using cassandra as backend storage instead of filesystem
We have been using cyrus for quiet sometime now. I guess , now we have to move from traditional file based storage to more distributable models like cassandra The benefits are tremendous , since that automatically provides for hardware redundancy and scalability. For even slightly large setups , typically more that 200+ users using cyrus with multiple servers becomes necessary both for redundancy and performance. Current methods , using NGINX proxy etc are kludgy, and dont provide real redundancy in h/w terms. If Cyrus could use a cassandra like backed to store the mails and probably use cassandra lucene index then we could scale to any number of users easily. Is there any work going on , on these lines? I guess similar work is going on for dovecot imap servers, quick google search did lead to some results Thanks Ram Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Store data encrypted in maildir
Is there a way I can store cyrus imap mails encrypted. This may not be a fully secure system but I just need something so that a root logged in user cant trivially read the files Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: CRAM-MD5 with saslauthd
On 03/12/2015 09:03 PM, Vladislav Kurz wrote: On Thursday 12 of March 2015 Ram wrote: > I am trying to use CRAM-MD5 for password authentication. > The passwords are in ldap. > > > But the cyrus document here > https://cyrusimap.org/docs/cyrus-sasl/2.1.23/sysadmin.php says that I > cannot use saslauthd with CRAM-MD5 or DIGEST-MD5 > > Then how do I configure my imap server to use CRAM-MD5 ?? > > Is there a simple howto ? You need access to plaintext passwords for CRAM/DIGEST-MD5. LDAP and saslauthd do not provide that. How can I use CRAM-MD5 with passwords stored in LDAP (in MD5 format ) then ? I need to disable plain & login methods and cannot store passwords in plain text too. Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
CRAM-MD5 with saslauthd
I am trying to use CRAM-MD5 for password authentication. The passwords are in ldap. But the cyrus document here https://cyrusimap.org/docs/cyrus-sasl/2.1.23/sysadmin.php says that I cannot use saslauthd with CRAM-MD5 or DIGEST-MD5 Then how do I configure my imap server to use CRAM-MD5 ?? Is there a simple howto ? Thanks Ram Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Intergation with MDM solutions
I need to integrate cyrus IMAP with a MDM ( Mobile Device Management ) solution. The idea is that even if the IMAP ports are open only selective users / devices should be allowed from an external Network. Internal Network everyone is allowed. I have seen that ready MDM solutions come up with server side plugins for Microsoft Exchange which can help achieve this Is there a software for Cyrus Imap server that can allow selective users / devices only ? Thanks Ram Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Active sync Front end
I have been getting requests to enable active sync on my cyrus mailserver. There are third party solutions like z-push but those dont seem to work on the default mail servers What can I use to enable activesync for cyrus Thanks Ram Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Using memcached for authentication
On 07/09/2014 02:49 PM, Willy Offermans wrote: > Hello Ram and Cyrus-imap friends, > > > On Wed, Jul 09, 2014 at 01:32:50PM +0530, Ram wrote: >> Currently I use pam with pam_mysql for authenticating cyrus accounts >> But I frequently run into the issue of mysql connections exceeding limit. >> >> Can I simply use something like Memcached or Redis to authenticate users >> >> >> > You could also simply increase the connections limit in MySQL. I did .. I have now set it to unreasonable limits. But I think that is not a good idea anyway. Most of these these webmail products they really jam the imap servers with too many authentication requests I run cyrus-sasl with caching on but still see too many connections going to mysql servers , when actually they are not needed at all > I cannot > get to my notes at the moment, but I'm pretty sure that you find the needed > info somewhere on the net. duckduckgo is your friend as long as Google is > tracking your interests. > Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Using memcached for authentication
Currently I use pam with pam_mysql for authenticating cyrus accounts But I frequently run into the issue of mysql connections exceeding limit. Can I simply use something like Memcached or Redis to authenticate users Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Multiple domains , domain wise size limits
If I have multiple domains configured on cyrus How can I implement overall usage restriction for a domain ? Cyrus supports userwise quotas , can I also have domain-wise quotas. Individual users may not be assigned any quota Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
IP based Restrictions within SASL
I have a cyrus imapd server that needs userwise restrictions Users can login only from their pre-configured ips This is already working with having a NGINX server in between. Nginx has all the rules built in and authenticates the users only when the rules match. Nginx is a overkill for this kind of application. Can this be done within cyrus. ( probably cyrus sasl ) Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Login with an alias ID
Does cyrus implement login with an alias id If the mailbox of a user is created with a long email id , it may be helpful to allow login with a short "nickname" So the user has a choice of logging in with either his full email-id or nickname to the same mailbox Is this possible ? Thanks Ram Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Single sign on with NT Login
I need to implement NT Login such a way that if a user is logged in to the desktop , he is also automatically logged in to the email server ( when using outlook / thunderbird etc) I need to replicate how outlook works with Exchange. The users may use windows login from any desktop and he is auto logged in to his own email account Thanks Ram Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Restrict access to a single client device
On 02/01/2013 01:20 AM, Dale J Chatham wrote: > You use SMTP authentication through postfix or sendmail. Google [ mail > authentication relay ] and you should find lots of howtos. > > I'm setting it up to use a sasldb to authenticate external users in > order to keep them apart from UNIX users. Be very certain that you use > STARTTLS or some form of authentication for email. Also, if you're > allowing internet access to e-mail, you'll want to use imaps or https. The idea is that end users configure their email on Desktop, Laptop , Phone , tablet, Ipad ... ( The list is getting longer every day ) So copies of the mail are floating everywhere. This raises a security concern I cant block access totally from outside. Employees should be allowed access from outside office , but only from the designated Laptop. One way would be to ask everyone to VPN to the office for mails , Is there anyway else. Thanks Ram Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Restrict access to a single client device
On 01/30/2013 08:11 PM, Dale J Chatham wrote: > If a Linux box, best place is likely /etc/hosts.deny > > http://linux.about.com/od/commands/l/blcmdl5_hostsde.htm Sorry, I should have mentioned that the IP address of the device may change For eg, If I want to restrict access to a single LAPTOP, wether the employee uses it from home or from office it should work But not from anywhere else > On 01/30/2013 08:29 AM, Ram wrote: >> Can I restrict access to my imap servers from a single device only >> The server is not on the same LAN , So I cannot do a mac-binding >> >> >> >> Thanks >> Ram >> >> >> >> >> Cyrus Home Page: http://www.cyrusimap.org/ >> List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ >> To Unsubscribe: >> https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus > Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Restrict access to a single client device
Can I restrict access to my imap servers from a single device only The server is not on the same LAN , So I cannot do a mac-binding Thanks Ram Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
cyrus sasl Password lock after n failed attempts
Hi I am using cyrus saslauthd with pam_ldap for authentication. Off late I have seen lots of attempts at getting in weak weak passwords. Is there a way I can implement password lock out within cyrus if there are more than n consecutive bad attempts Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Userwise pop/imap access
On 08/16/2012 06:28 PM, Bron Gondwana wrote: > > On Thu, Aug 16, 2012, at 02:21 PM, Ram wrote: >> I have a requirement that we need to provide imap access only to some >> mailboxes >> All other users download the mails using pop >> >> Currently I am using an nginx proxy and checking for users in nginx , >> but that seems inefficient. >> >> Is there a better way ? > Are you seeing performance problems, or are you creating yourself makework? There is a definite performance issue. The I/O requirement on the machine increases if I use nginx Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Userwise pop/imap access
I have a requirement that we need to provide imap access only to some mailboxes All other users download the mails using pop Currently I am using an nginx proxy and checking for users in nginx , but that seems inefficient. Is there a better way ? Thanks Ram Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Globally shared folder
Hi I am using cyrus on linux I want to create a folder that has read / write access given to all users. Any new user added to cyrus must get access to this automatically Is this possible ? Thanks Ram Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Failover for business continuity
On 05/30/2012 02:26 PM, Eric Luyten wrote: > On Wed, May 30, 2012 9:24 am, Ram wrote: >> On 05/30/2012 12:43 PM, Dmitry Banschikov wrote: >> >>> On 05/30/2012 10:52 AM, Ram wrote: >>> >>>> I am trying to setup a remote cyrus-replica to a different geographical >>>> location for business continuity. >>>> >>>> In case the main server goes down the users will get switched to the >>>> remote server by making a DNS change. The only issue is DNS replication >>>> would take a long time so the switch is not instantaneous. How would one >>>> make the switch instantaneous ? Moving the IP is not possible because the >>>> Remote server is on a different network >>>> >>>> >>> You can set TTL of RR to very small value (say 60 seconds). In this >>> case, DNS change will be propagated fast. >>> >>> >> But I have seen some DNS clients , especially on windows , do not honor >> TTL. >> For a 10 minute TTL , even after 4 hours the windows server keeps >> resolving to the old server > > Ram, > > > Correct. > Some OSes/applications/resolver libraries will keep on using the 'old' > values until *they* see fit. > > DNS-based failover is (and always has been) a very low cost, halfbaked > solution. Been there, done that... > > > Eric. So if not DNS based fail over , what is the other alternative. I cant move the IP , or re-announce BGP I cant have both servers in active-active mode Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Failover for business continuity
On 05/30/2012 12:43 PM, Dmitry Banschikov wrote: > On 05/30/2012 10:52 AM, Ram wrote: >> I am trying to setup a remote cyrus-replica to a different geographical >> location for business continuity. >> >> In case the main server goes down the users will get switched to the >> remote server by making a DNS change. >> The only issue is DNS replication would take a long time so the switch >> is not instantaneous. >> How would one make the switch instantaneous ? Moving the IP is not >> possible because the Remote server is on a different network >> >> > > You can set TTL of RR to very small value (say 60 seconds). In this > case, DNS change will be propagated fast. > > But I have seen some DNS clients , especially on windows , do not honor TTL. For a 10 minute TTL , even after 4 hours the windows server keeps resolving to the old server Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Failover for business continuity
I am trying to setup a remote cyrus-replica to a different geographical location for business continuity. In case the main server goes down the users will get switched to the remote server by making a DNS change. The only issue is DNS replication would take a long time so the switch is not instantaneous. How would one make the switch instantaneous ? Moving the IP is not possible because the Remote server is on a different network Thanks Ram Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: ZFS doing insane I/O reads
On 02/27/2012 04:16 PM, Eric Luyten wrote: > On Mon, February 27, 2012 11:10 am, Ram wrote: >> I just deployed zfs on my newer cyrus servers. >> These servers get less than 2000 mails per hour and around 400 >> concurrent pop/imap connections >> >> >> I have seen that even if there is no incoming pop or imap connection >> still there is large amount of READ happenning on the zfs partitions. Is this >> normal behaviour for an imap server. Iostat shows sometimes upto 2000 TPS >> >> >> The reads are infact more than 10x of what writes are. I am afraid I >> will be trashing the harddisk. Do I need to tune ZFS specially for cyrus ? >> >> >> >> This is the typical zpool iostat output >> >> >> zpool iostat 1 >> poolalloc free read write read write >> -- - - - - - - >> imap 145G 655G418 58 18.0M 1.78M >> imap 146G 654G258118 8.28M 960K >> imap 145G 655G447146 19.4M 4.37M >> imap 145G 655G413 32 19.4M 1.46M >> imap 145G 655G339 4 14.8M 20.0K >> imap 145G 655G341 40 15.7M 755K >> imap 145G 655G305 10 15.0M 55.9K >> imap 145G 655G328 12 14.8M 136K > > Ram, > > We have a single Cyrus server about ten times as busy as yours with four ZFS > pools (EMC Celerra iSCSI SAN) for message stores ; all the databases, quota > and seen information are on an internal server SSD based (mirror) pool. > We also have a few GB of SSD based ZIL (synchronous write cache) per pool. > > > Here is our 'zpool iostat 1' output : > > capacity operationsbandwidth > poolalloc free read write read write > -- - - - - - - > cpool1 901G 2.96T 22 32 422K 286K > cpool2 1.18T 2.66T 29 45 578K 459K > cpool3 1.00T 2.84T 24 34 456K 314K > cpool4 993G 2.87T 25 35 455K 328K > ssd 7.49G 22.3G 4 35 17.2K 708K > -- - - - - - - > cpool1 901G 2.96T 45 16 670K 759K > cpool2 1.18T 2.66T 47 25 565K 603K > cpool3 1.00T 2.84T 33 13 410K 483K > cpool4 993G 2.87T 12 8 525K 244K > ssd 7.49G 22.3G 13210 49.4K 10.8M > -- - - - - - - > cpool1 901G 2.96T 20 22 77.9K 2.15M > cpool2 1.18T 2.66T 25 4 937K 128K > cpool3 1.00T 2.84T 20 91 324K 11.0M > cpool4 993G 2.87T 17 13 844K 83.9K > ssd 7.49G 22.3G 6237 20.0K 20.9M > -- - - - - - - > cpool1 901G 2.96T 0 0 1023 0 > cpool2 1.18T 2.66T 12 21 146K 1.26M > cpool3 1.00T 2.84T 8 26 46.5K 2.28M > cpool4 993G 2.87T 11 4 353K 24.0K > ssd 7.49G 22.3G 17135 99.4K 8.12M > -- - - - - - - > cpool1 901G 2.96T 4 0 80.9K 4.00K > cpool2 1.18T 2.66T 7 6 133K 28.0K > cpool3 1.00T 2.84T 6 0 16.5K 4.00K > cpool4 993G 2.87T 4 4 149K 20.0K > ssd 7.49G 22.3G 9 76 51.0K 4.24M > -- - - - - - - > cpool1 901G 2.96T 12 0 269K 4.00K > cpool2 1.18T 2.66T 19 0 327K 4.00K > cpool3 1.00T 2.84T 7 3 11.0K 16.0K > cpool4 993G 2.87T 5 95 167K 11.4M > ssd 7.49G 22.3G 4226 17.5K 25.2M > -- - - - - - - > cpool1 901G 2.96T 14 20 311K 1.22M > cpool2 1.18T 2.66T 19 15 85.4K 1.39M > cpool3 1.00T 2.84T 6 6 5.49K 40.0K > cpool4 993G 2.87T 4 15 17.0K 1.70M > ssd 7.49G 22.3G 6151 21.5K 13.1M > -- - - - - - - > cpool1 901G 2.96T 56 15 2.11M 559K > cpool2 1.18T 2.66T 13 7 18.5K 32.0K > cpool3 1.00T 2.84T 5 4 54.4K 392K > cpool4 993G 2.87T 17 2 66.4K 136K > ssd 7.49G 22.3G 6109 45.9K 8.29M > -- - - - - - - > cpool1 901G 2.96T 38 19 228K 1.89M > cpool2 1.18T 2.66T 29 11 160K 300K > cpool3 1.00T 2.84T 4 4 11.5K 24.0K > cpo
ZFS doing insane I/O reads
I just deployed zfs on my newer cyrus servers. These servers get less than 2000 mails per hour and around 400 concurrent pop/imap connections I have seen that even if there is no incoming pop or imap connection still there is large amount of READ happenning on the zfs partitions. Is this normal behaviour for an imap server. Iostat shows sometimes upto 2000 TPS The reads are infact more than 10x of what writes are. I am afraid I will be trashing the harddisk. Do I need to tune ZFS specially for cyrus ? This is the typical zpool iostat output zpool iostat 1 poolalloc free read write read write -- - - - - - - imap 145G 655G418 58 18.0M 1.78M imap 146G 654G258118 8.28M 960K imap 145G 655G447146 19.4M 4.37M imap 145G 655G413 32 19.4M 1.46M imap 145G 655G339 4 14.8M 20.0K imap 145G 655G341 40 15.7M 755K imap 145G 655G305 10 15.0M 55.9K imap 145G 655G328 12 14.8M 136K Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
OT: Syncing from Windows Live Office
I am tring to migrate users mails from Windows Live Office to my cyrus server They dont seem to support standard Imap commands I usually use ImapSync for migration but ImapSync is not able to authenticate I am using the standard options in imapsync --host1 exchange.liveoffice.com --ssl1 Getting an error like Error login: [exchange.liveoffice.com] with user [..] auth [CRAM-MD5]: 2 BAD Command Argument Error. 11 Has anyone already used imapsync with Windows Live Office Thanks Ram Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
[SOLVED] Re: Set quota "none" using Cyrus::IMAP::Admin
On 01/17/2012 04:27 PM, Bron Gondwana wrote: > > On Tue, Jan 17, 2012, at 04:22 PM, Ram wrote: >> No "-1" also gives an error not a number >> >> Interestingly set_quota function using CPAN module works fine with "none" >> http://search.cpan.org/~eestabroo/IMAP-Admin-1.6.4/Admin.pm >> >> >> But my GUI screens are already coded to use Cyrus::IMAP::Admin > What version of Cyrus are you using? > > Can you file a bug at bugzilla.cyrusimap.org if it's a 2.4 series, and I'll > get it fixed. > > Thanks, > > Bron. I am using cyrus-imapd-2.4.12-2 As Wolfgang suggested using $imap->setquota("user/$user") removed the quota. Problem solved Thanks Ram Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
Re: Set quota "none" using Cyrus::IMAP::Admin
On 01/17/2012 04:24 PM, Wolfgang Breyha wrote: > Bron Gondwana wrote, on 17.01.2012 11:36: >> On Tue, Jan 17, 2012, at 03:57 PM, Ram wrote: >>> http://www.manpagez.com/man/3/Cyrus::IMAP::Admin/ >>> There is a setquota function which should accept "none" for removing >>> quota. But that does not work >>> >>> How do I set unlimited quota using the setquota function >> Does '-1' work? > Setting an "empty" quota works: > > use Cyrus::IMAP::Admin; > > print "setting some quota\n"; > my $quotaroot = "user.mailboxid"; > my @quotaargv = ($quotaroot, "STORAGE", 500); > $res = $backend->setquota(@quotaargv); > > print "setting \"unlimited\"\n"; > @quotaargv = ($quotaroot); > $res = $backend->setquota(@quotaargv); > > Greetings, Wolfgang That means we omit the word "STORAGE" , thanks .. will try that. Hope that goes into the document Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
Re: Set quota "none" using Cyrus::IMAP::Admin
No "-1" also gives an error not a number Interestingly set_quota function using CPAN module works fine with "none" http://search.cpan.org/~eestabroo/IMAP-Admin-1.6.4/Admin.pm But my GUI screens are already coded to use Cyrus::IMAP::Admin On 01/17/2012 04:06 PM, Bron Gondwana wrote: > > On Tue, Jan 17, 2012, at 03:57 PM, Ram wrote: >> http://www.manpagez.com/man/3/Cyrus::IMAP::Admin/ >> There is a setquota function which should accept "none" for removing >> quota. But that does not work >> >> How do I set unlimited quota using the setquota function > Does '-1' work? Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
Set quota "none" using Cyrus::IMAP::Admin
http://www.manpagez.com/man/3/Cyrus::IMAP::Admin/ There is a setquota function which should accept "none" for removing quota. But that does not work How do I set unlimited quota using the setquota function Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
Not able to delete mails in 2.4.6
Hello I had upgraded my imap server to 2.4.6 Some users keep complaining that delete is not working. Even If I use raw Imap commands and delete the message .. the delete flag is not being set As a fix , If I remove cyrus.* from all the folders in the users directory and reconstruct then the problem gets solved But why does this happen ? How can I debug ? I have noticed that these users have a line "NonJunk" in the cyrus.header file , Is that any indication of anything ? Thanks Ram Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
Re: cyr_expire -x is segfaulting
On 11/10/2011 06:25 PM, Bron Gondwana wrote: > There are a lot of bugs solved since 2.4.6. I forget exactly which, but there > were cyr_expire bugs solved since 2.4.6. > The laterst 2.4.12 seems to have solved the issue .. but why does the usage not show -x ? However in the code "-x" seems to be implemented. Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
cyr_expire -x is segfaulting
Hello I am using cyrus 2.4.6 I am trying to run cyr_expireto just prune my deliver DB but I am just getting a segfault /usr/lib/cyrus-imapd/cyr_expire -x -E 1 -v Segmentation fault But without -x it works fine .. but takes too long Is this a solved bug ? Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
Minimum days between sieve vacation responses
Can I configure sieve to send vacation responses for every message .. rather than waiting for "n" days before responding again to the same sender Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
What is this ? ERROR: message has more than 1000 header lines
I can see errors like this in my maillog ( cyrus 2.4.6 on Centos 5.5 ) Oct 4 18:18:11 node1 lmtpunix[10901]: ERROR: message has more than 1000 header lines, not caching any more What do these errors indicate ? Thanks Ram Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
Deliverdb in a memcached
On a very busy Imap server , duplicate suppression sometimes becomes the bottleneck I have seen that If I disable duplicate suppression , my lmtp deliveries are speeded up. Duplicate suppression is important , but the database need not persist for very long. I have seen in most of the cases if there is a duplicate mail ( due to forwards , groups etc ), it arrives within 10 minutes of the first mail ( Any exception to this is too minor and can be ignored ) IMHO There should be a configuration that the deliverdb can be, optionally, stored in memcached or directly in memory. Of course there are cons .. like loss of data on restart etc. But these are OK. Thanks Ram Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
Re: Scaling of imap servers
On 06/16/2011 07:54 PM, Pascal Gienger wrote: > Am 16.06.11 15:26, schrieb Ramprasad A.P: > >> Using outsourced mail is not possible > Amazon cloud *IS* outsourced mail, Amazon has access to your virtual > servers and it passes without VPN into their network. > But having a private server from vendor and running our software is different from using the vendors mail server Running hired servers was never considered a security issue. But handing over the mail app completely to a vendor seems a risk ( especially to my job :-) ) >> The biggest problem is harddisk space >> Every user is looking for huge amounts of diskspace even if I need >> 20GB per user I cant get so much disk space at affordable cost. > > 20K users with 20G each = 400 TB. With zfs compression perhaps 300 TB. > > How much does it cost to use 300T redundant fault-tolerant storage in an > Amazon Cloud? > They dont seem to offer 300T of storage , I tried the same with rackspace they too limit the maximum direct storage to around 600G per server ( Their cloud FS is much lower on I/O and wont fit the bill for a mail server ) > Google Mail does use your text patterns in your mail for advertising. > That's the way you're paying them. And they don't restore your mailbox > unless you use a business contract which means costs for each mailbox. > There's no such thing as a free lunch. > I think that is perfectly reasonable .. Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
Scaling of imap servers
We need to create a platform for create a large number of cyrus accounts that can scale indefinitely I could start with just 2k users but could have 20x the number of accounts by next year. I was thinking of taking a cloud-based machine at amazon or rackspace and scale hardware vertically as required. But the problem with rackspace or amazon is they do not offer much storage and cap the total storage that can be used. So what is the best way of creating a scalable setup. If I use cyrus-murder still there is always a challenge of using a single mupdate server which cannot handle more than "n" requests at a time. So I plan to use nginx proxy servers that will just redirect the requests and use multiple servers behind it. For scaling I will have to add more servers behind the nginx , as long as the proxy can support it. Even though this is already working , but I dont see it as a long term solution. Backups , HA , DR etc are all not very clean. I would like to know how do you guys do the same Thanks Ram Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
serverinfo: off does not work for timsieved
I am using cyrus-imap 2.4.6 If I set serverinfo: off in imapd.conf then the banner of cyrus is hidden for imap and pop But I think timsieved does not hide the banner [root@centos ~]# grep serverinfo /etc/imapd.conf serverinfo: off [root@centos ~]# telnet localhost 2000 Trying 127.0.0.1... Connected to localhost.localdomain (127.0.0.1). Escape character is '^]'. "IMPLEMENTATION" "Cyrus timsieved v2.4.6-Invoca-RPM-2.4.6-3" "SASL" "PLAIN" "SIEVE" "comparator-i;ascii-numeric fileinto reject vacation imapflags notify envelope relational regex subaddress copy" "STARTTLS" OK Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
Running multiple instances of cyrus for clustering
I am thinking of running mutiple instances of cyrus on a single machine with different sets of mailboxes. The Idea is that I would have two cyrus imap servers running on different machines and in case of any failure both instances will be run from the same machine ( obviously at a lower performance ) Is this a good idea ? Thanks Ram Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
How to block a dictionary attack
I am seeing this pattern now very often. Every weekend someone tries to gain unauthorized access to the my imap servers by trying random username / passwords Yesterday by afternoon someone had tried half a million times on my servers from 62.141.37.141. I have written to the abuse contact address ... not that I expect any reply anyway I would like to configure cyrus such a way that if there are 10 failed logins from an ip address in 10 minutes and no successful logins just block the IP address. ( Or inject the ip into my firewall ) Is there something similar already available Thanks Ram Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Implementing SRS for sieve
Hi, I would like to rewrite the sender address when a mail is forwarded by a sieve rule What is the best way of doing this Thanks Ram Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Nginx configuration for imap
On Wed, 2010-03-17 at 22:45 -0700, Robert Banz wrote: > > > memcached would certainly be fast, but what sort of authentication > rate are you talking about here. My bet is that you've got other bits > of system, such as the authentication validation with the target IMAP > server, that will be more of a dominant term when it comes to the > performance of your system. > > > I deployed an nginix proxy to assist in my migration to Cyrus (once > all my users were on Cyrus, murder took over) -- just had it do > lookups against our LDAP directory to determine which IMAP provider to > redirect to, it worked perfectly fine. > > > -rob > I dont think I am going to be able to connect to LDAP for every connection. I have atleast 3000 pop and 1000 concurrent imap connections on the server. One more issue with nginx 0.8.34 is that when auth-fails on the real server the nginx returns "BAD: internal server error" The email clients are not able to interpret this error. Can I configure nginx to pass on the actual message from my cyrus server "NO LOGIN failed" Thanks ram > On Wed, Mar 17, 2010 at 10:35 PM, Robert Mueller > wrote: > > > But I thought a memcache lookup will be much more > inexpenisve than > > connecting to a mysql db to do lookup for every cyrus > connection > > > Probably slightly. But what happens if the value isn't in > memcached? > Where do you get the value from? > > Anyway, it's still WAY better than doing: > > > > > $user['user1'] = 10.1.1.1; > > > > $user['user2'] = 10.1.1.2; > > > > > > > > $user[user15000]=10.1.1.1; > > > For every lookup. > > Rob > > > Cyrus Home Page: http://cyrusimap.web.cmu.edu/ > Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki > List Archives/Info: > http://asg.web.cmu.edu/cyrus/mailing-list.html > > > Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Nginx configuration for imap
On Thu, 2010-03-18 at 14:36 +1100, Robert Mueller wrote: > > > $user['user1'] = 10.1.1.1; > > $user['user2'] = 10.1.1.2; > > > > $user[user15000]=10.1.1.1; > > For 15k users this method becomes very heavy. There are too many httpd > > processes running that suck the resources on the machine. I want to > > store the userlist in a memcache and look it up through nginx.conf > > How do I do this ? > > Don't use memcache, it's a *cache*, you want a *database*. So > just use a database to store the data, and look it up for each > user. eg. > > mysql: http://php.net/manual/en/book.mysql.php > bdb: > http://www.oracle.com/technology/documentation/berkeley-db/db/programmer_reference/ext_php.html > Choose your favourite key/value db here... > But I thought a memcache lookup will be much more inexpenisve than connecting to a mysql db to do lookup for every cyrus connection Is that not true. Thanks Ram Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
OT: Nginx configuration for imap
I am using ngnix as a Load balancer for two imap servers. Currently the nginx calls an apache php script that determines if the user is on imap1 or imap2 by looking up a plain text file. which contains entries like $user['user1'] = 10.1.1.1; $user['user2'] = 10.1.1.2; $user[user15000]=10.1.1.1; For 15k users this method becomes very heavy. There are too many httpd processes running that suck the resources on the machine. I want to store the userlist in a memcache and look it up through nginx.conf How do I do this ? Does Nginx support for memcache also include imap protocol Thanks Ram Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Redirect on overquota
On Fri, 2010-03-05 at 10:35 +0100, Marc Patermann wrote: > Hi, > > ram schrieb: > > Can I set up lmtp such a way that the overquota messages are redirected > > to a postmaster account > What do you mean by that? > If the mailbox is "over quota" LMTP rejects the mail with a temporary > error 4xx. So the MTA can not deliver it (this time). Yes. Instead can lmtp be configured to accept the mail , and redirect to a postmaster account Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Redirect on overquota
Can I set up lmtp such a way that the overquota messages are redirected to a postmaster account Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Sieve minimum interval between auto responses is 3 days
On Wed, 2010-02-24 at 16:35 +0530, ram wrote: > On my cyrus server ( 2.3.7 redhat EL 5 ), When I set an autoresponder > repeat responses to same sender are suppressed. > This is fine , but even I set the frequency as 1 day no auto response > is sent for 3 days > > > I need to be able to send responses , at least 1 a day. How can this > be done ? > I even tried to look into the code to find where is this "3" > mentioned .. couldnt figure out anything > > > > Also I have applied this patch mentioned on the list before http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20081124/3cd6dd0b/attachment.obj But that doesnt seem to solve the issue Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Sieve minimum interval between auto responses is 3 days
On my cyrus server ( 2.3.7 redhat EL 5 ), When I set an autoresponder repeat responses to same sender are suppressed. This is fine , but even I set the frequency as 1 day no auto response is sent for 3 days I need to be able to send responses , at least 1 a day. How can this be done ? I even tried to look into the code to find where is this "3" mentioned .. couldnt figure out anything Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Backup strategy for large mailbox stores
We have cyrus servers deployed at many places where clients have varying mail storage. We have been taking backups to help in situations of human errors ( where you get complaints like ..oops, I accidentaly deleted all my mails!! ) and in case of hardware failures Things have been working fine but off late we find that emailusage has grown and so our backups take too long to complete .. we use dar to take differential backups and take backups everynight. and transfer the backup files to a remote server. If the backup is still running in the morning people notice a considerable degradation of the server performance Is there a better strategy , probably within the cyrus framework , to take backups efficiently Thanks Ram Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Reconstruct removes @domain from mboxlist --SOLVED
Sorry for troubling you all, I found the reason. These mailboxes were migrated from a machine with no virtual domains. So the cyrus.* files caused reconstruct to mess up the mailboxes.db I rsynced the files all over again and excluded the cyrus.* files. Now reconstruct works fine Thanks Ram On Sat, 2010-02-06 at 08:05 +1100, Bron Gondwana wrote: > On Fri, Feb 05, 2010 at 02:33:13PM -0600, Dan White wrote: > > On 04/02/10 12:46 +0530, Ramprasad wrote: > > >Hi, > > > > > > I have a cyrus-imapd 2.3.7 on RHEL 5 with multiple domains > > > > > >When I reconstruct a user mailbox on the primary domain it works fine > > >, but when any secondary domain mailbox is reconstructed the user is > > >unable to login > > > > > >when I dump the mailbox list I find that the users permissions are removed > > > > > >domain.tld!user.ram 0 1 r...@domain.tld lrswipda > > > > > >becomes ( after reconstruct ) > > > > > >domain.tld!user.ram 0 1 ram lrswipda > > > > > >--- > > >Why is reconstruct corrupting the mailboxes.db > > > > Can you provide your imapd.conf? > > > > Has your imapd.conf changed since your originally created the mailboxes? > > Ooh - indeed, does your cyrus.conf have a custom imapd.conf defined for > processes, but that imapd.conf isn't specified for reconstruct... ? > > (there's a reason why we don't have an /etc/cyrus.conf or an /etc/imapd.conf > on any of our systems!) > > Bron. Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: cyrus-imapd-2.2.12-10 -- impurge and -f recursion --
On Fri, 2010-01-15 at 08:39 -0500, James B. Byrne wrote: > I run cyrus-imapd under CentOS-4.8 (a RedHat el4 clone). I am > trying to discover if there is any way to purge a user's INBOX of > old and over-sized messages without affecting the contents of any > subfolders thereof. > > I have looked at impurge as the mechanism. However,my reading of the > man page, and of online discussions relating to this matter, > indicate that in order for impurge to remove any mail from the INBOX > then the -f switch has to be passed. But, I also gather that > whenever the -f switch is used then ALL subfolders of the target > directory are purged recursively as well. > > This strikes me as a rather odd combination of attributes but I > cannot see any way to prevent recursion if the -f switch is used. > What is the recommended way to purge mail from a user's INBOX only > using criteria such as age and size? > > Sincerely, > I think you mean ipurge (not impurge) Even I had exactly the same issue .. I modified ipurge.c a bit so that it will expect a "-r" switch to recurse through subfolders along with "-f" else "-f" works only on the inbox I have a workaroud patch to ipurge.c I can share .. but *absolutely no guarantee* that it will work for you --- ipurge.c.default 2006-01-21 18:50:26.0 +0530 +++ ipurge.c 2006-01-21 18:50:34.0 +0530 @@ -85,6 +85,8 @@ int skipflagged = 0; int datemode = OFFSET_SENTDATE; int invertmatch = 0; +short int recurse =0; +short int done=0; /* for statistical purposes */ typedef struct mbox_stats_s { @@ -159,6 +161,9 @@ case 'i' : { invertmatch = 1; } break; + case 'r' : { + recurse = 1; + } break; case 'h': default: usage(argv[0]); } @@ -234,6 +239,10 @@ if (!strncasecmp(name,"INBOX",5) || mboxname_isusermailbox(name, 0)) return 0; } +if(!recurse){ + if(done) return(0); + done=1; + } + Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: OT: Enhanced IMAP protocol
On Wed, 2010-01-06 at 13:50 -0500, Adam Tauno Williams wrote: > On Wed, 2010-01-06 at 20:35 +0530, ram wrote: > > On Tue, 2010-01-05 at 23:47 -0800, Rob Banz wrote: > > > I would argue that it's out of scope -- credential management should > > > be taken care of by your credential management system, be it through a > > > web interface or whatever. Even if it were to be an accepted spec, the > > > chances of all of the client-writers implementing it, and in a > > > reasonable way, are slim to none. > > Everyone need not implement it. > > If the protocol is available , I definitely know thunderbird will > > have at least one extension within 2 days :-) > > Nothing is stopping you, or anyone, from creating a password management > service and creating a related plugin/extension for TB. This just > doesn't have anything more to do with IMAP than it does with SMTP (why > not extend the SMTP server?). > Right , Password change can be implemented at SMTP too. And MUA plugins are not the only advantages I was infact watching my inbound mails quarantine and we are getting hundreds of 419s from a US university mail server There is a stupid account called "test" with password as "test" ( I tested that myself! ) .. If there was a password change available at SMTP or IMAP I would have done the mailadmin a favor by changing the password of the account and stop further damage. > > Most smaller companies I know of use username passwords only for mail > > Seriously?! I do not share your experience. They must be very very > small if they have no shared resources beyond e-mail. > > > Cyrus Home Page: http://cyrusimap.web.cmu.edu/ > Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: OT: Enhanced IMAP protocol
On Tue, 2010-01-05 at 23:47 -0800, Rob Banz wrote: > I would argue that it's out of scope -- credential management should > be taken care of by your credential management system, be it through a > web interface or whatever. Even if it were to be an accepted spec, the > chances of all of the client-writers implementing it, and in a > reasonable way, are slim to none. > Everyone need not implement it. If the protocol is available , I definitely know thunderbird will have at least one extension within 2 days :-) Most smaller companies I know of use username passwords only for mail Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
OT: Enhanced IMAP protocol
Would it be practical to have common protocols like IMAP to support enhanced features For eg. IMAP protocol may possibly support change password. A IMAP server administrator may optionally configure a change-password hook on the server which would change the password on whatever backend he uses for eg ldap or a RDBMS or Active directory The advantage is that the MUA can support change password and the user experience will be a lot better having only a single familiar app to deal with. That will be a lot easier for admins to tell the users to change password regularly rather than giving them a new link and asking them to change password ( .. and that mail looks more like a phishing mail ) Thanks Ram Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
What are the Bottlenecks in lmtpd
I see that sometimes on my cyrus server , when mail is being delivered by postfix. lmtpd takes too long to deliver But strangely enough this happens only "some" times .. and any other time things are working fine. The number of mails received & downloaded per hour are much the same throughout the day (working hours). And this server does nothing else except running cyrus +postfix and mysql for authentication I want to analyse what are the possible bottlenecks for lmtpd whenever it goes slow I have a feeling that the creations of files in /var/spool/imap/stage./ and moving them is taking most of the time Is there any way I can pinpoint what is going wrong. Thanks Ram Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Not able to use smart-sieve
On Sat, 2009-03-07 at 17:04 +0530, ram wrote: > I have been using smart sieve for managing sieve scripts for a long time > Now on my new cyrus 2.3.13 server smart sieve is not able to login at > all. I get a login-failed message everytime > > I am still not sure wether it is a smartsieve issue or a cyrus issue > sivtest script logs in fine > > I googled for smartsieve errors , most of them are regards to pear > errors. I have all the pear modules installed already > > When I try to debug smartsieve , > Mar 7 16:01:04 pop4 smartsieve[26136]: getCryptLib: using rc4 > Mar 7 16:01:04 pop4 smartsieve[26136]: getCryptLib: using rc4 > Mar 7 16:01:04 pop4 smartsieve[26136]: FAILED LOGIN: X > [59.163.11.66] {example}: authenticate: authentication failure > connecting to 127.0.0.1: data received > > > > How do I debug this further ?? > Oops , sorry for replying to my own mail. This was some certificates issue I disabled the certs in imapd.conf and now it is working fine > > Cyrus Home Page: http://cyrusimap.web.cmu.edu/ > Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Not able to use smart-sieve
I have been using smart sieve for managing sieve scripts for a long time Now on my new cyrus 2.3.13 server smart sieve is not able to login at all. I get a login-failed message everytime I am still not sure wether it is a smartsieve issue or a cyrus issue sivtest script logs in fine I googled for smartsieve errors , most of them are regards to pear errors. I have all the pear modules installed already When I try to debug smartsieve , Mar 7 16:01:04 pop4 smartsieve[26136]: getCryptLib: using rc4 Mar 7 16:01:04 pop4 smartsieve[26136]: getCryptLib: using rc4 Mar 7 16:01:04 pop4 smartsieve[26136]: FAILED LOGIN: X [59.163.11.66] {example}: authenticate: authentication failure connecting to 127.0.0.1: data received How do I debug this further ?? Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Pop process hangs in the write()
On Mon, 2009-03-02 at 09:15 -0600, Dan White wrote: > ram wrote: > > I have problem at a clients end exactly same as described in this > > > > http://marc.info/?l=info-cyrus&m=108967188821511&w=2 > > > > A pop process blocks at write() for any mail at random. And they start > > getting pop lock issues > > > > I have checked with the customer , there is no IDS on their network > > Is there any other way I can debug this issue > > > > > > You could enable telemetry logging, which should help to rule out a > problem with the client. > How do I do that ? > - Dan Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Pop process hangs in the write()
I have problem at a clients end exactly same as described in this http://marc.info/?l=info-cyrus&m=108967188821511&w=2 A pop process blocks at write() for any mail at random. And they start getting pop lock issues I have checked with the customer , there is no IDS on their network Is there any other way I can debug this issue Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: migrate from 64 to 32 bits
On Tue, 2009-01-13 at 10:34 +0100, s.de...@computel.nl wrote: > Hi, > > A customer of outs wishes to migrate cyrus and postfix from a 64 bits to a > 32 bits server. Normally I just copy yhe configuration files and several > directories ( /var/lib/imap and /var/spool/imap) but the question is, are > the file compatible in a 32 bits environment when copied from a 64 bits > environment? > > Regards, > How strange , I had a problem doing right the opposite. ( from 32 to 64 ) We migrated the mailboxes , from 32 bit to 64 bit , and all the seen flags got messed up. I had to run imapsync to get all the seen flags set up The best way to do migration is , setup a new server migrate one or two mailboxes and see for yourself what breaks > Stefan de Wal > RHCE > > > Cyrus Home Page: http://cyrusimap.web.cmu.edu/ > Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: 32-bit to 64-bit migration seen flags
On Fri, 2009-01-09 at 11:53 -0500, Wesley Craig wrote: > How are you copying? > > :wes scp-ing the files > > On 09 Jan 2009, at 01:47, ram wrote: > > I am migrating mailboxes from a 32 bit cyrus (cyrus-2.3.7) to a 64 bit > > cyrus (2.3.13) server > > > > When I copy the mailbox seen flags(skiplist) from the 32 bit server to > > the 64 bit servers it does not work. All the mails are flagged as > > unseen > > on the new server > > > > Is there a way I can migrate the seen flags Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
32-bit to 64-bit migration seen flags
I am migrating mailboxes from a 32 bit cyrus (cyrus-2.3.7) to a 64 bit cyrus (2.3.13) server When I copy the mailbox seen flags(skiplist) from the 32 bit server to the 64 bit servers it does not work. All the mails are flagged as unseen on the new server Is there a way I can migrate the seen flags Thanks Ram Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: choosing a file system
On Sat, 2009-01-03 at 13:21 +1100, Rob Mueller wrote: > > Now see, I've had almost exactly the opposite experience. Reiserfs seemed > > to > > start out well and work consistently until the filesystem reached a > > certain > > size (around 160GB, ~30m files) at which point backing it up would start > > to > > take too long and at around 180GB would take nearly a week. This forced > > us > > to move to ext3 and it doesn't seem to be degrade that way. We did, > > however, > > also move from a single partition to 8 of them, so that obviously has some > > effect as well. > > As you noted, changing two variables at once doesn't help you determine > which was the problem! > > Multiple partitions will definitely allow more parallelism, which definitely > helps speed things up, which is one of the other things we have done over > time. Basically we went from a few large volumes to hundreds of > 300G(data)/15G(meta) volumes. One of our machines has 40 data volumes + 40 > meta data volumes + the standard FS mounts. > > $ mount | wc -l > 92 > > We've found that splitting the data up into more volumes + more cyrus > instances seems to help as well because it seems to reduce overall > contention points in the kernel + software (eg filesystem locks spread > across multiple mounts, db locks are spread across multiple dbs, etc) > Running multiple cyrus instances with different dbs ? How do we do that. I have seen the ultimate io-contention point is the mailboxes.db file. And that has to be single. Do you mean dividing the users to different cyrus instances. That is a maintenance issue IMHO. I had the feeling whatever optimizations done at the FS level would give us a max of 5-10% benefit. We migrated from ext3 to reiserfs on our cyrus servers with 30k mailboxes. I am not sure I saw a great benefit in terms of the iowait. At peak times I always see a iowait of 40-60% But the new Solid-State-Disks seem very promising. They are claimed to give 30x the throughput of a 15k rpm disk. If IO improves by 30 times that should make all these optimizations unnecessary. As my boss used to tell me ... Good hardware always compensates for not-so-good software. > Also one thing I did fail to mention, was that for the data volumes, you > should definitely be using the "notail" mount option. Unfortunately that's > not the default, and I think it probably should be. Tails packing is neat > for saving space, but it reduces the average meta-data density, which makes > "stating" lots of files in a directory a lot slower. I think that's what you > might have been seeing. Of course you also mounted "noatime,nodiratime" on > both? > > I think that's another problem with a lot of filesystem benchmarks, not > finding out what the right mount "tuning" options are for your benchmark. > Arguing that "the default should be fine" is clearly wrong, because every > sane person uses "noatime", so you're already doing some tuning, so you > should find out what's best for the filesystem you are trying. > > For the record, we use: > > noatime,nodiratime,notail,data=ordered > > On all our reiserfs volumes. > > Rob > > > Cyrus Home Page: http://cyrusimap.web.cmu.edu/ > Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Storage Sizing: IOPS per mailbox
When sizing a storage device for a large cyrus server, the typical question asked by storage vendors is what is the IOPS required per mailbox M$$ Exchange has this concept of IOPS. and they suggest 1.5 IOPS per mailbox ( heavy users ) If I use postfix and cyrus , on my imap server ( pure IMAP server .. All spam filtering , outgoing mails , authentication etc happens on different servers ) If the storage is used only for imap storage , what is the typical "IOPS" requirement per user We will probably assume 30-50 mails a day of average 100k , and an email client checking for new mail every 5minutes Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
cyrus-sasl pam mysql connections are not getting closed
I am using cyrus-sasl with pam mysql ( on Centos5) The mysql is on a remote server. After some time I find that there are too many connections to mysql open ( using netstat) I restart saslauthd but still these dont away How do I check what the mysql connection is being used for ? and how do I avoid these piling up Thanks Ram Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Delayed Master slave action
While using cyrus replica over a WAN network , I want to delay all the replication for "n" hours Say I store all the master-slave action into logfiles. Then after a time on "n" hours run a batchjob that transfers the logfiles to the slave and "applies" them Is that possible ? Thanks Ram Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Cyrus SASL Hack: Always pass authentication for one host
I am trying to write a hack into pam and always pass authentication for a particular host So I modified pam_mysql.c , but the issue is for cyrus I am always getting rhost as null This is what I put in pam_mysql.c PAM_EXTERN int pam_sm_authenticate(pam_handle_t * pamh, int flags, int argc, const char **argv) { pam_get_item(pamh, PAM_RHOST,(PAM_GET_ITEM_CONST void **)&rhost); syslog(LOG_INFO,"RHOST = %s", rhost); I always get rhost as null. Is there a way I can get rhost set Thanks Ram Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: sieve vacation reposnse gives no response even after end of days specified
On Wed, 2008-11-19 at 12:18 +0100, Marco Colombo wrote: > ram wrote: > > I have a default cyrus installation with cyrus-imapd-2.3 on centos 5 > > People use sieve to set their vacation responses > > > > As per the configuration no response is sent for 1 day > > - > > cat /usr/sieve/i/it/default.script > > > > require "vacation"; > > # Vacation > > vacation :days 1 :addresses "[EMAIL PROTECTED]" "this is a vacation > > response"; > > -- > > > > > > The first vacation response seems to go perfectly fine , but even after > > 1 day the response is not sent again > > > > What could be the issue ? how do I debug this ? > > http://tools.ietf.org/html/rfc5230#section-4.1 > >The minimum value used for this parameter is normally 1. Sites MAY >define a different minimum value as long as the minimum is greater >than 0. > > I think your server has the minimum = 3 days. > > See also: > http://lists.andrew.cmu.edu/pipermail/info-cyrus/2007-August/026550.html > Is there a patch that fixes this value to 1 Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
sieve vacation reposnse gives no response even after end of days specified
I have a default cyrus installation with cyrus-imapd-2.3 on centos 5 People use sieve to set their vacation responses As per the configuration no response is sent for 1 day - cat /usr/sieve/i/it/default.script require "vacation"; # Vacation vacation :days 1 :addresses "[EMAIL PROTECTED]" "this is a vacation response"; -- The first vacation response seems to go perfectly fine , but even after 1 day the response is not sent again What could be the issue ? how do I debug this ? Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Load balance multiple servers with common storage
I have been googling but couldnt see any concrete answer Is it possible to load balance multiple cyrus imapd connections with multiple servers connecting to same common storage Say , I mount the /var/spool/imap and /var/imap and the sieve dir from a SAN box on 2+ servers, Any user trying to access his mailbox will connect to any server using a h/w load balancer Irrespective of which server he connects to he will always see the same mailbox Is this a feasible solution. Will it not create locking issues on the mailboxes.db How many imap processes can a single mailboxes.db handle If I want to give a zero delay response. If there is requirement for more mailboxes , I just add more frontend boxes behind the load balancer. Can this work ? Thanks Ram Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Allow all numeric mailbox names
How do I allow all numeric mailbox names in cyrus On my old cyrus imapd server( 2.2.38) when I create a numeric mailbox and try logging in on pop I get an error immediately after giving username [EMAIL PROTECTED] root]# telnet localhost 110 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. +OK POP3 server ready user 821012 -ERR [AUTH] Invalid user Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Auto-deletion of messages in Junk-folder after a certain time
On Tue, 2008-07-15 at 19:50 +1000, Bron Gondwana wrote: > On Mon, Jul 14, 2008 at 01:54:01PM +0200, Marten Lehmann wrote: > > Hello, > > > > we have a virtual domain configuration and I want to remove all messages > > within the folder > > > > user/@/Junk/* > > Being the filty perl programmer that I am, I would just make an admin > IMAP connection to the server, LIST all mailboxes, regex match the ones > I wanted, select them and process them. I used to do the same , But I found a client connection script too slow & too heavy for my server with 40k mailboxes I use ipurge now , but ipurge seems to have some bug. If I dont use "-f" the mailbox under sub domains using realm is not matched (So just hacked into ipurge.c to do my job ) Thanks Ram Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Permission denied on a MaillBox
On Tue, 2008-04-08 at 12:17 +0200, Riccardo Riva wrote: > Hi all, > > i have a Cyrus Server on which an admin had deleted the unix user > (biinded to a mailbox) but not the mailbox. > At this moment i'm not able to delete the mailbox using cyradm because > when I'm trying to do dm user. I have the follow : > > deletemailbox: Permission denied > > If I try to set acl again on the mailbox, I'll have : > > setaclmailbox: cyrus: lrsiwpcda: System I/O error > On the file system the "cyrus" user must own the mailbox directory if it is not chown it appropriately For eg , on my system( RHEL ) chown cyrus:mail /var/spool/imap/domain/* > what can I do to delete that mailbox ? > > I've just even try to reconstruct to mailbox using > > /usr/lib/cyrus/bin/reconstruct -rfx "user.mailbox" > > but without any results. > > Thanks in advance > > Riccardo > > > Cyrus Home Page: http://cyrusimap.web.cmu.edu/ > Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: can not run cyradm from remote server .. realm gets appended to username
On Mon, 2008-04-07 at 14:01 +0200, Alain Spineux wrote: > On Thu, Apr 3, 2008 at 11:33 PM, ram <[EMAIL PROTECTED]> wrote: > > On my cryus imap server , when I try login from my localserver cyrus > > login works > > You used localhost ? Only localhost is working then. > Try using the IP address you used from your remote server, it should fail too. > > > > > > > But when I login from a remote server realm gets added autmatically , > > causing login to fail > > man imad.conf, look for "virtdomains" option, it use the ip address of > your interface to guess a > realm. The key is arround options virtualdomains, defaultdomains and > loginrealms, > but it depend of what you want ! Dou you have multiple domains ? > Yes I have multiple domains. I need support for virtualdomains Actually I solved the issue , using a silly workaround. I had another interface on the remote cyrus server and when I cyradm to the secondary interface IP, No realm gets attached in SASL. No idea why it works , but it sure does !! > > > > > > In my sasl logs I can see for a local connection > > - > > saslauthd[21947] :do_auth : auth success: [user=cyrus] > > [service=imap] [realm=] [mech=pam] > > saslauthd[21947] :do_request : response: OK > > -- > > > > > > > > > > > > For a remote connection > > - > > saslauthd[24011] :do_auth : auth failure: > > [EMAIL PROTECTED] [service=imap] [realm=netcore.co.in] > > [mech=pam] [reason=PAM auth error] > > -- > > > > > > What can be seen simply is that the realm netcore.co.in is getting added > > automatically. How can I avoid this > > > > > > Cyrus Home Page: http://cyrusimap.web.cmu.edu/ > > Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki > > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html > > > > > Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
cyrus perdtion , connections not dying
I have a 40k user cyrus server , and I am trying to scale up by trying to add a perdition server infront of this server so that we can add more servers ( Both servers dell 2950 with 8GB RAM ) But the problem I have the moment I install a perdition server is that , the number of pop connections do not seem to reduce at all once started. I had 10 connections in morning and with 15 minutes the number of connections went to 3000. And on the real server the connections are all full Usually we have around 700k simultaneous pop connections on the real servers now with perdition we have 3000+ connections How do I get perdition close connections quickly Thanks Ram Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
can not run cyradm from remote server .. realm gets appended to username
On my cryus imap server , when I try login from my localserver cyrus login works But when I login from a remote server realm gets added autmatically , causing login to fail In my sasl logs I can see for a local connection - saslauthd[21947] :do_auth : auth success: [user=cyrus] [service=imap] [realm=] [mech=pam] saslauthd[21947] :do_request : response: OK -- For a remote connection - saslauthd[24011] :do_auth : auth failure: [EMAIL PROTECTED] [service=imap] [realm=netcore.co.in] [mech=pam] [reason=PAM auth error] -- What can be seen simply is that the realm netcore.co.in is getting added automatically. How can I avoid this Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Adding a X-Delivered-To header
On Fri, 2008-02-15 at 20:22 +0100, FORMER 03 | Baltasar Cevc wrote: > Hi Ram, > > > > On 14.02.2008, at 06:30, ram wrote: > >> Can I configure cyrus deliver command to insert a X-Delivered-To > >> header > >> for every mail > >> > >> I looked up the man page for deliver(8) There is mention of inserting > >> the envelope sender not the recipient > >> > If I'm not mistaken, there is no such option in Cyrus. You'd have > to do it in your MTA if you need it. > In Postfix you could use enable_original_recipient which would add > an X-Original-To header (done by the cleanup process, thus also > works when delivering to cyrus via lmtp). I don't have much > experience with other MTAs so I can't say anything about them. > > Baltasar > I have been trying to get this working via postfix. But without luck. Apparently I have to change the cyrus delivery mechanism to pipe Have you already done this Can you share your master.cf Thanks Ram Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Adding a X-Delivered-To header
Can I configure cyrus deliver command to insert a X-Delivered-To header for every mail I looked up the man page for deliver(8) There is mention of inserting the envelope sender not the recipient Thanks Ram Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
how is cyrus murder different from perdition
http://cyrusimap.web.cmu.edu/twiki/bin/view/Cyrus/CyrusCluster shows different clusters. I have got perdition working , but that is purely for loadbalancing I havent tried murder yet , but on the face of it seems same as perdition in the features Thanks Ram Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
cyrus replication how does it work
I was looking at the replication doc here at http://cyrusimap.web.cmu.edu/imapd/install-replication.html ( seems incomplete ) Is there a complete documentation somewhere. I had a few questions 1) How does replication happen 2) Can it happen to more than one slave 3) Does replication also replicate the mailboxes ( users ? ) Thanks Ram Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
auth against mssql server
Can I use an mssql server for authentication for my cyrus imap server Thanks Ram Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
is it possible to add a delevered-to header
I want to use a cyrus-mailbox as a multidrop box for our one client. The local delivery is done by fetchmail which requires a delivered-to header for multidrop boxes Can I configure lmtp to add an X-delivered-to header I know this may break the single instance storage functionality , But supose I want to opt out is this possible. Thanks Ram Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
regenerate quota files
We us a cyrus imap server(2.2.3) , with maiboxes created by a perl-Cyrus-Admin script. Which creates mailbox and calls setquota() for every mbox I have sometimes seen that the quota files are not created / go missing for some mailboxes at random. Is there any way I can debug why this happens ? Now If on a live mailbox the quota file is missing , How can I regenerate the quota files Thanks Ram Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
pam_mssql plugin for cyrus-sasl
I wish to authenticate my cyrus imap users against a Micro$oft SQL server Database How can this be done , I was searching for pam_mssql on lines of pam_mysql but I cant seem to get a single working link for download Thanks Ram Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
index on custom headers for fast ipurge
I am setting up a cyrus imap server with 40k-80k mailboxes I have a particular requirement that some particular messages should be deleted from all mailboxes.These are the usual yada-yada system notifications no one reads For this I plan to add custom headers in al these notifications and run ipurge for all mails with that header Is this possible ? Alternatvely I could use an ImapClient script to logon to the mailboxes and delete the mails. But I wont have passwords for all mailboxes ? Thanks Ram Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
ADS authentication with SASL works with old password
I am using cyrus with SASL authenticating against an ADS server The problem is when user changes the password , Both the old password and new password work. So the user has to change the password twice to *really* change the password. I tried restarting saslauthd , cyrus etc but doesnt help Where is the old password getting cached ?? Thanks Ram Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Cyrus with a NFS storage. random DBERROR
I testing cyrus with a NFS storage by two *identical* cyrus + postfix servers Both /var/spool/imap and /var/imap are mounted by both servers ( the socket directory is moved out of the mount) Everything seems working fine but I find sometimes dupelim doesnt work. I tried to debug , I get errrors like these in my maillog DBERROR: skiplist recovery /var/imap/deliver.db: ADD at E2C8 exists What could be the reason ? I am using cyrus-imapd 2.3.7 on centos 4.4 on both servers , with a NetAPP box for storage Thanks Ram Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Restrictive access to some users
Hi, On our cyrus server some users need access from office as well as from outside our LAN. So we nat the imap port on our firewall and people are able to access But Contract employees need not access mails from outside the office. How can I allow access for such users only from the office Thanks Ram Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: saslauthd pam_mysql problem for virtualdomains
On Tue, 2007-04-17 at 12:50 +0530, ram wrote: > I have a pam_mysql setup with a simple mysql table > and saslauthd is running with the "-r" option on > If I test with a user on the primary domain it works fine , but for a > user on any other domain there is an auth failure > > > > --- > cat /etc/pam.d/imap > #%PAM-1.0 > auth sufficient pam_mysql.so user=mail passwd=password verbose=1 > host=localhost db=mail table=users usercolumn=email > passwdcolumn=password crypt=0 > > auth sufficient pam_unix_auth.so > > auth required pam_mysql.so user=mail passwd=password verbose=1 > host=localhost db=mail table=users usercolumn=email > passwdcolumn=password crypt=0 > > account sufficient pam_unix_acct.so > > Sorry for bothering you all I found the issue the third line in pam.d should be "account required" instead of "auth required" Thanks Ram Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
saslauthd pam_mysql problem for virtualdomains
I have a pam_mysql setup with a simple mysql table and saslauthd is running with the "-r" option on If I test with a user on the primary domain it works fine , but for a user on any other domain there is an auth failure --- cat /etc/pam.d/imap #%PAM-1.0 auth sufficient pam_mysql.so user=mail passwd=password verbose=1 host=localhost db=mail table=users usercolumn=email passwdcolumn=password crypt=0 auth sufficient pam_unix_auth.so auth required pam_mysql.so user=mail passwd=password verbose=1 host=localhost db=mail table=users usercolumn=email passwdcolumn=password crypt=0 account sufficient pam_unix_acct.so -- /usr/sbin/testsaslauthd -u shantanu -p shantanu -s imap 0: OK "Success." /usr/sbin/testsaslauthd -u shantanu -r xyz.com -p test -s imap 0: NO "authentication failed" But pam_mysql logs in /var/log/secure report no errors at all So what could be the issue - pam_mysql - SELECT password FROM users WHERE email = '[EMAIL PROTECTED]' Apr 17 07:17:56 indiamart saslauthd[16123]: pam_mysql - pam_mysql_sql_log() called. Apr 17 07:17:56 indiamart saslauthd[16123]: pam_mysql - pam_mysql_sql_log() returning 0. Apr 17 07:17:56 indiamart saslauthd[16123]: pam_mysql - pam_mysql_check_passwd() returning 0. Apr 17 07:17:56 indiamart saslauthd[16123]: pam_mysql - pam_sm_authenticate() returning 0. Apr 17 07:17:56 indiamart saslauthd[16123]: pam_mysql - pam_mysql_release_ctx() called. Apr 17 07:17:56 indiamart saslauthd[16123]: pam_mysql - pam_mysql_destroy_ctx() called. Apr 17 07:17:56 indiamart saslauthd[16123]: pam_mysql - pam_mysql_close_db() called. --- Thanks Ram Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Cyrus authentication with ADS
Is there a how to of authenticaing cyrus against and ADS server Can I use sasl with PAM and configure the ADS in my /etc/ldap.conf Thanks Ram Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Cyrus virtual domains quota
I have cyrus server with ~600 virtual domains ( cyrus-imapd-2.3.7 on centos 4.4 ) Can I have a quota for every virtual domain I give quota to every user, but I want to be able to let domain administrator manage quotas of their own email users Does cyrus support this Thanks Ram Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html