Re: Recent (probably MacOS) mail app provoking endless cyrus.index writes on 2.3 server. [WARNING: DKIM validation failed]

[Matt Elson]

> So the exact text after the OK response doesn't matter, but it MUST
> be SP followed by at least 1 TEXT-CHAR.
>
> This is pretty easy to patch in 2.3.x if you're forced to remain
> there for reasons.  It is, of course, fixed in later versions.
>
> Bron.
>
>

I'm seeing this issue in my environment.. I think.  I'm only *fairly* 
sure - I see clients that are identifying themselves as 10.11 causing 
lots of entries showing up in the sync log and a whole lot of index 
churning on.. usually smaller folders, luckily.  I've been trying to 
track down a test machine to validate, but resources are quite limited 
where I am.

But I'm a bit confused about the current working theory as to what's 
causing Mail.app to go into its strange loop.

My Cyrus (RedHat provided 2.3.16-13.el6_6 with a very minor local patch) 
responds to EXPUNGE with " OK COMPLETED" as near as I can tell.. 
which seems spec compliant if I understand the above.

* OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID 
MUPDATE=mupdate://redacted.example.com/ AUTH=GSSAPI AUTH=PLAIN 
AUTH=LOGIN SASL-IR COMPRESS=DEFLATE] redacted.example.com Cyrus IMAP 
Murder v2.3.16-Fedora-RPM-2.3.16-13.el6_6 server ready
A0001 login REDACTED PASSWORD
A0001 OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID 
MUPDATE=mupdate://redacted.example.com/ LOGINDISABLED AUTH=GSSAPI 
AUTH=PLAIN AUTH=LOGIN COMPRESS=DEFLATE ACL RIGHTS=kxte QUOTA 
MAILBOX-REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT CHILDREN 
MULTIAPPEND BINARY SORT SORT=MODSEQ THREAD=ORDEREDSUBJECT 
THREAD=REFERENCES ANNOTATEMORE CATENATE CONDSTORE SCAN IDLE LISTEXT 
LIST-SUBSCRIBED X-NETSCAPE URLAUTH] User logged in
A0002 SELECT Trash
* FLAGS (\Answered \Flagged \Draft \Deleted \Seen)
* OK [PERMANENTFLAGS (\Answered \Flagged \Draft \Deleted \Seen \*)]
* 4560 EXISTS
* 0 RECENT
* OK [UNSEEN 1]
* OK [UIDVALIDITY 1347582296]
* OK [UIDNEXT 6437]
* OK [NOMODSEQ] Sorry, modsequences have not been enabled on this mailbox
* OK [URLMECH INTERNAL]
A0002 OK [READ-WRITE] Completed
A0003 idle
+ idling
done
A0003 OK Completed
A0004 EXPUNGE
* 4560 EXISTS
* 0 RECENT
A0004 OK Completed


In fact a 2.4.18 install I'm building (I'm using this issue as an excuse 
to prioritize a long time coming upgrade) seems to respond to expunge in 
the same way.


* OK [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE 
MUPDATE=mupdate://redacted.example.com/ STARTTLS AUTH=LOGIN AUTH=PLAIN 
AUTH=DIGEST-MD5 SASL-IR] redacted.example.com Cyrus IMAP Murder 
v2.4.18-Invoca-RPM-2.4.18-1.el7.centos server ready
A0001 login redacted redacted
A0001 OK [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE ACL RIGHTS=kxte QUOTA 
MAILBOX-REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT CHILDREN 
MULTIAPPEND BINARY CATENATE CONDSTORE SORT SORT=MODSEQ SORT=DISPLAY 
THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE WITHIN SCAN XLIST 
URLAUTH X-NETSCAPE MUPDATE=mupdate://redacted.example.com/ LOGINDISABLED 
COMPRESS=DEFLATE IDLE] User logged in 
SESSIONID=
A0002 SELECT Trash
* 0 EXISTS
* 0 RECENT
* FLAGS (\Answered \Flagged \Draft \Deleted \Seen)
* OK [PERMANENTFLAGS (\Answered \Flagged \Draft \Deleted \Seen \*)] Ok
* OK [UIDVALIDITY 144503] Ok
* OK [UIDNEXT 1] Ok
* OK [HIGHESTMODSEQ 1] Ok
* OK [URLMECH INTERNAL] Ok
A0002 OK [READ-WRITE] Completed
A0003 idle
+ idling
done
A0003 OK Completed
A0004 EXPUNGE
A0004 OK Completed

(And fastmail's IMAP responds with a OK Completed, and I assume it 
represents the most up to date Cyrus :P)

Am I misunderstanding the theoretical issue?  My IMAP-fu is a little 
rusty these days and I'm a bit bleary eyed so apologies in advance if 
I'm missing something obvious - I'm just testing by typing the commands 
in raw since imaptest is panicking on me and I've not had time to sort 
that out (though my Thunderbird debug log also shows an OK Completed as 
a repsonse).

It does seem from one of the trace logs from the Apple discussion that 
there is a version of Cyrus that responds with just OK, but.. it's not 
all 2.3.x 's at the very least :P.

Sorry again if this noise and thanks in advance for any clarification 
someone can give.

Matt








Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Impact of mismatched improved_mboxlist_sort in murder environment?

[Matt Elson]

Hey all,

I'm in the middle of moving from a 2.2.13p1 Murder environment to a
2.3.16 Murder, moving the backends first. I've been moving people over
slowly (thousand or so now, I think) and while running a few checks, I
got the following error when I ran ctl_mboxlist -m -w

fatal error: Internal error: assertion failed: ctl_mboxlist.c: 297:
strcmp(realpart, unused_mbdata-server)

Poking around I would get this on certain mailboxes that ctl_mboxlist
would hit, so I shuffled a few of the problematic mailboxes to a test
server, where they would show the same error.

After hitting my head against the wall, I noticed that the new (2.3.16)
backends have improved_mboxlist_sort: 1 set, whereas the
not-yet-upgraded frontends (2.2.13p1)+mupdate servers, well, don't even
have the option ;).  I guessed that this mismatch might be the problem,
and while I've not done any extensive testing since the system is live,
if I shutdown the test server with my problematic mailboxes, dump the
mailboxes.db there, turn off improved_mboxlist_sort, and reload the
dump, I can issue ctl_mboxlist -m -w till my heart is content.

Outside of ctl_mboxlist functions, everything's fine and I haven't
noticed anything amiss, but (obviously) that doesn't mean there isn't
some problem waiting to bite me.

I guess the question is 1) if I'm right that my problems are likely
related to improve_mboxlist_sort, and 2) if anyone has any idea what
sort of other problems I may encounter due to this mismatch.

Due to circumstances beyond my control, getting downtime in my
environment (even for what should be a straight forward dump/reload)
anytime soon is going to be problematic, but I can push for it if
necessary.  On the other hand, if the problem is relatively harmless and
going to sort itself out once I get the mupdate server to 2.3.16, I'm
fine with waiting until then or upgrading the mupdate server sooner.  

Thanks in advance for any thoughts!

Matt,
Wishing he could go straight to 2.4.x.  Sigh.

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/

Re: Move of mailboxes

[Matt Elson]

 Is there a recommended procedure to do the move? Any pointers (even to
 pitfalls) are welcome.

I'm actually in the middle of migrating two backends of a Murder
(2.2.13p1) to new machines (and Cyrus version, 2.3.16, though it doesn't
sound like you're switching Cyrus versions in your case).  Full
disclosure, no idea if this is the recommended procedure and 2.2.13's
probably too old to be that useful, but it's been working for me.

The way I've been doing it is writing a small script that:

1) Checks $cyrus_var/proc to see if the user is logged in.
2) If they are not, connects to one of the proxy frontends, changes
permissions on the mailbox to (temporarily) stop the user from
manipulating it if they were to log in mid transfer.
3) Issue a rename (which I think ultimately just makes an XFER call to
the appropriate backend?) of the format: user.melson user.melson
mailboxes3.example.com!partition1 (for example).
4) Set the permissions back to normal after success. (I may be changing
this permission switching to temporarily deny the user authentication,
that method just didn't fit my environment when I started this).

The script's just some perl using Cyrus::IMAP::Admin, and it should be
fairly easily to replicate in anything with an IMAP library.

(It's basically the same process I use to shuffle people between
backends in the murder environment normally, which was handy from a
laziness standpoint; the process is used for moving from 2.3.16-2.3.16
backends as well)

It's been pretty successful so far, no user has noticed anything amiss
(that said, most of my users are relatively light users), and delivered
email just gets queued up during the transfer as near as I can tell. 
I've found it to be an ideal way to go about migration/upgrades - I can
introduce users into the new environment slowly to catch configuration
glitches, make sure I didn't misjudge the resources I would require,
etc, etc.  Very handy.  It's been good about catching problems, even (I
have a customization that extends the valid characters in mailboxes I
forgot to apply on the new machines; the XFER noticed right away and
left the user's mailbox unmoved and unmolested)

Oh, one thing I forgot - I'm fairly sure you *do* have to set
allowusermoves: 1 in your configuration if you're using this method.

The gotchas I've run into are probably more quirks of the environment
I'm working with or relics of a relatively old Cyrus at this point, but
I'll share them in case they are useful.

*) I've had some weirdness if the transfer gets interrupted in the
middle (I forget the exact symptom, but the mailbox on the home spool
was flagged as REMOTE (or something like that), but it hadn't actually
made it over to the new machine - a simple ctl_mboxlist -m on the
backend fixed it up since the frontend had the right information).
*) This is probably more my environment than anything else, but I've had
to throttle the moves and not run too many simultaneous moves in
parallel or I basically overwhelm the server I'm migrating from - it
seems to actually be the delete of the mailbox from its old home that
hits the hardest.  I've not looked into it much, because, old crusty
server (2.4 kernel, ext3 file system; like I said, probably my
environment :P).

-- 
  Matt Elson
  mel...@fastmail.net


Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/

Mixed Cyrus Version Murder?

[Matt Elson]

Hello all,

Sorry if this has been answered or is an obvious place like the 
documentation, but I've not had any luck finding information on this. 
Is there a way to have a Cyrus murder that has mixed Cyrus versions in 
it?  That is to say, have one backend server running 2.2.13 and another 
running 2.3.8?  We're hoping to upgrade our backend servers by setting 
up a new server running 2.3.8, joining it to the murder, and then simply 
using cyradm to move mailbox from the old backends to the new ones (with 
the process repeated for each machine where applicable)

It seems like this would cause problems since the mailboxes.db would be 
different between the mupdate master and the various backends, but I 
figured it couldn't hurt to ask.  I'd love to test it, but am lacking 
time and development machines at this particular moment...

Any ideas?  Anyone else ever try to do this?

Thanks in advance,

---
Matt Elson
Unix Systems Administrator
Wesleyan University

Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Re: backup imapd with TSM

[Matt Elson]

Hans Moser wrote:

Hi!

Does anyone actually backup and restore Cyrus IMAPd with Tivoli Storage 
Manager (TSM)?




We've use TSM coupled with the snapshot capability of our NetApp filer 
to do backups here.  The system was automated for awhile with a simple 
web frontend, but some changes on the backend have rendered it manual again.


We restore the given mailbox( or mailboxes) underneath a heading called 
restored, subscribe the user to it, set the permissions to be lrs for 
the user, and let them move the mail out that they want.  After a fixed 
amount of time (two weeks) we then destroy the restored mailbox.


The procedure is roughly (using restoring my inbox (only) as an example):

1) Copy the info from tape to the location of the new mailbox

dsmc restore -ina /var/spool/imap/P/user/melson/ /var/spool/imap/P/restored/

2) Reconstruct the mailbox.

reconstruct -p default restored.melson

(I have no idea why I'm not using -f for this.. wrote the stuff months 
ago when I was still getting the hang of some of this so I may have 
simply not known any better)


Then you just set permissions as you would like, subscribe the user to 
the mailbox, and let them know that there's a restored mailbox waiting 
for them.


It's worked fairly well for us.

--
Matt Elson
Unix Systems Administrator
Wesleyan University

Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Sendmail cyrusv2 mailer IGNOREQUOTA argument?

[Matt Elson]

Hey all,

Not sure if this is the right place (perhaps a sendmail list would be 
better?) and apologies if this is documented somewhere (I've looked and 
look, but have had no luck), but is there an argument or flag I can pass 
to the cyrusv2 mailer to have it use the IGNOREQUOTA extension of LMTP?


As far as why I would want this, the current way email quota is handled 
is that all communications within the network are not subject to quota 
restrictions.  We currently have a homegrown system that queries the 
appropriate mailbox store and produces entries in a sendmail access.db 
on our MX machines to reject users over quota. It works fine for our 
purposes and it will have to stick around for a variety of reasons, but 
I'd really like to put the quota information for Cyrus users in Cyrus. 
There's a number of IMAP clients that can use the QUOTA extension which 
could be very useful to our users, and well, it seems like a waste to 
not put this information in Cyrus.  It might make my querying of Cyrus 
for mailbox size go a little bit smoother too, for all I know (now I 
look at some sort of ANNOTATEMORE flag that gives me the current size).


However, in order to do this, I need a way to make sure that all 
internal mail will flow through to Cyrus users, even when they are over 
quota.  My hope was to have it setup so that the mail server users use 
to send mail (quite separate from where incoming mail comes from) would 
just always send IGNOREQUOTA (since anyone using it has to be 
authenticated) to Cyrus which I'm assuming means that the mail could 
easily be delivered.


Again, apologies if this is documented somewhere, I've dug around for it 
and I even tried to read the mailer itself, but Sendmail configuration 
syntax makes my poor newbish brain hurt something fierce.  Seems like I 
could probably put something together using deliver, but I was hoping to 
avoid that if possible..


As far as our Cyrus setup, it's a cyrus 2.2.13 murder w/ two frontends, 
two backends, and the mupdate server on one of the frontends.  lmtpd 
listens on the frontends for connections coming from other machines 
running sendmail.


Matt Elson
Unix Systems Admin
Wesleyan University

Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Question about LSUB *% behavior in Cyrus v2.2.13 Murder...

[Matt Elson]

Hi (hope this is the right place),

Apologies in advance if this is easily answered; I'm setting up a Cyrus 
Murder configuration for work, and am admittedly new to such things, so 
my problem may be pure idiocy on my part.


Basically, I'm having a problem with LSUB *% reporting on the front 
proxy layers when altnamespace is enabled.  In short, the query doesn't 
grab the prefix for users and shared folders (Other Users and Shared 
Folders) which squirrelmail (why I'm even looking into this) uses to 
build a list of mailboxes (and appropriate hierarchy); the end result is 
mostly a cosmetic problem as near as I can tell, but people seem to be 
tied to such thing so it is unfortunately something I have to look into. 
   Making the same query directly on the backend machines directly 
results in the answer squirrelmail is expecting.


In any case, I was wondering if this is expected behavior or a 
configuration error on my part, or even if anyone else has run into this 
and can lend a hand.


Again, apologies if my answer is located somewhere, I tried to find 
information but just haven't had much luck.


Details below, more available upon request:

Non-authentication related configs are:

(frontends)
unix_group_enable:  true
altnamespace:   true
allowusermoves: true
allowallsubscribe:  true

(backends)
altnamespace:   true
unix_group_enable:  true
hashimapspool:  true
allowusermoves: true
fulldirhash:true
allowallsubscribe:  true

The query/response:

* OK frontend1 Cyrus IMAP4 Murder v2.2.13 server ready
a OK User logged in
a LSUB  *%
* LSUB () . Drafts
* LSUB () . Sent
* LSUB () . Spam
* LSUB () . Trash
* LSUB (\Noselect \HasChildren) . testfolder
* LSUB () . testfolder.testnest
* LSUB () . Shared Folders.shared_test
a OK Completed

* OK backend2 Cyrus IMAP4 v2.2.13 server ready
a OK User logged in
a LSUB  *%
* LSUB () . Drafts
* LSUB () . Sent
* LSUB () . Spam
* LSUB () . Trash
* LSUB (\Noselect \HasChildren) . testfolder
* LSUB () . testfolder.testnest
* LSUB (\Noselect \HasChildren) . Shared Folders
* LSUB () . Shared Folders.shared_test

Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html