Re: What you do with old account

2020-06-09 Thread Adam Tauno Williams
On Tue, 2020-06-09 at 15:51 +0200, Albert Shih wrote:> 
> After switching to cyrus imap, I think about how to do that.
> If I'm correct I cannot just copy the file somewhere else, because cyrus
> database would keep the information about the existance of the mailbox, so
> what will the «state of the art» way to remove a mail account and all the
> mail.
> And how what would be the «state of the art» way to put it back ?

I create a calendar event [task] to delete the mailbox and otherwise
just leave it. If the account itself is disabled it cannot be accessed.

Putting things back-into a mailstore is too much of a pain with current
storage prices.

-- 
Adam Tauno Williams, awill...@whitemice.org
Multi-Modal Activists Against Auto Dependent Development
resisting the unAmerican socialists of the Motorist hegemony
http://www.mmaaadd.org 

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus


Re: FWD: Confused about Deleted and Expunged

2020-01-17 Thread Adam Tauno Williams
> I found some entries like:
> [...] cyrus/imap[5918]: Expunged 1 messages from
> test.tld!user.test.spam
> What is the difference between the above entry and the below entry
> (lower and capital
> expunged)?
> [...] cyrus/cyr_expire[14039]: Expired 0 and expunged 0 out of 144674
> messages from 818
> mailboxes
> The "Expunged" message should come from some imap-client (don't know
> which)? 

Yes, an IMAP client issued an EXPUNGE.  

> The "expunged" are from the command line execution of
> "/usr/sbin/cyrus expire [...]".

This looks for Expunged messages to Expire.

It is a three phased delete; which is beautiful.

Message Deleted  (becomes candidate for expunge)
  -> Message Expunged (becomes candidate for expiration) 
  -> Message Expired

The first two steps are performed by the client/user.  The final step
is performed by the administrator, expressed via the server's policy as
defined in cyrus.conf.



Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus


Re: FWD: Confused about Deleted and Expunged

2020-01-17 Thread Adam Tauno Williams
> This command seems to work on Ubuntu 18.04. (cyrus-imapd 2.5.10-
> 3ubuntu1)
> In /usr/sbin there is no cyr_expire but now i found a
> /usr/lib/cyrus/bin/cyr_expire
> The result is the same, no files were deleted, the log file entry is
> the same as when i
> use the "/usr/sbin/cyrus expire [..]" command
> Can anybody confirm this "/usr/sbin/cyrus expire [..]" command on
> Ubuntu?

What happens if you su to the cyrus user and try to run the command you
see in cyrus.conf ?

-- 
Adam Tauno Williams, awill...@whitemice.org
Multi-Modal Activists Against Auto Dependent Development
resisting the unAmerican socialists of the Motorist hegemony
http://www.mmaaadd.org 

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus


Re: caldav and invitation

2019-11-10 Thread Adam Tauno Williams
> i ve got this in the log
> imip_send_sendmail(t...@test.domain.com): Sendmail process terminated 
> normally, exit status 0
> But if i look in the calendar of titi or in the mailbox I see nothing (I 
> ve have been testing with thunderbird and evolution)
> There is nothing explaining well how it is supposed to work in the  
> cyrus documentation so maybe i'm missing something
> does someone could explain what to expect when i invite someone in a even

Do you have "server handles invitations" in the account setup in
Evolution?

-- 
Adam Tauno Williams, awill...@whitemice.org
Multi-Modal Activists Against Auto Dependent Development
resisting the unAmerican socialists of the Motorist hegemony
http://www.mmaaadd.org 

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus


Re: Suggested feature and contribution

2019-07-22 Thread Adam Tauno Williams
On Fri, 2019-07-19 at 09:48 +0200, Egoitz Aurrekoetxea wrote:
> When said an alert I meant a Nagios alert for instance…

Almost every NMS could catch this if there was a distinct enough log
[syslog] message.   It would be nice if more subsystems produced
distinct log messages on suspicious|strange events.

-- 
Executive Committee Chair
Michigan Association of Railroad Passengers
537 Shirley St NE Grand Rapids, MI 49503-1754 Phone: 616.581.8010
E-mail: awill...@whitemice.org GPG#D95ED383 


Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: 2FA and IMAP

2019-04-22 Thread Adam Tauno Williams
On Sun, 2019-04-21 at 23:09 +0200, Marcus Schopen wrote:
> Hi,
> 
> a friend wants to restrict access to his mailbox with 2FA. As
> webmailer I use Roundcube, which offers a 2FA plugin. But in the end
> this is pointless, because besides the webmailer there is also the
> native IMAP access available. Is it therefore possible to restrict
> the access to a single IMAP account to a certain IP so that this
> mailbox can only be accessed via the Roundcube?

I doubt it, but maybe.  

All the authentication stuff is handled by SASL - not really Cyrus -
and SASL is deeply configurable.

https://www.cyrusimap.org/sasl/

-- 
Adam Tauno Williams, awill...@whitemice.org
Multi-Modal Activists Against Auto Dependent Development
resisting the unAmerican socialists of the Motorist hegemony
http://www.mmaaadd.org 

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus


Re: Cyrus 2.4 and unexpunge messages.

2019-01-02 Thread Adam Tauno Williams
On Wed, 2019-01-02 at 09:20 +0100, chose wrote:
> I've unexpunged messages in the mail box, all is recovered but the 
> flag "deleted" persist, so Roundcube see the email as deleted and
> the emails are grey.

Yes, this is correct.  Unexpunge unexpunges, it does not undelete
[delete in IMAP being a flag].  This a feature, not a bug [IMAP handles
deletes in a consistent, reliable, sane, standard way vs. the hackish
behavior implemented by most MUAs].

>    Did I missed some step to full  recover emails ?

They are fully recovered; you can mark them as undeleted via the
client.

-- 
Executive Committee Vice-Chair
Michigan Association of Railroad Passengers
537 Shirley St NE Grand Rapids, MI 49503-1754 Phone: 616.581.8010
E-mail: awill...@whitemice.org GPG#D95ED383 


Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus


Re: Question for upgrading

2018-12-17 Thread Adam Tauno Williams
On Mon, 2018-12-17 at 10:40 +0100, Egoitz Aurrekoetxea wrote:
> I think (and say think :) )I finally found a method. Although I'm
> testing it deeply... it seems (say seems too :) ) 2.4 is compatible
> with a mail spool in 2.3 (at least with my config). So I'll try to
> upgrade first to 2.4 and later to 3.0 setting up a replication from
> 2.4 to 3.0. Would be fine if Bron, Ellie or someone at Fastmail could
> tell something about it to us :) :)

Yes, I have performed an in-place upgrade of 2.3 to 2.4.  Other than
some delay due to index reconstruction it went very smoothly.

The only issues I recall is that some users got some deleted messages
back after the reconstruct, and there were some mailboxes which lost
Seen status;  I never figured out why [they were related to that
handful of users which somehow always have problems with everything].

-- 
Executive Committee Vice-Chair
Michigan Association of Railroad Passengers
537 Shirley St NE Grand Rapids, MI 49503-1754 Phone: 616.581.8010
E-mail: awill...@whitemice.org GPG#D95ED383 


Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus


Re: CentOS 6, cyrus-imapd 2.3.16-15.el6, postfix 2.6.6-8.el6, procmail 3.22-25.1.el6_5.1, squirrelmail 1.4.22-5.el6

2018-06-21 Thread Adam Tauno Williams
> Squirrelmail and (local for now) imapd.  But I cannot figure out how
> to either get cyrus-imapd to either access the local mail spool
> (/var/spool/mail) 

You can't.  Cyrus virtuously replaces /var/spool/mail.  Postfix
delivers mail into Cyrus, which stores it - and the **ONLY** way mail
is accessed is via Cyrus (IMAP, POP, JMAP).

You should configure Postfix to deliver to Cyrus via LMTP (local mail
transport protocol).

mailbox_transport = lmtp:unix:/var/lib/imap/socket/lmtp

[root@aleph ~]# fuser -u /var/lib/imap/socket/lmtp
/var/lib/imap/socket/lmtp:  4611(cyrus) 23327(cyrus)

> mailboxes.  When I forcably use deliver to try to deliver mail
> (manually  calling the deliver program, it says the mailboxes don't
> exist.  cyradm says  they do, but cannot reconstruct them or make sub
> mailboxes (permission denied).  Very strange.  What am I missing?

I haven't used deliver in decades.  Using LMTP avoids all the hazards
of old-school 'file processing'


Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus


Re: Cyrus (Sieve) and external programs

2018-06-08 Thread Adam Tauno Williams
> sa-learn would be the way to go, but my spamassassin is not on the
> same server as my mailboxes. I tried solution with a common mailbox
> and something like fetchmail on my spamassassin machine, but could
> not get it to work as I intended.
> You are right about learning based on user experience, but as it is a
> score based learning I would like to try to see how it goes. Maybe
> I'll come to regret it but well...

The fetchmail method works.

In the spamd home directory create a .fetchmailrc file like:

poll aleph.wmmi.net protocol IMAP:
user {user} with password {secret}

Where {user} is a system account with access to the user.{user}.SPAM
folders.

Then you want to run:
fetchmail --verbose --keep --all --norewrite  --folder
'user.{user}.SPAM' --mda '/usr/bin/sa-learn --spam'  AS THE "spamd"
USER for each user.

It works for smallish systems.   Easily enough adapted to learn from
one centralized folder provided your mail client has an easy way to get
SPAM reported messages into that folder.


-- 
Meetings Coordinator, Michigan Association of Railroad Passengers
537 Shirley St NE Grand Rapids, MI 49503-1754 Phone: 616.581.8010
E-mail: awill...@whitemice.org GPG#D95ED383 Web: http://www.marp.org

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus


Re: message "unable to setsocketopt(IP_TOS)" in logs

2018-02-16 Thread Adam Tauno Williams
On Fri, 2018-02-16 at 08:55 +0100, Chentao Credungtao via Info-cyrus
wrote:
> cyrus/master[7082]: unable to setsocketopt(IP_TOS) service
> lmtpunix/unix: Operation not supported 
> cyrus/master[7082]: unable to setsocketopt(IP_TOS) service
> notify/unix: Operation not supported 

It is likely just the configuration of your host/nodes/whatevers.

ToS is frequently disabled as it is deprecated.  ToS comes from RFC1349
which was obsoleted by RFC2474 and RFC2475.  So in many cases the
failure of the call is treated as a non-critical event.

RFC2474, which obsoletes ToS, was released in December of 1999.

Some routers might still pay attention to ToS bits, but probably not.
And many routers will rewrite your ToS to zero either way.

You can happily ignore these messages.

If you want to dig further you will have to try to grant the process
the CAP_NET_ADMIN capability, which might make it work.

Capabilities are what allow you to do things like run ping as non-root.

# sudo getcap /usr/bin/ping
/usr/bin/ping = cap_net_raw+ep

So you can add the capability to the Cyrus binaries if it is important
to you;  provided the feature is supported in the underlying OS.

sudo setcap  cap_net_admin+ep {application}

Note that there are potential security issues created by giving
applications capabilities.

-- 
Adam Tauno Williams <mailto:awill...@whitemice.org> GPG D95ED383

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus


Re: Why Cyrus?

2018-01-17 Thread Adam Tauno Williams
> > I'd say it's the better choice for large-scale deployments with
> > tens and hundreds of thousands of users.
> Cyrus does not require creating users on the mail server which I 
> have always believed is a big security plus.

+1  Cyrus having its own identity management has been a big plus; the
server as kind of a service-sandbox.

> > > I use Cyrus because Dovecot did not excist at the time I wanted
> > > to go away from Washington IMAP. 
> > I'm in the same boat. 
>  The same kind of thing for me because there was not much around in
> the late 90's in the way of IMAP servers.

Same here.  I migrated from UW l-o-n-g ago as UW so desperately
struggled with large mailboxes.

> > Right, but for a new deployment I would at least consider Dovecot.
> > I've never administrated a Dovecot server, but it is definitely
> > much easier to set up than Cyrus. 
>  I am not so sure about that now.

Agree [but, honestly, I've never understood the cyrus-is-complicated
bit].  Cyrus is self-contained, which makes it much easier to
administer.

> I believe Cyrus was designed to solve the mailstore problem at scale
> from the outset.

This.

-- 
Meetings Coordinator, Michigan Association of Railroad Passengers
537 Shirley St NE Grand Rapids, MI 49503-1754 Phone: 616.581.8010
E-mail: awill...@whitemice.org GPG#D95ED383 Web: http://www.marp.org

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus


Re: Thunderbird and "Login to server failed".

2017-10-05 Thread Adam Tauno Williams
On Thu, 2017-10-05 at 16:50 +0200, Dr. Peer-Joachim Koch wrote:
> Yes, seems to work. (-n 5 -> -n 50 - no problems any more).
> Has anybody tried to use -c -t (c = caching, t=timeout for cache).
> What about users changing the password 

I have always used caching;  password changes have not been a problem,
a negative response invalidates the cache entry. AFAIK it only caches
positive attempts.

-- 
Meetings Coordinator, Michigan Association of Railroad Passengers
537 Shirley St NE Grand Rapids, MI 49503-1754 Phone: 616.581.8010
E-mail: awill...@whitemice.org GPG#D95ED383 Web: http://www.marp.org

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus


Re: list of IMAP extensions

2017-06-22 Thread Adam Tauno Williams

Quoting Stephen Ingram :

Is there a comprehensive list of IMAP extensions supported by Cyrus-IMAP
2.4.x and 3.x? Not the RFCs, but the actual extensions like QRESYNC and
THREAD=REFS.


So not https://cyrusimap.org/imap/rfc-support.html ?




Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus


Re: Error in /var/log/maillog ...

2017-06-12 Thread Adam Tauno Williams

Quoting "Walter H. via Info-cyrus" :

on my CentOS6 I see this error
Jun 12 08:02:33 mail master[1941]: setrlimit: Unable to set file
descriptors limit to -1: Operation not permitted


It is normal-ish.

It might be useful to look at /etc/security/limits.conf and ulimits in  
general.




Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus


Re: Problems with paragraph characters in SASL passwords?

2017-05-27 Thread Adam Tauno Williams
On Sat, 2017-05-27 at 10:30 -0300, Patrick Boutilier wrote:
> > I am very happy with Cyrus imapd since many years. I am using it to
> > host all IMAP mail boxes of my company. I am using SASL and its
> > tools (mainly saslpasswd2) for password management. The primary
> > IMAP client in the company is Thunderbird.
> > As soon as the password contained a paragraph character ("§"),
> > Cyrus / SASL refused the connection due to a wrong password even
> Works for me from a telnet to port 143 then issuing:
> . login  
> replacing user and password with correct values.
> But it does fail in Thunderbird.

Yep, I have experienced this type of issue numerous times.  A variety
of clients fail to correctly encode the authentication credentials -
particularly if you are using a chat-expect authorization like PLAIN or
LOGIN.   To have something that always works it is best to keep
usernames and passwords to ASCII/UTF-7.

This is not a SASL bug. 

This is an every-client-rolled-their-own issue. :(

-- 
Meetings Coordinator, Michigan Association of Railroad Passengers
537 Shirley St NE Grand Rapids, MI 49503-1754 Phone: 616.581.8010
E-mail: awill...@whitemice.org GPG#D95ED383 Web: http://www.marp.org

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus


Re: Did calculating the quota change from 2.3 to 2.5?

2016-11-30 Thread Adam Tauno Williams via Info-cyrus
> > If you use imapsync, it doesn't know about that, and will upload
> > the same message twice. 2.5 doesn't have the smarts to recognise
> > that it's the same message.
> imapsync can only sync mail the old server knows about. And in the
> end there is more quota used on the new server!?
> The only explanation is the quota on the old server is broken, isn't
> it?

No, IMAP doesn't know about deduplication;  so imapsync between two
servers dededuplicates.  imapsync may also repair damaged or missing
message headers - meaning the messages are no longer are the same - so
a tool like hardlinks will not return you to the same count in du as on
the old server.

And then there is the [virtuous] issue of delayed expunge.

-- 
Adam Tauno Williams <mailto:awill...@whitemice.org> GPG D95ED383
Systems Administrator, Python Developer, LPI / NCLA

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus


Re: Migrating mailbox data from Cyrus to MicroSoft Office 365 using their import tool.

2016-11-27 Thread Adam Tauno Williams via Info-cyrus
On Wed, 2016-06-22 at 17:28 +0200, Eric Luyten via Info-cyrus wrote:
> After trying for a couple of days I have come to the conclusion
> that the Office 365 IMAP import tool uses the LOGIN authentication
> mech while Cyrus requires PLAIN or stronger for proxying to work.
> Even when only announcing AUTH=PLAIN in our server capabilities,
> Microsoft executes LOGIN ... ...

Has anyone gotten this to work using an administrative account [cyrus,
for example] and the "optional UserRoot attribute"?  It seems ideally
suited - but it does not appear to work?

EmailAddress,UserName,Password,UserRoot
fred@office365domain,cyrus,P@assw0rd,user.fred

https://support.office.com/en-us/article/CSV-files-for-IMAP-migration-b
atches-187ce085-9a83-4612-80a2-f562b3049fc2


-- 
Adam Tauno Williams <mailto:awill...@whitemice.org> GPG D95ED383
Systems Administrator, Python Developer, LPI / NCLA

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus


Re: Xapian search databases

2016-11-07 Thread Adam Tauno Williams via Info-cyrus
On Thu, 2016-11-03 at 10:47 +1100, Bron Gondwana via Info-cyrus wrote:
> Just out of interest - is anyone other than Fastmail currently using
> the Cyrus Xapian-based search system?

Not using Xapian.

-- 
Adam Tauno Williams <mailto:awill...@whitemice.org> GPG D95ED383
Systems Administrator, Python Developer, LPI / NCLA



Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus


Re: watching and processing a Spam folder for each user

2016-09-29 Thread Adam Tauno Williams via Info-cyrus
> While I can see this being a neat built-in feature of a mail server
> like Cyrus IMAP, I doubt it exists.  I'd be happy to be corrected.

Good old fecthmail.

fetchmail --verbose --all --norewrite  \
  --folder 'user.awilliam.SPAM' --mda '/usr/bin/sa-learn --spam'

> I wonder if such a beast exists.  I'd love any pointers if anyone
> knows of such.

Yes, you probably already have it installed.


-- 
Adam Tauno Williams <mailto:awill...@whitemice.org> GPG D95ED383
Systems Administrator, Python Developer, LPI / NCLA



signature.asc
Description: This is a digitally signed message part

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: how to deal with mail retention/archival.

2016-08-26 Thread Adam Tauno Williams via Info-cyrus
On Fri, 2016-08-26 at 12:11 -0500, Jason L Tibbitts III via Info-cyrus
wrote:
> > > > > > "GR(" == Giuseppe Ravasio (LU) via Info-cyrus <
> > > > > > info-cyrus@lists.andrew.cmu.edu> writes:
> GR(> I saw that someone proposed to make a sort of abuse of delayed
> GR(> expunge, but I think that in order to comply with regulatory
> GR(> retention should be better considering some specific software.
> True, but it seems odd (to me, in a situation where I don't have
> infinite money) to have basically two mail servers: one which
> actually
> removes things when the user deletes stuff and one which doesn't.

But that is essentially archival - on-the-same-system is not archival. 
 It is also, potentially, still available to be easily changed;  which
is not good when the intent is retention.

> I guess they can be optimized for different things, but it still 
> seems odd when we already have a server that can store as much mail 
> as you want, provides a means to access and search it with ACLs for 
> auditors and such, and of course is already installed and running.

Do you want to give auditors access to your production systems?  
Generally I want to give them the qualifying information and have them
go away.

> If it were possible to hook the message deletion functions in cyrus 
> to move things to a different place in the hierarchy and then control
> expiry on those differently than the regular folders, it would 
> probably be sufficient.  But that requires code and I don't have the 
> skills to write it.

What you are talking about is "tiered storage".  That has been talked
about in the past - I don't know if anyone has implemented it.

> Certainly not super featureful but frankly
> when the lawyers want something, I just dump mail files on them and 
> let them sort it out.

Exactly!  So perhaps just dump them out of the system in the first
place.


-- 
Adam Tauno Williams <mailto:awill...@whitemice.org> GPG D95ED383
Systems Administrator, Python Developer, LPI / NCLA



Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus


Re: how to deal with mail retention/archival.

2016-08-26 Thread Adam Tauno Williams via Info-cyrus
On Fri, 2016-08-26 at 16:13 +, Shawn Bakhtiar via Info-cyrus wrote:
> > On Aug 26, 2016, at 8:35 AM, Giuseppe Ravasio (LU) via Info-cyrus <
> > info-cyrus@lists.andrew.cmu.edu> wrote:
> > I saw that someone proposed to make a sort of abuse of delayed
> > expunge,
> > but I think that in order to comply with regulatory retention 
> > should be better considering some specific software.
> I don't see how using delayed expunge would really be consider abuse,
> the documentation makes mention of its use for this very reason.

+1


> We use rsync to make a duplicate of the email spool to a file server
> at regular intervals, which eventually makes its way to tape.


Same here.  And always_bcc to a shared folder which is dumped to an
MBOX file via fetchmail at an interval.  Those can be archived or even
shipped off-site.

> Although we don't have regulatory requirements I've had to do a few
> recoveries and have done so without problem. 

I always advise people to be hesitant about "we don't have regulatory
requirements" as if you are a legal corporation of any kind, in almost
all of the 50 states [United States], you are under data retention
rules - even if you don't know it.  Which you will discover when you
are involved in a law suit - saying "uhh... yeah, we don't have those e
-mails" will not be good.

> > Finding something in the delayed_expunge folders after many years
> > of archive will absolutely be a nightmare!

Most states [again the United States] allow a corporation to have on
file a documented data retention policy that states how long you retain
e-mails;  which if you comply with you will be OK.  The policy just
needs to be 'reasonable'.  For example: where I work we say 120 days. 
 No need - at least for legal reasons - to have years of archives.

Obviously requirements vary by industry - but almost everyone is
actually under some kind of requirement.

-- 
Adam Tauno Williams <mailto:awill...@whitemice.org> GPG D95ED383
Systems Administrator, Python Developer, LPI / NCLA



Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus


Re: how to deal with mail retention/archival.

2016-08-26 Thread Adam Tauno Williams via Info-cyrus
On Fri, 2016-08-26 at 10:07 -0400, Alvin Starr via Info-cyrus wrote:
> Well the MTA still does not deal with archival because it will need
> to be passed through to Yet Another MDA to handle the archival and
> management process.

I'm not sure what you mean.  You can archive to a 'shared' folder or
into an MBOX to be processed by something which rotates content.

> For the pure archival of the input/output stream including duplicate
> deliveries and all spam always_bcc into YAMDA would work.

always_bcc and delayed expunge work for us.

> In my thinking Cyrus is responsible for the storage and management of
> email so archival would be a part of that process.

It has to be the MTAs responsibility as Cyrus very possibly does not
see *sent* mail; or messages which are somehow otherwise routed.

-- 
Adam Tauno Williams <mailto:awill...@whitemice.org> GPG D95ED383
OpenGroupware Developer <http://www.opengroupware.us/>



Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus


Re: [POLL] Cyrus ACLs and group names

2015-11-17 Thread Adam Tauno Williams via Info-cyrus
On Tue, 2015-11-17 at 07:40 +1100, Bron Gondwana via Info-cyrus wrote:
> For those of you using Cyrus with group ACLs, how are your groups
> named?
> I know with the auth_unix backend, they are
> 'group:'.  What I've seen from CMU's groups is that they
> are of the form ':'.

Ours are group:

-- 
Adam Tauno Williams <mailto:awill...@whitemice.org> GPG D95ED383
Systems Administrator, Python Developer, LPI / NCLA



Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus


Re: delprune on a single mailbox

2015-11-04 Thread Adam Tauno Williams via Info-cyrus
globally in cyrus.conf delprune is set to
> > > > delprunecmd="/usr/sbin/cyrus expire -E 1 -X 7 -D 7"
> > > > at=0501
> > > > For a single mailbox I don't want to keep deleted mails for 7
> > > > days,
> > > > but
> > > > expire them immediately or once a day per cron. How to do that?
> > > Forogt to say that delete_mode and expunge_mode is set to
> > > delayed.
> > > Via cron this should work for an immediate cleanup/expire:
> > You can set an expire annotation per mailbox.  
> How do I do that? From cyr_expire manpage:
> "The value of the /vendor/cmu/cyrus-imapd/expire annotation is
> inherited by all children of the given mailbox, so an entire mailbox
> tree can be expired by seting a single annotation on the root of that
> tree. If a mailbox does not have a /vendor/cmu/cyrus-imapd/expire
> annotation set on it (or does not inherit one), then no messages are
> expired from the mailbox."

Via cyradm -

cyrus.example.com> mboxcfg user.adam expire 365 
cyrus.example.com> info user.adam 
{user.adam}: 
  condstore: false 
  duplicatedeliver: false 
  expire: 365 
  lastpop:  
  lastupdate: 13-Aug-2008 19:37:31 -0400 
  partition: default 
  sharedseen: false 
  size: 12325671

AFAIK the annotations supported by cyradm/mboxcfg are:

* comment – A free-form text comment or description to be attached to
the mailbox.
* condstore – This annotation is only supported in the 2.3.x release
series starting with 2.3.3 although its use is not recommended until
2.3.8. As of the 2.4.x release series CONDSTORE functionality is
enabled on all mailboxes regardless of annotation and attempting to set
this annotation will result in a permission denied message. On releases
where this annotation is supported setting a value of “true” will
enable CONDSTORE functionality1.
* expire – If an expire value is provided messages will be
automatically deleted from the mailbox once the specified number of
days has elapsed.
* news2mail - 
* sharedseen - Enables the use of a shared \Seen flag on messages
rather than a per-user \Seen flag. The 's' right in the mailbox ACL
still controls whether a user can set the shared \Seen flag.
* sieve – In the case of a shared folder the “sieve” parameter
specifies the name of a global SIEVE script that will be used for every
message delivered to the folder.  This value is ignored for personal
mailboxes (mailboxes including and subordinate to a user's INBOX).
* squat – Flags the mailbox to be included for indexing when the SQUAT
process performs index generation.


> But is it possible to expunge a message immediately when it's deleted
> by client and not with the next expire run?

Not if delayed expunge is enabled AFAIK; that would defeat the purpose.

-- 
Adam Tauno Williams <mailto:awill...@whitemice.org> GPG D95ED383
OpenGroupware Developer <http://www.opengroupware.us/>



Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: delprune on a single mailbox

2015-11-02 Thread Adam Tauno Williams via Info-cyrus
On Sun, 2015-11-01 at 14:40 +0100, Marcus Schopen via Info-cyrus wrote:
> Am Sonntag, den 01.11.2015, 13:35 +0100 schrieb Marcus Schopen via
> Info-cyrus:
> > Hi,
> > globally in cyrus.conf delprune is set to
> > delprunecmd="/usr/sbin/cyrus expire -E 1 -X 7 -D 7" at=0501
> > For a single mailbox I don't want to keep deleted mails for 7 days,
> > but
> > expire them immediately or once a day per cron. How to do that?
> Forogt to say that delete_mode and expunge_mode is set to delayed.
> Via cron this should work for an immediate cleanup/expire:

You can set an expire annotation per mailbox.  Downside is that I
believe the annotation will be 'inherited' but subordinate mailboxes;
which stinks for some use-cases.


> su - cyrus -c "/usr/sbin/cyrus expire -E 1 -X 0 -D 0 -v -p
> user.mailboxname"

FYI, I believe with the very latest Cyrus the "su -" is unnecessary as
it will automatically handle the context change when run as root.


-- 
Adam Tauno Williams <mailto:awill...@whitemice.org> GPG D95ED383
Systems Administrator, Python Developer, LPI / NCLA



Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus


Re: Shared folder permissions

2015-07-30 Thread Adam Tauno Williams
On Thu, 2015-07-30 at 19:09 +0100, John wrote:
> I set the ACL to lrswiptek and it then shows as lrswipktecd. Have I 
> missed a database migration step at some point in the past? The 
> current server is running 2.4.12 (and I have a project to move it all 
> to 2.5.x soon).

Don't use d & w if you want fine-grained permissions control; old d, r
& w imply other permissions.  If I recall correctly: d = t+x and w
implies d.


-- 
Adam Tauno Williams <mailto:awill...@whitemice.org> GPG D95ED383
Systems Administrator, Python Developer, LPI / NCLA


Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus


Re: Using Roundcube with cyrus?

2015-02-12 Thread Adam Tauno Williams
On Thu, 2015-02-12 at 00:35 +0100, Marcus Schopen wrote:
> Am Dienstag, den 03.02.2015, 10:10 -0600 schrieb Patrick Goetz:
> > Argh!  That was it.  I thought I had removed this, but it must have 
> > re-appeared while I was substituting configuration options in and out 
> > while trying to get this to work.
> > Thanks so much for your help!
> For performance check imapproxy too. I've installed imapproxy on
> roundcube side and connect via openvpn to cyrus on another host.

With any webmail interface you will want to use imapproxy.

-- 
Adam Tauno Williams <mailto:awill...@whitemice.org> GPG D95ED383
Systems Administrator, Python Developer, LPI / NCLA


Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus


Re: User mail spool partitioning mystery

2015-01-19 Thread Adam Tauno Williams
On Fri, 2015-01-16 at 17:02 -0600, Patrick Goetz wrote: 
> That's it! Thanks for the heads up!  I assumed that all the spool hash 
> options only applied when you actually have more than one partition, 
> which I don't.

Yep, the phrasing in the man-page is not clear.  In the past it has
confused me as well.

> Unfortunately this is going to complicate my ability to use the 
> excellent migration plan outlined by Nic Berstein on 2014-12-19. 
> mailboxes.db will know about the spool files in their old, hashed 
> location, which I'd like to get rid of, since all the mail resides on 
> one physical partition anyway, so having it set up this way just adds 
> unnecessary directory structures.

I do not see how they add "unnecessary directory structures", the point
of hashing is to avoid very large [fat] directories by making the tree
deeper and more narrow verses fat and shallow.  In some cases [albeit in
large part historic] this improves performance due to technicalities of
file-system operation.

I would recommend just keeping the hashes if that is what you have now.
There no significant benefit to eliminating them.

-- 
Adam Tauno Williams <mailto:awill...@whitemice.org> GPG D95ED383
Systems Administrator, Python Developer, LPI / NCLA


Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus


Re: cyrus 2.4.17 -- file descriptor limit set to -1?

2015-01-19 Thread Adam Tauno Williams
On Thu, 2015-01-15 at 11:17 +, Geoff Winkless wrote: 
> RLIM_INFINITY is defined as ~0ULL, at least on my system. If it's cast
> to a signed value, that will come out at -1, no?
> My problem with systemd isn't that it doesn't work,

It works.

> it's that it's all-pervasive and viral, and forces people who've been
> using standard unix mechanisms for 20 years to learn something
> completely different for no visible concrete advantage.

There are many advantages, but this is not the place to debate the
much-debated systemd.

Resource contol on modern LINUX systems is managed via "cgroups".  This
was added to the kernel quite some time ago to avoid all the ulimit
nonsense and concomitant hacks.

<https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Resource_Management_Guide/ch01.html>

Systemd relies on cgroups.

cgroups are a huge step forward and make administration much easier and
more flexible.

I do not know what distribution you are using but /etc/security/limits
is generally still effective as well.  If you want to run unlimited
change it to:

default:
fsize = -1

- which has been the "correct" way to do this for a very long time.

> As a user rather than a sysadmin it 

If you are running an IMAP host then you are a sysadmin. 


-- 
Adam Tauno Williams <mailto:awill...@whitemice.org> GPG D95ED383
Systems Administrator, Python Developer, LPI / NCLA


Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus


Re: User mail spool partitioning mystery

2015-01-19 Thread Adam Tauno Williams
On Fri, 2015-01-16 at 14:57 -0600, Patrick Goetz wrote: 
> I have a couple of existing cyrus 2.3.16 installs with this partitioning 
> configuration in imapd.conf:
>defaultpartition: default
>partition-default: /home/cyrus/mail
> I create users using cyradm:  cm user.myuser
> and the user mail spool folder has this heirarchy:
>mail
>  |
>a
>| user
>| auser1
> I just assumed that this structure was built in to cyrus; however on my 
> new 2.4.17 install the partition settings in imapd.conf are similar:
>defaultpartition: default
>partition-default: /srv/cyrus
>unixhierarchysep: yes   <--- (now using this)
> however all newly created users (cyradm:  cm user/myuser) are dumped 
> into a single folder:
>cyrus
>  |
>user
>  | myuser
> I simply can't find any difference in the configuration files that 
> result in this discrepancy.  Was the [a-z] partitioning in the 2.3.16 
> install baked in to the Debian cyrus package I used, say in cyradm?

The difference is directory hashing,  which apparently you had turned on
previously and how have disabled.

To get the old behavior I believe you want:

  fulldirhash: false
  hashimapspool: true

Perhaps the default values changed between these versions.

-- 
Adam Tauno Williams <mailto:awill...@whitemice.org> GPG D95ED383
Systems Administrator, Python Developer, LPI / NCLA


Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus


Re: LAS shoutout for FastMail

2015-01-11 Thread Adam Tauno Williams
On Mon, 2015-01-12 at 10:28 +1100, Robert Norris wrote: 
> Thanks for the heads up! Its pretty exciting to see all the interest
> in JMAP :)

Is there / will there be JMAP support in/for Cyrus IMAPd? 
-- 
Adam Tauno Williams <mailto:awill...@whitemice.org> GPG D95ED383
Systems Administrator, Python Developer, LPI / NCLA


Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus


Re: sieve vacation with start and end date

2014-12-30 Thread Adam Tauno Williams
On Tue, 2014-12-30 at 08:39 -0500, Adam Tauno Williams wrote: 
> On Sun, 2014-12-28 at 10:20 +0100, Marcus Schopen wrote: 
> > does sieve vacation understand a start and end date? Something like this
> > does not work:
> > ---
> > require ["date", "relational", "vacation"];
> > if allof(currentdate :value "ge" "date" "2007-06-30",
> >  currentdate :value "le" "date" "2007-07-07")
> > { vacation :days 7  "I'm away during the first week in July."; }
> > ---
> > System: cyrus 2.4.12 on Ubuntu 12.04 LTS
> It may or may not;  depends on what extensions/plugins are activated in
> your SIEVE.  Is the above documented syntax from somewhere?

It looks like there is an open bug.

Implement date extension (rfc5260) 
<https://bugzilla.cyrusimap.org/show_bug.cgi?id=3724>

> Horde's Ingo application uses regular expressions to match dates in
> order to implement vacation start/end.  I believe date matching in SIEVE
> is a relatively recent thing, and I am not sure to what level it is
> implemented [anywhere].

-- 
Adam Tauno Williams <mailto:awill...@whitemice.org> GPG D95ED383
Systems Administrator, Python Developer, LPI / NCLA


Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus


Re: sieve vacation with start and end date

2014-12-30 Thread Adam Tauno Williams
On Sun, 2014-12-28 at 10:20 +0100, Marcus Schopen wrote: 
> does sieve vacation understand a start and end date? Something like this
> does not work:
> ---
> require ["date", "relational", "vacation"];
> if allof(currentdate :value "ge" "date" "2007-06-30",
>  currentdate :value "le" "date" "2007-07-07")
> { vacation :days 7  "I'm away during the first week in July."; }
> ---
> System: cyrus 2.4.12 on Ubuntu 12.04 LTS

It may or may not;  depends on what extensions/plugins are activated in
your SIEVE.  Is the above documented syntax from somewhere?

Horde's Ingo application uses regular expressions to match dates in
order to implement vacation start/end.  I believe date matching in SIEVE
is a relatively recent thing, and I am not sure to what level it is
implemented [anywhere].

-- 
Adam Tauno Williams <mailto:awill...@whitemice.org> GPG D95ED383
Systems Administrator, Python Developer, LPI / NCLA


Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus


Re: restore from cyrdump

2014-12-17 Thread Adam Tauno Williams
On Tue, 2014-12-16 at 16:58 -0600, Patrick Goetz wrote: 
> On 12/16/2014 01:42 PM, Andrew Morgan wrote:
> > I forgot about one additional thing we do - we dump the mailboxes.db to
> > a flat file once an hour via cron.  That would allow us to (mostly)
> > recover from a corrupted mailboxes.db file.  Just like a full restore,
> > we would need to run a reconstruct on every mailbox, I think.
> I thought the whole point of reconstruct was to rebuild mailboxes.db, 
> but then I took another look at the reconstruct man page and noticed:
>-m NOTE: CURRENTLY UNAVAILABLE
>   Rebuild the mailboxes file. Use whatever data in the
>   existing  mailboxes file it can scavenge, then scans
>   all partitions listed in the imapd.conf(5) file for
>   additional mailboxes.
> now it's no longer clear to me what reconstruct does.  I guess rebuild 
> the {configdir}/user///cyrus.* files?

Yes.  If one restores message files to a mailbox folder then reconstruct
will add them back in as messages.  I have had to do this in the past -
but now with delayed expunge... I cannot remember the last time I needed
to use it.

It was more commonly used back when Cyrus IMAPd was somewhat less
awesome than it is now.  As of 2.4.x I've used the dumps primarily just
as (a) paranoia and (b) change auditing.  I have put back annotions and
some other small stuff by looking at dumps.  I doubt it has much role in
a full-restore unless you are trying to recover from corruption [which I
have experienced in the past due to a crappy EMC storage controller, not
fun].

-- 
Adam Tauno Williams <mailto:awill...@whitemice.org> GPG D95ED383
Systems Administrator, Python Developer, LPI / NCLA


Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus


Re: sasl_mech_list in imapd.conf ?

2014-12-16 Thread Adam Tauno Williams
On Tue, 2014-12-16 at 08:30 -0600, Dan White wrote: 
> On 12/16/14 08:23 -0600, Dan White wrote:
> >If using the Ubuntu sasl packages, use saslpluginview to list available
> >plugins.
> Make that 'saslpluginviewer'.

The cyrus-sasl package on CentoS, RHEL, SUSE, and openSUSE all provide
"/usr/sbin/pluginviewer" which reports available SASL mechanisms.

-- 
Adam Tauno Williams <mailto:awill...@whitemice.org> GPG D95ED383
Systems Administrator, Python Developer, LPI / NCLA


Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus


Re: Possible to authorize as different user?

2014-12-12 Thread Adam Tauno Williams
Quoting Steinar Kaarø :
> A related feature in Cyrus does not seem to work as stated in the man page:
> "imapmagicplus: 0
> Only list a restricted set of mailboxes via IMAP by using  
> userid+namespace  syntax  as  the  authentication/authorization id.  
> Using userid+ (with an empty namespace) will list only subscribed  
> mailboxes."
> Providing a namespace after + does not have any effect, and a  
> comment in the source says that this is not implemented.

You should file a bug if that is the case.

I have never heard of such a feature.


Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus


Re: annotation_definitions and other options in imapd.conf

2014-12-03 Thread Adam Tauno Williams
Quoting Patrick Goetz :
> This is from the imapd.conf man page:
>annotation_definitions: 
>  File containing external (third-party) annotation definitions.
> - Does anyone have any idea what this means or what this is used for?

Defining custom annotation strings?  The server does not let you stuff  
anything the client wants into the annotation database, it has to be a  
an approved string.

> Also, there are any number of options in imapd.conf that don't make any
> sense to me.  For example,
>auth_mech:
> - Isn't this handled by SASL?

Partially, yes.  Don't forget that identity management is AAA - three  
As, not one.  Authorization, Authentication, Accounting.

>autocreatequota:
>  If  nonzero,  normal  users  may create their own IMAP accounts by
>  creating the mailbox INBOX.  The user's quota is set to the  value
>  if it is positive, otherwise the user has unlimited quota.
> - How can you create an INBOX if you don't already have an IMAP account?

There is no such thing as an "IMAP account" (again AAA not A).  You  
authenticate to the IMAP server, and then you create a mailbox.  Or  
the administrator has provisioned one of the auto-create patches.

>defaultacl: anyone lrs
>  The Access Control List (ACL) placed on a newly-created
>  (non-user) mailbox that does not have a parent mailbox.
> - That sounds interesting; how does one go about creating a non-user
> mailbox?

??? A shared mailbox.  See "sharedprefix".   I suggest you need to  
spend a bit more time with Cyrus and general IMAP documentation.

>implicit_owner_rights: lkxa:
>  The implicit Access Control List (ACL) for the owner of a mailbox.
> - Why wouldn't the default include t?  It seems weird that owners can
> deleted mailboxes but not messages by default.

I've never had occasion to set such a directive.  But some people have  
bizarre configurations or need to support broken e-mail clients.

>ldap_* options
>   - Again, I thought all authentication is handled by SASL?

Again, it is AAA not A.

> In the debian version of /etc/cyrus.con, this comment appears:
># this is only necessary if idlemethod is set to "idled" in imapd.conf
>#idled  cmd="idled"
> - idlemethod is not a listed option in `man imapd.conf`

Is this a current version of Cyrus?  I suspect this is a bit of Debian  
fossilization.



Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus


Re: Possible to authorize as different user?

2014-12-02 Thread Adam Tauno Williams
Quoting Steinar Kaarø :
> Is it possible to authorize as a different user when logging into Cyrus
> using an ordinary mail client? From what I understand this is only

"Is it possible to authorize as a different user when logging into  
Cyrus" <--- Yes, that is just SASL.  Do this all the time.

"using an ordinary mail client" <--- Almost certainly not.

> possible in Cyrus when using SASL PLAIN, but are there any clients that
> support the authorization part of the PLAIN mechanism?

None that I am aware of.

Probably Mulberry did, as it supported *everything*; but is very  
moribund if not simply gone [licensing was always bizarre].





Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus


Re: Mail not visible after restore from backup.

2014-09-15 Thread Adam Tauno Williams
On Mon, 2014-09-15 at 10:12 -0400, Tom Plancon wrote: 
> I inherited this installation, unfortunately! 
> I'm running "reconstruct" inside cyradm. Running "version" inside
> cyradm I get this:

I do not believe that way of accessing the reconstruct feature supports
options.  Use the reconstruct utility.

  sudo -u cyrus  /usr/lib/cyrus-imapd/reconstruct -r -k -f user.fred

Paths may vary based upon distribution and packages.

I believe this in covered in the Cyrus documentation available @
<http://cyrusimap.org/docs/cyrus-imapd/> and/or take a look at the Cyrus
chapter in my `book` @
<http://sourceforge.net/projects/coils/files/WMOGAG.pdf/download>

Comments on documentation are appreciated. 
-- 
Adam Tauno Williams <mailto:awill...@whitemice.org> GPG D95ED383
Systems Administrator, Python Developer, LPI / NCLA


Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus


Re: Cyrus-imapd can't find my mail

2014-09-15 Thread Adam Tauno Williams
On Fri, 2014-09-12 at 14:03 -0700, John Oliver wrote: 
> I'm pretty certain this is because it just doesn't know where to look,
> but I'm not sure how to tell it :-(
> I was using http://www.linuxmail.info/postfix-dovecot-ldap-centos-5/ as
> a guide, but needed to switch to cyrus-imapd  I think cyrus doesn't know
> how to look in /var/vmail/ as the vmail user.

"cyrus doesn't know how to look in /var/vmail/ as the vmail user"

Neither does a dolphin know how to fly; that documentation is not about
Cyrus.

Try reconstructing the mailbox after you put message files back.

  sudo -u cyrus  /usr/lib/cyrus-imapd/reconstruct -r -k -f user.fred

Paths may vary based upon distribution and packages.

Use the Cyrus documentation available @
<http://cyrusimap.org/docs/cyrus-imapd/> and/or take a look at the Cyrus
chapter in my `book` @
<http://sourceforge.net/projects/coils/files/WMOGAG.pdf/download>

Comments on documentation are appreciated.  Writing documentation is
hard - feedback helps; sometimes if you understand something your
explanation has holes only the less advanced reader can point out.

-- 
Adam Tauno Williams <mailto:awill...@whitemice.org> GPG D95ED383
Systems Administrator, Python Developer, LPI / NCLA


Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus


Re: replication

2014-04-22 Thread Adam Tauno Williams
On Mon, 2014-04-21 at 22:34 +0600, Eugene M. Zheganin wrote:
> If I'm using replication, and master goes offline for a moment, and I 
> have some mail delivered on replica (from SMTP, beacuse I kinda have 
> SMTP configured to deliver on localhost, and IMAP master is also a CARP 
> master), how do I handle this situtation when master is back online (and 
> the mail starts to be delivered on master, and some mail is technically 
> lost, because it's on replica) ?

If this happens, and you cut-over mail delivery, the slave should become
the master.  They should flip roles.  Cyrus replication is not
multi-master [at least not yet - that will be an awesome day].

-- 
Adam Tauno Williams <mailto:awill...@whitemice.org> GPG D95ED383
Systems Administrator, Python Developer, LPI / NCLA


Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus


Re: imap cyrus

2014-04-22 Thread Adam Tauno Williams
> > are you telling me that cyrus-imap does not work together with qmail-ldap ?
> > Are you serious ?
> Please let's keep the discussion on the mailing list. And please do not 
> top-post.
> Frankly speaking, I do not care for qmail-ldap. qmail is a software dead 
> since over a decade.

Postfix maps can almost certainly emulate whatever qmail-ldap is doing.

> My point was that the mail structure cyrus-imapd uses is not Maildir. 

+1  Cyrus is *not* Maildir.

-- 
Adam Tauno Williams <mailto:awill...@whitemice.org> GPG D95ED383
Systems Administrator, Python Developer, LPI / NCLA


Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus


Re: cyrus sieve redirect action and SPF

2014-04-17 Thread Adam Tauno Williams
On Thu, 2014-04-17 at 12:27 +0300, Deniss wrote:
> Original envelope From of an email is used when redirect is set in sieve
> to resend the mail to another email address.
> This plays bad with SPF.
> May be the mails should be send from user's own email while 'Reply-To:'
> header become set to point to the original sender ?

But then it wouldn't be "redirect" anymore;  a feature of redirect is
that it does not monkey about with the message.  What you want is a
"forward" action.

-- 
Adam Tauno Williams <mailto:awill...@whitemice.org> GPG D95ED383
Systems Administrator, Python Developer, LPI / NCLA


Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus


Re: Sieve service terminated abnormally

2014-02-28 Thread Adam Tauno Williams
On Thu, 2014-02-27 at 15:34 -0300, Fabio S. Schmidt wrote:

> I'm running Cyrus 2.4.14 with Aggregator and this messages appears
> several times on my frontend logs: 
> service sieve pid 10238 in BUSY state: terminated abnormally

I have not seen that message.  Do you end up with a core file?

> What does this mean? Do I have to increase the maxchild for the sieve
> service or my clients are doing something wrong?

Are you clients unable to connect after this message?

-- 
Adam Tauno Williams <mailto:awill...@whitemice.org> GPG D95ED383
Systems Administrator, Python Developer, LPI / NCLA


Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus


Re: Outlook 2013

2014-02-28 Thread Adam Tauno Williams
On Thu, 2014-02-27 at 21:58 +0100, Paul van der Vlis wrote:
> I would like to tell that I got some private mails telling that Outlook
> 2013 does not work well with imap.

I have several users using Outlook with Cyrus IMAPd; it works without
issue.  At least from 2003 and later.   

One tip is to disable Exchange extensions, but other than that no
hacking is required.

-- 
Adam Tauno Williams <mailto:awill...@whitemice.org> GPG D95ED383
Systems Administrator, Python Developer, LPI / NCLA


Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus


Re: mail archiving -- large mail stores [mailpiler]

2014-02-15 Thread Adam Tauno Williams
On Wed, 2014-02-05 at 06:35 +0100, mayak wrote:
> hi all,
> i just ran across this project: http://www.mailpiler.org
> is there an argument to do that, or just create an archive user in cyrus
> that  has a multi-multi gigabyte mail drop?

Thanks for the link, that looks very interesting;  but I'd just have
Postfix shove a copy of every passing message into the service.  Not
sure that Cyrus would play a role in archiving.

I have archived to Cyrus in the past but the mailboxes become truly
enormous rather quickly when accumulating all mail.  And Cyrus's
indexing services do not really seem up to indexing an entire year's
etc.. pile of mail.

Have you tried mailpiler yourself?

-- 
Adam Tauno Williams <mailto:awill...@whitemice.org> GPG D95ED383
Systems Administrator, Python Developer, LPI / NCLA


Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus


Re: Help on quota usage.

2014-02-14 Thread Adam Tauno Williams
On Fri, 2014-02-14 at 13:56 +0100, Eric Luyten wrote:
> On Fri, February 14, 2014 1:30 pm, mayak wrote:
> > On 02/14/2014 12:41 PM, Anant Athavale wrote:
> >> for one user, the lq user.xx is showing 1.6 GB, where as actual usage on
> >> file system is less than 1 GB.  I want to know, how can get where is the
> >> additional quota sitting in /var/spool/imap partition for user xxx.
> The underlying filesystem MAY have compression capabilities, which will most
> certainly lead to 'du' returning a lower value than Cyrus 'list quota'.

+1.  The utilization of the underlying storage and the value calculated
by Cyrus may not correspond 1:1 for a variety of reasons [although, I
guess one might expect them to the close-ish - unless delayed expunge,
deduplication, etc... features are used].  I have seen the filesystem
and Cyrus quota values differ into both directions [f>q & fhttp://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus


Re: Protecting message files acess even from root

2014-02-02 Thread Adam Tauno Williams
On Sat, 2014-02-01 at 11:38 -0200, Fabio S. Schmidt wrote:
> Thanks Sven, I really appreciate your considerations, especially about
> the encryption of the SMTP traffic.
> I will test Mandatory Access Control (MCS), like Se-linux(YES, I know
> that NSA wrote it) or Apparmor for instance, and customising SUDO:
> http://pubs.gpaterno.com//2009/protecting-confidential-files-selinux-2009.pdf
> Sorry for not being specific from the beginning, but this research is
> for a government e-mail system, and we really need to ensure that even
> administrators cannot access the messages, encrypted or not.

Please come back with what you discover.  This is an interesting
question.



Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus


Re: MDOSEQ per Mailbox setting

2013-07-05 Thread Adam Tauno Williams
On Fri, 2013-07-05 at 12:47 +0200, lst_ho...@kwsoft.de wrote:
> Zitat von Mogens Melander :
> > A search on google for MDOSEQ return only your post to the
> > list.
> > A grep for MDOSEQ in the source for cyrus-imapd-2.4.16
> > does not reveal anything. The word MDOSEQ was not anywhere
> > in the source tree.
> Sh...
> Typo in the subjet. It should be MODSEQ of course as described in the  
> first mail to the list.
> http://tools.ietf.org/html/rfc4551

I believe this falls under the label "condstore" in Cyrus [???].  In
2.3.x you could toggle it on via mboxcfg in cyradm per-mailbox.  In
Cyrus 2.4.x it is just "on".



Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus


Re: MDOSEQ per Mailbox setting

2013-07-05 Thread Adam Tauno Williams
On Fri, 2013-07-05 at 09:41 +0200, lst_ho...@kwsoft.de wrote:
> Is this list dead or the question not clear/interesting?
> I have not seen a single post beside me??

There are regular, at least daily [on average], posts to this list.

What is the question?



Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus


Re: Cannot see entries in folders when using MS Outlook 2013

2013-04-15 Thread Adam Tauno Williams
On Mon, 2013-04-15 at 09:56 +0200, Ulrich Jakobus wrote:
> Thanks, Janne, but this is not the problem (we have set these XLIST based on
> this blog, but this affects only the names and usage of special folders).

Possibly Exchange Extensions are enabled?   I don't know if this still
applies to Outlook 15 but I have seen extensions create some bizarre
problems over the years.

Tools -> Options -> Other -> Advanced -> Options -> Add-In Manager ->
Uncheck Exchange Extensions property.

Outlook2003/Tools/Options/Other/AdvancedOptions/COM Add-Ins/ remove
anything that is not essential

> The problem is rather that I cannot see any e-mails in any folders (i.e.
> special folders but also any other folders) on the server and local e-mails
> (when manually copying in there) are not copied back from client to server
> when using Outlook 2013 and Cyrus 2.4.9, it works fine with Outlook 2010 and
> Cyrus 2.4.9 and Outlook 2013 also worked fine with our previous version of
> Cyrus 2.2.13.



Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus


Re: How Do i get last lgin date for all my users

2013-04-13 Thread Adam Tauno Williams
On Sat, 2013-04-13 at 12:56 +0100, Charles Bradshaw wrote: 
> Attached is a little perl script which parses /var/log/maillog and lists
> the last time users logged in.

This seems very unreliable, slow, and hacky.  When I login to my e-mail
the system typically tells me the last time I logged in [at least to
that app].  Doesn't the meta-data in the IMAP server 'know' this
information?

The underlying authentication system [PAM via lastlog, etc...] might
also have this information.  If your authentication system is LDAP then
the DSA might know this as well.

> > > Assuming Linux?UNIX,
> > > log onto the machine, run the command: last
> > > This does only work, if IMAP users are system users - which most of
> > > the time is not the case.

Yep.


Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus


Re: Conversion from maildir to Cyrus

2013-03-28 Thread Adam Tauno Williams
On Wed, 2013-03-27 at 21:15 +0100, Paul van der Vlis wrote: 
> A customer asks me to convert an excisting installation what uses
> Evolution, pop3 and maildir to Cyrus.
> When I would copy the files and run reconstruct or use deliver I expect
> to loose the flags like "read".

Not necessarily, those can be explicitly applied via IMAP.

I believe the imapcopy / imaputils project(s) have some maildir-to-imap
migration tool, maybe.  I remember something like that.

For POP - there aren't really any flags, except maybe "seen", but that
depends on the provider.

> What would be a good way to convert this? It's about 100+ users who are
> all on one server.
> Would it be an idea to install an imap server like Courier or Dovecot
> what can do maildir and then use imapsync to Cyrus?



Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus


Re: MD5 Passwords in MySql?

2013-03-26 Thread Adam Tauno Williams
On Tue, 2013-03-26 at 10:17 +, Charles Bradshaw wrote: 
> Thanks Guys
> I think it's finally sunk in. DIGEST-MD5 and CRAM-MD5 are mutually
> exclusive with hashed passwords.
> D'oh! I think I even posted that fact in answer to a previous thread.

No problem, it happens to us all.  Yesterday I posted two messages to
lists relating to issues that as soon as I posted them I found the
answers right there in the documentation.  Right there!  I swear I had
already looked twice. 



Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus


Re: MD5 Passwords in MySql?

2013-03-25 Thread Adam Tauno Williams
On Mon, 2013-03-25 at 17:03 -0500, Scott Lambert wrote:
> On Mon, Mar 25, 2013 at 09:32:16PM +, Charles Bradshaw wrote:
> > Andy
> > Thanks for the link. If you read on you will see that while PAM allows
> > storage of encrypted passwords in mysql, DIGEST-MD5 and CRAM-MD5 can
> > then NOT be used. That's definitely as step in the wrong direction.
> > I'm coming to the conclusion that I need understand the code well enough
> > to add something to cyrus, but sadly I'm just too old to grok the tangle
> > of C.
> Basically, Digest-MD5 and CRAM-MD5 avoid passing the cleartext
> password across the wire by hashing something with the cleartext
> password.  These authentication methods require that the cleartext
> password be known (or at least recoverable) by the server and the
> client.

Yep, which was pointed out originally.  If the cred store is encrypted
it needs to be a two-way crypt [can be decrypted].  So you basically
have a crypted filesystem store anyway.

> Therefore, the server cannot be using a non-reversible hash of the
> password for its password store.
> You can store cleartext passwords in your password database and
> avoid passing passwords in cleartext across the wire.
> OR
> You can store hashed passwords in your password database and pass
> cleartext passwords over the wire, hopefully inside an SSL/TLS
> connection.

+1

> If you use crypted MD5 hashed passords in your database, you will
> have to disable Digest-MD5 and CRAM-MD5 in your SASL auth mechanisms.
> My system is not running in that configuration so I am not certain
> that you can tell saslauthd to use a mysql database for encrypted
> password storage.

I use saslauthd to a PostgreSQL database that stores crypted passwords -
but it can only do PLAIN/LOGIN in that configuration, none of the newer
mechs that all the cool kids are using.



Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus


Re: MD5 Passwords in MySql?

2013-03-25 Thread Adam Tauno Williams
On Mon, 2013-03-25 at 11:40 +, Charles Bradshaw wrote: 
> Yes I understand and accept the weakness of MD5. In the world of
> exponentially increasing processing power there will always be weakness,
> of ANY scheme.
> The question is not however about the efficacy of encryption methods!
> It's about how to achieve password hashing in a mysql database.
> I have indicated how to use AES. Its' strength however is compromised by
> the necessity of revealing the key in many places.
> I would be most great-full, if anybody KNOWS:
> Is there a way to store MD5 hashed passwords when using the mysql
> plugin?

I have no clue.  BUT I still wonder what the end-goal is.  If you are
actually worried about theft of the underlying database then it would
seem volume encryption is the correct answer - encrypt the entire
database, on disk.  That isn't hard and doesn't require modification of
any software.

Anyway, storing essentially clear-text credentials in the authorization
database (be it a KDC, an LDAP server, an Active Directory server,
etc...) is normal, accepted, and common.  Most worthwhile authorization
schemes require an 'effectively' clear-text secret on both ends.  Guard
the credential database and ensure communication channels are secure
[encrypted].  "Make /etc/passwd useless" is an abandoned meme, you
cannot win that fight.

> Security through obscurity is always a bad principle.  

No one here is recommending that or stating that it is.

> On Mon, 2013-03-25 at 08:59 +1030, Daniel O'Connor wrote:
> > On 25/03/2013, at 7:33, Charles Bradshaw  wrote:
> > >> That seems very wrong to me.
> > > It might be a kludge, but it's not wrong. It avoids storing plain text
> > > passwords, which are always a risk. The purpose of MD5 digest is to make
> > > passwords truly private to the user. Not even root knows users passwords
> > > when stored in shadow(MD5).
> > > The only risk to shadow passwords is a brute force attack which is
> > > relatively easy to detect and foil.
> > FYI a single round of MD5 is considered quite weak these days.
> > The whole point of hashing a password is to make it difficult to find a 
> > password if the password DB is leaked. MD5 is no longer sufficient for this 
> > (even with salt).
> > A modern GPU can brute force billions of passwords per second and humans 
> > suck at generating them.



Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus


Re: MD5 Passwords in MySql?

2013-03-24 Thread Adam Tauno Williams
On Sun, 2013-03-24 at 14:21 +, Charles Bradshaw wrote:
> In my /etc/imapd.conf I'm using:
> sasl_auxprop_plugin:sql
> sasl_sql_engine:mysql
> I want to store MD5 hashed passwords in my database. Is this possible?

I would *assume* that the database doesn't much care about the
hashing/encoding of the password/secret - I'd *assume* it just stores
and retrieves it.

Concerns for the validity of the secret are up-the-stack, is SASL
proper, and not in the storage plugin.

I could be wrong;  I've mostly dealt with storing credentials in LDAP.

> I was thinking about modifying the sql plugin to MD5 the password before
> comparison, but...

That seems wrong to me.  Can't you just tell SASL via configuration that
you want to use MD5?

> I'm no C programmer so understanding sql.c (the plugin source) is quite
> beyond me. It looks as though we just check for the presence of the
> password and don't actual compare passwords! Surely I'm wrong here?

That is what I would *assume* it does. And correctly.

> I could use a symmetric encryption, eg AES, and place the necessary
> decrypt in the sasl_sql_select statement, but that seems a bit pointless
> since the key is now visible in various logs.

That seems very wrong to me.

I wonder why you care are credentials are stored; is SASL authentication
not working?


Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus


Re: Fwd: Public Key for Cyrus IMAPD

2013-03-20 Thread Adam Tauno Williams
On Wed, 2013-03-20 at 09:23 +0800, Gene Leung wrote:
> It seems no one care about the public key.  Then, why still put the
> signature file there for download?  Or any other way for verify the
> integrity of the download.

"no one cares" is a bit harsh for 24hrs without a response.

This list is primarily people who use / administer Cyrus IMAPd.  And I'd
wager most of those people use Cyrus from a package.

Packagers are ones who care most about things like checksums, and they
probably don't pay much attention to this list.  I also wouldn't be
surprised these days if packagers didn't work directly from a git
checkout and just skipped the tgz.

> Any where I can find the pubic key for verify the files downloaded of
> the Cyrus IMAP software?

Anyway, nope, I do not see a checksum/sumkey at
ftp://ftp.cyrusimap.org/cyrus-imapd/




Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus


Re: Good webmail client software for cyrus?

2013-03-10 Thread Adam Tauno Williams
On Sun, 2013-03-10 at 20:08 +, Charles Bradshaw wrote:
> I am now researching how to provide a HTTP (webmail style) MAU as an
> alternative to a bunch of IMAP feature lacking, or otherwise broken,
> desktop user agents.
> I also need to source a GUI mailbox/password server management tool.
> Currently I'm using MySql Workbench for password management and cyradm
> command line for mailbox configuration.

Horde probably provides everything you are looking for; it is VERY
feature-complete, standards compliant, and well supported.



> I'm hoping to combine the above management features in one web enabled
> system.
> I see Zimbra and roundcube. The former commercial, the latter open
> source, appear to provide the required technical solutions. Although it
> is slightly unclear that either provide configurable password management
> capable of interfacing to MySql.

Horde's user / group / password support is extremely flexible.

> Neither of the above are ideal. The first because it isn't open source.
> The latter because it is written in PHP. A paradigm I am too old to
> become proficient in.

PHP is the platform of just apps.  AFAIK there is no supported / current
webmail interface in Java / .NET.  PHP is nothing to be afraid of, it is
simple to deploy and support;  certainly more so that Python or other
web-server alternatives.

> I have two questions therefore:
> First has anybody got any insight into any other good open source
> solutions?

Horde.



Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus


Re: imap client that supports passing authorization id

2013-02-25 Thread Adam Tauno Williams
On Mon, 2013-02-25 at 11:08 +0100, Rudy Gevaert wrote:
> Hello cyrus users,
> Do any of u know of any desktop imap-client, but not mulburry, that 
> supports passing the authorization id?

I am not aware of any.  Neither am I aware of any that support IMAP ACLs
[settings, viewing, etc...] or SIEVE.  Very sad.

If someone else knows of any I'd love to hear about it.


Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus


Re: Cyrus 2.5

2013-02-15 Thread Adam Tauno Williams
On Wed, 2013-02-13 at 12:45 +1100, Greg Banks wrote:
> On Wed, Jan 30, 2013, at 11:04 PM, Bron Gondwana wrote:
> > On Wed, Jan 30, 2013, at 07:06 PM, Pepe Charli wrote:
> > > Hi
> > >  Is there any estimate about when we can expect cyrus 2.5?
> > Soon, honestly.  We keep getting caught up with other things.
> > >  Will it include the search engine based on Xapian?
> > Probably not.
> Definitely not.  The Xapian support is based on a large lump of work
> which adds a completely new message_t object API.  This is far too large
> a change to be pushing into 2.5 at this stage.  This is how far ahead
> the fastmail branch is relative to cmu/master:
>  150 files changed, 41392 insertions(+), 4627 deletions(-)
> Also, we want to get some more operational experience with Xapian before
> inflicting it on other folks.  If you're adventurous the code is out
> there at https://github.com/gnb/cyrus-imapd/tree/fastmail
> >It's time to draw a line in the sand and throw 2.5 over
> > the fence,
> Absolutely.

Agree,  there is some great sounding stuff in 2.5.x already.

FYI,  I'll throw in a case of beer to anyone who closes this one -
  <https://bugzilla.cyrusimap.org/show_bug.cgi?id=3617>

<http://www.freedomsponsors.org/core/offer/187/sieve-scripts-assigned-to-folders-are-not-executed>

-- 
Adam Tauno Williams  GPG D95ED383
Systems Administrator, Python Developer, LPI / NCLA


Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus


Re: Single sign on with NT Login

2013-02-14 Thread Adam Tauno Williams
On Thu, 2013-02-14 at 11:57 +0530, Ram wrote:
> I need to implement NT Login such a way that if a user is logged in to 
> the desktop , he is also automatically logged in to the email server ( 
> when using outlook / thunderbird etc)
> I need to replicate how outlook works with Exchange. The users may use 
> windows login from any desktop and he is auto logged in to his own email 
> account

This is primarily a client support issue and an issue of how your domain
is configured.

If you really are using an NT4 domain then you may be able to get NTLM
authentication to work; at least with Outlook.  That can provide
single-sign on.

Aside: if you are really using an NT4 domain - upgrade, yesterday.

If you are using an Active Directory domain then use Kerberos / GSSAPI.
This would work, no problem.  Kerberos rocks!

-- 
Adam Tauno Williams  GPG D95ED383
Systems Administrator, Python Developer, LPI / NCLA


Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus


Re: Reconstruct a Single Folder

2013-02-11 Thread Adam Tauno Williams
On Mon, 2013-02-11 at 13:56 +0100, Kaiser Martin wrote:
> I have a Problem to reconstruct a Single folder.
> If I run,
> sudo -u cyrus /usr/lib/cyrus/bin/reconstruct -fr  user/wieder/cc
> I see this error
> user.wieder.cc uid 1 not found
> user.wieder.cc uid 2 not found
> user.wieder.cc uid 3 not found
> user.wieder.cc uid 4 not found
> user.wieder.cc uid 5 not found

Do the corresponding files exist?  Such as "1.", "2."?

-- 
Adam Tauno Williams  GPG D95ED383
Systems Administrator, Python Developer, LPI / NCLA


Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus


Re: Need guidelines on how to migrate a Cyrus-Imapd server

2013-02-04 Thread Adam Tauno Williams
On Mon, 2013-02-04 at 15:01 +0100, Thibault Le Meur wrote:
> Le 01/02/2013 17:03, Thibault Le Meur a écrit :
> > Thanks for the hints
> > I'll go the rsync way then... pity I would have loved to understand what
> > kind of file is to be fed to the "sync_client -u -f" command, in order
> > to give it a try..
> Replying to myself,
> According to an old thread 
> (http://lists.andrew.cmu.edu/pipermail/info-cyrus/2007-September/026772.html),
>  
> the file format is:
> USER "$username"
> USER "$username2"
> It is also confirmed that the only way to have singleinstancestore 
> preserved is to run the sync_client with the "-f" option so that all 
> synchs are done in the same run.
> However it seems that the cache which is used to detect the duplicates 
> is rather low (UUID cache on the server side: 1000) so that single 
> intance deduplication may not be very efficient.
> Unless this has changed, I agree that the best way to initialize the 
> replica is to use rsync and then convert the databases. I'll give it a try.

Correct, from a thread in 2007:


Message UUIDs are used to replicate the single instance store (see
docs/text/install-replication). This won't have much effect when you
first replicate a mailstore as sync_server in 2.3 only tracks the last
few thousand messages that have been uploaded. It becomes much more
effective  when a replica has been seeded and you switch to "rolling"
replication.



sync_server maintains a fairly modest UUID cache on the server side:
1000 messages in 2.3. A restart is negotiated after each UPLOAD command.


It really does seem best to seed the replica, initially, via rsync
[WATCH THOSE PERMISSIONS!] then to engage rolling replication - the
replica should become current.

Something like -

rsync \
--verbose  --recursive \
--perms --owner --group --times \
--links --hard-links --delete \
$master:$root $replica:$root

I also like the  --numeric-ids assuming your uidNumber/gidNumber is the
same between systems.  That saves a lot of pointless NSS calls.

-- 
Adam Tauno Williams  GPG D95ED383
Systems Administrator, Python Developer, LPI / NCLA


Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: alternative login names

2013-02-04 Thread Adam Tauno Williams
On Mon, 2013-02-04 at 14:25 +0100, Wolfgang Rosenauer wrote:
> I actually needed a pointer into the right direction and I guess that
> is one.
> I've never used sasl ldapdb though and I have a hard time figuring out
> how and what to do.

I have some examples for using ldapdb @
<http://www.wmmi.net/documents/LDAP103.pdf>

> From the documentation I found it's also not clear to me if a crypted
> userPassword as I use in my LDAP can be used in that setup.

H.  I can't recall off the top of my head.  I believe it SHOULD be
possible to do LOGIN/PLAIN auth via ldapdb.

> If I understand correctly all the hard work to match usernames in done
> via some regexp which should be powerful enough to let me search the
> login name in uid and mail attributes?

Yes, the matching regex is key.  And confusing, at first.

> Or did you actually refer to a different mapping in LDAP?
> Is there some sort of HOWTO somewhere or is all the information really
> spread in openldap, sasl and imapd documentation only?

Maybe the above PDF will help?


-- 
Adam Tauno Williams  GPG D95ED383
Systems Administrator, Python Developer, LPI / NCLA


Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus


Re: Can anyone explain localhost phenomenon?

2013-02-04 Thread Adam Tauno Williams
On Mon, 2013-02-04 at 12:19 +, Charles Bradshaw wrote:
> On: Mon, 04 Feb 2013 06:29:56 -0500, Adam wrote:
> > On Sun, 2013-02-03 at 15:42 +0100, Gabor Gombas wrote:
> > > IIRC MySQL tries to use an UNIX socket instead of TCP for connecting to
> > > the server when it sees the "localhost" string. If e.g. sendmail runs
> > > chrooted, then it won't see the MySQL server's socket, therefore it
> > > won't be able to connect.
> > What happens if, instead of the literal "localhost", you say
> > "127.0.0.1".  Hi-jacking the localhost string seems wrong, but it might
> > be accepted/well-known behavior at this point.  And possibly buried 
> > in the MySQL library [and not in SASL; in fact, I'd wager that is true.
> > Shortcuts and general funny-business is pretty much MySQL's primary
> > prerogative].
> Yes 127.0.0.1 instead of localhost works... it's down to somebodies ghost in
> the machine then!


No, don't blame the ghosts, they are innocent.  This behavior is the
fault of an idjit;  somebody very much alive built that behavior into
libmysql, believing they were being clever.  This HACK has cost hours to
innumerable people who assume what is in a config file means what it
obviously should mean - only it doesn't.


-- 
Adam Tauno Williams  GPG D95ED383
Systems Administrator, Python Developer, LPI / NCLA


Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus


Re: Can anyone explain localhost phenomenon?

2013-02-04 Thread Adam Tauno Williams
On Sun, 2013-02-03 at 15:42 +0100, Gabor Gombas wrote:
> IIRC MySQL tries to use an UNIX socket instead of TCP for connecting to
> the server when it sees the "localhost" string. If e.g. sendmail runs
> chrooted, then it won't see the MySQL server's socket, therefore it
> won't be able to connect.

What happens if, instead of the literal "localhost", you say
"127.0.0.1".  Hi-jacking the localhost string seems wrong, but it might
be accepted/well-known behavior at this point.  And possibly buried in
the MySQL library [and not in SASL; in fact, I'd wager that is true.
Shortcuts and general funny-business is pretty much MySQL's primary
prerogative].



Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus


Re: Is it OK for users to use either of a pair of replicated servers ?

2013-02-01 Thread Adam Tauno Williams
On Fri, 2013-02-01 at 16:15 +, John wrote:
> Further to my last message, I've updated my master so now both servers 
> report the same version:
> version: v2.4.17 d1df8aff 2012-12-01
> I'd like to understand some error messages that I am getting and what I 
> should do to resolve them...
> On the replica:
> syncserver[8816]: higher last_uid on replica user.myuser - 57628 < 57629
> syncserver[8816]: higher modseq on replica user.myuser - 36186 < 36187

A modseq is very much like an etag or a ctag in HTTP/WebDAV.  It is a
value that gets incremented with every change.  So the the modseq on the
slave is greater than the modseq on the master... something is out of
sync.

> On the master:
> sync_client[5197]: MAILBOX received NO response: IMAP_MAILBOX_CRC 
> Checksum Failure
> sync_client[5197]: CRC failure on sync for user.myuser, trying full update
> sync_client[5197]: SYNCNOTICE: record mismatch with replica: user.myuser 
> more recent on master

Aren't you connecting to the slave and making changes?  That would make
sense then, the master and the replica are constantly getting
out-of-sync.  Replication is one-way.

> Despite these messages, my replication appears to be working but I can't 
> as yet be 100% sure. I'd like to understand the above and try and stop 
> them if I can...

Because it is constantly recovering, as these messages indicate.  2.4.x
replication is quite reliable and recovers from inconsistencies most of
the time.

> I can't find any documentation detailing what the above means, and I'm 
> not that familiar with the internals of the imap server, so I'd really 
> appreciate some pointers...

-- 
Adam Tauno Williams  GPG D95ED383
Systems Administrator, Python Developer, LPI / NCLA


Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus


Re: Need guidelines on how to migrate a Cyrus-Imapd server

2013-02-01 Thread Adam Tauno Williams
On Fri, 2013-02-01 at 13:20 +0100, Thibault Le Meur wrote:

> > On Fri, 2013-02-01 at 10:43 +0100, Thibault Le Meur wrote:
> > Are you sure that duplicate suppression was enabled on the replica? 
> Yes I'm sure, and a simple find have quickly confrimed this.
> find . -type f -a \! -links 1 -ls
> ..
> 141637005   32 -rw---  12 cyrusmail30678 sept. 20
> 18:42 ./obfustcated-username/12307.
> ...

Then something is deduplicating.

> > I have "duplicatesuppression: yes" set on the replica. 
> I thought that duplicatesuppression was a different thing.

Ah, yes, it is.  We are talking about single-instance-store.

That is the "singleinstancestore" directive.

> What I'm trying to achieve is to keep the "Single Instance Store"
> property on my replica
> (http://cyrusimap.web.cmu.edu/docs/cyrus-imapd/2.4.7/overview.php#singleinstance)

Yep.

> In this case, since I use a single sync_client process per user, it is
> logical that hardlinks between mailboxes can't be preserved. 

True, I guess that makes sense.I believe I did an initial migration
using rsync and they fired up the sync-server to keep it up to date /
get the last changes.  But it was some time ago.  It certainly dedupp'ed
going forward.   Perhaps sync-ing across different versions may effect
it as well.

> > I believe that skiplist is 32bit/64bit neutral. So convert to
> > skiplist first, on the working server. KILL BERKELEY!! You want to
> > do that anyway.
> Yes it seems so. 
> When you say Kill Berkeley, do you mean that the DB should saty in
> Skiplist format even on the production server (and not converted back
> to Berkeley)? If yes, do you have any URL describing the procedure ?

Yes, production 2.4.x boxes should be using Skiplist.

The cvt_cyrusdb will convert databases between formats.


Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus


Re: Is it OK for users to use either of a pair of replicated servers ?

2013-02-01 Thread Adam Tauno Williams
On Fri, 2013-02-01 at 10:01 +, John wrote:
> Hello, I have just set up a second server for a small email group and I 
> now have replication working between them. 

Great.

> I was very happy to note that it replicates both ways.

It does???  What version is this?

> My use-case is basically this: to have two servers, one acting as a 
> primary and another as a backup. The primary will be the one that goes 
> out to the internet to grab emails for users. Apart from that difference 
> the two servers are identical. Either can take on the primary role. 
> Users can connect their IMAP email clients to either server. One of the 
> pair runs sync_server and the other regularly connects to it to keep the 
> two servers in sync. It's a basic configuration intended for use by a 
> small number of people.

As far as I know that will not work.

> I'd like to confirm that the replication mechanism implemented with 
> sync_server and sync_client is ok for this kind of set-up. It certainly 
> appears to work just fine like this but I haven't found anything in the 
> documentation saying that two-way replication like this is ok (i.e. 
> where users can log in to either server).

I believe that multi-master is a feature for 2.5.x.


Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus


Re: Need guidelines on how to migrate a Cyrus-Imapd server

2013-02-01 Thread Adam Tauno Williams
On Fri, 2013-02-01 at 10:43 +0100, Thibault Le Meur wrote:
> I'm trying to migrate a Cyrus-Imapd serveur running on an old machine to 
> a new virtual machine environement and I'd like to have to guidelines on 
> how to proceed.
> I've first thought about using the Cyrus-Imapd replication feature, but 
> the first import using sync_client was causing he target server to use 
> far more space on disk that the used space ont he original serveur. My 
> guess is that the hardlinks dedeuplication was not preserved during this 
> transfer. 

That is easy to check.  On the target does the listing of a mailbox look
the same (on the filesystem) in terms of the reference count column?

...
-rw---  1 cyrus mail 2464 Feb  1 05:00 521985.
-rw---  1 cyrus mail 2629 Feb  1 05:00 521986.
-rw---  2 cyrus mail 4441 Feb  1 05:02 521987.
-rw---  1 cyrus mail 2834 Feb  1 05:03 521988.
...

The second column greater than 1 means there is hard-linking occurring,
and hard-links are the backbone of duplicate suppression.

Are you sure that duplicate suppression was enabled on the replica?

> I don't know if this is due to the way I'v ran the tool or if 
> this is a limitation of sync_client itself. Can someone answer me on 
> this ? If sync_client is able to preserve hardlinks deduplication, what 
> would be the correct way to run it (I've not found the syntax expected 
> for the  in the command "sync_client -u -f 
> " so I used a "for" loop and ran sync_client 
> indicidually on each user).

I'm certain that is does support it;  I see lots of duplicate
suppression on my replica.   I certainly didn't do anything special to
make it replicate that way.

I have "duplicatesuppression: yes" set on the replica.

> Then, I've tried the rsync solution (synching the mailbox directory and 
> config directory), but I'm switching to a 64bits OS so I'll have to 
> convert the databases and import them. Is it a recommended solution ?

I believe that skiplist is 32bit/64bit neutral.  So convert to skiplist
first, on the working server.  KILL BERKELEY!!  You want to do that
anyway.
-- 
Adam Tauno Williams 
System Administrator, OpenGroupware Developer, LPI / CNA
Fingerprint 8C08 209A FBE3 C41A DD2F A270 2D17 8FA4 D95E D383


Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus


Re: Restrict access to a single client device

2013-02-01 Thread Adam Tauno Williams
On Fri, 2013-02-01 at 14:31 +0530, Ram wrote:
> On 02/01/2013 01:20 AM, Dale J Chatham wrote:
> > You use SMTP authentication through postfix or sendmail.  Google [ mail
> > authentication relay   ] and you should find lots of howtos.
> > I'm setting it up to use a sasldb to authenticate external users in
> > order to keep them apart from UNIX users.  Be very certain that you use
> > STARTTLS or some form of authentication for email.  Also, if you're
> > allowing internet access to e-mail, you'll want to use imaps or https.
> The idea is that end users configure their email  on Desktop, Laptop , 
> Phone , tablet, Ipad ... ( The list is getting longer every day )

Yes.

> So copies of the mail are floating everywhere.
> This raises a security concern
> I cant block access totally from outside.
> Employees should be allowed access from outside office , but only from 
> the designated Laptop.
> One way would be to ask everyone to VPN to the office for mails , Is 
> there anyway else.

This really sounds like a solution for PKI.  Issue a certificate to the
device and demand that the device and the server *mutually* agree based
on that [currently the client device has to recognize the server's
certificate].  This means you (a) have to manage certificates and (b)
the client device / application has to be able to perform PKI.  I
believe (b) is true in most cases.

I'm currently also trying to figure this out.


Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus


Re: Mailbox does not exist question (NO it is NOT the answer!)

2013-01-24 Thread Adam Tauno Williams
On Thu, 2013-01-24 at 19:17 +, Charles Bradshaw wrote:
> I have enabled debug. (in imapd.conf debug: yes). Now when I start a telnet
> imap session /var/log/maillog has this:
> Jan 24 13:25:59 dell2600 imap[4507]: accepted connection
> Jan 24 13:25:59 dell2600 master[4549]: about to exec 
> /usr/lib/cyrus-imapd/imapd
> Jan 24 13:25:59 dell2600 imap[4549]: executed
> Jan 24 13:25:59 dell2600 imap[4549]: IOERROR: opening
> /var/lib/imap/user_deny.db: No such file or directory
> Is this the problem?
> How do I create user_deny.db ?

No, it is OK for user_deny to not exist.  [this is a chronically
confusing message;  you can't really tell DEBUG 'error' messages from
"real" error messages].

> Telnet session still does NOT report the presence of INBOX:

I don't understand this statement.

> $ telnet localhost imap
> Trying ::1...
> Connected to localhost.
> Escape character is '^]'.
> * OK [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE STARTTLS AUTH=PLAIN
> AUTH=CRAM-MD5 AUTH=DIGEST-MD5 SASL-IR] dell2600.bradcan.homelinux.com Cyrus
> IMAP v2.4.14-Fedora-RPM-2.4.14-1.fc17 server ready
> a1 LOGIN b...@bradcan.homelinux.com wH3x14or
> a1 OK [CAPABILITY IMAP4rev1 LITERAL+ ID ENABLE ACL RIGHTS=kxte QUOTA
> MAILBOX-REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT CHILDREN
> MULTIAPPEND BINARY CATENATE CONDSTORE ESEARCH SORT SORT=MODSEQ SORT=DISPLAY
> THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE LIST-EXTENDED WITHIN
> QRESYNC SCAN XLIST URLAUTH URLAUTH=BINARY X-NETSCAPE LOGINDISABLED
> COMPRESS=DEFLATE IDLE] User logged in
> SESSIONID=
> a2 LIST "" "*"
> a2 OK Completed (0.000 secs)
> I am at a complete loss to understand how it is possible that mail is
> delivered, but at the same time the INBOX is not being identified during the
> imap session.
> Is there some way to increase the bebug level of imapd ?

Have you enabled telemetry logging for that user?

Does the mailbox in question appear in the mailbox list?

-- 
Adam Tauno Williams  GPG D95ED383
Systems Administrator, Python Developer, LPI / NCLA


Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus


Re: Stripping of attachments using Horde 4/IMP 5.

2012-12-31 Thread Adam Tauno Williams
On Mon, 2012-12-31 at 10:33 +0100, Simon Matter wrote:
> > The databases used are:
> > -rw--- 1 cyrus mail 144 Dec  9 09:29 ./annotations.db
> > ./annotations.db: Cyrus skiplist DB
> > -rw--- 1 cyrus mail 144 Dec 30 11:30 ./db.backup1/annotations.db
> > ./db.backup1/annotations.db: Cyrus skiplist DB
> > -rw--- 1 cyrus mail 1882668 Dec 30 11:30 ./db.backup1/mailboxes.db
> > ./db.backup1/mailboxes.db: Cyrus skiplist DB
> > -rw--- 1 cyrus mail 144 Dec 30 11:00 ./db.backup2/annotations.db
> > ./db.backup2/annotations.db: Cyrus skiplist DB
> > -rw--- 1 cyrus mail 1882668 Dec 30 11:00 ./db.backup2/mailboxes.db
> > ./db.backup2/mailboxes.db: Cyrus skiplist DB
> > -rw--- 1 cyrus mail 18038784 Dec 30 11:30 ./deliver.db
> > ./deliver.db: Berkeley DB (Btree, version 9, native byte-order)

I can't image how the delivery database would create the problem you
describe; so I'd doubt it is that.

Irregardless of where the data is physically stored, does the filesystem
pass an fsck?

> > I don't have backtrace?  I am using RHEL rpms.

That doesn't in any way prevent you from generating a backtrace.  You
have a core file, just use gdb to generate the backtracr.

> Unfortunately we can also not see what has been changed in the patched
> RPMs you got from RH.
> > But, is it OK to use NetApp Storage for /var/lib/imap file system?
> NetApp often sounds like NFS but you told us you are not using NFS but FC
> attached disks? If so I don't know why it shouldn't work exactly as local
> disks would.

+1 An FC or iSCSI attached volume *is* as a local disk.

> But when I hear Horde/IMP I remember a problem that some people hit after
> upgrading Horde/IMP. I don't remember what it was but you should find it
> in the archives. IIRC it has been fixed in the latest version of
> cyrus-imapd.


-- 
Adam Tauno Williams  GPG D95ED383
Systems Administrator, Python Developer, LPI / NCLA


Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus


Re: Stripping of attachments using Horde 4/IMP 5.

2012-12-30 Thread Adam Tauno Williams
On Sun, 2012-12-30 at 12:23 +0530, an...@isac.gov.in wrote:
> Dear experts,
> I had extensive discussion on this issue in Horde/IMP mailing list.   
> Later I reported the problem in RedHat Bugzilla.  The details of the  
> problem are also part of bugzilla.
> https://bugzilla.redhat.com/show_bug.cgi?id=885620
> Though patch for cyrus-imapd was given to me for testing, I was  
> suppose to reproduce the problem in another server.  I am unable to  
> reproduce the problem.  Now, I have a feeling that, the problem may be  
> due to /var/lib/imap residing in NetApp storage (though not NFS).
> I have a feeling, the problem may solve, if I make /var/lib/imap part  
> of OS disk.  Your opinion please...

Are you using Berkley databases?  If it does seg-fault what does the
backtrace look like? [I don't see a backtrace in the bug report, just a
core file; but the core isn't really useful unless one has the same
version of the software].

-- 
Adam Tauno Williams  GPG D95ED383
Systems Administrator, Python Developer, LPI / NCLA


Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus


Re: cyrus and Outlook subfolder crawling

2012-12-13 Thread Adam Tauno Williams
On Thu, 2012-12-13 at 10:43 +0100, Marcus Schopen wrote:
> I've got a problem with a Outlook 2010 client. The client is accessing a
> 10 GB cyrus imap account and crawling with high a frequency like crazy
> through each subfolders which fills the mail logfile and causes a
> noticeable higher load. This never stops unless the Outook client is
> closed. I'm not familiar with Outlook and to my mind this is not a cyrus
> problem, but does anybody know to say Outlook to stop this annoying
> behaviour.

Can you unsubscribe from subfolders?  If so, does doing so stop the mad
crawl?  Perhaps there is a folder, or more likely a message in a folder,
that the Outlook client doesn't like - and it is then restarting its
'sync' over and over.

Are Exchange extensions disabled?  I've seen them cause various kinds of
wierdness.

  Tools -> Options -> Other -> Advanced -> Options -> Add-In Manager ->
Uncheck Exchange Extensions property.
  
or

  Tools / Options / Other / Advanced Options / COM Add-Ins/ remove
anything that isnt essential, (we remove everything)

Those may not correspond to your version of Outlook.

Although it may make matters much worse [temporarily] you might want to
turn on telemetry for that user to see if there is a protocol error
somewhere.

But clients just walking folders shouldn't generally drive massive
syslog traffic;  perhaps you are logging mail at the DEBUG level?  Don't
do that, it is better to use telemetry logs selectively.



-- 
Adam Tauno Williams 


Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus


Re: Fwd: Too many entries of mystore: reusing txn....

2012-12-12 Thread Adam Tauno Williams
On Sun, 2012-12-09 at 10:49 +0530, Anant Athavale wrote:

> As you say, the imap DEBUG logs are coming to maillog.  RHEL 6.3 ships
> with Rsyslogd and also it looks like cyrus-imapd is compiled to use
> MAIL_LOG facility.  (I tried local6.info /var/log/imapd.log. but it
> did log anything in imapd.log ).
> I am attaching rsyslog.conf (Not modified).  What I ultimately want is
> 'maillog should not contain imap logs.  And imapd.log should contain
> all logs related to cyrus/imapd with only info level logs.  '
> As I could not achieve it in short span of time, I have released the
> system, but, would like to do that in near future.  Any pointers to
> achieve?

Yes.  Give up on syslog.  Seriously.  The model provided by syslog is
very simplistic and kludgy.  Just use syslog as a transport to get
messages into an NMS, and sort, categorize, and record them there.

We send all our syslog messages to ZenOSS.  There syslog messages can be
mapped into categories, prioritized [and discarded], recorded, viewed,
and generate notifications.  And you get a user interface to do it all
in, and a coherent way to backup/restore all your machinations.

Syslog messages from imapd have a tag of imapd, and messages from
postfix have a tag of postfix, which is almost invisible in syslog
itself.  So you have the host of origin, the tag, the facility, and the
level [and the text of the message] all to work with to categorize [and
potentially discard] any way you want.

Obviously you want to discard DEBUG messages as the syslog level - that
is just too much noise for anything.  But a decent host for you NMS can
handle a surprising load of messages.

-- 
Adam Tauno Williams 


Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus


Re: Injecting a mail folder into a users inbox/restore from backup

2012-12-05 Thread Adam Tauno Williams
On Wed, 2012-12-05 at 11:47 +0100, Lars Schimmer wrote:
> Hi!
> Aas I never needed to do it yet, I want to ask for the best way to
> restore users email which got lost...
> Situation: running cyrus on debian with users and mailboxes.
> User deleted on accident a folder in his INBOX (and cyrus did unlinked
> the files and removed the folder from disk already).
> I do backup from the INBOX structures on disk every night (in a basic
> simple way, see it as a snapshot of the mail disks of cyrus).
> Now I need a good way to inject the "old" folder user.xyz.INBOX.Folder
> into the live cyrus system.
> Is it easier to create a new user and copy with imap client?
> Or just copy the folder content into a new created folder on users inbox?

I typically just copy the message file(s) back, or in this case the
folder, and run "reconstruct -r -f -k -s user.dude".  Hasn't failed me
yet.

A more elegant way would be nice, but until there is some type of
dump/restore format, moving files around is what you've got.
-- 
Adam Tauno Williams 
System Administrator, OpenGroupware Developer, LPI / CNA
Fingerprint 8C08 209A FBE3 C41A DD2F A270 2D17 8FA4 D95E D383


Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus


Re: Cyrus IMAP 2.3 EOL?

2012-11-21 Thread Adam Tauno Williams
On Wed, 2012-11-21 at 18:21 +0100, Bron Gondwana wrote:
> On Wed, Nov 21, 2012, at 05:31 PM, Egoitz Aurrekoetxea Aurre wrote:
> > Good morning,
> > Does Cyrus IMAP 2.3.18 get still supported by Cyrus IMAP team?.
> Just security updates really, why?

Cyrus IMAP 2.4.x is much nicer all around;  if you are on 2.3.x I'd
recommend upgrading.  Other than some re-indexing pain, it is seemless
and leaves you on a considerably better product.


Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus


Re: Making sub-folder email reappear after recovery from backup

2012-11-02 Thread Adam Tauno Williams
On Fri, 2012-11-02 at 11:16 -0400, Gordon Marler wrote:
> Can't find this mentioned in the docs or with any search I've done on 
> the mailing list, so here goes:
> - Upgraded from 2.4.10 to 2.4.16 after losing my 2.4.10 system, but 
> having mail spool backed up
> - After moving to the 2.4.16 system, able to see Inbox for accounts
> - Had to make sub-folders reappear with command like (Thank you mailing 
> list for that tidbit!):
>reconstruct -p default -rf user.gmarler.
> - Now I can see the Inbox, Subfolders, Sub-subfolders, etc in Thunderbird
> BUT - Only Inbox has visible emails - All of the subfolders "appear" to 
> be empty, but there are definitely mails in them on the mail spool.
> Looks like I forgot a step somewhere.  Where have I gone wrong?

reconstruct, with the -r [recursive] and -f [examine filesystem for
mailboxes] options.


Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus


Re: Problems posting to lists

2012-10-26 Thread Adam Tauno Williams
On Thu, 2012-10-25 at 16:46 -0200, Rodrigo Abrantes Antunes wrote:
> Hi, I'm using mailman to post to a list but some users don't receive
> the messages, when I post to the list I see this in mail.log for one
> of the members of the list that didn't receive the message:
> Oct 25 08:15:31 srv-mail-pel postfix/smtp[5685]: 243872924C:
> to=, relay=127.0.0.1[127.0.0.1]:10023,
> conn_use=10, delay=0.83, delays=0.16/0.47/0/0.21, dsn=2.0.0,
> status=sent (250 2.0.0 Ok, id=04503-16-10, from
> MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as CDC1B291F8)
> Oct 25 08:17:27 srv-mail-pel cyrus/lmtp[13074]: duplicate_mark:
> <20121025081521.horde.nwzihuv4cn9qire5ncoz...@webmail.pelotas.ifsul.edu.br> 
> .vladimir+@.sieve.   1351160247 0
> Oct 25 08:17:27 srv-mail-pel postfix/pipe[5695]: CDC1B291F8:
> to=, relay=cyrus, delay=115,
> delays=0.04/92/0/23, dsn=2.0.0, status=sent (delivered via cyrus
> service)

Huh, that really looks like it *was delivered* to me.  Are you sure it
isn't really in the mailbox?  Can you go to the user's mailbox [on disk]
and grep the files for the messageID?

NOTE: status=sent (delivered via cyrus service)

> Here is what mailman's people said:
> "This message was delivered from Mailman to Postfix and then delivered
> by Postfix to Cyrus, possibly because this was to a local user and
> Cyrus is acting as the LDA, or possibly for some other reason, but in
> any case, if the mail wasn't delivered to the user, this is a question
> for Cyrus."

It is either Cyrus or Postfix [the MTA].  It does look like Mailman is
doing his job.


Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus


Re: keep cyrus in sync with cold standby

2012-10-17 Thread Adam Tauno Williams
On Tue, 2012-10-16 at 17:26 +0200, Marcus Schopen wrote:
> I'm thinking about a strategy to keep my cyrus server (2.2.13 on Ubuntu
> 10.04 LTS) in sync with a cold standby server. This hasn't to be a
> live/hot sync and I'd like to keep it as simple as possible. A sync
> delay up to 30 minutes is acceptable for this small setup (250 Accounts,
> 80 GB mail storage, 5 emails per minute), but I don't want to stop cyrus
> while doing the snyc.
> Cyrus replication seems to be the most reasonable way, but I'm sitting
> on Ubuntu 10.04 LTS, which comes with cyrus 2.2.13 and I can't find any
> newer backports. Centos 6.x with Cyrus 2.3.16 could be an alternative
> setup, but I'm not sure if 2.3.16 is also to old for stable
> replication. :/

Late 2.3.x [including 2.3.16] were stable.  And the replicate worked.

I'd just use Cyrus' replication.  That way you know you have a
consistent replicate - and you can authenticate to the replica and check
on it if you want, see that "yep, it is the same".   Other alternatives
provide a backup you *believe* is good, but you don't know until you try
it, and then you find out it is busted.

> DRBD could be an option but I never had DRBD running within a parallels
> virtualisation (bare metal setup); might be a timing/performance problem
> with a lot of very small files?
> Do I run in bad problems if I just run a simple rsync
> of /var/lib/cyrus, /var/spool/cyrus/ and /var/spool/sieve/ and dump
> mailboxes.db (skiplist) with "ctl_mboxlist -d" every 30 minutes? Is
> there a way give cyrus a flush of its databases without stopping it?

rsync will work, but if it is against a live instance you may need to
reconstruct before you bring it back up.  It will work 99.44% of the
time but it can be time-consuming and is just adding another step.


Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus


Re: DBERROR's

2012-10-12 Thread Adam Tauno Williams
On Fri, 2012-10-12 at 05:06 -0400, akb427 wrote:
> I have an installation of Cyrus IMAP 2.2.13 on 32-bit linux, with the
> database copied over from an earlier version. 

That is really very old.

> It appears to work just fine, but is sometimes issuing error messages
> of the form: 
> DBERROR: mystore: error storing (long nasty 8-bit string) DB_PAGE_NOTFOUND: 
> Requested page not found

This is probably a Berkley DB thing.  I'd convert your database from BDB
to skiplist, and just get away from BDB forever.  Then upgrade to at
least 2.3, preferably 2.4.

Berkley DB == bugs


Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus


Re: Modifying Cyrus IMAP to ease a migration to Gmail?

2012-10-03 Thread Adam Tauno Williams

>  servers and to the systems we have running the GAMME tool.  For the
> custom front-end server I think it should be possible to modify the
> source code that handles the authorization to bypass the normal
> process.

There is no need to modify any code;  SASL can already do this.  A user
can have multiple passwords, so if one of those matches your global
password.

If your Cyrus install supports saslauthd for PLAIN/LOGIN authentication
and saslauthd is using PAM you can add the pam_allow [which always
succeeds] or some other module, PAM modules stack and one can be marked
as 'sufficient'.


Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus


Re: branch 2.4 on prod

2012-09-25 Thread Adam Tauno Williams
On Mon, 2012-09-24 at 23:05 +0200, Bron Gondwana wrote: 
> On Mon, Sep 24, 2012, at 11:30 AM, Deniss Gaplevsky wrote:
> > hello,
> > i have a question to Brong as main powering force of cyrus development.
> > I know cyrus is used at fastmail/opera for serving a lot of users.
> > But stable branch 2.4 has a lot of performance related issues - like
> > statuscache usage, grisly index lookups, etc - fixed in 2.5 which is not
> > stable and not available as tarballs so far.
> > Im curious what is the cyrus branch/version in use at Fastmail/Opera
> > currently ? How well it is compatible to cyrus 2.4 branch ?
> We're running master + our local patches in production at FastMail.
> You may have noticed a bunch of work last week on master - I'm pushing
> as much time as I can into preparing for a real 2.5 release.  Even if
> it doesn't include everything we want, we can do a 2.6 more quickly next
> time.  

And more frequent, but less monumental, 'major' version jumps is nice,
BTW.  2.3.x --> 2.4.x was a huge [and a bit scary] jump.   Slowly
letting the awesome soak in is preferred.

BTW, 2.4.x may have some warts, but performance is still much improved
over 2.3.x; at least in my experience.


signature.asc
Description: This is a digitally signed message part

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: Email not appearing in list, but files exist on disk

2012-08-31 Thread Adam Tauno Williams
On Thu, 2012-08-30 at 22:00 -0300, francis picabia wrote: 
> On Thu, Aug 30, 2012 at 5:45 PM, Michael Menge
>  wrote:
> > IMHO the mails have been marked as deleted, but not expunged by the
> > webmailer. Most clients will not show these mails by default and some
> > (e.g. Horde/IMP) count unread mails which are marked as deleted in the
> > summary view.
> > By exiting with Thunderbird these messages got expunged.
> Thanks for the response.  I recovered missing files from tape backup,
> did a reconstruct again and now the messages are all there.
> Very strange because usually Horde displays messages ready
> for expunge with a line strike out, and I had tested the view
> from both dimp and imp before doing any reconstruct.

Horde does have a preference [user setting] to "hide deleted" and (IIRC)
a settings [admin, aka conf.php and lockable prefs.php values] that
effect display-deleted options.


signature.asc
Description: This is a digitally signed message part

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: auxprop ldapdb

2012-08-30 Thread Adam Tauno Williams
On Tue, 2012-08-28 at 12:46 +0200, zorg wrote:
> the documentation is not very clear to me
> If I want to use auxprop with ldapdb
> Do i have to store my user password in clear in ldap or is the another 
> solution

Technically, no.  Generally, yes.

I have some information & examples concerning ldapdb @
 [starting around slide 13].

People get uneasy about storing clear-text in the DSA but it doesn't
bother me.  You are either storing it in the DSA or  sending it over
the wire!  Which is worse?  And if someone breaches the security of your
DSA / DC then you are humped anyway.

> For the moment I m using saslauthd.conf but I wonder if I can use 
> auxprop to be more secure

Yes, then you can use much more secure authentication mechanisms such as
digest.  Clear text auth with encrypted stored passwords is like buying
a handgun to protect your home but always leaving the doors and windows
wide open.


signature.asc
Description: This is a digitally signed message part

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: 4096 file descriptors

2012-08-22 Thread Adam Tauno Williams
On Wed, 2012-08-22 at 14:43 -0400, Ron Vachiyer wrote: 
> Quick question about filedescriptors.  On Centos6, cyrus 2.3.16 seems
> to be able to open 4096 FDs ;
> master[27121]: retrying with 4096 (current max)
> ulimit -a says 1024;
> open files  (-n) 1024
> I am looking to increase this, and have found some documentation
> saying to increse file-max in /proc.  However, file-max already has a
> much larger number;
> cat /proc/sys/fs/file-max
> 1201105

Yep

> The only way I have found so far is to add a ulimit -n 8192
> in /etc/rc.d/init.d/cyrus-imapd

man pam_limits

> Is there a more generic/cleaner way to do this?

Yep, you can setup a limits.conf file that adjusts limits per user, per
group, etc... 


signature.asc
Description: This is a digitally signed message part

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Bug#3642, Special Use Folders, Config

2012-08-07 Thread Adam Tauno Williams


Regarding special-user folders, how do these folders get flagged as
such?  Or is this not available [really usable] in 2.4?  The bug applied
a patch to 2.4.x but the roadmap lists this for 2.5.


signature.asc
Description: This is a digitally signed message part

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: CC destinations dropped

2012-07-20 Thread Adam Tauno Williams
On Thu, 2012-07-19 at 19:22 -0400, brian wrote:
> A client of mine is complaining about not receiving certain messages. 
> Her colleague is also being sent them and receives them just fine. She 
> insists that they are not being sent to her junk folder and that she has 
> no filters that might be moving them elsewhere.

You can check for existence of a SIEVE [filter] script
in /var/lib/imap/sieve/{letter}/{username} [you path may vary a little,
but something like that].

You can grep -d recurse
{message-id} /var/lib/spool/imap/{letter}/user/{username}/* to see if it
is really there.  It may be there event if deleted and expunged if
delayedexpunge is enabled.

Otherwise it is almost certainly an MTA issue.

> I believe the problem does not involve postfix, as pipe appears to be 
> sending both. It looks to me as if lmtpunix is looking at just the one 
> address and thinks there's a duplicate. Note the two duplicate_check 
> lines, both of which reference the julia account. I've sent a test 
> message and indeed the duplicate_check again referenced only the julia 
> account again, and admin did not receive it.

Where is the e-mail coming from?  It is possible it really is a
duplicate message-id?  some real-world devices recycle message ids [our
Xerox document centers do].

>postfix/pipe[26606]: 66E757A25FC: to=, 
> relay=procmail, delay=0.2, delays=0.16/0/0/0.04, dsn=2.0.0, status=sent 
> (delivered via procmail service)
>postfix/pipe[26606]: 66E757A25FC: to=, 
> relay=procmail, delay=0.2, delays=0.16/0/0/0.04, dsn=2.0.0, status=sent 
> (delivered via procmail service)

"delivered via procmail" ???


signature.asc
Description: This is a digitally signed message part

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: Globally shared folder

2012-07-17 Thread Adam Tauno Williams
On Tue, 2012-07-17 at 15:42 +0530, Ram wrote:
> I am using cyrus on linux
> I want to create a folder that has read / write access given to all users.
> Any new user added to cyrus must get access to this automaticall
> Is this possible ?

In cyradm or your other tool just grant permissions to "anyone" - this
represents any authenticated user.

$ cyradm ...
> setaclmailbox {$yourmailbox} anyone {$rights}


signature.asc
Description: This is a digitally signed message part

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: problem Outlook not recieving mail from mailbox

2012-06-23 Thread Adam Tauno Williams
On Sat, 2012-06-23 at 07:58 +0800, JonL wrote:
> I'm having an issue where the mail is going to the mailbox and that I
> can verify, but for some reason Outlook 2003 cannot connect to the
> mail server although I can ping from server to client and from client
> to server.  Something is stopping the connection from happening.
> Since I'm fairly new to this would appreciate some help.
> I can telnet to the image server and I only get the  following:
> * OK linux-srv Cyrus IMAP4 v2.2.12 server ready
> Any help would be greatly appreciated

Perhaps Outlook is configured to use SSL [which uses a different port]
or TLS and the server is not configured to support TLS.

[BTW: Both Outlook 2003 and Cyrus 2.2 are very old;  Cyrus 2.2 is
extremely old.]

Have you disabled the Exchange extensions?  These can interfere with
'normal' IMAP connections, especially in Outlook 2003.

Tools -> Options -> Other -> Advanced -> Options -> Add-In Manager ->
Uncheck Exchange Extensions property.





signature.asc
Description: This is a digitally signed message part

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: IMAP error reported by server. Invalid body section.

2012-06-22 Thread Adam Tauno Williams
On Thu, 2012-06-21 at 13:07 -0300, Rodrigo Abantes Antunes wrote:
> The source from horde3 is exactly the same as horde4

That is expected.  It isn't the message but the interpretation of the
message.  These evil messages contain many named parts separated by a
boundry (the boundry value is declared in the header of the message).
Then parts of a message can refer to other parts of the message.  So
either H4 can't correctly [or incorrectly!] parse the message into parts
by boundry or one part references another part that isn't found.

It would be useful to ask this question on the Horde / IMP mail list.

>  and I think all  
> the message parts are there, at least there is a . If you  
> want I can forward you the message to your personal mail.

It isn't  stuff but the parts of the message as they are referred
to in the HTML.


signature.asc
Description: This is a digitally signed message part

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: IMAP error reported by server. Invalid body section.

2012-06-21 Thread Adam Tauno Williams
On Wed, 2012-06-20 at 18:20 -0300, Rodrigo Abantes Antunes wrote:
> Hi, I use horde webmail and I thought my problem was related to horde  
> but like they said it isn't, it's something to do with cyrus, I'd like  
> your help to discover what could I do to solve this. My problem is  
> described here:
> http://bugs.horde.org/ticket/11223

If you look at the source of the message [view message source from your
'old' Horde server'] you should be able to tell if all the message parts
actually exist.  Or have you tried viewing the message in Thunderbird or
Evolution?



signature.asc
Description: This is a digitally signed message part

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: I/O error moving mailbox

2012-06-21 Thread Adam Tauno Williams
On Thu, 2012-06-21 at 11:57 +0200, Javier Sánchez-Arévalo Díaz wrote:
> I'm experiencing some problems moving a mailbox from one partition
> ("default") to another ("part3").
> I have already moved more than 19000 mailboxes from "default" to
> "part3" but I don't know why I'm unable to move 
> "user.col1901"

If you tail your mail / messages log do you see any messages when you
try to move the mailbox?

> When I try to do It I receive the next error:
> [...]
> localhost> renm user.col1901 user.col1901 part3
> renamemailbox: System I/O error
> [...]
> I have checked permissions and even I have given 777 to this mailbox:

It probably isn't a good idea to mess with filesystem permissions.  As
long as everything is owned by your cyrus user it should be just fine.



signature.asc
Description: This is a digitally signed message part

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: Self compiled Cyrus 2.4.16 does not talk to self compiled Cyrus SASL 2.1.25

2012-06-19 Thread Adam Tauno Williams
On Tue, 2012-06-19 at 11:17 +0200, Eric Luyten wrote:
> (hitting the same wall over and over again when upgrading)
> Cyrus SASL is working/looking in /var/state/saslauthd all
> right, but Cyrus 2.4 appears to be writing elsewhere, and
> we cannot find out where exactly.

Are you sure it is loading your compiled libraries and not your
distributions 'defacto' ones?  [ldd /usr/lib/cyrus/bin/imapd - your
should see a reference to your SASL libraries]

BTW - why are you self-compiling?  Really good packages exist for lots
of distributions.

> Have tried 'saslauthd_path' option in /etc/imapd.conf to
> no avail.

So when you run testsaslauthd it works?

> I pretty much copied our Cyrus 2.3 configuration files over
> to the test environment


signature.asc
Description: This is a digitally signed message part

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus

Re: unsubscribe

2012-05-21 Thread Adam Tauno Williams
On Mon, 2012-05-21 at 11:32 +, Ian Eiloart wrote:
> On 18 May 2012, at 14:45, Adrian Kovacs wrote
> Using the mechansims described in the List-Unsubscribe header:
> List-Unsubscribe: 
> Having said that, European Union countries usually require that the
> mechanisms be easy to use. In my view, that means that they should be
> described in the message footer (not hidden in a header). The more
> obvious paths from the URLs listed in the footer require cyrus.edu
> accounts for unsubscription.

This behavior has been *standard* for decades.  A good mail client even
provides an option - I view a message from the Cyrus list in Evolution
and Message -> Maillist -> Unsubscribe is right there as an option.

You are using Exchange [ + Outlook? ];  so I'm pretty sure that option
is there on your screen somewhere.

> The argument that list members ought to be able to find the
> List-Unsubscribe header because they're email professionals doesn't
> wash.

You mail client should recognize the presence of this header and provide
an option.   And looking at message headers is hardly a 'profession'
level action.


signature.asc
Description: This is a digitally signed message part

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/

rehash docs [cyrus-imapd 2.4.16 released]

2012-04-25 Thread Adam Tauno Williams
> Is the answer to that question "Yes";  sites that do not specify
> "fulldirhash" or have a "fulldirhash: 0" in their imapd.conf are not
> affected and do not need to rehash.
> The correct rehash procedure is to execute -
> /usr/lib/cyrus-imapd/rehash -v -F /etc/imapd.conf
> [at least on my boxes "rehash" does not have a manual page; and rehash
> --help or rehash -? just errors]

There is no mention of "rehash" on
 either.


signature.asc
Description: This is a digitally signed message part

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/

Re: (important) cyrus-imapd 2.4.16 released

2012-04-25 Thread Adam Tauno Williams
On Thu, 2012-04-19 at 11:00 +0100, Jeroen van Meeuwen wrote: 
> Hi there,
> 
> I'm forwarding this message posted to the announcement mailing list 
> originally, to let you know any upgrades should target 2.4.16 as opposed to 
> 2.4.15.
> 
> We are pleased to announce the release of Cyrus IMAPd 2.4.16.
> [1] https://bugzilla.cyrusimap.org/show_bug.cgi?id=3651

The bug contains the comment:
Can we please confirm/deny this only breaks systems with fulldirhash: 1 
configured?

Is the answer to that question "Yes";  sites that do not specify
"fulldirhash" or have a "fulldirhash: 0" in their imapd.conf are not
affected and do not need to rehash.

The correct rehash procedure is to execute -
/usr/lib/cyrus-imapd/rehash -v -F /etc/imapd.conf

[at least on my boxes "rehash" does not have a manual page; and rehash
--help or rehash -? just errors]



signature.asc
Description: This is a digitally signed message part

Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/

  1   2   3   4   5   >