Re: Posting directly to subfolder / +-Notation [postfix]
On Wed, 30 Mar 2005, Christoph Moench-Tegeder wrote: Well... p is used for LMTP submissions. The sender is always your MTA. You might configure postfix to authenticate to lmtpd, but then there is alwas postfix sending. Get the point? However, the LMTP session can authorize each message as a particular sender as well. So while the postfix server authenticates to the LMTP server as postfix or whatever, the postfix server is then trusted to be correct when it says this message sent by xyz. In that case, you can use SMTP Auth to your postfix server to submit the message, which then relays the authentication info for the message. This is a how to go about implementing restricted post shared folders. -Rob - Rob Siemborski --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Cyrus POP3 Issue
On Mon, 14 Mar 2005, Marco Colombo wrote: Now, can you claim conformance to RFC 2831 if you're using /dev/urandom? Does the fact that your cyrus server is heavily used fall under those particular circumstances? Or is it normal operations, instead? What are the valid reasons you found not to use /dev/random, in your _particular_ case? That the server will basicly fail to function if /dev/random is blocks indefinately? If a site feels they need more entropy, they can always use /dev/random (or any other source of entropy). We originally had that as a default configuration, but in a large number of deployments, it caused more problems than it solved. -Rob - Rob Siemborski --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Cyrus POP3 Issue
On Mon, 14 Mar 2005, Marco Colombo wrote: I'm not happy to hear there is a 'large number of deployments' where RFC 2831 recommandation is violated. The admins of those site should consider either getting more resources (entropy, in this case) or stop running any strong but demanding SASL mechanism (or SSL/TLS). Once again, by definition, a large number does not mix well with the particular circumstances mentioned in the RFC. It is highly likely that unless they have a REALLY good source of entropy, they could still be relatively easily DOS'd just by asking for lots of DIGEST authentications. What's the point in using any strong auth mech in a way that violates its RFC recommandations? Moreover, is it ok for any software having a _default_ configuration that acts against some RFCs? Its not acting against or violating the RFC. The RFC specifies a SHOULD. There is a supported configuration that agrees with the SHOULD even. Its very important to keep in mind that the attack that is being defended against here would be extraordinarily difficult to make use of in practice, since the only benefit you'd see out of not having good entropy is the ability to select the server's nonce by controlling the PNRG of the server. So you could possibly precompute lookup tables based on the selected nonce which would allow you to break the shared secret (and thus, the session). It is quite likely the case that there are easier attacks other parts of the server beyond the authentication exchange that would allow you to access the shared secret directly. Or its atleast spending the time to look for them before trying to predict the PNRG output. Having said that, now I'll let this thread die, I promise. :-) Sounds good. - Rob Siemborski --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Cyrus POP3 Issue
On Fri, 11 Mar 2005, Marco Colombo wrote: Ok technically speaking SSL/TLS is not part of SASL. But the two are related. Maybe I'm biased by the fact that most of the connections I see are SSL+plaintext. So I was referring to SSL keys actually. Sure, or, say, kerberos keys. For what SASL is using it for, its a far lesser sin. I have to say I'm not familiar with CRAM-MD5/DIGEST-MD5. But in the latter the channel can be encrypted, so I guess at some point a shared session key is generated. Yes, there is a session key here, but the information it is based off of is the nonces (as I said, they need to be sent in the clear anyway, so coming from urandom doesn't matter that much), the shared secret, and some static text. See RFC 2831. -Rob - Rob Siemborski --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Cyrus POP3 Issue
On Fri, 4 Mar 2005, Henrique de Moraes Holschuh wrote: On Thu, 03 Mar 2005, L. Mark Stone wrote: The POP server component is giving us a problem. It often fails to respond to connection requests in a timely manner, if at all. IMAP Disable APOP, or get SASL to use /dev/urandom like it should be doing in any sane distribution (SASL is not generating long-term keys which would be a good reason to use /dev/random). Almost right. SASL doesn't generate *keys* using this, it generates *nonces*, which are known to the attacker anyway, since they are transmitted in the clear anyway. It just matters that they don't repeat often enough to bother precomputing values for. If SASL was using this for key generation, then yes, most of the comments in this thread have merit. -Rob (Hmmm, its possible that the SRP plugin is using this for something else, I'm not familiar enough with SRP and would have to ask Ken). - Rob Siemborski --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: ACAP Status, again
On Sat, 25 Dec 2004, Gerhard Gonter wrote: After scanning quickly through the mail archives, I got the impression that ACAP is pretty much ... uh... in a coma. The last mail about the status was from Sep. 2002. Has anything changed since then? Is it worth to play around with it at all? ACAP was mostly replaced in the role that CMU/Cyrus was planning to use it for by the MUPDATE server, which has very limited functionality next to ACAP, but does exactly what the Murder architechure needs without doing lots of other things to make the implementation complex. -Rob - Rob Siemborski --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: ACAP Status, again
On Sun, 26 Dec 2004, Gerhard Gonter wrote: On Sun, 26 Dec 2004 11:39:45 -0500 (EST), Rob Siemborski [EMAIL PROTECTED] wrote: [...] ACAP was mostly replaced in the role that CMU/Cyrus was planning to use it for by the MUPDATE server, which has very limited functionality next to ACAP, but does exactly what the Murder architechure needs without doing lots of other things to make the implementation complex. Thanks for that pointer, I'll try if I can get away with murder ;) Am I right to assume that the appication configuration access part of the ACAP server is not part of the current picture at CMU? As far as I know, thats the case. Most of the problem is that there aren't really a wealth of clients that support it (as it is, finding IMSP clients is hard :). -Rob - Rob Siemborski --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: authentication using kerberos
On Wed, 22 Dec 2004, Aleksandar Milivojevic wrote: Rob Siemborski wrote: On Tue, 21 Dec 2004, Aleksandar Milivojevic wrote: saslauthd: auth_krb5: krb5_get_init_creds_password saslauthd: do_auth : auth failure: [user=username] [service=imap] [realm=] [mech=kerberos5] [reason=saslauthd internal error] Do you have a host/(hostname) key in the database? OK, so I added host/hostname key. And the authentication against AD now works. I guess this step can't be skipped... It can be if you use Heimdal for your unix side kerberos library. Its been a while since I've looked at this and the reason for the difference escapes me at the moment. However, I have several AD domains. Is it possible to define list of users and to which domain (realm) they belong, so that they just type the username (which is guaranteed to be uniq across all realms in my case), and cyrus imapd/saslauthd autheticates against correct AD server? I suspect that you could do this with a code modification, but I don't believe there is support for deriving the correct domain internally. If the only way is for the user to specify the realm (as in [EMAIL PROTECTED]) when logging in (which I'd rather avoid, if possible), I have another problem ;-) When I type [EMAIL PROTECTED] in MUA, authentication goes well, but IMAPD responds with invalid mailbox message. Do I need to create (in this case) all mailboxes as [EMAIL PROTECTED] Or? Virtual domains. -Rob - Rob Siemborski --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: authentication using kerberos
On Tue, 21 Dec 2004, Aleksandar Milivojevic wrote: saslauthd: auth_krb5: krb5_get_init_creds_password saslauthd: do_auth : auth failure: [user=username] [service=imap] [realm=] [mech=kerberos5] [reason=saslauthd internal error] Do you have a host/(hostname) key in the database? That said, you're not really Authenticating using kerberos here, you're just doing password verification, which in many ways defeats the point. -Rob - Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Is unixhierarchysep: yes the norm now?
On Thu, 21 Oct 2004, Dan Delaney wrote: Hello all. Just starting to configure Cyrus and convert all of my mbox files to it. I was wondering, is it the norm these days to use unixhierarchysep:yes? Are there any modern email clients that don't work either with it or without it? None that I know of. CMU uses unixhierarchysep: no quite successfully, many other sites use yes equally successfully. yes give you the advantage of being able to have dots in the user names (for inboxes), which is important for some installations. Note that within a murder enviornment you need to use the same setting throughout. Ken -- is unixhierarchysep: yes required for virtdomains? I don't recall... -Rob - Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Cyrus authentication mecs
On Thu, 21 Oct 2004, Tom Bryntesen wrote: What kind of authentication mechanisms do you recommend when using Cyrus on a system with about 10.000 users. It may well be about 1.000 concurrent connections, I guess. (RedHat Enterprise AS server on two cluster-servers linked to a SAN-disk system with the mail-/spool-store are planned for the task.) It's for a corporate environment with one domain only. Kerberos (GSSAPI)! Of course, You probably want to use clients that do not support Kerberos, so that means plaintext (over TLS). Is it possible to use the traditional web-cyradm approach on such a system with mySQL or is LDAP the best solution ?? What backend store you use probably depends more on what you are currently familiar with and currently have deployed than anything else. -Rob - Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
RE: ACL for pop-only ?
On Fri, 15 Oct 2004, Michael King wrote: I believe removing the c flag will remove the rights to create subfolders. You'll want to also remove the a flag, if set, as this will let them change the ACLs on the folder in question. I don't know if being owner of the folder will override this, but I don't think it will. By default it does because it seems that quite frequently semi-aware users can be quite destructive with their own ACLs. So, the default is to allow the users to be able to fix this themselves (and, at the same time, create subfolders always -- since this is how an IMAP server is expected to behave in the general case). However, as Ken pointed out, the implicit_access_rights imapd.conf option should be able to fix this. -Rob - Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: 2.2.8 vs. 2.1.15: different process spawning behavior?
On Tue, 19 Oct 2004, Sebastian Hagedorn wrote: --On Sonntag, 17. Oktober 2004 15:30 Uhr +0200 Simon Matter [EMAIL PROTECTED] wrote: Did you try running with the default cyrus.conf just to see how it goes? With the following line I get exactly 2 lmtpd running until mail arrives. That's not the issue. What seems to be different is the behavior once the number of processes has increased. In the meantime I have observed that eventually the number of processes *does* decrease again, but generally they seem to stick around much longer than they used to. I've looked at the source and don't see any reason why ... it doesn't bother me too much, though ;-) At what rate are your messages arriving? I seem to recall that we made a change at one point that affected IMAPd whereby connections that used to fatal() unnecessaraly no longer did (i.e. they exited when a connection was broken but not in the middle of a command). I can't find that we made a similar change to lmtpd, however.. Its entirely possible that the lmtpds are just getting reused often enough that they don't time out. -Rob - Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: sasldb2 OR sasldb2.db
On Thu, 29 Jul 2004, A Clockwork Orange wrote: There mentioned file sasldb2 in saslv2 but I get sasldb2.db!!! Depending on your database backend, it may be various different names (and sometimes multiple files!) When a create new users the size of this file sasdb2.db does not cchange and time changes What so? What is happening? Its possible the database can be extended without being modified. Does sasldblistusers show the user? -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Cyrus IMAPd 2.2.8 Released
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I'm pleased to announce the release of Cyrus IMAPd 2.2.8. This release corrects a minor issue found with the handling of Sieve notifications in 2.2.7. Download the release at: ftp://ftp.andrew.cmu.edu/pub/cyrus/cyrus-imapd-2.2.8.tar.gz or http://ftp.andrew.cmu.edu/pub/cyrus/cyrus-imapd-2.2.8.tar.gz - -Rob - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper -BEGIN PGP SIGNATURE- Version: PGP 6.5.8 Comment: Made with pgp4pine 1.76 iQA/AwUBQQlG02es8cJc4y/MEQJPLACeJhrMxuOm/z3NyTTM8DbVAXt+Zt8AoInP 2flml2ZuKzvuc3yBTJNOWxPN =erMm -END PGP SIGNATURE- --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Cyrus IMAPd 2.2.7 Released
On Wed, 28 Jul 2004, Simon Matter wrote: And now, the stage dir looks like this [EMAIL PROTECTED] log]# ll /var/spool/imap/stage./ total 23856 -rw---1 cyrusmail 4938 Jul 28 00:59 10010-1090969170-0 -rw---1 cyrusmail 3021 Jul 28 10:34 10597-1091003682-0 -rw---1 cyrusmail 4464 Jul 28 10:29 10603-1091003396-0 -rw---1 cyrusmail0 Jul 28 01:17 10783-1090970257-0 -rw---1 cyrusmail 3505 Jul 28 08:46 10815-1090997170-0 ... ... My question is, what do the files in the stage. dir mean? Are those mails lost, I mean not delivered to mailboxes? I should I deal with them? It means LMTPd crashed in the middle of an APPEND (the segfaults you're seeing). If your MTA is sane, it will redeliver. The patch that avoids dropping these won't necessarally work in this case, it only works if an unexpected fatal() happens. Can you get a backtrace of one of the core files? -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: subscribing to folders
On Tue, 27 Jul 2004, Alexander Brill wrote: On Fri, 2004-07-23 at 15:46, Rob Siemborski wrote: On Thu, 22 Jul 2004, Alexander Brill wrote: Is it possible to force subscribtion of a folder to another user by using the admin-user? I couldn't find any info about it in the docs and RFCs. If you use proxy authentication, then you can authenticate as the admin but authorize as the user, and then subscribe them to the folder. Could you reference me to some rfc's or other docs on the subject? I tried the PROXYAUTH-command (comes with python imaplib), but it wasn't recognized as a command on my server. Huh? You just use the IMAP AUTHENTICATE command and a SASL mechanism that supports separate authroization and authentication IDs. (see -a and -u options to imtest, for example) -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: subscribing to folders
On Tue, 27 Jul 2004, Alexander Brill wrote: Huh? You just use the IMAP AUTHENTICATE command and a SASL mechanism that supports separate authroization and authentication IDs. (see -a and -u options to imtest, for example) I tried fiddling around a bit with the AUTHENTICATE-command. But for some reason I don't have an AUTH field in my CAPABILITES response, so therefore I couldn't examine it further (odd?). Do you only support plaintext mechanisms? These won't be advertised unless you are under a TLS layer. -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: subscribing to folders
On Tue, 27 Jul 2004, Alexander Brill wrote: Do you only support plaintext mechanisms? These won't be advertised unless you are under a TLS layer. Yes, I am, cyrus.conf: sasl_mech_list: PLAIN But when I try to 'AUTHENTICATE PLAIN', I receive 'NO, no mechanism available'. What am I missing here? From my previous message: These won't be advertised unless you are under a TLS layer. -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: a slightly confusing log message
On Tue, 27 Jul 2004, Kjetil Torgrim Homme wrote: after a fresh install compiled --with-idled I found this message in my syslog: idled[29245]: construct_hash_table called without a size idled[29245]: exiting the reason for this is trivial, it counts the number of mailboxes, and passes that on as the size. at this point, I had zero mailboxes :-) I suggest this pseudo-patch for imap/idled.c: /* create idle table */ - construct_hash_table(itable, nmbox, 1); + construct_hash_table(itable, nmbox + 1, 1); ifreelist = NULL; simply to avoid false alarm :-) Committed and Credited. -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: v2.1.14 freeze from LIST %
On Fri, 23 Jul 2004, SideWinder wrote: At 16:49 23.7.2004, Rob Siemborski wrote: Are you sure this is actually going across the wire? This is a new one. Yes, just tested over a terminal connection: * OK IMAP4 Ready *** 0001dcc5 0 LOGIN 0 OK You are so in 1 LIST % This is not a cyrus imap server (we don't return 'You are so in' in response to a login command). Perhaps you should contact your IMAP server vendor. -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Cyrus IMAPd 2.2.7 Released
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I'm pleased to announce the release of Cyrus IMAPd 2.2.7. This release corrects a number of bugs including ones related to portability, the quotadb backend, and MULTIAPPEND support, among others. If you're running a version of cyrus after 2.2.3, you'll definately want to upgrade. A full list of changes is available in doc/changes.html in the distribution. Download the release at: ftp://ftp.andrew.cmu.edu/pub/cyrus/cyrus-imapd-2.2.7.tar.gz or http://ftp.andrew.cmu.edu/pub/cyrus/cyrus-imapd-2.2.7.tar.gz - -Rob - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper -BEGIN PGP SIGNATURE- Version: PGP 6.5.8 Comment: Made with pgp4pine 1.76 iQA/AwUBQQVUa2es8cJc4y/MEQKqsQCcDsc8JWITf/sLOoOlx8xhrOwVso4An2YD RFeEhIE/7m0GNHGa+yDcALkM =Zz6a -END PGP SIGNATURE- --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: v2.1.14 freeze from LIST %
On Wed, 21 Jul 2004, SideWinder wrote: MAIN 64:0.2 Rcvd: 2 OK Completed (0.000 secs 2 calls)\r\n MAIN 32:0.2 Sent: 3 LIST %\r\n connection times out here Are you sure this is actually going across the wire? This is a new one. -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Mailbox has an invalid format on 2.1.16
On Thu, 22 Jul 2004, Eddy Beliveau wrote: ... said: 451 4.2.0 Mailbox has an invalid format (in reply to RCPT TO command)) followed by one of my mailbox id So, I just assume that I have a corrupt mailbox index ? Most likely. How can I correct it ? Use the reconstruct utility. -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: service-thread.c: add logging of EMFILE [per process open file descriptors limit]
On Fri, 23 Jul 2004, Andrzej Filip wrote: Could service-thread.c log getting EMFILE error from accept call ? [ EMFILE The per-process limit of open file descriptors has been reached ] I am under impression that at least two problems with smmapd (socket map daemon) reported to the list had been caused by hitting EMFILE. I know there was a recent file descriptor leak in the quota code, were there others? I am sure it would help to identify some problems in other services too. Where would you like to add this logging, specifically? -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Mailbox has an invalid format on 2.1.16
On Fri, 23 Jul 2004, Eddy Beliveau wrote: then I send a new test mail to that user; mailq still tell me 'Mailbox has an invalid format ' Any details in the cyrus logs? Maybe the quota file for the mailbox is corrupt? How can I correct that corruption without being logged into the mystoreServer ? Sometimes that isn't possible. Can I do a reconstruct from a remote server ? Yes, but sometimes the mailbox has some other corruption. -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Mailbox has an invalid format on 2.1.16
On Fri, 23 Jul 2004, Eddy Beliveau wrote: The cyradm's reconstruct command is not working correctly (which seems to be the case) Still trying to find a remote solution Any hints ? Looking at cmd_reconstruct in imapd.c may be illuminating, as would tracing what is different about what it executes vs what you execute. It looks like there might be an internal/external mailbox name issue. -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Kerberos authorization in IMAP
On Wed, 21 Jul 2004, Nikola Milutinovic wrote: The docs state that, if using Krb5 authz, instead of UNIX authz, one can use ACLs in the form of a Kerberos5 regular expression, like these: */[EMAIL PROTECTED] [EMAIL PROTECTED] nikola/[EMAIL PROTECTED] Huh? That's completely bogus -- where is this stated in the documentation? -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: setting INTERNALDATEs
On Wed, 21 Jul 2004, Jukka Salmi wrote: Any idea how to solve this problem? Is it possible at all to change the internal date of a message? If you reconstruct a mailbox without a cyrus.index file, it should grab the internaldate from the timestamp of the file. So, re-timestamp all the files (with touch), then remove cyrus.index and reconstruct the mailbox. Of course, this will cost you your \Flagged, \Answered, and \Deleted flags (But not \Seen) -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: patch, bad manual page
Fix to the source file committed (imapoptions -- the manpage is generated via a script). -Rob On Wed, 21 Jul 2004, Palle Girgensohn wrote: Hi, A badly formatted row in a man page made man go kinda berzerk. Can't find the CVS to see if it is fixed, here is a patch anyway... Cheers, Palle --- man/imapd.conf.5.orig Thu Jun 17 20:55:50 2004 +++ man/imapd.conf.5Wed Jul 21 03:20:23 2004 @@ -187,7 +187,7 @@ If enabled, uses an improved directory hashing scheme which hashes the entire username instead of using just the first letter. This changes hash algorithm used for quota and user directories and if -\fIhashimapspool\rR is enabled, the entire mail spool. +\fIhashimapspool\fR is enabled, the entire mail spool. .PP Note that this option can NOT be changed on a live system. The server must be quiesced and then the directories moved with the --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
RE: Virtual Memory Consumption of Cyrus IMAPd
On Mon, 19 Jul 2004, Andrew Brink wrote: I have also seen this sasauthd memory leak on a Debian box. A simple restart always fixes the problem for me too. When we get reports like this it inevitably turns out to be the PAM module leaking memory, not saslauthd itself. -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Virtual Memory Consumption of Cyrus IMAPd
On Tue, 20 Jul 2004, Mohamed Magdi Abbas wrote: Rob Siemborski wrote: On Mon, 19 Jul 2004, Andrew Brink wrote: I have also seen this sasauthd memory leak on a Debian box. A simple restart always fixes the problem for me too. When we get reports like this it inevitably turns out to be the PAM module leaking memory, not saslauthd itself. But then why would a restart of saslauthd itself fix things, i.e. release the swap space (it or someother piece down the line) used up? PAM modules are used as libraries by the running process. If they leak memory as part of the saslauthd process, then killing saslauthd will release the leaked memory. -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Cyrus SASL 2.1.19 Released
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I am pleased to announce the release of Cyrus SASL 2.1.19 on ftp.andrew.cmu.edu. This release contains a large number of bugfixes and cleanups from the last version, including the -r option for saslauthd to instruct it to reassemble realm and username into a username of [EMAIL PROTECTED] form. There is now also support for passing of GSSAPI credentials, and support for SQLite in the SQL auxprop plugin. Please send feedback to [EMAIL PROTECTED] or [EMAIL PROTECTED] (private list). Download at: ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/cyrus-sasl-2.1.19.tar.gz or http://ftp.andrew.cmu.edu/pub/cyrus-mail/cyrus-sasl-2.1.19.tar.gz - -Rob - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper -BEGIN PGP SIGNATURE- Version: PGP 6.5.8 Comment: Made with pgp4pine 1.76 iQA/AwUBQPVbomes8cJc4y/MEQLeVwCdEin1LiEG4VL3LC2aT1KYL3L2LVAAoK5j V4VFvS+MJ6sCL6rnijlZ+hlY =JgbM -END PGP SIGNATURE- --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: More info: different APPEND behavior v2.1.15 / v2.2.6
On Wed, 14 Jul 2004, Andrew J Caird wrote: Upon further testing, this behavior seems to have surfaced between v2.2.3 and v2.2.4 and is also in v2.2.5 and v2.2.6. The changes listed between v2.2.3 and v2.2.4 aren't too extensive; the only thing that looks like it could have impacted this behavior is: o All incoming messages are now staged to disk before locking the destination mailbox (locks are no longer held during a network read). If it seems reasonable that this could be the problem, can someone point me in the right direction to try to track this down? Yes, this appears to have been the source of the problem -- we're looking at it now. -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
RE: Problems with idle pop3 connections locking mailboxes
On Mon, 12 Jul 2004, Michael Loftis wrote: --On Monday, July 12, 2004 17:16 -0500 Michael Sims [EMAIL PROTECTED] wrote: As promised, I'm following up to the list on the status of this problem, in case anyone has an issue like this in the future. It does appear to have been caused by our intrusion detection device. Our network manager configured this device to avoid scanning POP3 connections and for the past two weeks I have not seen any more pop3 daemons stuck in the middle of a write(). I may be jinxing myself by saying that the problem is resolved but it certainly appears to be so. write() to disk or network? if network then sounds like a nasty deadlock in the NIDS. i never did like NIDS that required inserting themselves into the traffic stream. It was a write() to network. -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Bug in Cyrus-2.2.6 configure (with suggested patch)
On Thu, 8 Jul 2004, Paul Boven wrote: The last statement (with_bdb_inc=$with_bdbval/include) does not work because $with_bdbval does not exist. Changing it to $with_bdb fixes things. I've attached a patch for configure.in (trivial but untested because I don't have the whole automake/autoconf family setup right now) This has already been fixed in cvs. -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Bug in Cyrus-2.2.6 configure (with suggested patch)
On Thu, 8 Jul 2004 [EMAIL PROTECTED] wrote: I hate to ask, but what's on the table for things that need to be done before a 2.2.7 release? There isn't a specific table, I'm just extraordinaraly busy right now. We will almost certainly see a 2.2.7 before the end of the month. -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: MTA - where to send mail in a MURDER env
On Thu, 8 Jul 2004, ML mail wrote: I am currently setting up a MURDER environement with one frontend server and one backend server to start with. The MTA (Sendmail) for incoming mails (MX) will be running on the frontend server. Now my question: where should the MTA send the incoming mails ? Should the MTA send it to the frontend server via LMTPProxy or should it send it to the backend via LMTP ? You need to send it to an lmtpproxyd, but there's no reason to put that on a frontend -- we run our lmtpproxyd's on the same hosts as our MTAs (via unix socket). -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: MTA - where to send mail in a MURDER env
On Thu, 8 Jul 2004, ML mail wrote: Well actually in our case we will start with one frontend and one backend server where the mupdate server and the MTA will both run on the frontend server. So for this case I guess it makes sense to have our MTA on the frontend server send mails via LMTP (unix socket) to the lmtpproxyd on that same frontend server, am I right so far ? Yes. -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: High availability ... again
On Tue, 6 Jul 2004, Kevin Baker wrote: How would we indicate our interest to the development team? How are updates and future development project priorities decided? Several methods.. Supplied patches often get a high priority (though not in this case, since we have a patch that is very complicated and not easy to apply since it is based off of different implementations of the expunge code that is in the 2.3 CVS). Quite honestly, development priorities are most often (Though not always) set around what CMU needs most at the time. Sort of selfish, but very true. Things like virtual domains got implemented because Ken was bored though. Another way to indicate your interest is with a hefty donation to CMU, of course :) -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: [unix socket] header
On Wed, 7 Jul 2004, Cameron Knowlton wrote: actually, it's my own home brewed applescript, but that's not important... I'd like to remove the header if possible. any ideas? Change the source code in lmtpengine.c to say what you need. -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: unable to login
On Wed, 7 Jul 2004, Wil Cooley wrote: On Wed, 2004-07-07 at 12:45, Mike Beattie wrote: And I hate to point out, but then, if a malicious user manages to find a flaw in cyrus they could hypothetically use that flaw to get a copy of /etc/shadow. (If I'm mistaken, *please* correct me) Only the second worst thing after actually getting a root shell, IMO. Well, I suppose it's possible, but it's better than giving all SASL applications read access to /etc/shadow, because there's far less code to review and audit in saslauthd than Cyrus IMAP, Postfix, OpenLDAP, etc. Not to mention that applications communicate with saslauthd over a socket protocol, which one hopes goes to great lengths sanitize input. Wil nailed it dead on. At some level, *something* is going to have to read /etc/shadow if that is how you are doing your authentication. Saslauthd limits the amount of code that needs to access that file (and thus the amount of code to verify). -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Open file limits
On Mon, 5 Jul 2004, AJ wrote: Hi, Can anyone share experiences with running out of open files on Linux? I am using a 2.4.26 kernel, and the system wide open file limit is rather large. Do I need to set anything other than this? The default limit of 1024 is in effect for both cyrus and root. What version of cyrus are you running? -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: ANNOTATEMORE Patch submission
On Mon, 5 Jul 2004, Stephan Buys wrote: The second patch is optional, and more of a suggestion from the Kolab developers. This will add support for /vendor/* to ANNOTATEMORE. Maybe it is worthwhile considering this option, it should not have any foreseeable negative impact on the server, and going forward it would add a lot of flexibility to the ANNOTAMORE function, thus speeding up adoption thereoff. Please attach this to our bugzilla. I don't have time to review it thouroughly now and I don't want it to get lost. We're not going to commit the first patch, this should just be fixed the right way. -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: encoded packet size too big
On Tue, 6 Jul 2004, Andreas wrote: Here I applied only the patch at the bugzilla entry below in order to fix the problem (cyrus-sasl-2.1.18): https://bugzilla.andrew.cmu.edu/show_bug.cgi?id=2457 This patch corresponds to revision 1.88. I'll have a closer look at the changes in 1.89. -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: encoded packet size too big
On Tue, 6 Jul 2004, Rob Siemborski wrote: On Tue, 6 Jul 2004, Andreas wrote: Here I applied only the patch at the bugzilla entry below in order to fix the problem (cyrus-sasl-2.1.18): https://bugzilla.andrew.cmu.edu/show_bug.cgi?id=2457 This patch corresponds to revision 1.88. I'll have a closer look at the changes in 1.89. After talking with Sam Hartman, it became apparent that MIT gets the implementation of gss_wrap_size_limit right and Heimdal gets it oh...so...wrong. I've committed a patch that should make this work in both cases, however. -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: MURDER or IMAP proxy solution ?
On Thu, 1 Jul 2004, Greg Pulfer wrote: At the time that the document to which you refer was written, it had also received substantially more testing, this is not really the case any longer. You mean that documentation is a bit outdated nowadays ? No, I mean that the murder has received significantly more testing since it was written. That's true 200 mailboxes is nothing but it will grow rapidly and I was thinking if I already configure my site with a MURDER configuration I will have less work after adding extra backend server or frontend servers. I would like to start with one frontend server (also running the MUPDATE server) and one backend server. And pretty soon I should be adding a second backend server. Don't you think it's less work for the future if I already start with a mini MURDER configration? Possibly, but you may be surprised how far a single server can scale. (Of course, you're probably asking the wrong person about how easy it is to set up an aggregator, but...). Really, moving from a single backend to a backend+frontend configuration is fairly simple, provided you have the authentication issues worked out. -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: MURDER or IMAP proxy solution ?
On Fri, 2 Jul 2004, Etienne Goyer wrote: This will have to be confirmed by people more experienced than me, but I think you could start with a standalone Cyrus server, and when you want to switch to a Murder setup, recompile this server with --enable-murder and make it a backend. As I said, verify this claim before you go ahead as I never did that myself. You can actually compile it with --enable-murder in advance -- that just creates the necessary proxy binaries. Configuring a mupdate server is what is used as the I'm in a murder flag or not. -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Vanishing quota information
On Fri, 2 Jul 2004, Simon Matter wrote: I mean normal operation of the server, no quota call involved. The affected mailboxes are just randmon, it happens now and then and I don't see anything in the logs (I don't have extensive logging enabled on this production server). It's really difficult to find a way to reproduce it - at least now I don't know how. How are you detecting that they are missing? Could we somehow close the time window on when one went missing a bit and then see if a delivery took place or maybe the mailbox was expunged? -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Vanishing quota information
On Fri, 2 Jul 2004, Simon Matter wrote: time window on when one went missing a bit and then see if a delivery took place or maybe the mailbox was expunged? That's really difficult because there are usually around 200 - 500 imap sessions running and the error happens for ~1 users quota / hour. I'm currently trying to get the error again by running quota and tracing it. Tracing cyrus master + childrens is almost impossible because it slows down too much and the volume is too much. Yeah, I understand, but knowing what type of operation is causing the problem will go a long way to being able to fix it, even if we can't get a full trace. -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Advice for Cyrus version
On Wed, 30 Jun 2004, AJ wrote: I am trying to decide what version of cyrus-imapd to go with in our rollout. I have seen some issues in releases after 2.2.3. I am thinking of sticking with 2.2.3 for now, but read that the mailboxes.db file should not be in Berkeley db format, which i think is true for 2.2.3. Any advice would be great. With the exception of some issues we found yesterday with the quota tool (which is not necessary in normal operation), 2.2.6 should be pretty stable. If that scares you off, then stay with 2.2.3. You should use skiplist for your mailbox list regardless of version (either 2.1 or 2.2). -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Best way to All Mark as Read
On Thu, 1 Jul 2004, Jean-Christophe Delaye wrote: I wonder if there is a mechanism which provides a way to mark an entire Cyrus Imap hierachy (whith folders, messages and sub-folders etc) as Read. I find this feature usefull when migrating users in conjunction with Adaptive Filters for Junk mail controls. Use a client that provides such a feature? (in other words, iterates through all the mailboxes and sets the flags) -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: MURDER or IMAP proxy solution ?
On Thu, 1 Jul 2004, Greg Pulfer wrote: This made me wonder if I really need the MURDER functionality... First of all can someone exlain me what is a uniform namespace (no shared mailboxes), I am not sure if I need that or not. If I could use a IMAP proxy solution and that would make everything simplier I would go for it. Would I acheive the same horizontal scalability with an IMAP proxy solution as with a MURDER solution ? Basicly, the uniform namespace refers to the fact that the aggregator allows any client to access any mailbox on the aggregator from a single connection to the proxies. Compare to a simpler solution, like Perdition, where once you have authenticated there is basicly a bitpipe to the correct backend (or worse -- dns based solution where users have to know what server their mailbox is on). The proxy solution is better because (presumably) the proxy can handle pipelining clients better (as in, they don't take a performance hit as the proxy examines their commands). Likewise, it is conceivable that getting all of the necessary communications happening within the murder is much harder than just pointing a proxy at a database that maps usernames to hostnames. At the time that the document to which you refer was written, it had also received substantially more testing, this is not really the case any longer. Well to explain my case a bit I would like to install a mail architecture for an ISP which currently has approx 200 mailboxes but it will grow and grow and grow, that's why horizontal scalability is needed. 200 mailboxes is nothing. In your case I'd start with just a single imap machine, and decide how to grow later if you need that. If you start with cyrus, its probably about equivilantly easy to move to an aggregator system as it is to move to a normal proxy system. -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Cyrus MURDER - Frontend server configuration options
On Wed, 30 Jun 2004, Ken Murchison wrote: Hmm. The Wiki needs to be updated to discuss 2.2.3 and later. I've added a brief note, but it could probably be expanded on. -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Cyrus MURDER - Frontend server configuration options
On Wed, 30 Jun 2004, Greg Pulfer wrote: Hmm now I was wondering what about all the --with-duplcate-db, --with-mboxlist-db, --with-seen-db, --with-subs-db and such which are recommended on the following Wiki page http://acs-wiki.andrew.cmu.edu/twiki/bin/view/Cyrus/WhatDatabaseBackend ? They still only need to be set once per architechure, and 2.2 doesn't even use these configuration parameters any more -- first off, these are the defaults, and secondly, they are configured at runtime. Is the standard configure withtout specifying any of these options ok for me ? Or should I add all these options to each configure (for backends, frontends and MUPDATE master) ? Again, I think you should only build it once per architechure you are running on, not once per server. -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: decrease log verbosity
On Tue, 29 Jun 2004, Florin Andrei wrote: Is there any way to decrease the syslog messages verbosity? E.g., for each message i get about 9 syslog messages about lmtpunix. I wonder if there's a config flag or something to discard all of them with the exception of either duplicate_check or duplicate_mark. The reason i want to keep one of these is that they contain the destination folder of the message. If you are logging at LOG_ERR and not LOG_DEBUG, then this shouldn't be the case unless your system is really hosed. Check your syslog config. -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Cyrus MURDER - Frontend server configuration options
On Wed, 30 Jun 2004, Greg Pulfer wrote: --- Rob Siemborski [EMAIL PROTECTED] wrote: Again, I think you should only build it once per architechure you are running on, not once per server. Is there any special reasons for that except the administrative hassle to compile cyrus again and again That, and it ensures that you have exactly the same configuration running on all the systems. So you would suggest me to simply to once installed do a tar file and copy the whole Cyrus IMAPd installation to the other servers right ? Or have some sort of package management. And would you do the same for Cyrus SASL ? Yes, for the same reasons. -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Vanishing quota information
On Wed, 30 Jun 2004, Simon Matter wrote: Unfortunately something is really broken and it reminds me the bug in 2.2.4 in hash.c. There was also a fildescriptor leak which should be fixed in 2.2.6, which is what I'm running. Unfortunately I can't seem to find what's going on but I know that quota -f still doesn't work as expected. I tried to run it today with the following result: Have a look at user.442vk which is a used mailbox with a freshly created quota. [EMAIL PROTECTED] root]# su - cyrus -c /usr/lib/cyrus-imapd/quota -f user.442vk: quota root user.442vk -- (none) user.442vk.Drafts: quota root user.442vk -- (none) user.442vk.Sent: quota root user.442vk -- (none) user.442vk.Trash: quota root user.442vk -- (none) I can't replicate this unless it is related to the file descriptor leak (possible) user.gianeang: usage was 224158041, now 448316082 user.gibbosim: usage was 93957125, now 187914250 user.gigerkur: usage was 19138930, now 38277860 user.gillearn: usage was 6575736, now 13151472 quota: System I/O error Too many open files This isn't actually a leak, we just aren't careful enough about how often quota -f commits its transactions, so we actually hit the limit for file descriptors, I think Ken is working on a patch to this now. -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Auto Create Quota
On Tue, 29 Jun 2004, Timo Veith wrote: Hi, is MS Outlook or OE or any other MUA able to create the mailbox and if yes how? Able to? Sure. Implemented? Not likely. autocreatequota was mostly a hack that CMU used to allow users to transition themselves from our legacy mail system to Cyrus many years ago. To do so, we had a special client that did the create (and copied the mail) for the users. -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Cyrus MURDER - Frontend server configuration options
On Tue, 29 Jun 2004, Etienne Goyer wrote: Greg Pulfer wrote: Now I think I don't need the full blown with all options Cyrus IMAP on the frontend server, so does anyone know what parameters I should use with the ./configure script before compiling for a frontend server need ? Use the same ./configure options for all the node in your Murder (backends, frontends and MUPDATE master). The only option that you require is --enable-murder. The other options default in 2.2.x are quite sensible; unless you know what you are doing, I suggest you do not change them. For the record, my ./configure line is : This is definately the way to go. It also means you only need to build cyrus once (per architechure). Etienne is also correct about using other IMAP backends. The MUPDATE specification is published as RFC 3656, but without further standardization work it is unlikely to ever be fully interoperable, even if there were other implementations. -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: 554 Message contains NUL characters
On Tue, 29 Jun 2004, Akihiro KAYAMA wrote: I want to receive them, because: 1. old rfc822(not 2822) does not forbid to use NUL chars. Many MTAs and MDAs can deal with NUL chars without complaining. I don't want to explain the details why I can't receive mails which others can receive. Since IMAP is forbidden from ever transmitting a NUL, the IMAP server would have to translate the message into a usable format before forwarding it on to the client anyway. It is much easier to just reject the badly formed (according to RFC2822) message outright (especially given the work that would have to be done to make NULs acceptable in a C program). 2. they are almost SPAM which have forged sender. So bouncing them will be ill-mannered behavior. Then configure your MTA to reject them before forwarding them onto cyrus. Or, as others have suggested, have your MTA strip them. -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
RE: Problems with idle pop3 connections locking mailboxes
On Mon, 28 Jun 2004, Michael Sims wrote: Can anyone (developers?) tell me if there are significant changes in either socket handling or the pop3 daemon between latest 2.1.x and latest 2.2.x that may affect this issue? Should I try to upgrade from 2.1.16 to 2.2.6 to try and resolve this? The upgrade is not completely trivial so I'd rather not upgrade if it's not likely to have any affect on this problem. I don't believe there is anything that will substantially change how POP works if what you're seeing is a write() call that just blocks forever, no. -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: 554 Message contains NUL characters
On Mon, 28 Jun 2004, Olaf Lautenschlaeger wrote: after seeing that this problem has been discussed (a few weeks ago) but not solved, I'd like to ask if there is something available to get rid of these 554 Message contains NUL characters (in reply to end of DATA command) bounces, meanwhile? These messages are badly formed and cannot be received successfully. If the sender wants you to receive them, they should look at the bounce and realize they are sending you broken messages, and stop doing that. -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Problems with idle pop3 connections locking mailboxes
On Mon, 28 Jun 2004, Henrique de Moraes Holschuh wrote: On Mon, 28 Jun 2004, Rob Siemborski wrote: I don't believe there is anything that will substantially change how POP works if what you're seeing is a write() call that just blocks forever, no. Shouldn't cyrus timeout the client eventually, and unlock the mailbox? If write() is blocking, no, there is not currently code that will cause a timeout to occur. However, if write() is blocking that means that the connection is still good *and* the data is transferring. We have to believe the OS in this case -- otherwise say we had a 50MB write() call to a modem link. We can't justifiably time out here. The timeouts that we do perform happen in select() calls, which works fine (while we're waiting for incoming data). -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Resetting timestamps on mailfolders
On Wed, 23 Jun 2004, Anthony Chavez wrote: We have already run reconstruct -r on all of the mailboxes, and Outlook is showing the mails with the filesystem timestamp, so that is what we're trying to recover from. Oh, well, I think you lose then. By your statement, I am under the impression that there could be a configuration that we could pass to cyrus so that it ignores the fs timestamp. Is that correct? No. It might be an option worth adding to reconstruct (that is, grab the date from somewhere else), but... -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Renaming IMSP accounts
On Wed, 23 Jun 2004, Rob Tanner wrote: In a previous post I learned, thanks to Rob Siemborski, how to rename a top level IMAP account, but that's only half the battle. Is there a way to remotely rename an IMSP account (i.e., via the IMSP protocol)? And does anyone have any sample programs (in java, perl, or php) that do that function? There isn't a way to do this, and I doubt there will be one any time soon (if ever). -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: cleanup
On Thu, 24 Jun 2004, Dudi Goldenberg wrote: I'm trying to clean up some garbage leftovers from my early tests, this is what I get: mail.aritec.co.il dm dudi deletemailbox: Permission denied From the cyradm manpage: dm mailbox Delete the specified mailbox. Administrators do not have implicit delete rights on mailboxes. Use the setaclmailbox command to grant the c permission (or other permission as specified by the deleteright configuration option in imapd.conf) to your principal if you need to delete a mailbox you do not own. -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: The create access right (cyrus-imapd 2.2.6)
On Thu, 24 Jun 2004, Richard Hopkins wrote: localhost lam user.xxx.fredb xxx lrswipda localhost dm user.xxx.fredb deletemailbox: Permission denied localhost rename user.xxx.fredb user.xxx.fredc renamemailbox: Permission denied localhost cm user.xxx.fredb.a localhost Some mistake, surely? Users are implicitly considered administrators of their own inbox hierarchy. This prevents them from doing things like removing their own access rights to their inbox. In general, this is operationally a good thing. Sometimes, it isn't quite what you want, and you should be able to change it by setting the implicit_owner_rights imapd.conf option (I believe this requires 2.2) -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: State on shared folders
On Thu, 24 Jun 2004, Mike Brodbelt wrote: One thing that has come out of this exercise is that I'd originally intended to create a shared folder hierearchy separately, but I've settled on doing it by creating a fake user, and then granting rights on that folder to the real users who need to access it. I've done it this way purely so I can attach a sieve script to the folder - this particular folder is on the receiving end of a widely published email address, which gets a lot of spam, and we do spam filtering by having sieve act on headers added by SpamAssassin. Some way of attaching sieve to shared folders would be nice, though I guess this carries all the same problems that the recent discussion about global sieve scripts mentioned. Yes, in many ways it does. It also requires some thought about the authorization the sieve script runs as -- in the case of an INBOX sieve script, you run it as the user. However, if there is no user, its hard to know what permissions the script should have. Note that a sieve script for a user *can* fileinto a shared folder outside of the user's hierarchy, if the user has permission to do so. -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Resetting timestamps on mailfolders
On Thu, 24 Jun 2004, Anthony Chavez wrote: That reminds me. We also lost the flags somehow. I'm not sure how this happened---my colleague was in charge of the cp process. Is there any way to recover that information from the individual files as well? The seen state requires that the cyrus.header stays intact (for the unique identifier for the mailbox). The rest of the flags require that cyrus.index stays intact. Reconstructing will replace both of these files, though it should endeavour to use them if they are in good shape. -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Resetting timestamps on mailfolders
On Thu, 24 Jun 2004, Anthony Chavez wrote: On Thu, 24 Jun 2004 11:15:04 -0400 (EDT) Rob Siemborski [EMAIL PROTECTED] wrote: Oh, well, I think you lose then. By that statement, I take it that you mean the only option is to write a script and reconstruct? If that's the case, it's not really a loss in my eyes. Well, ok, perhaps I mean aren't any better off than you are now since the index files would have very likely been fine if the mailbox hadn't been reconstructed :) -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Resetting timestamps on mailfolders
On Wed, 23 Jun 2004, Anthony Chavez wrote: Just thought I'd follow-up with my latest findings. After doing a bit of searching, I've come across the Mail::Header and Mail::Field::Received Perl modules, which I'm considering using. I'm curious to know if the latest Received: header might be the one to use. It seems quite sound to me, but I'd like a confirmation if I can get it. ;-) The latest received header is probably closest. Though Cyrus shouldn't be using the timestamps of the file unless you are reconstructing the mailbox. -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: dspam cyrus
On Wed, 23 Jun 2004, Jure [UTF-8] Pear wrote: Just yesterday i looked into the code, how difficult would be to add libdspam support into the cyrus lmtp. It needs to be done before sieve and it needs to modify the message (insert appropriate headers). This is the only thing that was non-obvious to me (and i'm not a programmer). I wouldn't do it before sieve, I'd do it as part of extending sieve to support the spamtest extension. See Bug 2400. -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper
Re: Renaming top level mailboxes
On Wed, 23 Jun 2004, Rob Siemborski wrote: You need to turn on allowusermoves in imapd.conf. Note that this will not update any ACLs on the mailbox. I should say that this is much more of a concern with shared folders -- ist just too expensive to update all the user ids across all of the acls very quickly. If we ever convert cyrus so that acls can be disconnected from userids, this will be much less of an issue. -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: State on shared folders
On Wed, 23 Jun 2004, Mike Brodbelt wrote: I've just set up shared folders on my Cyrus server, and Cyrus is maintaining per-user state for these folders. For my purposes, it would be useful to be able to have state information maintained per folder, as opposed to per user. Is it possible to have Cyrus do this - I can't see any obvious references to it after some googling? The only state that is maintained per-user is seen state (well, and private annotations). All the rest is per-folder. This is both because its sane (people read folders at different times) and the fact that having a single file for all seen state users in a shared folder is a very fast way to get a locking bottleneck. If you are just worried about seen state for some sort of tracking purposes, you may want to consider using IMAP Keywords instead to denote whatever state you are trying to share. -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Renaming top level mailboxes
On Wed, 23 Jun 2004, Rob Tanner wrote: Is it possible in in Cyrus Imap to rename top level mailboxes? Or, if not, are there plans in a future release? There are time when I need to rename user.jsmith to user.jjones and our current process is to delete the account. If there is no option currently in Cyrus, are there any workarounds. Since all of our account management is done remotely, I would like to be able to rename the user without having to be locally on the mail server itself. You need to turn on allowusermoves in imapd.conf. Note that this will not update any ACLs on the mailbox. -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Various error messages
On Mon, 21 Jun 2004, Etienne Goyer wrote: Jun 21 14:10:11 frontend1 imaps[31561]: accepted connection Jun 21 14:10:11 frontend1 imaps[31561]: starttls: TLSv1 with cipher RC4-MD5 (128/128 bits reused) no authentication Jun 21 14:10:11 frontend1 imaps[31561]: login: somehost.somewhere [1.2.3.4] someusername plaintext+TLS Jun 21 14:10:11 frontend1 imaps[31561]: open: user someusername opened INBOX on backend2 Jun 21 14:10:11 frontend1 imaps[31561]: PROTERR: end of file reached This indicates the connection was closed abruptly. Jun 21 14:26:54 frontend1 master[12195]: process 2270 exited, status 75 Jun 21 14:26:54 frontend1 master[12195]: service pop3s pid 2270 in BUSY state: terminated abnormally This happen with both pop3s and imaps. This is more of a concern. It indicates the process is exiting with an abnormal error code. EX_TEMPFAIL, which isn't tremendouly useful. Is it always the same user, same mailbox, etc? -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Cyrus IMAPd 2.2.6 Released
I'm pleased to announce the release of Cyrus IMAPd 2.2.6. This release implements a large number of bugfixes and massively improves the stability of the server. It contains no new features. A full list of changes is available in doc/changes.html in the distribution. Download the release at: ftp://ftp.andrew.cmu.edu/pub/cyrus/cyrus-imapd-2.2.6.tar.gz or http://ftp.andrew.cmu.edu/pub/cyrus/cyrus-imapd-2.2.6.tar.gz Thanks for all those who offered assistance in tracking down these issues, -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: mass permissions change
On Thu, 10 Jun 2004, Felix Cuello wrote: I need to changes mailbox permissions to all users at the same time, there is any way to do that? Recent versions of cyradm support wildcards to the sam command For example: sam user.* foo read -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: mass permissions change
On Thu, 10 Jun 2004, Felix Cuello wrote: Hmmm... really interesting... Did you know if there are any way to remove permissions? something like unsetacl user.% :-) unsetacl user.% anyone '' -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: quota -f dies with segmentation fault
On Wed, 16 Jun 2004, Simon Matter wrote: IIRC the 'quota -f' also generated something like 'too many open files'. A second run of 'quota -f' has then finished without problems. There is a file descriptor leak in 2.2.5, but it is fixed in CVS (and we'll be seeing another release soon). -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: LDAP auth, and Cyrus mailboxes..
On Wed, 16 Jun 2004, Mike Beattie wrote: Ok, well, it's known behaviour, perhaps I'll need to think up another solution. (an ugly patch to cyrus that adds a loginrequiresinbox: option?) This is not unreasonable. I'd probably implement it as part of the PROXY_POLICY callbacks to sasl (e.g. mysasl_proxy_policy). Note that you want to be sure to not exclude admins (who shouldn't have a mailbox) when you do this. -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: efficiency drops when user exceed 5000+?
On Wed, 9 Jun 2004, Zhang Weiwu wrote: Hello. I have cyrus imapd runing now on my server. Today I heard people say when the user number exceed 5000+ the cyrus proformance drops in the way that unless many partitions ware made (what partition? file system partition?) to share the load. I'm pretty newbie on mail server administration, should I start to do something in case my user number grow over 5000+? I'm running a dual-processor Xeon server with IDE soft RAID10 discs. By number of users, do you mean concurrent sessions or number of inboxes? I don't know of anything that will cause cyrus performance to suddenly bottom out after 5000 inboxes -- especially if you are using fulldirhash. The number of users you can support on an individual machine is mostly related to its memory and (especially) I/O capacity, and the number of *concurrent* users, not the number of inboxes. -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Trouble with user administration
On Wed, 9 Jun 2004, Jay Drake wrote: phoenix lm INBOX (\HasNoChildren) user.lstoeckmann (\HasNoChildren) mshoemaker (\HasNoChildren) user.mkenning (\HasNoChildren) user.acordell (\HasNoChildren) user.mshoemaker (\HasNoChildren) user.ahudson (\HasNoChildren) user.pheckler (\HasNoChildren) user.cboakes (\HasNoChildren) user.postmaster (\HasNoChildren) user.ccarman (\HasNoChildren) user.privacy (\HasNoChildren) user.commerce (\HasNoChildren) user.psmith (\HasNoChildren) user.dthornton (\HasNoChildren) user.randrews (\HasNoChildren) user.fyork (\HasNoChildren) user.rik (\HasNoChildren) user.gallery39208 (\HasNoChildren) user.srawls (\HasNoChildren) user.jack (\HasNoChildren) user.test (\HasNoChildren) user.jdees (\HasNoChildren) user.tkiker (\HasNoChildren) user.jdwallace (\HasNoChildren) user.tmark1 (\HasNoChildren) user.kduke (\HasNoChildren) user.tnichols (\HasNoChildren) user.ldanielson (\HasNoChildren)user.tunderwood (\HasNoChildren) user.lfortenberry (\HasNoChildren) user.wrwaltman (\HasNoChildren) user.llloyd (\HasNoChildren) phoenix rm user.kduke rm: cannot lstat `user.kduke': No such file or directory dm user.kduke you mean? Probably even sam user.kduke (your admin user) all dm user.kduke -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Cyrus Lmtp vs Deliver
On Wed, 9 Jun 2004, Kevin Baker wrote: - Aren't 2 cheap serv's w/ HA better than one better server as a single point of failure? Before the Aggregator support, splitting a userbase between servers was very difficult if you had any shared mailboxes. Now that there is the aggregator support , it can be done,it just takes atleast 3 machines [atleast in the current version] instead of 2 (2 backends, 1 proxy w/mupdate master). If you don't care about shared namespaces, then its just a user management issue. -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Trouble with user administration
On Wed, 9 Jun 2004, Jay Drake wrote: phoenix sam user.kduke jdrake all setaclmailbox: jdrake: lrswipcda: System I/O error Is the mailbox missing on the disk? You may need to reconstruct it before you delete it (it appears to be damaged). -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Kerberos weirdness when upgradring 2.1.15 - 2.2.3
On Sun, 6 Jun 2004, Ian Delahorne wrote: I just upgraded our IMAP machine from cyrus-imapd 2.1.15 to 2.2.3, using SASL 2.1.15 in both cases. For some reason I can't see any mail folders other than those public when using cross-realm Kerberos authentication. loginuseacl: yes is set in imapd.conf, [EMAIL PROTECTED] has all rights on my folders, and my realm and OTHER-REALM cross-authenticate. I can't duplicate this problem here -- cross-realm authorization works just fine for me. I'm assuming that you have loginrealms: set correctly, of course... Also, which --with-auth value are you using? -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Problems with Cyrus IMAP 2.2.5 on Solaris 9 on production server
On Fri, 4 Jun 2004, Ian G Batten wrote: On Thu, 03 Jun 2004, Rob Siemborski wrote: I'll also ask the obvious -- did you subsequently stop the server and run recovery on the database? Well, master couldn't prefork anything, citing an inability to read mailboxes.db. As reconstruct -m is currently unavailable I used reconstruct -p to rebuild it. I have the corrupt mailboxes.db file available if you're interested. I ment ctl_cyrusdb -r. -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: saslauthd+pam+pam_ldap VS saslauthd+ldap
On Fri, 4 Jun 2004, Simon Matter wrote: I'm using both versions on different servers and I can say they both work very well for me. The pam way is more flexible if you have more than one place where users are stored, say LDAP and MySQL, or you want to restrict logins by other means like time or whatever. The only problem I see with pam_ldap is with the cyrus-imapd virtual domains. AFAIK it doesn't work for more than one domain because PAM doesn't know about realms. The CVS version of sasl has a -r option to saslauthd that reassembles the username and realm into [EMAIL PROTECTED] format which will alleviate this to some extent. -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Cyrus IMAP 10 Year Anniversary
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello All, I'm happy to share with you that today, June 4, 2004, marks the 10 year anniversary of the first public alpha release of the Cyrus IMAP server. Ten years ago, John Myers announced the release of a very early version of what is now one of the most advanced IMAP servers in existence today (http://asg.web.cmu.edu/archive/message.php?mailbox=archive.info-cyrusmsg=7). Ten years is a substantial amount of time for an open source project to thrive! I'd like to take this opportunity to thank all of those who have spent time designing, coding, managing, debugging, testing, and even just plain using the system we have developed over the last decade. Its been an exciting project to be a part of -- and we couldn't have gotten this far without everyone's help. Here's looking to another successful decade, - -Rob - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper -BEGIN PGP SIGNATURE- Version: PGP 6.5.8 Comment: Made with pgp4pine 1.76 iQA/AwUBQL87g2es8cJc4y/MEQI6rACgxP35IokiMif8LW570ddw+lOGPjcAn154 qQz812XmK4mx7zvygH/hJ7H/ =kG8a -END PGP SIGNATURE- --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: email server concept: what's mail delivery agent
On Thu, 3 Jun 2004, Zhang Weiwu wrote: I'm a newbie but I don't know why I need to use lmtp at all. I was told by the comment in main.cf and master.cf that I can use mailbox_transport = cyrus and deliver(8) will be called to do mail delivery. Since I'm runing a single server, is there any obvious reason I should use lmtp at all? deliver is just an lmtp client. You'll get much better performance by using lmtp directly (it severly reduces the number of fork() calls made per message delivery). -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Cyrus IMAP 10 Year Anniversary
On Thu, 3 Jun 2004, Etienne Goyer wrote: Rob Siemborski wrote: I'm happy to share with you that today, June 4, 2004, marks the 10 year anniversary of the first public alpha release of the Cyrus IMAP server. Just being curious M. Siemborski: have you been part of the project since the beginning ? What about the other major contibutors (like Ken M.) ? Most of the original members have moved on to better things. I've only been around for the past 4-5 years (and only directly involved with cyrus since the summer of 2000 or so). -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Problems with Cyrus IMAP 2.2.5 on Solaris 9 on production server
On Thu, 3 Jun 2004, Rob Siemborski wrote: not seen any major problems, although a concerted dose of killing processes at random while under load corrupted my skiplist mailboxes.db file. For safety I've switched that to berkeley (Sun provide db4.1 in SFW). Why on earth were you killing processes at random? You'll almost certainly have more trouble with berkeley DB than with skiplist. I'll also ask the obvious -- did you subsequently stop the server and run recovery on the database? -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Problems with Cyrus IMAP 2.2.5 on Solaris 9 on production server
On Thu, 3 Jun 2004, Ian G Batten wrote: For what it's worth, I'm building a new server to replace my long-standing Solaris 7 + Cyrus 1.6.22 server --- one hour of downtime since 1999. I've used the gcc from the SFW collection, Cyrus 2.2.4 and Solaris 10 build 55 (which is probably the current Solaris Express bits: I'm a Platinum Beta site, so I get my bits via another route). I've transferred my own mailboxes over, and on ``Cortez burning his boats'' grounds I've deleted my mailbox from the production server. So far I've not seen any major problems, although a concerted dose of killing processes at random while under load corrupted my skiplist mailboxes.db file. For safety I've switched that to berkeley (Sun provide db4.1 in SFW). Why on earth were you killing processes at random? You'll almost certainly have more trouble with berkeley DB than with skiplist. -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: My sieve has too big holes?
On Mon, 31 May 2004, Bryan Fullerton wrote: Found it - a bare reject: rule all alone in a sieve file. Now that it's been removed everything is working OK. Strange that websieve and timsieved had no problem inserting the rule but IMAPd barfed. Is 2.2.x now stable, or still a 'moving target' development version? It is supposed to be, but apparently 2.2.4 and 2.2.5 have various issues that haven't shown their head at CMU. -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: cyrus and autocreate patch
On Tue, 1 Jun 2004, Timo Veith wrote: Not until the patch is complete -- that is, supports IMAP Aggregator environments as well. I'm sorry I am not very familiar with the inner parts of IMAP. What is an aggregator environment? http://asg.web.cmu.edu/cyrus/ag.html PS: The other patches seem reasonable as well. The rmquota patch solve the problem in a nonstandard way (the problem is, the standard doesn't define a way to remove a quota). So this is virgin soil? Why not handling this practically? So I'd rather see a standards effort to fix it rather than apply a hack. -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Change quota
On Sat, 29 May 2004, Patrick Nelson wrote: 1. Can I change a quota after it has been in place? I couldn't find much talking about it. So I know I can do sq mailbox number in cyradm, but I was wondering if there is anything I should consider or any ramifications... Well, no, except that setting the quota below the current size of the mailbox will still leave the mailbox at that size, but over quota. -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Spam Filtering in lmtpd
On Sun, 30 May 2004, Markus Wernig wrote: Now my humble questions: Is there any way to do this with the current lmtpd? No. If no, is anybody working on something similar? No, but I know how I'd implement if if I had the time. In any case: Does anybody see a significant disadvantage in the concept? No. If 3xno, I might try to give it a shot ... holidays allowing ;-) Ken/Rob: where would you put such a function in lmtpd? I'd implement the spamtest sieve extension. I'd also be very sure that the way it was implemented was extensible so that sites could choose whatever method they wanted (and additional methods could be add easily). By method I mean spamassassin, dspam, check a header, etc. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: cyrus and autocreate patch
On Mon, 31 May 2004, Timo Veith wrote: while googling around I found that patch for cyrus from here: http://email.uoa.gr/projects/cyrus/ I found this to be a great idea and so I wonder if there are plans on integrating this patch into cyrus in the future? Not until the patch is complete -- that is, supports IMAP Aggregator environments as well. PS: The other patches seem reasonable as well. The rmquota patch solve the problem in a nonstandard way (the problem is, the standard doesn't define a way to remove a quota). autosievefolder needs to be addressed by a standard as well -- that is, fileinto is not defined to create the folder, so a flag needs to be defined where the folder is created by request of the user. -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: My sieve has too big holes?
On Mon, 31 May 2004, Bryan Fullerton wrote: Generally, everything works. However, a small percentage of messages (~5%?) are not properly filtered by sieve and wind up in INBOX. This happens across all my users who have sieve rules setup, including me. I first saw this problem with IMAPd v2.0.x, and migrated to 2.1.x this past weekend in hopes it was a bug - same problem. This makes me think perhaps it's not IMAPd related, but I'm hoping someone here might have worked around a similar problem. There is an issue where if a bad sieve script is installed, an lmtpd will fail to parse any future sieve script after it tries to run that one. This is fixed in the 2.2 series with the sieve bytecode support. -Rob -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Rob Siemborski * Andrew Systems Group * Cyert Hall 207 * 412-268-7456 Research Systems Programmer * /usr/contributed Gatekeeper --- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
