Re: Unable to build Cyrus
On Thu, 23 Jan 2020 at 11:34, Daniel Gultsch wrote: > /usr/bin/ld: warning: libicui18n.so.57, needed by > /usr/lib/gcc/x86_64-linux-gnu/6/../../../x86_64-linux-gnu/libxml2.so, > may conflict with libicui18n.so.64 At first guess, maybe update libxml (or libxml-devel) package? It looks like you've updated the i18n package but not the libxml one? Geoff Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: [Help] Cyrus 2.4.17 segfault
On Thu, 14 Nov 2019 at 08:44, Michael Menge wrote: > here is the why only addresses are show and not function names > you need the debug package for your cyrus imapd To be fair, you also need to run gdb /path/to/imapd coredump as per > "/var/spool/abrt/ccpp-2019-11-13-07:04:30-19177/coredump" is a core file. > Please specify an executable to debug. But yes, a debug version of imapd will make the dump more useful. Geoff Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: IDLE not working for one account only
On Tue, 5 Jun 2018 at 12:14, Neil Price wrote: > > On 05/06/2018 12:19, Geoff Winkless wrote: > > On Tue, 5 Jun 2018 at 08:17, Neil Price wrote: > >> I can not see anything the account setup that can cause this, suggestions? > > Running behind an overly-aggressive TCP proxy? > There is no proxy involved. They are all on the same physical network. > > What does tcpdump/wireshark show? > > > What am I looking for? The only thing I see which is relevant after a > mail has been sent is [snip] Mmmf. As a bit of a Hail Mary, try disabling TCP offloading on the client machine's network card. Geoff Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: IDLE not working for one account only
On Tue, 5 Jun 2018 at 08:17, Neil Price wrote: > I can not see anything the account setup that can cause this, suggestions? Running behind an overly-aggressive TCP proxy? What does tcpdump/wireshark show? Geoff Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: CRAM-MD5 with saslauthd
On 12 March 2015 at 16:04, Vladislav Kurz vladislav.k...@webstep.net wrote: On Thursday 12 of March 2015 Ram r...@netcore.co.in wrote: You need access to plaintext passwords for CRAM/DIGEST-MD5. LDAP and saslauthd do not provide that. How can I use CRAM-MD5 with passwords stored in LDAP (in MD5 format ) then ? I need to disable plain login methods and cannot store passwords in plain text too. I'm afraid you are trying to do impossible things. Read more about how cram-md5 works. You can eforce ssl/tls encryption and use plain/login auth. The definition of plain text doesn't mean that it cannot be stored in a retrievable form. You could make a fairly simple patch to retrieve the ciphertext from a ROT13 store, as an extreme example :) G Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: cyrus mailboxes format
My point is that kolab can provide all the things you describe (as Vlad states, you can integrate with AD authentication with some effort) and (since it retains Cyrus as its mailserver) should require no transfer of your existing mail. I suppose the question you have to consider is whether your Zimbra clients constitute a larger user base than your cyrus ones... and whether the Zimbra users come with a perpetual license for the professional edition, I suppose :) G On 4 March 2015 at 17:40, Andres Tarallo atara...@acm.org wrote: 2015-03-04 15:16 GMT-02:00 Geoff Winkless cy...@geoff.dj: [..] Incidentally, a question for the OP: why change from Cyrus to Zimbra? If you want collaborative features, wouldn't Kolab do the job (and therefore allow you to keep your Cyrus backend)? Cyrus IMAP is part of an old in-house developed mail solution. I've deployed solutions like that, with small changes, for a while. That solution requires more skilled it staff for trivial tasks like provisioning of new accounts. We found in zimbra a more polished solution, capable of integrating with active directory with a reasonable effort. In that way we keep a single password and account for select users. The admin panel let's our less skilled IT staff take care of more tasks than they actually do. The webmail has a familiar look for people exposed to outlook (most of our users). We can't afford developing a new in-house solution, or enhace the shortcomings of the one we have now. An last, but not least, we purched recently free new domains that have mail handled in a zimbra server. In this case will be doing migration and consolidation. Andrés Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: cyrus mailboxes format
On 4 March 2015 at 16:22, Shaheen Bakhtiar shashan...@hotmail.com wrote: I find that most users actually appreciate the ability to clean house :) That sounds like wishful thinking to me. I would be utterly furious with any email provider that did that to me, and if they had the barefaced cheek to suggest that I should be pleased about it I would be even more so. I can't imagine I'm in the minority. I would take the opportunity to migrate my email away to someone who is unlikely to do so in future. Geoff Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: cyrus mailboxes format
On 4 March 2015 at 16:36, Patrick Boutilier bouti...@ednet.ns.ca wrote: I would take the opportunity to migrate my email away to someone who is unlikely to do so in future. That would be hard to do if it was a work provided account. :-) Any IT manager that did that would find his/her life made as difficult as I could manage for as long as I and (s)he remained at the company; then again I doubt that would be very long - the cost of forcing an entire company to spend a couple of hours per person faffing around copying mail from one system to another is simply unjustifiable. Migrating email systems is a complex thing to do, but not an impossible one. And if you can't figure out how to do it, you shouldn't be managing a system change, you should either pass it to someone who can or just keep using the system you have. Incidentally, a question for the OP: why change from Cyrus to Zimbra? If you want collaborative features, wouldn't Kolab do the job (and therefore allow you to keep your Cyrus backend)? Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: cyrus 2.4.17 -- file descriptor limit set to -1?
RLIM_INFINITY is defined as ~0ULL, at least on my system. If it's cast to a signed value, that will come out at -1, no? My problem with systemd isn't that it doesn't work, it's that it's all-pervasive and viral, and forces people who've been using standard unix mechanisms for 20 years to learn something completely different for no visible concrete advantage. As a user rather than a sysadmin it seems I have to spend most of my time learning new ways to do exactly the same things without gaining anything. Frankly I'm past the point where I want to fiddle with Linux for hours to make it do what I want. But that seems to be the Linux Way these days, see eg ip vs ifconfig, iptables vs ipchains, c c c. On 15 January 2015 at 11:04, Patrick Goetz pgo...@mail.utexas.edu wrote: I'm firing up cyrus 2.4.17 for the first time on a new platform (Arch linux w/ systemd) and noticed the following error message (running journalctl -u cyrus-master): Jan 15 04:08:50 ibis cyrus/master[701]: setrlimit: Unable to set file descriptors limit to -1: Operation not permitted Jan 15 04:08:50 ibis cyrus/master[701]: retrying with 4096 (current max) Apparently the cyrus master process is trying to set the file descriptor limit to -1? Is it even legal to use -1 as infinity in this context? According to the setrlimit man page: The soft limit is the value that the kernel enforces for the corresponding resource. The hard limit acts as a ceiling for the soft limit: an unprivileged process may only set its soft limit to a value in the range from 0 up to the hard limit, and (irreversibly) lower its hard limit. A privileged process (under Linux: one with the CAP_SYS_RESOURCE capability) may make arbitrary changes to either limit value. The value RLIM_INFINITY denotes no limit on a resource (both in the structure returned by getrlimit() and in the structure passed to setrlimit()). BTW, off topic and perhaps feeding some trolls, I'm really liking systemd so far; in part because it's alerting me to minor misconfiguration errors that I've had around for years but wasn't aware of. Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Active sync Front end
On 5 November 2014 08:31, Ram r...@netcore.co.in wrote: I have been getting requests to enable active sync on my cyrus mailserver. There are third party solutions like z-push but those dont seem to work on the default mail servers What can I use to enable activesync for cyrus z-push works fine for me. Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: How to prevent SSLv3/Poodle attack?
On 16 October 2014 11:14, Sven Schwedas sven.schwe...@tao.at wrote: On 2014-10-15 18:20, Geoff Winkless wrote: Well the only thing new about POODLE versus previous known vulnerabilities is the way to manipulate the known vulnerability to gain the session cookie, which you can then re-use to log on to the site for yourself without needing to authenticate. I think the more important new concept is that arbitrary sessions can be downgraded to use a known vulnerable cipher/protocol version, even if more secure are available and servers/clients use cipher suite pinning and all the other tricks we came up with to mitigate BEAST et. al. Ahhh. Thanks, I figured I must have missed the point :) Although it isn't exactly news - referenced from the article: http://jbp.io/2013/07/07/tls-downgrade/ Geoff Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: How to prevent SSLv3/Poodle attack?
Genuine question: is it shown that POODLE impacts on IMAPS? I don't see how POODLE could affect an IMAPS session, since it only works if you can MITM a non-SSL session on the user's browser and force it to request the same target page over and over. Cheers Geoff Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: How to prevent SSLv3/Poodle attack?
Well the only thing new about POODLE versus previous known vulnerabilities is the way to manipulate the known vulnerability to gain the session cookie, which you can then re-use to log on to the site for yourself without needing to authenticate. There's no such thing as a session cookie in IMAP, so I'd be very surprised to see it usable. That doesn't mean that IMAP/SSL3 is secure, it just means it's no less secure today than it was 10 years ago. https://www.dfranke.us/posts/2014-10-14-how-poodle-happened.html is really good description, read especially the bit above The workaround. Hope this helps Geoff On 15 October 2014 17:03, lst_ho...@kwsoft.de wrote: Zitat von Geoff Winkless cy...@geoff.dj: Genuine question: is it shown that POODLE impacts on IMAPS? I don't see how POODLE could affect an IMAPS session, since it only works if you can MITM a non-SSL session on the user's browser and force it to request the same target page over and over. Cheers Geoff As said i'm still reading on the details, so thanks for the pointer. Nonetheless it might be time to give up on SSLv3 because of protocol design errors/weakness. Unfortunately it looks like Cyrus can not disable SSLv3 protocol without disabling ciphers also used in TLSv1.x, no? Regards Andreas Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Strange load issue with 2.4.17
Apologies if I'm misreading, but that bug suggests many processes are created over a period of time. In contrast your grab shows the number of processes hasn't grown but the load has grown exponentially. I'd say it's not the same bug. The grab shows system CPU staying around the same, contrary to your description - which of them is correct? If load has increased while the CPU has dropped, I'd say you're still waiting on IO. On 13 October 2014 15:35, Sebastian Hagedorn haged...@uni-koeln.de wrote: Hi, for the last week we have seen strange load issues on our Cyrus server. All of a sudden the load increases to several thousands, user CPU goes down to basically zero, system CPU spikes. In the past we've had trouble with poor I/O performance, but that went along with an increase in Wait I/O. We don't see that now. vmstat shows a massive increase in context switches. When the system reaches this state, all we can do is restart Cyrus or reboot the machine if that doesn't work anymore. I'm attaching a Ganglia screenshot that shows the problem clearly. When the problem exists, there's not much we can do to analyze it. A colleague suggested that what we see could be related to this bug: https://bugzilla.cyrusimap.org/show_bug.cgi?id=3744 It was reported for 2.4.16, and it sounds as if it has been fixed, but is that fix really part of 2.4.17? Any other ideas? Thanks Sebastian -- .:.Sebastian Hagedorn - Weyertal 121 (Gebäude 133), Zimmer 2.02.:. .:.Regionales Rechenzentrum (RRZK).:. .:.Universität zu Köln / Cologne University - ✆ +49-221-470-89578.:. Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: cyrus sieve redirect action and SPF
On 17 April 2014 12:26, Frank Elsner frank.els...@tu-berlin.de wrote: My cyrus-imapd-2.3.16-6.el6_2.5.x86_64 uses cyrus@FQDN. I'd like to use the original envelope sender even if it doesn't play with SPF. The MTA won't let you set envelope-sender because it's a security hole, so even though cyrus is saying pretend that this email is from x...@somedomain.com the MTA sets it as cyrus@FQDN instead. If you're using exim, add cyrus to your trusted_users line. That worked for me. If you're not, you need to find the equivalent option in your MTA. Geoff Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Best distro for Exim/Cyrus
I've used Debian for exim and cyrus for the last 10 years or so and in my experience the packages Just Work. I would definitely recommend. On 7 February 2014 18:54, Paul O'Rorke p...@tracker-software.com wrote: Hi all, I am replacing a mail server and want to implement an Exim/Cyrus solution. Most specifically it is Cyrus and the ACLs that I want. I have not set up a mail server in more than 10 years and many things have changed. What do the users of this list consider the best Linux distro for simple set up and maintenance of an Exim/Cyrus-imap mail server? I was leaning towards Debian simply because I use it on other hosts. I seem to be having trouble finding a good howto to set this up using repositories rather than compiling. Any suggestions? -- *Paul O'Rorke* Tracker Software Products p...@tracker-software.com paul.oro...@tracker-software.com PLEASE NOTE : - If you are sending files for us to look at or assist with these must ALWAYS be wrapped in either a ZIP/RAR or 7z FILE or they will be removed by our Firewall/Virus management software. **Certified by Microsoft** Works with Vista PDF-XChange SDK, Image-XChange PDF-Tools SDK, TIFF-XChange SDK. Support: http://tracker-software.com/support/ or http://www.tracker-software.com/forum/index.php Download latest Releases http://www.tracker-software.com/downloads/ Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
