Re: possible sieve/cyrus redirect issue?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, Feb 28, 2008 at 10:10:46AM -0600, [EMAIL PROTECTED] wrote: > Also, part of the same email message, the log entry below alway show for > that user... I don't know what that means > > sendmail[24713]: m1QIIdVB024713: Authentication-Warning: server.jsums.edu: > cyrus set sender to [EMAIL PROTECTED] using -f Add user "cyrus" to the trusted-users file in your sendmail configuration directory (typically /etc/mail/trusted-users on Linux boxen). - -- Regards... Todd we're off on the usual strange tangents. next will be whether it is ethical to walk in your neighbor's open house if they're running ipv6:-). --Randy Bush Linux kernel 2.6.22-14-generic load average: 0.02, 0.03, 0.00 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFHxx6pY2VBGxIDMLwRAht2AJ4+OurJILM7YXDQH98QK9KNi26n5ACdF/fM wOQdZG7jUqZhpr5KrfIx1xI= =lav7 -END PGP SIGNATURE- Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Possible sendmail misconfiguration to deliver to cyrus
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I'm looking at a cyrus limitation right now. I'm really thinking this is not cyrus' problem. I'm trying to figure out if it's actually a sendmail limitation or a sendmail config error on my part. The problem I'm working through became illuminated when some spammer used one of our domains as the Return-Path for the spams. The mail server crashed due to crippling load. It was aggravated when they did it several days in a row. Let's say my domain is domain.com (in local-host-names). I have a user todd on it. It's an older box with updates manually applied so it has sendmail 8.12.10 and cyrus imap 2.1.16. You can connect to my server and send emails to [EMAIL PROTECTED] and it will do all virus and spam scanning BEFORE it passes it cyrus, which then reports "Data Format Error" because the user doesn't exist. I have been googling and looking at m4 code and trying to figure out what I can do to make sendmail check the user at SMTP connect time the way it does if I configure sendmail to deliver to a regular mbox mail spool. Here's what's in my sendmail.mc: [EMAIL PROTECTED] root]# tail -n 7 /etc/mail/sendmail.mc MAILER(cyrus)dnl define(`confLOCAL_MAILER',`cyrus')dnl LOCAL_RULE_0 R$=N$: $#local $: $1 R$=N < @ $=w . >$: $#local $: $1 Rbb + $+ < @ $=w . >$#cyrusbb $: $1 I did a little testing, here's what I've found: 1) With none of the lines above (goes to regular mbox mail spool), if I attempt to send mail to [EMAIL PROTECTED], sendmail reports User unknown at SMTP connect. 2) With only the MAILER line above (still goes to regular mbox mail spool), if I attempt to send mail to [EMAIL PROTECTED], sendmail reports User unknown at SMTP connect. 3) With the MAILER and the define (delivers to cyrus mail boxes), if I attempt to send mail to [EMAIL PROTECTED], sendmail doesn't report that the user is unknown, it does all spam and virus scanning, and only when it passes the email to cyrus deliver does it finally figure out that the user doesn't exist. Is the above m4 code appropriate? Is there something obvious I'm missing? Any URLs or suggestions or comments are appreciated. My rudimentary understanding of sendmail macros makes me think that instead of checking for users locally, it's checking for user cyrus locally (which always succeeds), so the email is accepted for any user. If it's a problem with the older version of sendmail that I'm using, then I apologize in advance, but a pointer in that direction would be most appreciated. - -- Regards... Todd A friend of mine was at the military and had to check new recruits for color-blindness. Only after the 20th color-blind man in a row he realized for the first time in hist life that it was _him_, being the color-blind. --Johannes Schindelin Linux kernel 2.6.17-5mdv 3 users, load average: 0.00, 0.01, 0.00 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) iD8DBQFFc5zJY2VBGxIDMLwRAsCzAJwNfibgBG19GbuEHzozOcX7UqG5UQCeKzxa Pu+kyq+7gXNO/kM8c0F3a7c= =oEE+ -END PGP SIGNATURE- Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Possible sendmail misconfiguration to deliver to cyrus
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Sun, Dec 03, 2006 at 09:23:47PM -0800, Jo Rhett wrote:
>>Error" because the user doesn't exist. I have been googling and looking
>>at m4 code and trying to figure out what I can do to make sendmail check
>>the user at SMTP connect time the way it does if I configure sendmail to
>>deliver to a regular mbox mail spool.
>
>Can you create a list of all of your users from some other information?
> If so,
>1. Put a list of all of your domains in /etc/mail/virtual-domains
>2. put each and every user in virtusertable with the same e-mail address
>on the left and right
> [EMAIL PROTECTED][EMAIL PROTECTED]
I'm not complaining, but wow that looks unintuitive.
>3. Make sure that every domain has a wildcard deny, like
> @netconsonance.com error:nouser No such user
>4. add these options to the MC file
>LOCAL_CONFIG
>F{VirtHost}/etc/mail/virtual-domains
>FEATURE(`virtuser_entire_domain')dnl
>define(`_VIRTUSER_STOP_ONE_LEVEL_RECURSION_')dnl
I'll look into it. I'll have to figure out if this will impact the
other 100 or so domains on this box.
Thanks for the pointer.
On Mon, Dec 04, 2006 at 09:50:13AM +0200, Janne Peltonen wrote:
>> at m4 code and trying to figure out what I can do to make sendmail check
>> the user at SMTP connect time the way it does if I configure sendmail to
>> deliver to a regular mbox mail spool.
>
>Here's what a quick Google found:
> http://comments.gmane.org/gmane.mail.imap.cyrus/15641
I was going to reply in the middle of the rt thread above, but in
reading about it I didn't think it fit my problem. But I also hadn't
found that particular thread. I can see now that it's intended to
exactly solve the problem I'm having.
As I see it, a more sendmailish solution would be to use a little
sendmail-fu and make it so that sendmail checks for local user at smtp
time, but delivers to cyrus at deliver time. I don't have such fu, but
I see now as a good enough time to start studying up on it as well as
exploring the above option.
- --
Regards... Todd
I've visited conferences where the wireless LAN was deemed "secure" by
the organisation because they had outlawed sniffers.--Neils Bakker
Linux kernel 2.6.17-5mdv 1 user, load average: 0.00, 0.19, 0.35
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.5 (GNU/Linux)
iD8DBQFFdE1WY2VBGxIDMLwRAlI4AJ0YcFIpFzFhWBhqAtBqCIFwz96bSgCeO+n5
jxz0yq2dlzjLk/IgrSECAVs=
=d9hB
-END PGP SIGNATURE-
Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Possible sendmail misconfiguration to deliver to cyrus
On Mon, Dec 04, 2006 at 11:22:10AM -0600, Dave McCracken wrote: >> As I see it, a more sendmailish solution would be to use a little >> sendmail-fu and make it so that sendmail checks for local user at smtp >> time, but delivers to cyrus at deliver time. I don't have such fu, but >> I see now as a good enough time to start studying up on it as well as >> exploring the above option. >I also had that problem since most of the spam I was getting to my domain was >to nonexistent users. I discovered sendmail has a local mailer flag that >indicates whether sendmail should check the recipient against local users at >smtp time. The flag is 'w'. My sendmail.mc has the following line: >define(`CYRUSV2_MAILER_FLAGS', `A@/:|mw')dnl >where cyrusv2.m4 has the line: >_DEFIFNOT(`CYRUSV2_MAILER_FLAGS', `A@/:|m') >This solved my problem but it requires that I have a local machine account for >each cyrus user. As a small domain that's not a problem for me, but others >might find it too restrictive. I'll test it. As long as by "local user" you mean "users visible to PAM and virtusers", then I'm golden. I'm beginning testing now. -- Regards... Todd A friend of mine was at the military and had to check new recruits for color-blindness. Only after the 20th color-blind man in a row he realized for the first time in hist life that it was _him_, being the color-blind. --Johannes Schindelin Linux kernel 2.6.17-5mdv 1 user, load average: 0.53, 0.42, 0.30 Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
SOLVED! Re: Possible sendmail misconfiguration to deliver to cyrus
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Sun, Dec 03, 2006 at 07:58:02PM -0800, Todd Lyons wrote: >I'm looking at a cyrus limitation right now. I'm really thinking this >is not cyrus' problem. I'm trying to figure out if it's actually a >sendmail limitation or a sendmail config error on my part. It seems to have just been a sendmail misconfiguration on my part. >Here's what's in my sendmail.mc: >[EMAIL PROTECTED] root]# tail -n 7 /etc/mail/sendmail.mc >MAILER(cyrus)dnl >define(`confLOCAL_MAILER',`cyrus')dnl >LOCAL_RULE_0 >R$=N$: $#local $: $1 >R$=N < @ $=w . >$: $#local $: $1 >Rbb + $+ < @ $=w . >$#cyrusbb $: $1 So far, this modified version works as expected, both for real users and virtusers. I'm still testing, but I'll post what I have here and if anybody has any comments, I'd love to hear them: define(`CYRUSV2_MAILER_FLAGS',`Ah5@/:|w')dnl define(`CYRUSV2_MAILER_ARGS',`FILE /var/lib/imap/socket/lmtp')dnl define(`confLOCAL_MAILER',`cyrusv2')dnl MAILER(smtp)dnl MAILER(procmail)dnl MAILER(cyrusv2)dnl LOCAL_RULE_0 R$=N$: $#local $: $1 R$=N < @ $=w . >$: $#local $: $1 Rbb + $+ < @ $=w . >$#cyrusbb $: $1 If you'll notice, one of the things I did was update sendmail to use the cyrusv2 mailer instead of the cyrus one. I did that because adding the w to the FLAGS macro with mailer cyrus did nothing. But when I converted it to use cyrusv2, the w made it do the checks as you said. To be honest with you, I do not know exactly what the LOCAL_RULE_0 rules do for me. I do not know if it is still needed after converting to cyrusv2. I do not know if it is causing undesirable effects. I do not know if it is even being used. But I know that it works and I'm not going to "fix" it unless someone here mentions that I should. I can say however, that this from my logs is like music to my ears: Dec 4 11:53:43 mta1 sendmail[9689]: kB4Jqwvq009689: <[EMAIL PROTECTED]>... User unknown Dec 4 11:53:46 mta1 sendmail[9689]: kB4Jqwvq009689: <[EMAIL PROTECTED]>... User unknown Dec 4 11:53:47 mta1 sendmail[9689]: kB4Jqwvq009689: <[EMAIL PROTECTED]>... User unknown Dec 4 11:53:49 mta1 sendmail[9689]: kB4Jqwvq009689: <[EMAIL PROTECTED]>... User unknown Dec 4 11:53:53 mta1 sendmail[10215]: kB4Jrpvn010215: <[EMAIL PROTECTED]>... User unknown It used to accept all of those, scan for spam and virus, then pass off to cyrus. Now it rejects before the spam scan, resulting in much lower load. Thanks to all! - -- Regards... Todd Well, it's Karch... --frequently heard after every amazing move he does Linux kernel 2.6.17-5mdv 1 user, load average: 0.17, 0.18, 0.21 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) iD8DBQFFdIG1Y2VBGxIDMLwRAoMqAJwJ+t1ya0L+EdzRxY5QXlKsL58t3gCcD6jk pm9Eu6CUoLyQGkY6f24muw0= =CJsX -END PGP SIGNATURE- Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: Basic configuration
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, Jul 26, 2007 at 02:39:53PM +0200, Sam Przyswa wrote: >As I said in a previous message a testsaslauthd with user/password it's >Ok with PAM configured. >Wy Cyrus IMAP configured to use saslauthd don't succeed to login in >PLAIN or LOGIN mechanism ? show us 'ls -l /etc/pam.d/' >Wy I can't to use cyradm because it ask me a password ? Jesus, just run 'passwd cyradm' and set it to whatever the heck you want. >In fact I can't USE Cyrus because to much security features lock it. >Cyrus seems very secure but not usable :-) Windows people used to say that all the time about Linux, but now Win2K3 and later have much of the same security features wrapped around it. Nowadays I find Windows servers unusable, but that's probably more of a familiarity thing. >At least I will ask my question on Ubuntu list otherwise I give up Cyrus >for Dovecot, I'm a little bit tired to make Cyrus working. It's a PITA, but once it's working, it works fantastic. - -- Regards... Todd When engineers want simple solutions to complicated social problems, freedom is the first victim... --Stephane Bortzmeyer Linux kernel 2.6.17-6mdv 1 user, load average: 0.03, 0.07, 0.08 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFGqMCZY2VBGxIDMLwRAuZyAJ4kG6DXHt5MZzzPj5EaGTHv0V78VQCbBVxA nMp4TAusctR37O3F4zoIuFA= =G+ga -END PGP SIGNATURE- Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
Re: LARGE single-system Cyrus installs?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Sat, Oct 06, 2007 at 09:26:38AM -0700, Vincent Fox wrote: >ZFS with mirrors across 2 separate storage devices, means never having >to say you're sorry. Are you using it under Linux/Fuse or OpenSolaris or other? - -- Regards... Todd Open Source: The concept of standing on others' shoulders instead of toes. Linux kernel 2.6.17-6mdv 3 users, load average: 0.14, 0.22, 0.15 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFHCnulY2VBGxIDMLwRAtcbAJ4xNGGR5/l5e2xw/+uUG38MweHq2gCeMbKI 6wM9rf2QSWlRqO3iN5al3Lc= =RHJR -END PGP SIGNATURE- Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
