliveryHost/var/imap/socket/lmtp DeliveryPort24 DeliveryIdent localhost DeliveryProto LMTP EnablePlusedDetail on Cyrus is set to accept messages over lmtp and cyrus.conf contains: lmtpunix cmd=lmtpd listen=/var/imap/socket/lmtp prefork=0 Alternatively, you could just as easily set dspam to use deliver - however, it wouldn't initially work properly for me so I opted for LMTP delivery instead. Hope this helps! Take care, Ben -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQIVAwUBQ+KHvegNmph0Y1E2AQIiXg//bBljLzSNdZcYSikpPjvhQkmlBwT47g0y RvyLKOwZOU5ysln90kav7K/7tjmkiUG0EJQm72Lrol36PCfIcemHDO+TrhbewlXP 4HkoJ6E8d8VhGvncI/eMXWiGlQOkiRvMzKJJ3uNMvvwxeAGlO5Zu3+04MLrUAw7q EUPiY5wy97Ecu/gX1p6QBzHsr1bMQA9qrSDHfiMk8uzjV9oceP1in8jgzD9RagF4 IqqN4f3e3MdefVDuZFa9OGtjfk3V2y0GoxwEyxbJETY1RYVzId6TGIwlFqdJJ0YC e/2yVO3Wmrm1wj9TDn4QIYn6ILbu/poArxggVgF9Jda+TG7L1/e36gBMtfE86HuR wcx860pa6YByEDs0/vS1urCTShxKck/uuXC28f9sWzGYk4RxlTS7kEOMxwKV4c7X /RA/Z1RgeI1cdbmCi65wNhrO/qkC7SKOQdKP6H6KHn7L4bF8d4P6DSbT0Pif7xhA u5rHCQ9yUmusxABgFdJakDAz9Npt54qbQulbpIVfoEv1fOfopL0QTW9wUu5UAbhQ PDlxs7MgrX7jgIDzLzCmuh9JNoZh848QkW3tTk0iJ4YRDmPq8J9KiP0paEW+5ccq xxSy4sK50wj/IA/jrsCXSM2ftFO5+OQGnE3CIOCDCGahrXbi7BHKUKEMpOD5VeGQ kCCL2HeAskI= =YsWh -END PGP SIGNATURE- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: cyrus-imapd + dspam
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Scott M. Likens wrote: Does anybody here use this sheaf ? ) yep, works fantastic. Same here! Ben -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (Darwin) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iQIVAwUBQ9+1tOgNmph0Y1E2AQLZtw/9GG+39swMOBE8K3V2XzTlzB+/zEjFDsHd yznz6QaG/u8hqrmWvl32p0xREtqpMx/Hdx5cfNm+80ZddNg8n4acKC3zuSpkyOKk R+KjbXzP4VpXduT6wSXmMtSa8c4qy+a9K6bcQ3rwgGxzgRD0Ogj9OZbW51qxcmPf 7EF0NTnaKR1jZFH6/AEjheK3OjtoIoSUkRd88NbT8QIIevgGDUEwfvTnU6BSsYoG 3VvqOs1A7+grUyIqbRLp+kEs5YCBDUyTXVSepVmLmdAgXv5ZmY4mRk5DUy2oDAsP mXRIVJP4SN+dMcyZgUulqxce5iWk6gbV4TapH9FrV2LEuGY4//l/GWEtKx/orqL+ RXdxn1An3alNSL8JIOfNJ24rpZRl1l7JW2tJwdkqGoexnbwPRiUqqzE112sCOTg2 ZE8DiJWkKvmvXDr5006MFWQ1dncgU13atfszsALhBASwIiTvKynaF/mLU7tvOyQj DiFUu23dTcOVEEGNu/wZAaZO99mjCe/aVUkGvWq3+v5g4iy9oBXb4mJJ0sNaAbgs j/1Kcguyagg8EgoFjwz/b8Rl1oF25OAs9Z8IuEDB1+e4GzG6WuKR9U3sCls5mTTF zfPoMEc4fW0VsKhetHRZf53vjq69LzbptBh3lMrCiHArOoPmpmBznBo611D1g8ju VZSA0jqVamI= =yzDY -END PGP SIGNATURE- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: cyrus-imapd-2.2.12 with sendmail-8.12.11 integration niggle.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Andrzej Adam Filip wrote: I personally prefer to reject spam *in smtp session*. I'm quite happy with dspam - it catches the majority of my spam and I haven't had any false positives since I reinstalled it a few months ago. (Touch wood). Any reasonable price anti-spam system will produce some false-postives. IMHO it is crucial to make sender know the message have not reached the recipeint *WITHOUT* taking over responsibility for delivering bounces. I probably didn't explain myself very well - it's not spam bounces that I want to stop. What currently happens is that sendmail accepts a message with NULLs in, passes it to dspam which then passes it to Cyrus. Cyrus then rejects it and causes sendmail to generate a bounce message. Unfortunately, most of these message rejected by cyrus bounce messages seem to be in response to spam (but not always) and hence to non-existant addresses. It then sits in the mail queue for days before making sendmail panic and drop it. I'm happy for the message to be accepted by cyrus and then, if it is spam, for dspam to be retrained to quarantine such messages. I had to debug once delivery from my site to site implementing policy of dev nulling messages *classified* as spam. The recipient *WANTED* to receive the messages. After losing some important messages, I'm too paranoid about /dev/nulling potential spam... However, I'm definitely going to install the Clam AV milter and possibly the grey listing one too! :-) Take care, Ben -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (Darwin) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iQIVAwUBQ9JQrOgNmph0Y1E2AQJSvg//bW6ltbGwlEMRJKu6XosOuYnX7zcUg2zk etnggjrzOmJnRIzggBwDlEyeLJXdBUmx53j2oQIRvA/hI5/NZy22pRD5jhkZlrZe mBvJwD7YhRz1qJU2bLekDt+yjPrf//HBES/6ZB+lXvArm8Nxc024oH/70uwGhnw1 MqL8HiHdPIZnZUaWY8XRLrDT4mNpO9JWupbmrulK6K7XrHXo94UPhiu/4DBxwm8o h2+St0mmhoPi2YeQE8cH3HuJk1ZhHzCN4y4KKa/BR1zstxdSS3va42iXsJvlQSSy jEq9voS12tF3tEoq3iFKLAKdD7D6LbwrpWg41UhPPBWfQnaX43O9ScAu/0mI5vSq l+YOIXqk5C14NA74hceUJaiBgZwxuDr2jkGNnbVx7Ko4cWcYn2MTkS1u5d2QVi6b mulqFwp1SrSlvWjNySicUJqUArpli8hLVYhiGefz7fd5imYQeCShEs047zLOBQhS gCP5/8LftXtMu2f25wAZMAza6OLA+cCNCE0ZLBSc/lKY7GWmiCnCt0ktAXT1PCmj BqkbLESMDMgfUM9BGTO6sMdBBB9JF5gidJsY5wqk8/Xue96GI/8gx6+rhKkLolZ6 u7h3ApGlAXOTP0eklvosDhAkfzYOXggPff44BaYAeFXAyrnuqCiQx3yWDd2pMGo0 /xG2gF2FT6U= =fyRU -END PGP SIGNATURE- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: cyrus-imapd-2.2.12 with sendmail-8.12.11 integration niggle.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Andrzej Adam Filip wrote: Post another confirmation for future readers after a few days of using it. I have seen a few ugly surprises created by aliases and rule set 5 interactions (low but non zero chance). Still works! :-) A little cheeky... but I don't suppose you know of a way to get sendmail to reject messages containing NULLs as well? As only spam messages seem to have that problem and once cyrus rejects it, sendmail tries to send a bounce notification back to a bogus address! Take care, Ben -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (Darwin) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iQIVAwUBQ9EmsOgNmph0Y1E2AQKWRw//UgDH07CWZcqdvP4nLG+FZxuqpiBQrEnw xIU6AaYLlS3ilNuCJ2PfObGQfU2ZOlgeIoD8CSAsNxcF0hOLMDpRa5VJRXjfmszC YREZi8VsInFl0Rboz5O53UOf3CumQlfhj3ouYa4HLqlmWFRrmuMavSnc1lpcEoX6 lT6AZOp1DuFNZNXPuSQjplTnRX4JrM6Obi6YXcojHtS8CtkcupBXzIvWfs65i7kD IkhoQQMEczsEbtByaQeZwArCakOdbCt8nG0IggRKZVahU7eqmzLNE8oCRCkZseGO Aq91pIwFsNEoIrQMEztnx2vzJzdiHpIXf9mJhpbSvJ9foC5/S8GG0iQHoRZlFAGN oG6D/znyuRiTfYJuxWKcGsRXT5f9q1YRMtFtBOjOFkbHa2uqbeurIjaVLgpL1irz YT5lL0k92IZmjmA6OaUw4oKsuErsvkV3Crn95/YDrgMoctpS7bexKJ3HvRXKQyAr Gn8YxZrQ0b1jEnDUO78gpyGfX9nIoLVCt7G5t78G7m2NQuOYDcxuB5g2mUSoeTdP ZmeI5blWkzy83+BHwdVMrgo5+dmNlZ+2Dys8QiLmju79V0gUXY0Qo8YfSUvqy5S+ TX5wnBm62sJ0+0WIAHklbqWdE/55okybZcJpW6LGfWPBY2Mm7rMlNRD0vkkm3qqc c7uhPRF8guQ= =ea7q -END PGP SIGNATURE- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: cyrus-imapd-2.2.12 with sendmail-8.12.11 integration niggle.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Andrzej Adam Filip wrote: You can use F=1 mailer flag to make sendmail *strip* (remove) null bytes from *headers* before relaying message to cyrus imap. Ah! The 1 flag isn't listed on the FAQ I was using as a reference! I think that rejecting messages with null bytes (in smtp session) would require using milter. If you use MIMEDefang (perl based/GPL) milter for spam and/or virus protection then it should be relatively easy task. Thanks for your help! I'm happy for them to be accepted by cyrus (and dspam subsequently retrained) as it's the annoying bounces to nowhere that sendmail keeps trying to resend that I want to stop! Thanks again! :-) Take care, Ben -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (Darwin) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iQIVAwUBQ9FKOegNmph0Y1E2AQL4aA/+PQ453+kACc22kIV5r/rMVJSTpNVW5nl5 hsZ2p8ZcPCO3kOdo+HyXsjEJv9CVyvAIZ+3KPswWDv0puI0aFP2EUeUxz63yJhbJ +bItyNXDXEjg7aJRUy81NBovwFsbe+iWDLo6P9hX1tGNPoyykCZlxhTKhjw3qMF4 nxq6g++DzXQJWD1PvHQEcCvlaFEQgywNa1BhG1KC1Wp3IYs+AgPkcuqAM3bhAG1T 2TegVJ041mLi7ZF06S78BdVyRSL7uex9qQrRhWnzVkA+kudmUki/GYW/FF2r00CU XHP5fOpG0ZjPwjQYICEsxwoqlldJmyKT5oGGbx+ek5CtGP5yrGgWMasvu4aYN+Ak CgSVj0GYA1lzNWkS1p5wOizUgOgFFBNf1xH6A61ik4Kkkr2RhcAO/MxK8vVNJHMB dglOufPhrgRODDPv63AZab0T29xD4nDGJDjPA++Al38yN1gTSXcqejjF4casmux6 nnD8iIk/fRT3hSc0UAEpc0S/pHFhRE6jkI0XFPYoSBi24x8H/rb44N+JfRdsiWjc Yobf42qGHDYglJgh0LIHPKNsPhgq8vGDijJ+21szPe37gnz+CZ7UoSNtSHmoLOlC QWQApe7IV2bvlOQG5UaEZq6OwMPXRQaTZc25YClAaG4QxqW3UDyC2f3ojVBt4TXL bk96gmSi12s= =2ASx -END PGP SIGNATURE- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
cyrus-imapd-2.2.12 with sendmail-8.12.11 integration niggle.
At the moment, I use shadow passwords for cyrus-imapd authentication and I would like sendmail to reject any message for which the recipient does not have an account on the server. This is complicated because I use plussed addresses with cyrus-imapd; if I enable the w sendmail mailer option, then it rejects plussed address messages - since that account doesn't exist. However, if I disable the preserve_local_plus_detail option in sendmail it performs the local account check correctly but then doesn't pass on the folder detail (ie the section after, and including, the +)... Is there anyway to instruct sendmail to remove the plus detail for the local account check but to use it when passing the message to cyrus (via dspam in my case)? I've scoured the sendmail docs and done many google searches but can't find an answer, and concluded that a cyrus-imapd admin would be the best person to know! :-) I intend to migrate over to postfix and ldap in a few months - but would prefer to solve this problem now as my mail queue is filling up with bounces to fake addresses in response to spam messages to non-existent accounts. Take care, Ben Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: cyrus-imapd-2.2.12 with sendmail-8.12.11 integration niggle.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Andrzej Adam Filip wrote: How it is supposed to work: * flag F=5 will turn on processing of rule set file * checks done by F=w flag will be done by error luser relay in rule set 5 * preserve_local_plus_detail will stop sendmail from stripping +detail in rule set 5 You're a genius! :-) It works perfectly - many thanks for your help! Take care, Ben -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (Darwin) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iQIVAwUBQ81u/OgNmph0Y1E2AQIvew/8Ds/gCH1p0/+SuVruNy9NTbotG8e1G/5P V8ASN513Hp3Fzj4uoP8JT6ELTfHzj088elXrr9AxIyqy81zHRl8yEVkfv6qcHm1r HHoahW8dpGC6hfEhIlqfTWDcB4fNcO6jn7lVdN0MYC7ZFKC12U2PoOBO/h1KA8/G QMVN0bWSrw5LxsTIxXBiPc5Fvev+36GC5fphVC9auD0GnpSOjgZr8IPF91vLLxcP owCNt1IZDJRp+LnX9QWxQHMrZG7iWJDD7ENexXQgRbDksnoTB4ddckEow/a6Ibg0 2sYFbZEbpCVnOzQamUf4DSqoAnnLisGRkvOhVQXZ8QsSnKzxavGV7AhcLsI3Sd3t Wu8k5LoCK7naqX9DoBh2BpX+B/yXpqeQ+xVjF/VZNhHe8ZJOc+BvusvqE3LlH5mj pWgQaZzE0C+gKfALlvpJxgogzwrbaTPLKXenFaiBV5g5ugGQ2VYJtHVqCy94lubX ip0PfULt59lZQhZ4QyMM4j+X3BpHzEYFXURz/vqGwx/XT26d63UiXY05TZg/zMeg 1Iuuu/xNG/nptnV6mjGmHMVEPYgwezGIsMhVs6sIaYZKwzneku5rQb1iK7c3lWLN UOoU662LaUIKRdcZ2T3j/2DMejkgVSi0GUEQMtaIFC29LZ+Ux5S48hDQorlNfbVs UATXx5rgsI8= =Dr6w -END PGP SIGNATURE- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html