Re: More success with TLS; problem with STARTTLS
On Mon, 2007-04-02 at 12:36 +0530, JOYDEEP wrote:
Dear all,
here is some more success story.
1 using LOGIN
imtest -a aftab -m LOGIN linux.kolkatainfoservices.in -p 993 -s
--
verify error:num=19:self signed certificate in certificate chain
verify error:num=24:invalid CA certificate
verify error:num=26:unsupported certificate purpose
TLS connection established: TLSv1 with cipher AES256-SHA (256/256 bits)
S: * OK linux.kolkatainfoservices.in Cyrus IMAP4 v2.2.12 server ready
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS
NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND
BINARY SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE
AUTH=LOGIN AUTH=PLAIN SASL-IR X-NETSCAPE
S: C01 OK Completed
Please enter your password:
C: L01 LOGIN aftab {5}
S: + go ahead
C: omitted
S: L01 OK User logged in
Authenticated.
Security strength factor: 256
2Using PLAIN
imtest -a aftab -m PLAIN linux.kolkatainfoservices.in -p 993 -s
--
verify error:num=19:self signed certificate in certificate chain
verify error:num=24:invalid CA certificate
verify error:num=26:unsupported certificate purpose
TLS connection established: TLSv1 with cipher AES256-SHA (256/256 bits)
S: * OK linux.kolkatainfoservices.in Cyrus IMAP4 v2.2.12 server ready
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS
NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND
BINARY SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE
AUTH=LOGIN AUTH=PLAIN SASL-IR X-NETSCAPE
S: C01 OK Completed
Please enter your password:
C: A01 AUTHENTICATE PLAIN AGFmdGFiAGFmdGFi
'S: A01 OK Success (tls protection)
Authenticated.
Security strength factor: 256
-
3 but the problem is using STARTTLS
---
verify error:num=19:self signed certificate in certificate chain
verify error:num=24:invalid CA certificate
verify error:num=26:unsupported certificate purpose
TLS connection established: TLSv1 with cipher AES256-SHA (256/256 bits)
S: * OK linux.kolkatainfoservices.in Cyrus IMAP4 v2.2.12 server ready
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS
NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND
BINARY SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE
AUTH=LOGIN AUTH=PLAIN SASL-IR X-NETSCAPE
S: C01 OK Completed
failure: STARTTLS not supported by the server!
--
As you can see, you already use TLS when connecting to 993/995.
STARTTLS doesn't make sense and therefore is not supported.
Connect to unencrypted services ( 110/143 ), then ask for STARTTLS.
--
Mirosław Psyborg Jaworski
GCS/IT d- s+:+ a C++$ UBI$ P+++$ L- E--- W++(+++)$ N++ o+ K- w-- O-
M- V- PS+ PE++ Y+ PGP t 5? X+ R++ !tv b++(+++) DI++ D+ G e* h++ r+++ y?
If ignorance is bliss, why aren't there more happy people?
Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Working unified murder configs?
Anyone care to share working unified murder configs? I am also sure that many would appreciate separate unified murder pages in cyrus' wiki. -- Mirosław Psyborg Jaworski GCS/IT d- s+:+ a C++$ UBI$ P+++$ L- E--- W++(+++)$ N++ o+ K- w-- O- M- V- PS+ PE++ Y+ PGP t 5? X+ R++ !tv b++(+++) DI++ D+ G e* h++ r+++ y? Voltaire: It is dangerous to be right when the government is wrong. Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: pop3d exploit
On Tue, 2007-01-30 at 11:51 -0600, Vernon A. Fort wrote: I think I just saw an attempt to exploit my pop3d service. A number of badlogin attempts followed by: Running cyrus-iampd 2.2.12-r4 on gentoo amd64 dual core. I've never seen this problem prior to today. Is there any know workaround? First i would follow Too many open files warning, ie. check the limits and inspected whether its possible that server usage lead to hitting the limit. As every system grows you get closer to the limits every day. Why not today? :) I would analyze logs for any abnormal ( compared to your usual day ) activity ( looking for spikes ). Maybe it's ( number of ) misconfigured client(s) or maybe it was a regular DoS attack. I would surely check whether bad option name: pAEF0^NFF\177[...] may be the result of reading config file out of the broken filesystem. M. -- Mirosław Psyborg Jaworski GCS/IT d- s+:+ a C++$ UBI$ P+++$ L- E--- W++(+++)$ N++ o+ K- w-- O- M- V- PS+ PE++ Y+ PGP t 5? X+ R++ !tv b++(+++) DI++ D+ G e* h++ r+++ y? Earth is full. Go home. Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: pop3d exploit
On Tue, 2007-01-30 at 15:11 -0600, Vernon A. Fort wrote: The connections to the pop3d were from ONE specific host which had 525 connections within 20 minutes. That's merely connection every 2 seconds. That shouldn't be a big deal, unless connections were left open and idle on purpose. Medium size office sitting behind a NAT can easily do that. Around 20 minutes after the first badlogin from this host is when the Too many open files started appearing. It appears to be a DoS attach which just overwhelmed the server. Anyway if that's the anomaly you found it may be it. I added a maxchild=30 to the cyrus.conf pop2 SERVICES. That's the one limit one should have. For more detailed limits ( like sessions per ip, new connections per ip in period of time and so on ) you may want to take a look at bsd packet filter. M. -- Mirosław Psyborg Jaworski GCS/IT d- s+:+ a C++$ UBI$ P+++$ L- E--- W++(+++)$ N++ o+ K- w-- O- M- V- PS+ PE++ Y+ PGP t 5? X+ R++ !tv b++(+++) DI++ D+ G e* h++ r+++ y? Veni, Vedi, Visa: I came. I saw. I did a little shopping. Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Can murder be used for IMAP server migration?
On Wed, 2007-01-03 at 20:08 -0600, Gary Mills wrote: On Wed, Jan 03, 2007 at 08:18:15AM -0500, Ken Murchison wrote: Gary Mills wrote: Can I use the old server as both a front end and one of the back ends for a murder configuration, with the new server as the second back end? Will that allow me to migrate mailboxes at my convenience? How do I prevent a port conflict between the IMAP server and the proxy on the old server? You'll have to run the frontend + mupdate master on a separate machine. Unfortunately, all the clients know the IP address of the old server, so the frontend has to run there. Yes. But not the way you think - assign old server ip to the new machine with frontend. Of course, the old IMAP server has to run there too. Wrong. Assign new ip to the old server. Frankly there are simplier ways to do the migration than playing with frontend and mupdate - perdition. You will use same scheme though - assign the ip users are used to use to the perdition and give new ip to the old server. M. -- Mirosław Psyborg Jaworski GCS/IT d- s+:+ a C++$ UBI$ P+++$ L- E--- W++(+++)$ N++ o+ K- w-- O- M- V- PS+ PE++ Y+ PGP t 5? X+ R++ !tv b++(+++) DI++ D+ G e* h++ r+++ y? We are no more than candles burning in the wind. Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Can murder be used for IMAP server migration?
On Thu, 2007-01-04 at 07:47 -0500, Ken Murchison wrote: Can I use the old server as both a front end and one of the back ends for a murder configuration, with the new server as the second back end? Will that allow me to migrate mailboxes at my convenience? How do I prevent a port conflict between the IMAP server and the proxy on the old server? You'll have to run the frontend + mupdate master on a separate machine. Unfortunately, all the clients know the IP address of the old server, They actually use the IP address instead of a DNS name? Various broken client resolvers ruin the idea of shortening ttl of the mail service record(s) and switching traffic by changing it/them to another ip. Best approach is to made the service accessible under same ip and play with ip address(es) of the old server(s) acting as backends. M. -- Mirosław Psyborg Jaworski GCS/IT d- s+:+ a C++$ UBI$ P+++$ L- E--- W++(+++)$ N++ o+ K- w-- O- M- V- PS+ PE++ Y+ PGP t 5? X+ R++ !tv b++(+++) DI++ D+ G e* h++ r+++ y? The hen is an egg's way of producing another egg. Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: .forward and newest cyrus macro
On Wed, 2007-01-03 at 10:06 +, Geoff Pryke wrote: This question may have been asked in the past, but I haven't been able to find it in the archives. I have a new installation of Cyrus (V2.2.12) on a Solaris 10 box running Sendmail 8.13. The problem I have is that .forward files in users' accounts are not being honoured. Unless you want abandon .forward ( and other mail processing facilities like autoresponders ) in favor to the sieve this topic is not cyrus related. .forward is mail routing topic and as such is MTA related ( sendmail in your case ). M -- Mirosław Psyborg Jaworski GCS/IT d- s+:+ a C++$ UBI$ P+++$ L- E--- W++(+++)$ N++ o+ K- w-- O- M- V- PS+ PE++ Y+ PGP t 5? X+ R++ !tv b++(+++) DI++ D+ G e* h++ r+++ y? Hi-ho, hi-ho, it's hand grenades I throw... Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: vanished folders
On Wed, 2007-01-03 at 14:45 +0100, Matthias Henze wrote: i've moved several users with imapsync from an other cyrus setup to kolab which uses cyrus imapd. now i can only see the inbox, NONE of the subfolders. i've tried to reconstruct without any success. no client is able to see the folders. i've tried: kmail, thunderbird, mulberry. when i use a shell to have a native look at spool i can see all users, folders and mails. file permissions are correct and cache/index files are present. Folders are mailboxes too. Did you created them within kolab before moving data? You need to create them in cyrus and give user access to them in the same manner as you do with main user mailbox ( using cyradm's syntax: cm, sam ). Additionally you must remember about subscriptions. User can have many mailboxes, but he doesn't need/want to have an insight into all of them all the time. Move subscriptions to the new system if the format is same ( check /var/imap/user/ tree for user's .sub files ) or reconstruct them. MUAs give users option to see all of user' folders and manipulate subscriptions. M. -- Mirosław Psyborg Jaworski GCS/IT d- s+:+ a C++$ UBI$ P+++$ L- E--- W++(+++)$ N++ o+ K- w-- O- M- V- PS+ PE++ Y+ PGP t 5? X+ R++ !tv b++(+++) DI++ D+ G e* h++ r+++ y? Evil is just live, spelt backwards. Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: vanished folders
On Wed, 2007-01-03 at 15:46 +0100, Matthias Henze wrote: Folders are mailboxes too. Did you created them within kolab before moving data? no What does cyradm say: lm user.user* ( pick a user with folders ). Are users folders listed? You need to create them in cyrus and give user access to them in the same manner as you do with main user mailbox ( using cyradm's syntax: cm, sam ). i've tried to change acl's with cyradm. with out success. acl's are set but folder stay invisible. acl is about what user X is allowed to do with mailbox Y, subscription is about whether he wants to see it. but i do not understand this. i've createt a kolab account and used imapsync. i thought that is is nothing but moving the mail with a MUA. foders are created with imap commands and mails are moved. there shoud be no difference. when i create a folder with a MUA i can see it. imap sync is a MUA too, as it uses an imap connection and imap commands ... imapsync couldn't do migration the way i wanted ( keeping uidl ), therefore i didn't used it and i am not familiar with it. It's possible it did good job creating folders/mailboxes though. Additionally you must remember about subscriptions. User can have many mailboxes, but he doesn't need/want to have an insight into all of them all the time. Move subscriptions to the new system if the format is same ( check /var/imap/user/ tree for user's .sub files ) or reconstruct them. MUAs give users option to see all of user' folders and manipulate subscriptions. i know, but i can't subscribe to them as they are not displayed ... Yes, you can. Otherwise subscriptions wouldn't make any sense. You should be able to see all your folders, subscribed or not ( maybe you just need to change view filter in your MUA subscription manager ). Anyway - migrating subscriptions is another thing sucessful migration should take care of. To avoid numerous complaints about missing folders it's safer to subscribe user to all his folders than waiting for all the users subscribing themselves back to the ones they want within next months :) If you're in a middle of a big after migration f*ckup i suggest you to pick flatfile format for your subscriptions ( subscription_db: flat option in imapd.conf ) and regenerate subscription files for all the users Example: user: test subscription file: /var/imap/user/t/test.sub subscription file content: user.test.folder1 user.test.folder2 user.test.list user.test.list.cyrus user.test.list.fbsd-ports user.test.monitoring user.test.monitoring.nagios user.test.monitoring.netcool NOTE: don't forget extra tab (\t) before the end of the each line. That's one of the things you usually discover in the middle of the night during migration :) M. -- Mirosław Psyborg Jaworski GCS/IT d- s+:+ a C++$ UBI$ P+++$ L- E--- W++(+++)$ N++ o+ K- w-- O- M- V- PS+ PE++ Y+ PGP t 5? X+ R++ !tv b++(+++) DI++ D+ G e* h++ r+++ y? Do not disturb. Already disturbed! Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Coping mail
On Tue, 2007-01-02 at 15:12 +0100, Przemyslaw Gawronski wrote: Hi, how can I copy a mail received and send by a user to another users folder automatically in cyrus-imapd-2.2.12 ? I believe your question has more to do with mail routing and delivery than with cyrus acting as a mail storage. Be more specific. M. -- Mirosław Psyborg Jaworski GCS/IT d- s+:+ a C++$ UBI$ P+++$ L- E--- W++(+++)$ N++ o+ K- w-- O- M- V- PS+ PE++ Y+ PGP t 5? X+ R++ !tv b++(+++) DI++ D+ G e* h++ r+++ y? Reality is for people who lack imagination. Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Last cyrus login date
On Thu, 2006-12-28 at 11:19 -0600, Blake Hudson wrote: I haven't seen a response to how to accomplish this through cyrus. I could parse the log files, but I see this as a fairly messy way to accomplish what I'm after. stat mailbox's cyrus.index file M. -- Mirosław Psyborg Jaworski GCS/IT d- s+:+ a C++$ UBI$ P+++$ L- E--- W++(+++)$ N++ o+ K- w-- O- M- V- PS+ PE++ Y+ PGP t 5? X+ R++ !tv b++(+++) DI++ D+ G e* h++ r+++ y? A sure cure for seasickness is to sit under a tree. Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: cyrus21-pop3d
On Sat, 2006-12-23 at 14:21 +0100, Aro wrote: Hi! When I 'telnet localhost 110' my pop3d server announce '+OK debian1 Cyrus POP3 v2.1.18-IPv6-Debian-2.1.18-1 server ready'. I want to replace this string to fot example 'POP3 server'. I don't want my server to show its version. How can I do it? Unfortunately you can achieve this only by changing sources. I don't like the idea of showing installed software name and/or versions either. I would like to see configuration option allowing hiding it ( or even better - configuration option(s) allowing defining welcome banners ), but i believe one have no right to whine about it unless one submits a patch doing it. M. -- Mirosław Psyborg Jaworski GCS/IT d- s+:+ a C++$ UBI$ P+++$ L- E--- W++(+++)$ N++ o+ K- w-- O- M- V- PS+ PE++ Y+ PGP t 5? X+ R++ !tv b++(+++) DI++ D+ G e* h++ r+++ y? Computer dating is fine, if you're a computer. Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: diplay quota for all users
On Thu, 2006-12-21 at 14:39 -0600, Rafael Mahecha wrote: I would like to see the quota for all my users and output that to a file... I tried the command bellow in a test server, but I'm still a little reluctant to try it on my production server. su - cyrus -c /usr/lib64/cyrus-imapd/quota /mailstore/quotas_list.txt Is there anything to keep in mind while running the command? Is there are quota database (I did not see one)? Should cyrus be stopped while doing this? Are teh any flags/options to the cyrus quota command? Quotas are stored in plain text files in /var/imap/quota. Directory is hashed by user's login first character ( 'q' if it's not in 'a'-'z' range ). Filename is user's mailbox name ( eg. 'user.login' ). First line is current usage in bytes Second line is user's quota in kilobytes. Example: mail1# pwd /var/imap/quota mail1# cat m/user.mjawimap 866269772 1024000 mjawimap user has 1GB quota and uses about 825MB out of it ( 84% usage ). Bottomline is you can play with these files without any restrictions. You can change it, generate manually or from robot and it will all be seen properly by cyrus. Mentioned everyday quota warning checker can be a simple oneliner then. M. -- Mirosław Psyborg Jaworski GCS/IT d- s+:+ a C++$ UBI$ P+++$ L- E--- W++(+++)$ N++ o+ K- w-- O- M- V- PS+ PE++ Y+ PGP t 5? X+ R++ !tv b++(+++) DI++ D+ G e* h++ r+++ y? I didn't fight my way to the top of the food chain to be a vegetarian. Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Mailbox is locked by POP server
On Tue, 2006-12-19 at 21:21 -0500, Martin Schiøtz wrote: Personally I do not use POP3 any more - however I remember that there was a limitaition of 1 connection per mailbox in other servers. Yes. The POP3 RFC states that operations such as DELEte a message will become final after issuing a QUIT command. If connection breaks, no change is made to the mailbox. For having multiple concurrent POP3 access to a mailbox a complete transaction based model including rollbacks would be needed to implement proper POP3. I don't think anybody wants to improve pop3d to accomplish that ;-) Personally I use IMAP and Thunderbird, but a lot of the users on this postfix/cyrus server use POP and Outlook. It looks like the problem occurs with Outlook clients using POP. At least I have seen the problem with Outlook 2002. The problem has networking nature and does not depend on any MUA. Connect to pop3 and leave it active, try to connect second time and you experience it. In real life it happens when client connection brakes ( MUA dies, someone pours coffe on his desktop, power dies and zillion other possible causes ). Server keeps the connection until timeout ( surprised? ); if the client connects again before timeout kicks in server sees incoming connection as second and refuses it. No need to restart whole mail system; just wait for the timeout or remove that user's lock if you want to be polite. In old mbox times one would simply remove /var/mail/user.lock file; in cyrus one can kill manually pop3 process (not) handling hanging customer and remove it's info in /var/imap/proc/pid MJ -- Miroslaw Psyborg Jaworski GCS/IT d- s+:+ a C++$ UBI$ P+++$ L- E--- W++(+++)$ N++ o+ K- w-- O- M- V- PS+ PE++ Y+ PGP t 5? X+ R++ !tv b++(+++) DI++ D+ G e* h++ r+++ y? Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Some timing info on populating mailboxes
On Sun, 2006-12-17 at 11:07 -0500, Wesley Craig wrote: On 17 Dec 2006, at 02:22, Ross Boylan wrote: An earlier report on this list said sysctl -w net.inet.tcp.delayed_ack=0 worked wonders. There does not seem to be such a setting in my Linux 2.6.18 kernel. I don't recall if Linux has ever had that sysctl. Mac OS X does. It's FreeBSD'ism. Hence it's presence in Mac OS X, which took a lot from FreeBSD. MJ -- Miroslaw Psyborg Jaworski GCS/IT d- s+:+ a C++$ UBI$ P+++$ L- E--- W++(+++)$ N++ o+ K- w-- O- M- V- PS+ PE++ Y+ PGP t 5? X+ R++ !tv b++(+++) DI++ D+ G e* h++ r+++ y? Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Newbie maillog errors
On Wed, 2006-12-13 at 13:54 -0500, Tom Plancon wrote: I've sort of inherited managing a cyrus 2.2.12 email server with postfix on a FC4 linux box. Generally things run smoothly, but I'm still getting up to speed and I see some errors regularly appearing in the maillog. The two most frequent are: Dec 13 13:16:41 pelican imap[6609]: SQUAT failed to open index file Dec 13 13:16:41 pelican imap[6609]: SQUAT failed And Dec 13 13:18:14 pelican lmtpunix[6857]: IOERROR: fstating sieve script /var/lib/imap/sieve/x/xuser/defaultbc: No such file or directory Result of debug level logging in your syslog.conf Decrease it to info. MJ -- Miroslaw Psyborg Jaworski GCS/IT d- s+:+ a C++$ UBI$ P+++$ L- E--- W++(+++)$ N++ o+ K- w-- O- M- V- PS+ PE++ Y+ PGP t 5? X+ R++ !tv b++(+++) DI++ D+ G e* h++ r+++ y? Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Move selected mailmessages
On Mon, 2006-12-04 at 16:33 +0100, Wolfgang Hennerbichler wrote: I guess I can't do this in courier, as I would mess up the internal db-structure. Is there a way to (easily) do this in cyrus, without calling cyrreconstruct? Why this strange limitation? You can reconstruct specific mailbox - just in case you don't know it. M. -- Miroslaw Psyborg Jaworski GCS/IT d- s+:+ a C++$ UBI$ P+++$ L- E--- W++(+++)$ N++ o+ K- w-- O- M- V- PS+ PE++ Y+ PGP t 5? X+ R++ !tv b++(+++) DI++ D+ G e* h++ r+++ y? Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Possible sendmail misconfiguration to deliver to cyrus
On Mon, 2006-12-04 at 10:24 -0800, Todd Lyons wrote: This solved my problem but it requires that I have a local machine account for each cyrus user. As a small domain that's not a problem for me, but others might find it too restrictive. I'll test it. As long as by local user you mean users visible to PAM and virtusers, then I'm golden. I'm beginning testing now. Fake passwd entries with logins, all hanging on the same uid will do. M. -- Miroslaw Psyborg Jaworski GCS/IT d- s+:+ a C++$ UBI$ P+++$ L- E--- W++(+++)$ N++ o+ K- w-- O- M- V- PS+ PE++ Y+ PGP t 5? X+ R++ !tv b++(+++) DI++ D+ G e* h++ r+++ y? Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: IMAP/POP traffic accounting
On Wed, 2006-11-29 at 13:23 -0500, Anthony Tibbs wrote: I believe there was some mention of this in the past, but I'm wondering whether there are any known efforts to implement network traffic accounting in the later versions of Cyrus, or if this is still something that hasn't been dealt with. I am pondering possibly tackling this, but I'm not really familiar with the Cyrus code and would rather not reinvent the wheel if it's already in the works. Well, 'effort' is definitely too big word for the hack we use. Our support was used to some old popper log format, so we have made hack resulting in such lines: User who (downloaded and) deleted 8 messages, 663454 bytes total. Nov 30 16:27:16 mail1 pop3[19762]: login: [83.15.90.206] t63877a plaintext User logged in [...] Nov 30 16:27:31 mail1 pop3[19762]: stats: t63877a 8 663454 0 0 User who didn't (downloaded and) deleted any messages; has 35 messages in his INBOX, 10785042 bytes total: Nov 30 16:18:59 mail1 pop3[19360]: login: [83.31.77.74] po30533 plaintext User logged in [...] Nov 30 16:19:00 mail1 pop3[19360]: stats: po30533 0 0 35 10785042 While it makes sense to have such logs from pop3 daemon doing simple operations on only one folder it has none when it comes to IMAP. What log can i possibly create after user connects to imap, applies his rules to an INBOX ( moving most of the messages to various folders, ie. marking them for deletion, not deleting them )? What when he reads some messages without deleting them? M. -- Miroslaw Psyborg Jaworski GCS/IT d- s+:+ a C++$ UBI$ P+++$ L- E--- W++(+++)$ N++ o+ K- w-- O- M- V- PS+ PE++ Y+ PGP t 5? X+ R++ !tv b++(+++) DI++ D+ G e* h++ r+++ y? Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Captive mailbox in Cyrus IMAP?
On Tue, 2006-11-21 at 12:35 -0500, [EMAIL PROTECTED] wrote: I could see this being useful as well for password expirations. ...or billing issues. MJ -- Miroslaw Psyborg Jaworski GCS/IT d- s+:+ a C++$ UBI$ P+++$ L- E--- W++(+++)$ N++ o+ K- w-- O- M- V- PS+ PE++ Y+ PGP t 5? X+ R++ !tv b++(+++) DI++ D+ G e* h++ r+++ y? Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
base64 decoding error again in 2.2?
Hi I am using cyrus-imapd-2.2.13_1 build from FreeBSD ports. Seems like *test tools are affected again(*) pop3test -u test1 10.10.10.1 S: +OK 10.10.10.1 Cyrus POP3 v2.2.13 server ready [EMAIL PROTECTED] C: CAPA S: +OK List of capabilities follows S: SASL DIGEST-MD5 CRAM-MD5 S: STLS S: EXPIRE 0 S: LOGIN-DELAY 0 S: TOP S: UIDL S: PIPELINING S: RESP-CODES S: AUTH-RESP-CODE S: USER S: IMPLEMENTATION Cyrus POP3 server v2.2.13 S: . C: AUTH DIGEST-MD5 S: + bm9uY2U9Ikt4Vk1FK1FCeHNrN09YcEszTzh1Lzg2OUJNZ25wRVVhSG9JZUpFT0J3Wms9IixyZWFsbT0iMTAuMTAuMTAuMSIscW9wPSJhdXRoLGF1dGgtaW50LGF1dGgtY29uZiIsY2lwaGVyPSJyYzQtNDAscmM0LTU2LHJjNCxkZXMsM2RlcyIsbWF4YnVmPTQwOTYsY2hhcnNldD11dGYtOCxhbGdvcml0aG09bWQ1LXNlc3M= base64 decoding error Authentication failed. generic failure Security strength factor: 0 imtest -u test1 -a test1 10.10.10.1 S: * OK 10.10.10.1 Cyrus IMAP4 v2.2.13 server ready C: C01 CAPABILITY S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE STARTTLS AUTH=DIGEST-MD5 AUTH=CRAM-MD5 SASL-IR X-NETSCAPE S: C01 OK Completed C: A01 AUTHENTICATE DIGEST-MD5 S: + bm9uY2U9InR5TVYvRmhCNCt0bXV0RWc1ZE5NZ2VEaU5QV2dNaUV1Rk0vMkJkR3JOM009IixyZWFsbT0iMTAuMTAuMTAuMSIscW9wPSJhdXRoLGF1dGgtaW50LGF1dGgtY29uZiIsY2lwaGVyPSJyYzQtNDAscmM0LTU2LHJjNCxkZXMsM2RlcyIsbWF4YnVmPTQwOTYsY2hhcnNldD11dGYtOCxhbGdvcml0aG09bWQ1LXNlc3M= base64 decoding error Authentication failed. generic failure Security strength factor: 0 (*) I searched archives and found reports showing same effect in 2.2.6. It was supposedly fixed in 2.2.7. M. -- Miroslaw Psyborg Jaworski GCS/IT d- s+:+ a C++$ UBI$ P+++$ L- E--- W++(+++)$ N++ o+ K- w-- O- M- V- PS+ PE++ Y+ PGP t 5? X+ R++ !tv b++(+++) DI++ D+ G e* h++ r+++ y? Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: base64 decoding error again in 2.2?
On Fri, 2006-05-26 at 10:46 -0300, Andreas Hasenack wrote: I am using cyrus-imapd-2.2.13_1 build from FreeBSD ports. Seems like *test tools are affected again(*) Did you just happen to have updated cyrus-sasl to 2.1.22? Checkout this thread and the patch at the end: I withdraw with 2.3.x testing, just made fresh chroot's for 2.2. Indeed, cyrus-sasl made to 2.1.22 meanwhile and that's the version i have installed. Thank you very much. M. -- Miroslaw Psyborg Jaworski GCS/IT d- s+:+ a C++$ UBI$ P+++$ L- E--- W++(+++)$ N++ o+ K- w-- O- M- V- PS+ PE++ Y+ PGP t 5? X+ R++ !tv b++(+++) DI++ D+ G e* h++ r+++ y? Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: move /var/imap
On Fri, 2006-05-26 at 19:50 +0200, Martin Schweizer wrote: Hello I want to move /var/imap to a new drive but while I'm doing this FreeBSD 5.4 could not move sockets You don't need to move them. Discard these warnings ( if these are indeed only warnings and your copying process wasn't interrupted ). Cyrus will make new sockets at start if necessary. M. -- Miroslaw Psyborg Jaworski GCS/IT d- s+:+ a C++$ UBI$ P+++$ L- E--- W++(+++)$ N++ o+ K- w-- O- M- V- PS+ PE++ Y+ PGP t 5? X+ R++ !tv b++(+++) DI++ D+ G e* h++ r+++ y? Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Can't locate object method reinit via package Pod::Man
On Wed, 2006-05-24 at 19:57 -0800, Noah wrote: freeBSD-4.11 I am finding that cyrus-imapd23 fails to build from FreeBSD /usr/ports . Clues please? Obviously your /usr/local/bin/perl doesn't know the reinit method. Looks like screwed perl 5.8.8 install. Do you prepare new machine. Consider going with newer FreeBSD if you can. cyrus-imapd23 port in 5.4 works ( compiles at least). And yes, the error has nothing to do with cyrus, so you shouldn't post it here in theory. M. -- Miroslaw Psyborg Jaworski GCS/IT d- s+:+ a C++$ UBI$ P+++$ L- E--- W++(+++)$ N++ o+ K- w-- O- M- V- PS+ PE++ Y+ PGP t 5? X+ R++ !tv b++(+++) DI++ D+ G e* h++ r+++ y? Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Cyrus IMAPd 2.3.4 Released
On Thu, 2006-05-25 at 17:56 +1000, Bron Gondwana wrote: On Wed, 24 May 2006 12:44:42 -0400, Ken Murchison [EMAIL PROTECTED] said: It looks like in my haste to make a release with the pop3d bugfix, it didn't do enough testing. I'm seeing the same thing here,and I'm working on it. Is this a good spot to suggest branching from the last stable release (2.3.3 in this case) and just applying the bugfixes if HEAD is only half finished? 2.3 is beta branch. You want stable you go for 2.2. M. -- Miroslaw Psyborg Jaworski GCS/IT d- s+:+ a C++$ UBI$ P+++$ L- E--- W++(+++)$ N++ o+ K- w-- O- M- V- PS+ PE++ Y+ PGP t 5? X+ R++ !tv b++(+++) DI++ D+ G e* h++ r+++ y? Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: lmtpproxyd reappears in 2.3.4
On Wed, 2006-05-24 at 11:40 +0200, Simon Matter wrote: While trying to build updated rpms of 2.3.4 I found the lmtpproxyd is now created as a hardlink to lmtpd. The same applies to pop3proxyd which is linked to pop3d. In the past the rpm shipped without the hardlinked pop3proxyd because it was not really used. My question is now what is the correct way to handle those links. Is there a good reason to include them in the package or are they just there for those using old config files? As of 2.3.3 proxy functionality was incorporated into daemons. As of 2.3.3 you don't need separate frontends and backends - same daemon can serve or proxy depend whether it has mailbox locally or not. M. -- Miroslaw Psyborg Jaworski GCS/IT d- s+:+ a C++$ UBI$ P+++$ L- E--- W++(+++)$ N++ o+ K- w-- O- M- V- PS+ PE++ Y+ PGP t 5? X+ R++ !tv b++(+++) DI++ D+ G e* h++ r+++ y? Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Cyrus Murder 2.3 - questions/problems - update
On Fri, 2006-05-19 at 13:13 +0200, Mirosław Jaworski wrote: Problems: - mupdate eating cpu Update: seems that prot.c ( 1.82.2.13 ) patch made the day for me ( concerning mupdate eating cpu time ). Still have the problem with synchronizing mailboxes.db between nodes though. How often slave mupdate will update its config against the master mupdate? Isn't is supposed to be realtime too ( as of now - when i add mailbox on node with slave mupdate the node with master mupdate knows about it in no time )? Is there any configuration option i can add, some mupdate slave synchronization event to slave node(s) or something? Regards MJ -- Miroslaw Psyborg Jaworski GCS/IT d- s+:+ a C++$ UBI$ P+++$ L- E--- W++(+++)$ N++ o+ K- w-- O- M- V- PS+ PE++ Y+ PGP t 5? X+ R++ !tv b++(+++) DI++ D+ G e* h++ r+++ y? Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Cyrus Murder 2.3 - questions/problems
Hi I am new to this list, although using couple Cyrus installations for couple years with success. I decided to migrate my biggest single big box installation ( ~40k mailboxes ) to somehow more fault-tolerant x86 farm. Having good experience with Cyrus i decided to test cyrus murder. I started from http://asg.web.cmu.edu/cyrus/download/imapd/install-murder.html trying to make 2 frontend 2 backend setup. After some time i found 2.3 unified backend/fronted feature and decided to give it a shot. My current lab configuration is single FreeBSD 5.4 box with jails with installed murder enabled cyrus 2.3. Jails are - 10.10.10.1 ( mupdate master ) - 10.10.10.2 ( mupdate slave ) Problems: - mupdate eating cpu - while starting first node ( with mupdate master ) mupdate -m eats a lot of cpu time start of the first node with mupdate master: May 19 12:00:55 lab master[99930]: process started May 19 12:00:55 lab ctl_cyrusdb[99931]: recovering cyrus databases May 19 12:00:55 lab ctl_cyrusdb[99931]: skiplist: recovered /var/imap/mailboxes.db (2 records, 580 bytes) in 0 seconds May 19 12:00:55 lab ctl_cyrusdb[99931]: skiplist: recovered /var/imap/annotations.db (0 records, 144 bytes) in 0 seconds May 19 12:00:55 lab ctl_cyrusdb[99931]: done recovering cyrus databases May 19 12:00:55 lab master[99930]: ready for work May 19 12:00:55 lab ctl_cyrusdb[99932]: checkpointing cyrus databases May 19 12:00:55 lab ctl_cyrusdb[99932]: done checkpointing cyrus databases - when i start second node master's mupdate stops eating time, slave's starts start of the second node with mupdate slave: May 19 12:03:58 lab master[99982]: process started May 19 12:03:58 lab ctl_cyrusdb[99983]: recovering cyrus databases May 19 12:03:58 lab ctl_cyrusdb[99983]: skiplist: recovered /var/imap/mailboxes.db (1 record, 568 bytes) in 0 seconds May 19 12:03:58 lab ctl_cyrusdb[99983]: skiplist: recovered /var/imap/annotations.db (0 records, 144 bytes) in 0 seconds May 19 12:03:58 lab ctl_cyrusdb[99983]: done recovering cyrus databases May 19 12:03:58 lab master[99982]: ready for work May 19 12:03:58 lab ctl_cyrusdb[99984]: checkpointing cyrus databases May 19 12:03:58 lab ctl_cyrusdb[99984]: done checkpointing cyrus databases May 19 12:03:58 lab mupdate[99933]: no user in db May 19 12:03:58 lab mupdate[99933]: login: mail1.test.pl [10.10.10.1] mupdate DIGEST-MD5 User logged in May 19 12:03:58 lab mupdate[99985]: successful mupdate connection to 10.10.10.1 May 19 12:03:58 lab mupdate[99985]: unready for connections May 19 12:03:58 lab mupdate[99985]: synchronizing mailbox list with master mupdate server May 19 12:03:58 lab mupdate[99985]: mailbox list synchronization complete - ktrace of the cpu eating mupdate doesnt show anything interesting: 72078 mupdate 0.00 CALL kse_wakeup(0x810d990) 72078 mupdate 0.17 RET kse_wakeup 0 72078 mupdate 0.29 RET kse_release 0 72078 mupdate 0.38 CALL kse_release(0x812bfac) 72078 mupdate 0.48 CALL kse_wakeup(0x810d990) 72078 mupdate 0.52 RET kse_wakeup 0 72078 mupdate 0.59 RET kse_release 0 72078 mupdate 0.67 CALL gettimeofday(0xbfa8de58,0) 72078 mupdate 0.73 RET gettimeofday 0 72078 mupdate 0.77 CALL select(0x7,0xbfa8deb0,0,0,0xbfa8dea8) 72078 mupdate 0.87 RET select 0 72078 mupdate 0.91 CALL gettimeofday(0xbfa8de58,0) 72078 mupdate 0.96 RET gettimeofday 0 72078 mupdate 0.000102 CALL kse_wakeup(0x810da10) 72078 mupdate 0.000107 RET kse_wakeup 0 72078 mupdate 0.000115 RET kse_release 0 72078 mupdate 0.000123 CALL kse_release(0x812ffac) 72078 mupdate 0.000135 CALL kse_release(0x8113fac) 72078 mupdate 0.000146 CALL kse_wakeup(0x810da10) 72078 mupdate 0.000151 RET kse_wakeup 0 72078 mupdate 0.000158 RET kse_release 0 72078 mupdate 0.000165 CALL kse_wakeup(0x810d410) 72078 mupdate 0.000170 RET kse_wakeup 0 72078 mupdate 0.000177 RET kse_release 0 72078 mupdate 0.000183 CALL gettimeofday(0xbfaadfa0,0) 72078 mupdate 0.000187 RET gettimeofday 0 72078 mupdate 0.000194 CALL kse_release(0x8113fac) 72078 mupdate 0.000206 CALL gettimeofday(0xbfa8dfa0,0) 72078 mupdate 0.000212 RET gettimeofday 0 72078 mupdate 0.000220 CALL kse_release(0x812bfac) 72078 mupdate 0.000233 CALL gettimeofday(0xbfa9de58,0) 72078 mupdate 0.000238 RET gettimeofday 0 72078 mupdate 0.000243 CALL select(0x7,0xbfa9deb0,0,0,0xbfa9dea8) 72078 mupdate 0.000249 RET select 0 it's not even a millisecond :/ - synchronizing mailbox list by mupdate seems to work one way only - adding a mailbox on 10.10.10.1 mailbox is visible ( cyradm's lm command ) on 10.10.10.1, not visible on 10.10.10.2 logging to 10.10.10.1 and adding user.test1, syslog: May 19 12:18:17 lab imap[412]: no user in db May 19 12:18:17 lab imap[412]: login: mail1.test.pl [10.10.10.1] cyradm DIGEST-MD5 User logged in - adding a mailbox on 10.10.10.2 mailbox is visible on 10.10.10.2, also in
