Re: POLL: per-domain shared folder/sieve/etc
On 22/10/2014 23:02, Bron Gondwana wrote: The problem is, it means you can't set quotas per domain, you can't have sieve scripts per domain, and most of all - you can't have shared folders in a domain. example.com!shared.stuff worked fine, but shared.example^com.stuff would be weird. It's just a folder, and wouldn't be treated specially in any way. The domain would have no special meaning. So if I understand this correctly, it means we could still have global shared folders but not shared folders limited in a domain namespace like we have now ? if so, it seems both good and bad to me. The good : if you have several domains in a single organisation, you can have shared folder for all. The bad : in a multi-tenant environment, we can't provide shared folder to our customers without adding something to the name to ensure it is unique accross all customers, or use the standard mailbox sharing (so the end user sees Other users/mypublicmailbox@mydomain in its client). No more Shared Folders/contact or Shared Folders/public. Shared folders in a multi-tenant environment is not so widespread I think, it's more a global organisation thing, but still, it could be an issue for some. I'm not sure how well it would be handled in groupware suites like Horde for instance. Cheers, -- Clément Hermann (nodens) Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: imap client that supports passing authorization id
Le 25/02/2013 12:36, Patrick Boutilier a écrit : On 02/25/2013 07:30 AM, Adam Tauno Williams wrote: On Mon, 2013-02-25 at 11:08 +0100, Rudy Gevaert wrote: Hello cyrus users, Do any of u know of any desktop imap-client, but not mulburry, that supports passing the authorization id? I am not aware of any. Neither am I aware of any that support IMAP ACLs [settings, viewing, etc...] or SIEVE. Very sad. If someone else knows of any I'd love to hear about it. Thunderbird has a Sieve extension that can be installed. There is an imap acl extension as well: https://addons.mozilla.org/fr/thunderbird/addon/imap-acl-extension/ -- Clement Hermann (nodens) - L'air pur ? c'est pas en RL, ça ? c'est pas hors charte ? Jean in L'Histoire des Pingouins, http://tnemeth.free.fr/fmbl/linuxsf/ Vous trouverez ma clef publique sur le serveur public pgp.mit.edu. Please find my public key on the public keyserver pgp.mit.edu. Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Mailbox does not exist question
Le 25/01/2013 21:40, Charles Bradshaw a écrit : Andy We're nearly there, phew.. Yes I want to use virtual domains. Yes I have virtdomains: userid in /etc/imapd.conf OK, so I understand why no imap INBOX, but sendmail and cyrusv2 are therefore delivering mail to the wrong mailbox, that is to user.test NOT user.test@mydomain I have sendmail.mc containing: define(`confLOCAL_MAILER', `cyrusv2')dnl define(`CYRUSV2_MAILER_ARGS', `FILE /var/lib/imap/socket/lmtp')dnl MAILER(cyrusv2)dnl and mailertable containing: mydomain cyrusv2:/var/lib/imap/socket/lmtp Obviously the mailertable entry is wrong? Or maybe I need something else to stop sendmail/cyrusv2 stripping mydomain from email sent to test@mydomain ? Take a look at the documentation, the sendmail configuration for virtual domain is explained. Here : http://cyrusimap.web.cmu.edu/docs/cyrus-imapd/2.3.17/install-virtdomains.php (search configuring sendmail). -- Clement Hermann (nodens) - L'air pur ? c'est pas en RL, ça ? c'est pas hors charte ? Jean in L'Histoire des Pingouins, http://tnemeth.free.fr/fmbl/linuxsf/ Vous trouverez ma clef publique sur le serveur public pgp.mit.edu. Please find my public key on the public keyserver pgp.mit.edu. Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: cyrus + Active directories authentication query
Le 03/01/2013 10:07, jayesh shinde a écrit : Hi all , I am trying to configure the cyrus + Active directories authentication. I have cyrus-imapd-2.4.6-5 and Active Directory 2003 2010 The mailbox in cyrus is in format of firstname.lastn...@domain.com But the problem is attributes of Active directories like sAMAccountName: userPrincipalName: mail: are different ( not same ) Example :-- mail: jayesh.shi...@domain.com sAMAccountName: 10030 userPrincipalName: jshi...@domain.com Cyrus mailbox :-- jayesh.shi...@domain.com Requirement is :-- I want to do auth by sAMAccountName name , this sAMAccountName is use for Windows desktop login. And I want to keep same login password credential for both windows + email login When I am trying do login with pop3/ imap with above sAMAccountName of active directory , then I am not able to login. It gets fail. Where as if I use mail: attribute of Active directory then I am able to login with pop3 / imap and able to all normal activity. 1) Is any one come across such scenario or requirement , if yes how its getting manage ? 2) Is there any way or workaround by which I can do sucessfull login with sAMAccountName and get login in Cyrus mailbox ? ( which is mention in above example) Unless I missed something, Active Directory authentication would use GSSAPI (that is, kerberos) and the username would be the kerberos userprincipalname, not the samaccountname. So I suppose what you're trying to do is LDAP authentication against Active Directory with saslauthd. One way to make this work would be to disable virtual domains (or use a default domain), and rename the mailboxes as the sAMAccountName (and change mail routing accordingly). I don't think there is a way to make mailbox aliases or username rewrite in cyrus, so you'd have to use some kind of proxy to do that without renaming the mailboxes. Cheers, -- Clement Hermann (nodens) - L'air pur ? c'est pas en RL, ça ? c'est pas hors charte ? Jean in L'Histoire des Pingouins, http://tnemeth.free.fr/fmbl/linuxsf/ Vous trouverez ma clef publique sur le serveur public pgp.mit.edu. Please find my public key on the public keyserver pgp.mit.edu. Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: lmtp over tcp configuation
Le 12/10/2012 20:52, Marcus Schopen a écrit : Hi, I'm planing to split cyrus 2.2.13 from my incoming mail server running sendmail 8.14.3. Basically I set up an openvpn tunnel between the boxes and changed the CYRUSV2_MAILER_ARGS from FILE to TCP in the cyrusv2.m4 macro on sendmail side and activated lmtp in the cyrus.conf on the other side. First tests are running fine. Did I forget something? Any tuning hints? Seems fine to me, but you may want to allow more than 20 childrens for LMTP process. If you receive a lot of mails at once, your load will increase on the sendmail server because you don't have enough lmtp processes. Actually I use lmtpproxy since I have a murder setup, but with prefork=20 maxchild=0. Sendmail will reject connections anyway if the load or connection rate is too high. The openvpn seems overkill to me, as mail will often travel in clear anyway. Also, your smtp server won't know if the mailbox is really available, so you may have useless bounces (over quota...). You may want to check http://anfi.homeunix.net/sendmail/rtcyrus3.html. Cheers, -- Clement Hermann (nodens) - L'air pur ? c'est pas en RL, ça ? c'est pas hors charte ? Jean in L'Histoire des Pingouins, http://tnemeth.free.fr/fmbl/linuxsf/ Vous trouverez ma clef publique sur le serveur public pgp.mit.edu. Please find my public key on the public keyserver pgp.mit.edu. Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Input on patch for ptclient/ldap requested
Le 09/08/2011 02:08, Jeroen van Meeuwen (Kolab Systems) a écrit : Hi there, Hi, I wanted to ask who is actively using ptclient/ldap, as I have some inhouse patch pending on the canonification using some sort of result_attribute, if you will. We currently have under consideration whether everything, life and the universe should be configurable before the patch is accepted upstream, which is to say (pardon my postfix lingo); - result_attribute_format, - leaf_result_attribute, but also; - group_filter_scope, - group_result_attribute Which is to say, we have a deployment extensively using 'nsroledn' -which functionally behaves like a 'memberOf', and the question then becomes if you want to use the 'cn' attribute for groups -which most often is not enforced to be a unique attribute value for groups, but is automatically unique is the search scope for groups is 'one' and the 'cn' attribute builds the 'rdn'. Long story short, I would like to know of other people who use ptclient/ldap, or have attempted to do so but failed, and the various use-case / deployment scenarios. We use it for shared folders / mailboxes, on a Stock debian install (so 2.2.x), we only repackaged cyrus to include pts support. Works great so far Actually, I do think everything should be configurable. LDAP deployment are often preexistent, and used by other applications : the more configurable it is, the less work you have to do to use cyrus in your existing environment. Other application might be older proprietary stuff without much flexibility and strange ways to use a LDAP tree... Here are the relevant parts of our imapd.conf : auth_mech: pts pts_module: ldap ptloader_sock: /var/run/cyrus/socket/ptsock username_tolower: 0 ldap_filter: (|(uid=%u)(cn=%u)) ldap_referrals: 1 ldap_group_filter: ((objectClass=groupOfUniqueNames)(cn=%u)) ldap_group_base: some path ldap_member_base: some path ldap_member_method: filter ldap_member_filter: (uniqueMember=%D) ldap_member_attribute: cn ldap_size_limit: 0 Groups are in one part of the tree, users are listed in the group with their DN and in another part of the tree. Cheers, -- Clement Hermann (nodens) - L'air pur ? c'est pas en RL, ça ? c'est pas hors charte ? Jean in L'Histoire des Pingouins, http://tnemeth.free.fr/fmbl/linuxsf/ Vous trouverez ma clef publique sur le serveur public pgp.mit.edu. Please find my public key on the public keyserver pgp.mit.edu. Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
Re: squatter stops when it encounters a locked mailbox?
Le 21/06/2011 18:28, Michael D. Sofka a écrit : I run squatter in a perl program that forks three parallel squatter processes on individual user's mailboxes. If a mailbox is locked the particular squatter processing the mailbox quits, but the main program continues to fork new processes for the remaining mailboxes. The program checkpoints each user, shuts down at 6 A.M., and continues where it left off the following day. Looks nice. Maybe you could share this script ? I could use a squatter with some parallelization and a way to stop it when the load is starting to grow (like in the morning). I guess it could be modified to use other parameters to know when to stop : number of logged-in users or imap/pop processes, system load... Cheers, -- Clement Hermann (nodens) - L'air pur ? c'est pas en RL, ça ? c'est pas hors charte ? Jean in L'Histoire des Pingouins, http://tnemeth.free.fr/fmbl/linuxsf/ Vous trouverez ma clef publique sur le serveur public pgp.mit.edu. Please find my public key on the public keyserver pgp.mit.edu. Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
Re: Running Cyrus Imap under a different user
Le 03/11/2010 18:03, Gabriele Bulfon a écrit : Thanx for the quick reply ;) Yes, environment is correctly exported. Maybe there is something I can tell to Linux so that it gives my environement to anyone changing user to myuser? You are not supposed to use sudo to do this. The correct way is to login as root (or change identity via su -, or let init run the init script for you at startup), and launch the init script to start cyrus master, which will drop privileges when forking to child processes (imapd, pop3d, etc). sudo *will* remove some environment variables, as a security mesure. It could be that the best way to achieve what you want is to modify an existing binary package of cyrus imapd for your distribution, modifiying only the user-related configure options and configuration scripts. Cheers, -- Clement Hermann (nodens) - L'air pur ? c'est pas en RL, ça ? c'est pas hors charte ? Jean in L'Histoire des Pingouins, http://tnemeth.free.fr/fmbl/linuxsf/ Vous trouverez ma clef publique sur le serveur public pgp.mit.edu. Please find my public key on the public keyserver pgp.mit.edu. Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
Re: A beginner question about Murder
Le 08/09/2010 23:17, Jeroen van Meeuwen (Kolab Systems) a écrit : Andrew Morgan wrote: In a traditional Cyrus Murder (not a unified Murder), there are 3 roles: 1. backends - these store email 2. frontends - these proxy incoming connections to the correct backend 3. mupdate master - maintains the list of mailboxes in the Murder There can only be 1 mupdate master process. I'm not positive if you can run it on a backend or frontend server, or if it must be running on a separate server. In my test setup (internal Wiki document attached licensed CC-BY-SA), which to date is still a work in progress, it appeared to me; - In a tradition Murder setup the master update server cannot be combined with a backend or frontend server. - For autocreate/autosieve (patches for which Cyrus is not upstream but they are shipped with Fedora and Red Hat Enterprise Linux packages), the frontend servers must be disabled for local direct delivery through the lmtp proxy, and instead relay through the backend server's MTA for autocreate to create the mailbox on a backend server (and not a frontend server which would then loop back to itself). The same goes for autocreate on login, which would cause the frontend to create a mailbox on the local default partition rather then on one of the backends in the Murder. In traditional murder (no autocreate/autosieve patch), the murder process can run on a frontend. However, it cannot run on a backend. We have a webmail running on our murder (2.2.x) server, and it uses localhost as imap server, so it acts as a frontend. However, we don't use autocreate or autosieve, so I couldn't says if it is the same on a patched setup. Cheers, -- Clement Hermann (nodens) - L'air pur ? c'est pas en RL, ça ? c'est pas hors charte ? Jean in L'Histoire des Pingouins, http://tnemeth.free.fr/fmbl/linuxsf/ Vous trouverez ma clef publique sur le serveur public pgp.mit.edu. Please find my public key on the public keyserver pgp.mit.edu. Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
Re: TLS failed, service in BUSY state, terminated abnormally
Le 06/09/2010 23:46, Bron Gondwana a écrit : On Mon, Sep 06, 2010 at 11:42:38AM +0200, Clément Hermann (nodens) wrote: Le 06/09/2010 11:26, Ethariel a écrit : Hello, auto-answering. During the upgrade process the /dev/* permission were broken. It includes /dev/urandom which I think (can someone confirm) is used by SSL. Actually SSL is supposed to use /dev/random which provide better randomness (because of better entropy gathered via keyboards and disks, or better yet, hardware RNG), less likely to be predictable than /dev/urandom. That's a nice theory. Have you seen how many people have posted to this list about imap freezing and poor throughput that have been caused by using /dev/random and it blocking? On the flip side, can you provide a single example of a successful attack against IMAP connections secured by /dev/urandom? Denial of service is a credible threat too, and unless you actually have a hardware randomness generator, the threats of using /dev/random are generally worse than the threats of using /dev/urandom. Bron ( who doesn't like black and white advice from ivory towers! ) Well, I did said 'is supposed to', not 'always should use'. Note also that I mentionned hardware RNG. But you're right, it is far better and perfectly acceptable to provide service with poor entropy than bad service. My main point was that the permission problem was likely on /dev/random rather than on /dev/random. Sorry if it sounded like I was giving a lecture. I guess my not so good english is to blame. I always use /dev/urandom if I don't have hardware RNG on a busy server, because availability is more important than protection against a very unlikely threat, and I did have some problem under heavy load. However, if I can, I prefer to use a hardware RNG, as it is really a breeze to use with rng-tools. It used to be available on any server x86 motherboard, unfortunately it tends to be less frequent onboard nowadays... Actually, if you don't want to recompile cyrus but need to use /dev/urandom, you can use /dev/random with rng-tools using /dev/urandom as a random source instead of the RNG device. -- Clement Hermann (nodens) - L'air pur ? c'est pas en RL, ça ? c'est pas hors charte ? Jean in L'Histoire des Pingouins, http://tnemeth.free.fr/fmbl/linuxsf/ Vous trouverez ma clef publique sur le serveur public pgp.mit.edu. Please find my public key on the public keyserver pgp.mit.edu. Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
Re: Backup strategy for large mailbox stores
On 16/02/2010 19:45, Vincent Fox wrote: Andrew Morgan wrote: Is there really a significant downside to performing backups on a hot cyrus mailstore? Should I care if Suzie's INBOX was backed up at 3am and Sally's INBOX was backed up at 4am? Vincent, on a slightly related note, what is your server and SAN hardware? I dunno, perhaps the Cyrus gurus could answer that better. I rather assumed I would want my meta information to match fairly closely the contents of the inboxes at that point in time. My belief was that if I had to a full restore after a disaster that I would have to spend substantial time doing reconstruct in order to get the databases to represent actual state. Thus having a point-in-time snapshot would be better for DR. Perhaps I'm wrong about that. Our main (and I suppose, most people's) concern with hot backup on a busy server, is that the backup has significant impact on disk performance (we use integrated raid 10 card with 10krpm 2,5 SAS disks, no san). Also, it does take a lot of time, so if the backup start after the last I/O peak (say, 22:00), there are chances that it won't be finished at 8:00 when people start using the server heavily again. The snapshot approach (we use ext3 and lvm, soon ext4) is promising, as a simple tar is faster than using the full backup suite on a filesystem with a lot of small files (atempo here). But you need the spare space locally, or you need to do it over the network, and it will take time (but won't probably kill disk I/O as much as the backup software). Bron's solution at fastmail seems pretty elegant to me, but may be a bit hard to implement. Writing that much custom scripts is not very appealing right now, as we don't have many spare time currently, but it is definitely something I will look into. The cold standby server for redundancy using imap replication, where you backup only the standby server that is light on I/O, is also interesting, but we don't use 2.3 yet (we plan to), but then it would be best to have two mail stores on each servers, on different I/O cards, one of them being the primary store for half the users, the other one being the replicate (and the one that is backed-up). Cheers, -- Clement Hermann (nodens) - L'air pur ? c'est pas en RL, ça ? c'est pas hors charte ? Jean in L'Histoire des Pingouins, http://tnemeth.free.fr/fmbl/linuxsf/ Vous trouverez ma clef publique sur le serveur public pgp.mit.edu. Please find my public key on the public keyserver pgp.mit.edu. Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: No e-mail notification with sieve, Thunderbird and Cyrus-imap
Ludovic Gasc a écrit : On Fri, Oct 9, 2009 at 3:08 PM, Pascal Gienger pascal.gien...@uni-konstanz.de wrote: Ludovic Gasc schrieb: Hi everybody, We're using Cyrus-imap during some time, it's a good tool for us. We've a strange behaviour (bug)? with sieve, Thunderbird and Cyrus-imap. I want to listen your opinions, because I'm not sure to understand correctly the problem. We use some sieve scripts to filter the e-mails in the sub-folders of INBOX. I never had this problem. Be sure to mark every subfolder you need with Check for new messages (right click on the folder you want to be checked, then click on Properties). Thunderbird opens a new IMAP connection for each folder. For each folder marked with Check for new message (Auf neue Nachrichten überprüfen in my case, I have a german localized Thunderbird) it will issue an IDLE command (easily traceable). Yes, I've marked each folder with Check for new messages. What is your version of Cyrus ? The compile options or the package you've used ? I use cyrus-imapd 2.2.13 on Debian Lenny: http://packages.debian.org/lenny/cyrus-imapd-2.2 I'm very interested by your feedback. We use Debian Lenny's cyrus-imapd as well, and don't have this problem either (using idled). We recompiled the package to build ptloader, but I don't think this has any incidence. Regards, -- Clement Hermann (nodens) - L'air pur ? c'est pas en RL, ça ? c'est pas hors charte ? Jean in L'Histoire des Pingouins, http://tnemeth.free.fr/fmbl/linuxsf/ Vous trouverez ma clef publique sur le serveur public pgp.mit.edu. Please find my public key on the public keyserver pgp.mit.edu. Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Automatically moving marked mails?
jul...@precisium.com a écrit : I'd dare suggest some sort of ugly hack whereby an MUA need only create a special folder named e.g _deleteto_Deleted Items .. which doesn't even need to be subscribed to. The existence of such a folder would tell the server to move 'deleted' mail to the Deleted Items folder (or whatever name followed the magic _deleteto_ prefix) It doesn't need to be an 'automatic' fix for outlook out of the box - just one that is relatively easy for helpdesks to talk someone through - or to describe on a web page. I guess this sort of hack would give most of you the horrors though! It is ugly indeed. If you have to walk someone through a solution, better explain them add the expunge button to the outlook toolbar, and click it to permanentely delete messages. Also, it should be relatively easy to write an outlook plugin that auto-expunge messages on deletion, possibly copying them to some Trash folder first. You may find one already written : IMAP is not so uncommon, and this is a common concern abount IMAP and outlook. The kind of functionality you want could be achieved more elegantly and more usefully by implementing lemonade-imap-sieve (sieve-like scripting on the imap operation level, not only on delivery, see http://tools.ietf.org/html/draft-ietf-lemonade-imap-sieve-05). Also, be aware that Outlook's IMAP implementation is commonly considered as being flawed, and behaving poorly on very large mailboxes. It goes better with Outlook 2007, or so I'm told, so YMMV. Regards, -- Clement Hermann (nodens) - L'air pur ? c'est pas en RL, ça ? c'est pas hors charte ? Jean in L'Histoire des Pingouins, http://tnemeth.free.fr/fmbl/linuxsf/ Vous trouverez ma clef publique sur le serveur public pgp.mit.edu. Please find my public key on the public keyserver pgp.mit.edu. Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: [sendmail] lmtp, cyrusv2d, shared folders and case
Andrzej Adam Filip a écrit : nodens2099 nodens2...@gmail.com wrote: ./socketmapClient.pl unix:/var/run/cyrus/socket/smmap cyrus +Hosting/ab...@domain.com +Hosting/ab...@domain.com = OK +Hosting/ab...@domain.com So socketmap daemon works as expected. Sendmail's maps traditionally turn looked up key into lowercase. It can be (usually) turned off by adding -f switch to map definition. [ I have reported missing -f in socket as bug myself :-) ] Thanks ! It works now that I have added the -f swith to Kcyrus in mrs_cyrus m4. -- Clement Hermann (nodens) - L'air pur ? c'est pas en RL, ça ? c'est pas hors charte ? Jean in L'Histoire des Pingouins, http://tnemeth.free.fr/fmbl/linuxsf/ Vous trouverez ma clef publique sur le serveur public pgp.mit.edu. Please find my public key on the public keyserver pgp.mit.edu. Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html