RE: Backup of Cyrus

[lst_hoe01]

Zitat von [EMAIL PROTECTED]:

> If someone have a solution to have a backup of cyrus...please post it on the
> list 
> I have the same problem, how can i backup without stopping the mail
> server...
> 
> alain

http://asg.web.cmu.edu/twiki/bin/view/Cyrus/Backup

Re: lmtp read timeout

[lst_hoe01]

Zitat von Lindner <[EMAIL PROTECTED]>:

> Hi,
> 
> i'm using Cyrus 2.1.12 and Postfix 2.0.6 (SuSE 8.2).
> Since a year i'm working with Cyrus and had no problems i couldn't solve 
> but this lmtp read timeout is driving me around the bend.  ;-)   Thats 
> why i'm starting this discussion:
> 
> I administrate several mailsystems for different companies. As i'm a 
> LINUX fan they all run on that lovely system.  :-)
> 2 months ago one of the servers stopped delivering eMails with the hint: 
> "lmtp read timeout". Since then i tried to get more information about 
> lmtp and Cyrus but i failed. Do not misunderstand: I googled that 
> problem for hours and read through multiple mail archives but the result 
> didn't satisfy me. Obviously i'm not the only one with that problem but 
> nobody had a real solution. Again i had to realize that Cyrus is a nice 
> piece of software but not well documented. I hope together we will 
> overcome that problem.
> 
> Summary of my knowledge about this issue:
> Postfix (or any other MTA) gets an eMail for local delivery. After 
> checking wether to accept the mail or not Postfix will scan for viruses 
> and SPAM (in my case). Finally the mail will be given to the MDA Cyrus. 
> LMTP transports the mail from Postfix to Cyrus because Postfix can't 
> store the mail directly in the Cyrus mailbox.
> This transport from Postfix to Cyrus fails and the logfile says: lmtp 
> read timeout.
> 
>1.  -> lmtp read timeout <- What problem is meant ? Postfix is
>   writing to the unix socket but nobody reads from the socket or
>   Cyrus is reading from the socket but nobody is writing to it ?
>2. How can that happen ? The unix-socket is starting on boot and
>   isn't supposed to read/write all the time. That would mean Postfix
>   has to initiate a connection to sign that the reading should
>   start.  So, Postfix can establish a connection but can't send the
>   mail through ?
>3. Any other ideas ??
> 

As i have learned in an other thread on the postfix mailing list "read-error" on
UNIX sockets are OS errors because they should by design never happen. So you
can't solve this with postfix or cyrus.

Regards

Andreas

Re: Antivirus solution

[lst_hoe01]

Zitat von Allister Gearon <[EMAIL PROTECTED]>:

> Hi all,
>  can anybody recommend an antivirus solution for scanning incoming email at
> least (outgoing emails would be a bonus) with a SuSE based (8.2) Cyrus-IMAP
> mailserver.
> Versions are;
> cyrus - imapd   2.1.12
> cyrus - sasl2   2.1.12
> fetchmail6.2.1
> db4.0.14
> postfix2.0.6
> Thanks for your help
> Alllister Gearon
> 

Wrong list ...
Virusscan is normaly done at MTA level (postfix in your case).
Have a look at http://www.postfix.org/docs.html.
If you want to use mailscanner as suggested by some other post be sure to have
a
look at the postfix mailing-list archieves. There are several drawbacks in using
this.
Most recommended is Vexira (www.centralcommand.com) but you can search the
archives of the postfix mailing list for more info.

Regards

Andreas

Re: Antivirus solution

[lst_hoe01]

Zitat von Allister Gearon <[EMAIL PROTECTED]>:

> Thanks for your reply,
> I assumed that if incoming email was to be scanned the antivirus/spam
> program would have to catch it after Fetchmail has downloaded the mail from
> the ISP, or during Cyrus' processing of the mail to local mailboxes (I am
> using lmtp which uses cyrus's deliver daemon for local delivery).  As I
> understood postfix only comes into the picture when sending mail, either
> locally or externally.
> Have I got the wrong end of the stick?
> Thanks
> Al

Fetchmail should be configured to inject the mail via local MTA eg. by SMTP to
localhost or invoking the "sendmail" command. This way your MTA is able to scan
the mail. The normal way is that the MTA is responsible for sending and
reciveiving mail, fetchmail is some special case in this picture.

Regards

Andreas

Re: mails to no where

[lst_hoe01]

Zitat von Cesar Scavuzzo <[EMAIL PROTECTED]>:

> 
> After several attempts and with the help of some persons of this list I
> manage to get my imap server running on a FC1 with no errors so far, I
> used the RPMS from invoca (2.2.3-4) those worked great, but the problem
> that I'm having is on the distribution of e-mail (I'm real new on cyrus
> why not to say on linux too) I've created some mailboxes (with cyradm
> --user=cyrus --auth=login localhost) but when I set they on a client
> like evolution (I'm working on local network only) the test emails do
> not reach the mail boxes, I can see the inbox folder on client side of
> the account, I do not have any bounce massages, I'm using postfix on the
> imap server and to send from the client, local sendmail. 
> I really don't know where to start troubleshooting this.

What is in the postfix log??
If unsure where to find have a look at syslog.conf where the mail.* portion of
the logs go.

Regards

Andreas
---
Home Page: http://asg.web.cmu.edu/cyrus
Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Re: mails to no where

[lst_hoe01]

Zitat von Cesar Scavuzzo <[EMAIL PROTECTED]>:

> Feb 17 13:08:39 serverlnx imap[2475]: accepted connection
> Feb 17 13:08:39 serverlnx master[2563]: about to exec
> /usr/lib/cyrus-imapd/imapd
> Feb 17 13:08:39 serverlnx imap[2563]: executed
> Feb 17 13:08:51 serverlnx imap[2475]: badlogin: [192.168.1.97] plaintext
> cesar SASL(-13): authentication failure: checkpass failed
> Feb 17 13:09:04 serverlnx imap[2475]: login: [192.168.1.97] cesar
> plaintext 
> Feb 17 13:09:04 serverlnx imap[2475]: seen_db: user cesar opened
> /var/lib/imap/user/c/cesar.seen
> Feb 17 13:09:04 serverlnx imap[2475]: open: user cesar opened INBOX
> Feb 17 13:17:17 serverlnx last message repeated 2 times
> Feb 17 13:22:19 serverlnx imap[2475]: open: user cesar opened INBOX
> Feb 17 13:22:39 serverlnx imap[2475]: open: user cesar opened INBOX

These are only log entries from cyrus. They proof that you are able to login as
"cesar". Postfix log entries contain the string "postfix" in every line. To
find out where this log entries are do a "grep postfix /path/to/logfiles/*".

Furthermore you can try to submit a mail locally (at the IMAP server) with "cat
some_file | mail -s "TEST" cesar".

The postfix logs are needed to see where your mail is going to.

Regards

Andreas
---
Home Page: http://asg.web.cmu.edu/cyrus
Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Re: mails to no where

[lst_hoe01]

Zitat von Cesar Scavuzzo <[EMAIL PROTECTED]>:

> Feb 17 15:20:26 localhost sendmail[7783]: i1HKKP3n007783:
> [EMAIL PROTECTED], size=295, class=0, nrcpts=1,
> msgid=<[EMAIL PROTECTED]>,
> [EMAIL PROTECTED]
> Feb 17 15:20:26 localhost sendmail[7785]: i1HKKQJj007785:
> from=<[EMAIL PROTECTED]>, size=454, class=0, nrcpts=1,
> msgid=<[EMAIL PROTECTED]>, proto=ESMTP,
> daemon=MTA, relay=localhost.localdomain [127.0.0.1]
> Feb 17 15:20:26 localhost sendmail[7783]: i1HKKP3n007783:
> [EMAIL PROTECTED], [EMAIL PROTECTED] (0/0),
> delay=00:00:01, xdelay=00:00:00, mailer=relay, pri=30295,
> relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (i1HKKQJj007785
> Message accepted for delivery)
> Feb 17 15:20:26 localhost sendmail[7787]: i1HKKQJj007785:
> to=<[EMAIL PROTECTED]>, delay=00:00:00, xdelay=00:00:00, mailer=esmtp,
> pri=30454, relay=192.168.1.101, dsn=5.1.2, stat=Host unknown (Name
> server: 192.168.1.101: host not found)
> Feb 17 15:20:26 localhost sendmail[7787]: i1HKKQJj007785:
> i1HKKQJj007787: DSN: Host unknown (Name server: 192.168.1.101: host not
> found)
> 
> this is what appear on the log from the other box whith local sendmail

Errhmm ...
Okay. The mail never leave the client machine. Set the "relayhost" in your
sendmail config to the IP/name of your IMAP-box. The IMAP-box (with postfix)
should be configured to accept mail from your local network.
If you are not sure what i talk about i would recommend to buy a book about mail
& DNS to get a start.

Regards

Andreas

---
Home Page: http://asg.web.cmu.edu/cyrus
Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Re: mails to no where

[lst_hoe01]

Zitat von Cesar Scavuzzo <[EMAIL PROTECTED]>:

> I think you mean this, 
> 
> 
> Feb 17 13:50:56 serverlnx postfix/smtpd[2799]: connect from
> unknown[192.168.1.97]
> Feb 17 13:50:56 serverlnx postfix/smtpd[2799]: DFC447413A:
> client=unknown[192.168.1.97]
> Feb 17 13:50:57 serverlnx postfix/cleanup[2801]: DFC447413A:
> message-id=<[EMAIL PROTECTED]>
> Feb 17 13:50:57 serverlnx postfix/smtpd[2799]: disconnect from
> unknown[192.168.1.97]
> Feb 17 13:50:57 serverlnx postfix/qmgr[2295]: DFC447413A:
> from=<[EMAIL PROTECTED]>, size=479, nrcpt=1 (queue active)
> Feb 17 13:50:57 serverlnx postfix/smtpd[2799]: connect from
> unknown[192.168.1.101]
> Feb 17 13:50:57 serverlnx postfix/smtp[2803]: warning: host
> 192.168.1.101[192.168.1.101] greeted me with my own hostname serverlnx
> Feb 17 13:50:57 serverlnx postfix/smtp[2803]: warning: host
> 192.168.1.101[192.168.1.101] replied to HELO/EHLO with my own hostname
> serverlnx
> Feb 17 13:50:57 serverlnx postfix/smtp[2803]: DFC447413A:
> to=<[EMAIL PROTECTED]>, relay=192.168.1.101[192.168.1.101], delay=1,
> status=bounced (mail for 192.168.1.101 loops back to myself)

Okay. First fix the IMAP/Postfix box. To do this you need the following steps :

- a working DNS to at least resolv your local hostname and "localhost"

- correct settings of "mydestination" in main.cf (localhost, $myhostname,
$mydomain)

- "mailbox_transport = cyrus" in main.cf

This should clear up part of the mess. I recommend you search for the DNS-howto
on google, buy a book about postfix and MTA basics. You can also have a look at
http://www.delouw.ch/linux/Postfix-Cyrus-Web-cyradm-HOWTO/Postfix-Cyrus-Web-cyradm-HOWTO.pdf
and omit the part with mysql and virtual domains for the start.

Regards

Andreas
---
Home Page: http://asg.web.cmu.edu/cyrus
Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Re: Getting started

[lst_hoe01]

Zitat von Craig Ringer <[EMAIL PROTECTED]>:

> 
> Out of curiosity, why MySQL? There seem to be a _lot_ of people trying
> to use Cyrus with MySQL, but I haven't seen any mention of why MySQL is
> a particularly desirable choice for authentication.
> 
> Then again, I use LDAP for authentication myself - so I can certainly
> see why there would be a desire for /some/ sort of shared, network
> capable authentication scheme.
> 
> I'd be really interested in why you or others have chosen MySQL as your
> authentication back-end.
> 

Most of the time it is because MySQL is used for some other tasks too. It is
easy to setup, included in nearly all installations and has no serious
drawbacks for small systems.

LDAP is harder to understand and customize if you are a newbie.

Regards

Andreas

---
Home Page: http://asg.web.cmu.edu/cyrus
Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Re: deliver: Resource temporarily unavailable

[lst_hoe01]

Zitat von Jernej Porenta <[EMAIL PROTECTED]>:

> Hi!
> 
> I'm using cyrus 2.1.15 (hmh .deb packages) in debian woody on dual P4 with
> Postfix!
> 
> Recently I have noticed that some mails are not sent to mailboxes as they
> should be. My configuration is like this:
> /etc/postfix/master.cf
> cyrus unix  -   n   n   -   -   pipe
>   flags=Ru user=cyrus argv=/usr/sbin/cyrdeliver -a ${user} -e -m ${extension}
> -- ${user}

Would be smarter to use LMTP direct. With this you can enjoy the benefit of
single instance store,
It is the recommended method since 2.0.x version.


> And when I send a mail to a huge mailing list (no, it is not spam list :)
> ), some of the mails get bounced like this:
> 
> Mar 24 13:32:58 moron pipe[27378]: fatal: pipe_comand: execvp
> /usr/sbin/cyrdeliver: Resource temporarily unavailable
> Mar 24 13:33:02 moron postfix/pipe[11661]: 4D93E60095:
> to=<[EMAIL PROTECTED]>, orig_to=<[EMAIL PROTECTED]>,
> relay=cyrus, delay=2, status=bounced (Command died with status 1:
> "/usr/sbin/cyrdeliver")

Have a look why it is crashing. 
Resources starvation
Locking problem

Regards

Andreas
---
Home Page: http://asg.web.cmu.edu/cyrus
Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Auth Cyrus against Win2K-ADS

[lst_hoe01]

Hello

We try to auth our Cyrus server against a Win2K domain controller. Following the
documentation we can "kinit" from the Cyrus box (SuSE Linux Kernel 2.4.21) to
the ADS-box. If we try "imtest -m gssapi  we get the
following error in the log :

Mar 29 18:04:49 linux-tst imapd[953]: GSSAPI Failure: gss_accept_sec_context
Mar 29 18:04:49 linux-tst imapd[953]: badlogin:
linux-tst.hq.test.de[10.1.123.125] GSSAPI
[SASL(-13): authentication failure: GSSAPI Failure: gss_accept_sec_context]

Forward/Reverse DNS is ok, the config files are listed below.

Can anyone provide some glue as how to dig this error out?

krb5.conf :

[libdefaults]
default_realm = HQ.TEST.DE
clockskew = 300
default_etypes_des = des-cbc-crc
default_etypes = des-cbc-crc

[realms]
HQ.TEST.DE = {
kdc = test-ads.hq.test.de:88
admin_server = test-ads.hq.test.de
kpasswd_server = test-ads.hq.test.de
}

[domain_realm]
.hq.test.de = HQ.TEST.DE

[logging]
default = SYSLOG:NOTICE:DAEMON
kdc = FILE:/var/log/kdc.log
kadmind = FILE:/var/log/kadmind.log

[appdefaults]
pam = {
ticket_lifetime = 1d
renew_lifetime = 1d
forwardable = true
proxiable = false
retain_after_close = false
minimum_uid = 0
debug = false
}

imapd.conf :

configdirectory: /var/lib/imap
partition-default: /var/spool/imap
sievedir: /var/lib/sieve
admins: cyrus
allowanonymouslogin: no
allowplaintext: yes
autocreatequota: 1
reject8bit: no
quotawarn: 90
timeout: 30
poptimeout: 10
dracinterval: 0
drachost: localhost
sasl_pwcheck_method: saslauthd
keytab: /etc/imap.keytab < Not sure if this will work??



klist output :

Credentials cache: FILE:/tmp/krb5cc_0
Principal: [EMAIL PROTECTED]

  Issued   Expires  Principal 
Mar 30 10:29:49  Mar 30 20:29:49  krbtgt/[EMAIL PROTECTED]
Mar 30 10:30:06  Mar 30 20:29:49  imap/[EMAIL PROTECTED]


ktutil list output :

FILE:/etc/krb5.keytab:

Vno  Type Principal   
  1  des-cbc-crc  host/[EMAIL PROTECTED]




Thanxs for any help

Andreas
---
Home Page: http://asg.web.cmu.edu/cyrus
Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Re: Auth Cyrus against Win2K-ADS

[lst_hoe01]

Zitat von Nikola Milutinovic <[EMAIL PROTECTED]>:

> 
> Whz are zou running "imtest" on domain controller? Shouldn't you go against
> IMAP server?
> 

Sorry : Typo, it was the name of the Cyrus server ...

> > imapd.conf :
> > 
> > configdirectory: /var/lib/imap
> > partition-default: /var/spool/imap
> > sievedir: /var/lib/sieve
> > admins: cyrus
> > allowanonymouslogin: no
> > allowplaintext: yes
> > autocreatequota: 1
> > reject8bit: no
> > quotawarn: 90
> > timeout: 30
> > poptimeout: 10
> > dracinterval: 0
> > drachost: localhost
> > sasl_pwcheck_method: saslauthd
> > keytab: /etc/imap.keytab < Not sure if this will work??
> 
> I think this is hardwired for Kerberos5 library, but not sure.



> > klist output :
> > 
> > Credentials cache: FILE:/tmp/krb5cc_0
> > Principal: [EMAIL PROTECTED]
> > 
> >   Issued   Expires  Principal 
> > Mar 30 10:29:49  Mar 30 20:29:49  krbtgt/[EMAIL PROTECTED]
> > Mar 30 10:30:06  Mar 30 20:29:49  imap/[EMAIL PROTECTED]
> 
> OK, client has obtained a ticket for IMAP service.

Yes. This is after i tried "imtest". Before only the list only contain the
krbtgt entry.

> > ktutil list output :
> > 
> > FILE:/etc/krb5.keytab:
> > 
> > Vno  Type Principal   
> >   1  des-cbc-crc  host/[EMAIL PROTECTED]
> 
> You need in here not "host/...", but "imap/..." principal. That is why
> "imtest" is failing. You need to create a service principal on your ADS for 
> "imap/[EMAIL PROTECTED]" and export the key to your Linux
> keytab "/etc/krb5.keytab".

That´s why i try to convince Cyrus to use the /etc/imap.keytab. As far as i
understand the krb5.keytab should be used for the host itself and protected as
read only by root?
The /etc/imap.keytab is indeed from ADS and readable by cyrus. If i do a "ktutil
-k /etc/imap.keytab" i get :

/etc/imap.keytab:

Vno  Type Principal   
  1  des-cbc-crc  imap/[EMAIL PROTECTED]

> BTW, "host/..." principal is for Kerberized "telnet", "r*" and I believe
> "SSH".

I will try to move the imap.keytab to krb5.keytab (readable by cyrus) and see if
i get further on.

> 
> Nix.

Thanxs for reply

Andreas
---
Home Page: http://asg.web.cmu.edu/cyrus
Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Re: Auth Cyrus against Win2K-ADS

[lst_hoe01]

Zitat von Rob Siemborski <[EMAIL PROTECTED]>:

> On Tue, 30 Mar 2004 [EMAIL PROTECTED] wrote:
> 
> > > > sasl_pwcheck_method: saslauthd
> > > > keytab: /etc/imap.keytab < Not sure if this will work??
> > >
> > > I think this is hardwired for Kerberos5 library, but not sure.
> 
> Yes, that will not work.

Any other chance to alter the file Cyrus is looking for. Some docu mentioned
setting the env. variable KRB5_KTNAME would work?

Thanxs

Andreas
 

---
Home Page: http://asg.web.cmu.edu/cyrus
Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Re: Auth Cyrus against Win2K-ADS

[lst_hoe01]

Zitat von Nikola Milutinovic <[EMAIL PROTECTED]>:

> [EMAIL PROTECTED] wrote:
> >
> > I will try to move the imap.keytab to krb5.keytab (readable by cyrus) and
> > see if i get further on.
> 
> That is a big flaw in the current implementations of Kerberos5. Separate
> servers need separate KeyTabs. CHROOT-ing is a workaround, but I don't thing
it 
> can be easyly done for Cyrus IMAP. I know the length it needed to go for
> OpenLDAP+SASL in order to make it run ChRoot-ed.

I am really not keen on trying to CHROOT-ing Cyrus :-(
Is it really that hard to make the location of the keytab file configurable or
is it only not done yet?

BTW : moving the /etc/imap.keytab to /etc/krb5.keytab was the needed hint to
make the Kerberos-Auth work. Now i want to try "plain/login -> kerberos -> ADS"
for backward compatibility :-(

Thanxs

Andreas
---
Home Page: http://asg.web.cmu.edu/cyrus
Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Re: Authenticate to IMAP server via Active Directory

[lst_hoe01]

Zitat von Nikola Milutinovic <[EMAIL PROTECTED]>:

> 
> Setup your e-mail clients to use GSSAPI, I think it is called "Secure
Password
> Authentication" or something like that in MS Outlook and Outlook Express.

Are you sure Outlook can use GSSAPI??
I tried the following :

Windows 2000 Prof., Member of W2K-ADS, logged in with @
Mailclient OE 6 (latest security packs), Secure Password Authentication enabled

All i get is "can not use CRAM-MD5" ??

Can someone confirm that Outlook is able to do GSSAPI.

Thanxs

Andreas

---
Home Page: http://asg.web.cmu.edu/cyrus
Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Re: Authenticate to IMAP server via Active Directory

[lst_hoe01]

Zitat von "Kevin P. Fleming" <[EMAIL PROTECTED]>:

> [EMAIL PROTECTED] wrote:
> 
> > Are you sure Outlook can use GSSAPI??
> > I tried the following :
> > 
> > Windows 2000 Prof., Member of W2K-ADS, logged in with @
> > Mailclient OE 6 (latest security packs), Secure Password Authentication
> enabled
> 
> Outlook and Outlook Express are not the same thing, in fact they are not 
> even related except in name.

I know. OE was the first by hand. Outlook 2003 didn't work either...
Any tips related this?

Regards

Andreas
---
Home Page: http://asg.web.cmu.edu/cyrus
Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Re: Migrating from cyrus-imapd-2.0.13 to cyrus-imapd-2.1.18

[lst_hoe01]

Zitat von Adi Linden <[EMAIL PROTECTED]>:

> Hi,
> 
> I have to move the cyrus-imap mailstore from RedHat 7 running 
> cyrus-imapd-2.0.13 to RedHat AS3.0 running cyrus-imapd-2.1.18.
> 
> Can I simply copy the /var/spool/imap/user directory from on server to the 
> other and then user reconstruct an quota to rebuild all the databases?
> 
> Thanks,
> Adi

You should export the mailbox-file and import in on the new machine too.
But nearly for sure this is in the FAQ/Wiki.

Regards

Andreas
---
Home Page: http://asg.web.cmu.edu/cyrus
Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Re: cyrus + postfix + quota

[lst_hoe01]

Zitat von Alex Ongena <[EMAIL PROTECTED]>:

> This might be a FAQ, but I didn't find anything about it..
> 
> Postfix 2.0.18 + Cyrus imap 2.2.3 and quota set for a user.
> When the quota limit is reached, postfix 'queues' the mail
> with a 'temporary failure' message instead of returning
> it to sender.
> 
> I think it is caused by a 4xx return code in cyrus instead
> of a 5xx code, but I do not know how to change it.
> 
> Any help is appriciated.

man imapd.conf

Have a look for the lmtp parameter.

Regards

Andreas

---
Home Page: http://asg.web.cmu.edu/cyrus
Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Re: Mysterious "hangs" and multiple messages.

[lst_hoe01]

Zitat von Anders Norrbring <[EMAIL PROTECTED]>:

> 
> I've noticed a weird problem lately. It often happens when one of my
> accounts contains 200+ messages.
> 
> I use POP3 access to this account, and when I poll mail, it "hangs" at some
> point and after a minute or two it continues the download of messages.
> 
> At the next poll round, it's the same story, none of the messages on the
> server are deleted and everything is downloaded once again.
> 
> My Cyrus-IMAP is version 2.1.15

Tested with different POP3 clients???
Sometimes mailclients choking on malformed messages at POP3 download.

Regards

Andreas
---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Re: efficiency drops when user exceed 5000+?

[lst_hoe01]

Zitat von Zhang Weiwu <[EMAIL PROTECTED]>:

> Hello. I have cyrus imapd runing now on my server. Today I heard people
> say when the user number exceed 5000+ the cyrus proformance drops in the
> way that unless many partitions ware made (what partition? file system
> partition?) to share the load. I'm pretty newbie on mail server
> administration, should I start to do something in case my user number
> grow over 5000+? I'm running a dual-processor Xeon server with IDE soft
> RAID10 discs.

Get real discs. IDE is bad for small random accessed files and soft RAID don't
make them better.
Be sure to use a filesystem capable of managing a lot of files or hash the
imapspool.
Have a look at your memory stats. Swapping will kill all performance.

This said there is no drop in efficiency but some point at which your hardware
is not able to keep up. But it depends on what your users are doing and not
only on the user-count.

Regards

Andreas
---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Re: Cyrus backup procedure?

[lst_hoe01]

Zitat von Kevin Baker <[EMAIL PROTECTED]>:

> I need to setup a backup process for our Cyrus install.
>
> Searched the archives and googled, but can't seem to find
> a list of the specific files to backup.
>
> I'm assuming, but wasn't sure:
> - entire /var/cyrus dir, /var/imap in my case
> - all of my conf files
>
>
> Also I am to restore, I'm assuming I would copy these
> files to a restored system, and run reconstruct -m. Is
> this right?


http://acs-wiki.andrew.cmu.edu/twiki/bin/view/Cyrus/Backup

Regards

Andreas
---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Re: [sendmail] sendmail-8.13, socket map and pre cyrus-2.2.3

[lst_hoe01]

Zitat von Andrzej Filip <[EMAIL PROTECTED]>:

> Is anybody interested in testing solution for real time integration of
> sendmail-8.13 with pre cyrus-2.2.3 ?
> [sendmail with socket map support, cyrus without socket map support]
>
> It will be another variant of http://symonds.anfi.org/sendmail/rtcyrus2.html
> using simple perl daemon and LMTP callouts instead of smmapd in cyrus.

Would be interesting to see. We are looking for online quota check for postfix
policy-daemon with LMTP callouts. Can i have a look at the perl code?

Thanxs

Andreas

---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Re: pop3: Logins must be at least 1 minute apart

[lst_hoe01]

Zitat von Marcus Schopen <[EMAIL PROTECTED]>:

> Moin!
>
> On Thursday 24 June 2004 02:56, Jules Agee wrote:
> > In /etc/imapd.conf, set:
> >
> > popminpoll: 0
>
> ha, that's it. Thanks!
>
> Just a hint for IMP/Horde users: if popminpoll is activated you can login via
> cyrus/pop3d, but can't read any messages, because MP/Horde isn't able to
> handle this time delay feature. It causes a "CRAM-MD5 generic failure" error.
> Took me half a night to figure this out.

As stated many times on the HORDE list : Using a POP3 server for the webmail
interface is a ugly hack. Use IMAP whenever possible.

Regards

Andreas

---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Re: cyrus list problem?

[lst_hoe01]

Zitat von M <[EMAIL PROTECTED]>:

> Is everyone receiving "interesting" messages from the CMU postmaster (or a
> spoof of it)?

MyDoom.M ...

I wonder why this list is not able to reject all the *.exe,*.scr etc. as others
do.

Regards

Andreas
---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Re: mail restore question

[lst_hoe01]

Zitat von Adam Parrott <[EMAIL PROTECTED]>:

> i was running cyrus and postfix on my suse 8.2 box. all mail was kept
> in /var/spool/imap/user for each user. the only backup i kept was the
> contents of the /var/spool/imap directory. the harddrive was noisy so
> i decided to replace it and at the same time i am switching to debian.
> the distro swith really doesn't have too much to do with the problem
> but i am just offering as much info on the situation that i can.
> after i have tried to restore the mail by copying it in the folder and
> doing reconstruct and it not working i have found that there were some
> other files that i should have backed up also. so my question is, how
> can i restore the email and folders that existed when all i have is
> the contents of the folder. It may also help to mention that my next
> setup will involve mysql, postfix, and cyrus.

http://acs-wiki.andrew.cmu.edu/twiki/bin/view/Cyrus/Backup

Regards

Andreas
---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Re: quotas and usage

[lst_hoe01]

Zitat von Philip Chambers <[EMAIL PROTECTED]>:

> How do I get cyrus to re-calculate the usage figure in a quota file.
>
> For example, if I recover a deleted message from our backup system into a
> user's
> inbox I need the usage figure to be updated to take the addition of the
> message into
> account.  I see that doing a reconstruct does not re-calculate the usage!
>
> Surely this is a major bug in the reconstruct process?
>
> I now have several users with usages which do not match their quota files and
> I see
> no way of getting rid of the inconsistency.

(As user cyrus) : "quota -f"

Regards

Andreas

---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Re: archive.info-cyrus web site used for spam harvesting

[lst_hoe01]

Zitat von Lari Huttunen <[EMAIL PROTECTED]>:

> Dear all,
>
> Would it be possible not to archive people's valid email addresses at:
> 
> since it took less than 90 hours for the address I used in posting to
> the mailing list to get harvested and utilized by spammers?
>
> I posted a message at:
> Thu, 30 Sep 2004 20:04:48 +0300
> and received the first (Nigerian) spam at:
> Mon, 04 Oct 2004 07:59:06 +0300
>
> This was the first and only time the aforementioned address had been used
> to post to the mailing list. (Prior, it had only been used in the
> subscription process.)
>
>
> Many mailing list web archives protect the posters' email addresses by
> automatically transforming the email addresses into .
> This doesn indeed reduce the number hits the spammers can achieve through
> website harvesting.
>
> Sorry for the OT post, but I just thought the list readers should and might
> want to know.

You should never ever use your real mailaddress for mailing-lists. Create a
alias for this purpose and only use it for mailing-lists. If it gets to spammy,
change it. Address-harvesting is done in many ways today like subscribing to
mailing-lists to get the addresses, so hiding it in the web-archives don't save
you from spam.

Regards

Andreas

---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Re: Active Directory

[lst_hoe01]

Zitat von Warrick FitzGerald <[EMAIL PROTECTED]>:

> Hi All,
>
> I know this is more of a PAM question, but I'd like to authenticate my
> Cyrus users agains our Active Directory setup. I've done some hunting
> and not found much documentation that I found very helpfull. Has anyone
> done this before, and if so could you share a link that may help in my
> quest please.

If you want to use Kerberos have a look here :
http://www.microsoft.com/windows2000/techinfo/planning/security/kerbsteps.asp

Basically it works (have tried it myself) but has some pitfalls with the keytab
files and DNS.

Regards

Andreas

---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Re: Dedendencies eMailadress - login [auf Viren überprüft]

[lst_hoe01]

Zitat von Hans Moser <[EMAIL PROTECTED]>:

> Hi!
>
> I would like to move from "a few" Domino-Servers to a Cyrus-IMAPD
> containing environment (e.g. the Kolab-distribution).
>
> Our eMailadresses are pretty long (as you can see :-). To log onto the
> Domino-server normally "fristname lastname" or the "shortname" is used.
>
> Too handle multiple subdomains on several servers, I consider to use
> Postfix-virtualtables to map
> [EMAIL PROTECTED] -> [EMAIL PROTECTED]
> This is all in der person's LDAP Entry.
>
> An LDAP-Entry could look kind of this:
> mail: [EMAIL PROTECTED]
> alias: [EMAIL PROTECTED]
> uid: sub1user1
>
> How do I get Cyrus to deliver mail to the appropriate mailbox for user1
> on server1, using a shorter login name from the person's LDAP entry
> (uid?) than one of the emailadresses shown above?

If you login with the uid your Cyrus mailbox name should be the uid. With
postfix you could create a entry in LDAP (mailrouting) with
@, map the mailadresses to this entry with virtual user
tables and route the mail with a transport entry to the matching server.

Regards

Andreas


---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Re: cyrus imapd - core dumps...

[lst_hoe01]

Zitat von Ivan Auger <[EMAIL PROTECTED]>:

We are running Solaris 9 with cyrus-sasl 2.1.21 and cyrus-imapd 
2.2.13., berkeley db 4.1.25.  Problem started about a week ago - Apr 
30.  Our logs show:


May  5 08:42:23 mailserv master[21147]: [ID 392559 local6.debug] 
about to exec /usr/cyrus/bin/imapd

May  5 08:42:23 mailserv imap[21147]: [ID 518349 local6.debug] executed
May  5 08:48:51 mailserv imap[21147]: [ID 921384 local6.debug] 
accepted connection
May  5 08:48:53 mailserv imap[21147]: [ID 277583 local6.notice] 
login: nnewton.wadsworth.org [199.184.30.36] brian plaintext User 
logged in
May  5 08:48:53 mailserv imap[21147]: [ID 275131 local6.notice] 
skiplist: recovered /var/imap/user/b/brian.seen (1 record, 2860 
bytes) in 0 seconds
May  5 08:48:53 mailserv imap[21147]: [ID 677757 local6.debug] 
seen_db: user brian opened /var/imap/user/b/brian.seen
May  5 08:48:53 mailserv imap[21147]: [ID 736213 local6.debug] open: 
user brian opened INBOX
May  5 09:00:42 mailserv genunix: [ID 603404 kern.notice] NOTICE: 
core_log: imapd[21147] core dumped: 
/var/core/core.imapd.21147.mailserv.6010.340.1146834041
May  5 09:00:42 mailserv master[547]: [ID 970914 local6.error] 
process 21147 exited, signaled to death by 11


without being a programmer signal 11 means bad memory modules most of 
the time. If the error occured suddenly without having changed anything 
and is not reproduceable i would investigate in this direction.


Regards

Andreas



Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Re: Imap slow opening folder

[lst_hoe01]

Zitat von Davide Pasquale <[EMAIL PROTECTED]>:


Hi all!

I have a setup where Cyrus-Imap 2.1.15, Cyrus-Sasl 2.1.15,  Sendmail 8.13
is installed on an  HPUX Itanium server. I use with success Saslauthd that
authenticate users over an openldap linux RH3 server using pam modules.
All is fine user can login and receive emails from Sendmail with no delay
but I have only one issue, when users open their imap folders for the first
time  (using webmail or thunderbird) the response from the server is affcted
by a delay of over 15 sec also with no messages in the folders.  After this
time is elapsed all is extremely fast!

Can you help me?

Excuse for my english and thanks.



As far as i remember there are problems with mmap used by Cyrus on 
HP-UX. Search the archives for some workarounds or status of the 
problem.


Regards

Andreas




Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Re: migrating from dovecot to cyrus

[lst_hoe01]

Zitat von Marten Lehmann <[EMAIL PROTECTED]>:


Hello,

I'm about to migrate an pop3/imap server from dovecot to cyrus. I'm 
planning to use the cyrus murder cluster in the long run, but the 
setup is a complex. And since the migration from dovecot to cyrus 
shall be done very soon because of performance problems in the 
current setup, I guess I can start faster with the standarc cyrus.


Just out of curiosity, what kind of performance problems at what load 
do you have. It was claimed that dovecot is really fast and we plan to 
evaluate it in the near future for some projects so any hints where to 
dig are welcome.


Regards

Andreas



Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Re: Command-line reconstruct different from cyradm reconstruct?

[lst_hoe01]

Zitat von "Chris St. Pierre" <[EMAIL PROTECTED]>:


I have a number of users with quotas that are set correctly, but Cyrus
is confused about the amount of data they have.  For instance:

imap> lq user.jpublic
STORAGE 0/307200 (0%)

If I run:

# su - cyrus -c "/usr/lib64/cyrus-imapd/reconstruct -rf user.jpublic"



You should use (as user cyrus) "quota -f" to fix the quota reporting. 
Not sure why cyradm reconstruct does this by itself.


Regards

Andreas



Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Re: Purging spam mails

[lst_hoe01]

Zitat von Rajeev R Veedu <[EMAIL PROTECTED]>:


I have a Postfix + Cyrus mail setup + clamav+spam assassin mail setup. I
have created a rule to move all mails tagged as "Possible Spam" to
user.inbox.spam folder.  Now I would like to have a method to delete these
spam e-mails if they are a week older.



Could someone please tell me how I could delete all mails in every user's
inbox.Spam folder if they are a week older?



Any support or guidance would be really appreciated.



I guess "man ipurge" could provide a pointer for help, but i never used 
it myself.


Regards

Andreas



Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Re: timeouts when connecting to imap server

[lst_hoe01]

Hello

I have not monitored this thread but have you checked if you are 
suffering from the "not enough entropy" problem in the case APOP is not 
deactivated?


Regards

Andreas




Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Re: Slow lmtpd

[lst_hoe01]

Zitat von Andre Nathan <[EMAIL PROTECTED]>:


Hello

We have a cyrus server that runs under heavy load, and a few days ago it
started to show a behaviour where its lmtpd processes take a long time
to deliver messages sent from postfix. Below is an example of a postfix
log message. with the email address removed:

Feb 28 17:14:11 mta13 postfix/lmtp[9633]: 63CBA700071C:
to=<[EMAIL PROTECTED]>,
relay=box2.prv.f3.k8.com.br[10.8.5.49]:2003, conn_use=6, delay=1718,
delays=0.15/1118/0/600, dsn=4.4.2, status=deferred (conversation with
box2.prv.f3.k8.com.br[10.8.5.49] timed out while sending end of data --
message may be sent more than once)

The last field in the "delays" field shows that the time out occurred
after 600s trying to send the message to cyrus. Even when a timeout does
not occur, the time for the message to be sent is around 100-300s.

We have some other more lightly loaded servers in which the data is sent
to lmtpd very quickly, and at any given moment there are only a few
lmtpd's running. On the heavily loaded servers, there are always a few
thousand lmtpd processes.


???
A few thousand lmtpd would be *way* too much because they all use the 
same I/O bottleneck (if you don't have partitions on different I/O 
paths). For a single I/O path i would recommend not more than some 10 
.. 20 concurrent lmtpd with the exception if you are having complex 
sieve rules which adds to latency.


Regards

Andreas



Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Re: Slow lmtpd

[lst_hoe01]

Zitat von Andre Nathan <[EMAIL PROTECTED]>:


On Tue, 2007-03-06 at 09:13 +1100, Rob Mueller wrote:

I've never seen over 100%, and it doesn't seem to make sense, so I'm
guessing it's a bogus value.


Yeah, I talked to the Coraid guys and they told me iostat reports
incorrect values for AoE.


> avg-cpu:  %user   %nice %system %iowait   %idle
>   2.530.005.26   89.982.23

However this shows that the system is mainly waiting on IO as we expected.


Yep, although I'd say it's a bit more than expected...


Really you never want that many lmtpd processes, if they're all in use, it's
clear you've got an IO problem. Limiting it to 10 or so is probably a
reasonable number to avoid complete IO saturation and IO sevice delays.


The problem in limiting them to a lower value is that once the MTAs
start running their queues, their connections will start being refused,
since all lmtpd's will be in use, and the messages will go back to the
queue.


You should always limit your MTA(s) (Postfix) LMTP clients to match the 
max number at your LMTP Server (Cyrus). Be sure to use a separate 
transport for lmtp and use the lmtp_connection_cache and maybe raise 
the max_use value. With this even small numbers of LMTP clients (<5) 
will be able to saturate your Cyrus I/O so no need to get in trouble 
with many hundreds LMTPs waiting for I/O slots.
I would start with 2 LMTP client connections per MTA and see what 
happens. As said if you don't have long running sieve scripts this 
should be enough to get near the max transferrate your Cyrus can handle.


Regards

Andreas


Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Re: extremely poor performance with many maiboxes for 'list "" *'

[lst_hoe01]

Zitat von "Greg A. Woods" <[EMAIL PROTECTED]>:


I manage a single-instance server running v2.2.12 with a reasonably
large number of mailboxes, using "mboxlist_db: flat":

# wc -l /var/imap/mailboxes.db
  40190 /var/imap/mailboxes.db

On the hardware it runs on a grep through the mailboxes file using a
non-trivial RE to match the user and ACL (in a manner I suspect is
similar to 'list "" *') will complete in less than a second of CPU time.

However imapd takes well over two minutes of CPU time to do the same
thing -- an unbelievable, impossibly, long time for what should be a
very trivial operation on so few records, relatively speaking.  I would
have expected that hardware to be able to process several tens of
millions of records in two minutes of CPU time.  I.e. whatever is being
done is being done with three or four orders of magnitude too many
instructions per record!  This is a "flat" DB, but still!

Unfortunately some clients, despite the advice of RFC 2683 Section
3.2.1.1, e.g. pine, frequently do things like this (or seem to),
sometimes putting extraordinarily excessive load on the system when
several do so at the same time (it's only a 4-CPU system :-)).



Not sure how the problem arises but maybe you want to use the 
imapd.conf option foolstupidclients which changes the command from 
"list *" to "list INBOX*" on the fly to get around your performance 
problem.


Regards

Andreas



Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Re: FYI: email with malicious attchmnt.

[lst_hoe01]

Zitat von "Tapang, Roderick Eugenio (GXS)" <[EMAIL PROTECTED]>:

> 
> Hi,
> 
> I know it's obvious to most subscribers that I am using an M$
> email client.  I've been receiving emails 'pretending' to be
> coming from '[EMAIL PROTECTED]' with a zipped attachment
> containing a windows binary file named 'message.html'.
> 
> Anyone receiving such email here?

If you are using M$ email clients you REALLY should get some virus scanner in
front of it (it´s the WORM_MIMAIL.A btw.)

Regards

Andreas

Re: lmtpd timeout

[lst_hoe01]

Zitat von Etienne Goyer <[EMAIL PROTECTED]>:

> This is slightly OT as it relate more to Postfix than Cyrus/sendmail,
> but the following got me thinking :
> 
> On Wed, Nov 12, 2003 at 09:09:17PM +0100, Andrzej Filip wrote:
> > Have you considered making sendmail "chain" deliveries to cyrus via LMTP ?
> > * multiple messages over single LMTP connection
> > * a small delay before delivery (<30s for most messages)
> 
> I want to optimize the Posftix -> Cyrus lmtpd delivery process.  I have
> been reading the Postfix lmtp(8) man page, and I thought about adding
> the following directives :
> 
> 
> lmtp_cache_connection <- any gain when delivering to Unix socket ?
> 
> lmtp_destination_concurrency_limit <- how many ?
> 
> local_destination_recipient_limit = 200 <- I guess the higher, the better
> 
> 
> Are there any other thing that I can do to improve the performance of
> Postfix -> Cyrus LMTP delevery ?  Your comments are very welcome.
> 
> Ciao!

Read the LMTP_README that ships with Postfix. It has a section with tuning
advice and some hints how to configure LMTP to use single instance store.

Regards

Andreas

Re: saslauthd performance

[lst_hoe01]

Zitat von Axel Grupe <[EMAIL PROTECTED]>:

> I performed a test for my saslauthd, it makes 1000 authentications
> within ~ 6,65 seconds (not bad!), and it still uses pam-> mysql.
> If I make the same test with saslauthd using ldap it goes "down" to ~
> 6,625. In deed these where cached by saslauthd.
> When I restart saslauthd the performance is for mysql : ~ 11,22 and for
> ldap ~14,72 seconds, which is in deed a little bit funny!
> But it doesn't matter because of  cyrus won't get that fast to come over
> this.
> (at least i use this PARAMS="${PARAMS}  -n 5 -c -s 2048 -t 600 ")

Be aware that the pam_mysql module is suspectible to leak memory in saslauthd
config with -n > 0.
If you have a version of pam_mysql without this problem let me know.

Regards

Andreas

---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Re: saslauthd performance

[lst_hoe01]

Zitat von Axel Grupe <[EMAIL PROTECTED]>:

> I'm running Debian Sarge so it's:
> saslauthd 2.1.19
> Source: pam-mysqlVersion: 0.5.0-6
> The System is just in testing mode, so it hasn't been up for a longer time.
> But thanks for the tip, I will observe it.

Could you send me ([EMAIL PROTECTED]) the source from pam_mysql Debian is
shipping. I heard some rumors they fixed some of the leaks.

Thanks

Andreas



---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Re: Storing Outlook calendar (etc) folders in Cyrus?

[lst_hoe01]

Zitat von Ruth Ivimey-Cook <[EMAIL PROTECTED]>:

> Hi folks,
>
>  I am wondering whether it is possible to use Cyrus imap to store the
> personal folders from Outlook; that is, things like address book, calendar
> etc?

Maybe the Kolab server is what you are looking for (www.kolab.org).

Regards

Andreas

---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Re: saslauthd performance

[lst_hoe01]

Zitat von Ken Murchison <[EMAIL PROTECTED]>:

> Let's no mislead people.  saslauthd does NOT leak memory.  Some PAM
> modules DO leak, which causes saslauthd to grow as a side effect.
> saslauthd works fine with well-written password authenticators
> (including some PAM modules).

Nothing different to what i said...
That's why i asked for the Debian pam_mysql. I hoped they fixed the leaks
present in the standard pam_mysql.

Regards

Andreas
---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Re: Cyrus + (insert Best MTA here) Suggestions

[lst_hoe01]

Zitat von Ow Mun Heng <[EMAIL PROTECTED]>:

> Hi all,
>
>   I'm curious on why I'm seeing more references to postfix (both here and
> on googling) when setting up an email server (scalable/high
> performance/etc).
>
> Michael Nguyen actually states that
> "Postfix + LDAP just was plain faster under stress than Qmail + LDAP and
> Sendmail + LDAP"
>
> I've read in another google find that postfix is at least 3x faster than
> sendmail.
>
> I'm just wondering why that is.

General note on this : Dependant on the special configuration you are testing
anyone of the MTAs can be the fastest. What seams to be the common baseline :
- Postfix is designed to avoid sync writes as much as possible, so if your I/O
system is the bottleneck (as most of the time is) Postfix should be the
fastest.
- Qmail has some drawback by the "one message per recipient" design if your
bandwidth is limited and you relay many multi-recipient mails.
- A careful sendmail/milter setup with a strong machine can be faster then
Qmail/Postfix with traditional store/forward content filter.
- Qmail and Postfix are considered more secure than Sendmail.
- Postfix and Sendmail are more flexibel in adjusting to your sepcial setup.

Your setup (speed of DNS, lookup maps etc.) have more influence than the
difference beetween the MTAs.

>
> Can anyone shed some light?

To find the definitive answer for your setup you have to test yourself.

>
> Also, I've heard that sendmail does not support maildir format natively,
> but I've also heard that one can use procmail to deliver it into maildir
> format.

No Sendmail guru here, but if you use procmail you have lost on the performance
comparsion ;-)

Regards

Andreas
---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Re: Cyrus + (insert Best MTA here) Suggestions

[lst_hoe01]

Zitat von Ow Mun Heng <[EMAIL PROTECTED]>:

> On Thu, 2004-11-18 at 16:31, [EMAIL PROTECTED] wrote:
> > - A careful sendmail/milter setup with a strong machine can be faster then
> > Qmail/Postfix with traditional store/forward content filter.
>
> I'm running sendmail 8.13+clamav-milter+spamass-milter and during the
> mornings when I fetchmail from my sever, to be fed to my local MTA, The
> load is quite high. Most likely due to the milters.
>
> I don't get the store/forward content filter meaning.

This means that Postfix is accepting & storing the mail, after that hand it off
to some heavy content filter for processing.

> > - Qmail and Postfix are considered more secure than Sendmail.
> Ditto. but being considered does not necessary mean it is.

You can have a look at the security history ...

> > - Postfix and Sendmail are more flexibel in adjusting to your sepcial
> >  setup.
> I like sendmail maybe because I know of it's Features.
>
> I esp like sendmail after I found the "FALLBACK_MX" feature. (sendmail
> will try to lookup and send direct via recipient MX 1st, if it fails,
> then it goes to the fallback_mx which is most likely the ISP relay)
>
> Does postfix support this?

If you mean trying all available MX
- Until < 2.1 only if the first can not be contacted
- Since 2.1 in every case the first fails

Another choice is fallback_relay

> >
> > No Sendmail guru here, but if you use procmail you have lost on the
> > performance comparsion ;-)
>
> Fedora/redhat by default uses procmail as it's default lmtp.
>
> what do you use then? Is Cyrus considered a LMTP or..?

Postfix can do lmtp native. No need to plug procmail in beetween to invoke
cyrus-deliver to start some lmtp transfer to the Cyrus mailstore.

Regards

Andreas

---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Re: remote cyrus exploits?

[lst_hoe01]

Zitat von Derrick J Brashear <[EMAIL PROTECTED]>:

> On Mon, 22 Nov 2004, David Powicki wrote:
>
> >
> > What's the word on susceptibility of versions based on the remote
> > vulnerability documented at:
> >
> > http://security.e-matters.de/advisories/152004.html
> >
> > Are ALL versions of cyrus pre-2.2.9 vulnerable, including 2.1.X?
>
> If you read the report at the URL he summarizes which versions have which
> bugs. The PARTIAL and FETCH bugs are there earlier, including in 2.1.x.
> Both of these are "one byte memory corruption" ... "allows remote code
> execution, when the heap layout was successfully controlled by the
> attacker." Heap attacks are more difficult than the usual stack overflow
> attacks, but it would be smart to upgrade. The relevant portions of the
> patch between 2.2.8 and 2.2.9 can be applied (most likely by hand) to
> 2.1.x.

Have i got it right that only the first listed bug is exploitable without a
valid login??

Regards

Andreas

---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Re: cyrus accepts mails for "unknown users"

[lst_hoe01]

Zitat von Marcus Schopen <[EMAIL PROTECTED]>:

> Hi,
>
> I've seen that simular questions have been discussed here, but I'm not sure
> if this problem is the same (sorry if yes and I just didn't get it):
>
> I'm runnung sendmail 8.12.3 with cyrusv2 local mailer (Debian woody standard
> package) and cyrus 2.1.17 (backport from http://people.debian.org/~hmh/).
> Today I had a heavy spam attack caused by the fact, that sendmail accepts
> mails for non existing users. EMails to unknown accounts on local domains
> (local-host-names) will be accepted and than bounced. Is there a way to
> stop/reject these mails at "rcpt to: user unknown"-point?

This is a sendmail question. Nothing Cyrus can do about. You have to make
sendmail aware which users are valid.

Regards

Andreas

---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Re: ReiserFS and general cyrus filesystem usage information - was Re: best filesystem for imap server

[lst_hoe01]

Zitat von Henrique de Moraes Holschuh <[EMAIL PROTECTED]>:

> I believe the openldap rationale is that it is impossible to have good BDB
> defaults. This affects Cyrus as well, I think.
>
> However, for Cyrus, it is probably easy enough to come up with a bare
> minimum setup for a 1000 concurrent connections scenario (half IMAP, half
> LMTP).  That should cover just about everyone that doesn't either have too
> little system memory, or a big enough site that they better know how to do
> the setup in the first place...  I might even contribute with that setup
> when I switch to BDB 4.2 and Cyrus IMAPd 2.2 :-)
>

May i ask where to find good dokumentation about BDB settings?? I have not
bothered until now because "embedded databases" should need no tuning.
>From what i hear this isn't true at all?

Thanxs

Andreas

---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Re: Hardware RAID Level & Performance

[lst_hoe01]

Zitat von Aleksandar Milivojevic <[EMAIL PROTECTED]>:

> Norman Zhang wrote:
> > May I ask has anyone consider SATA RAID yet? I seems to be a very
> > inexpensive solution.
>
> All inexpensive SATA RAID solutions are "fake RAID".  This includes
> almost all SATA controlers that are integrated into motherboards and
> marketed as RAID capable.  They are software RAID.  Basically, you use
> BIOS to write some metadata to the disks (configure the RAID), and than
> you need to use special drivers in OS that will do the actual software
> RAID stuff.  Most of those specialized drivers are slow, unstable, not
> available for anything but Windows, or all three of previous statements.
>   If you have one of those motherboards and/or controllers, you are far
> better disabling RAID stuff in BIOS and using standard Linux software
> RAID drivers (md) or standard *BSD RAID drivers (RAIDframe).

If you want the benefits of host independant RAID and cheap SATA disks you may
have a look at this one :
http://www.icp-vortex.com/english/product/pci/rz_sata_8/8586rz_e.htm

Regards

Andreas

---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Re: Hardware RAID Level & Performance

[lst_hoe01]

Zitat von Jure Pe_ar <[EMAIL PROTECTED]>:

> On Thu, 17 Feb 2005 20:50:56 +0100
> [EMAIL PROTECTED] wrote:
>
> > If you want the benefits of host independant RAID and cheap SATA disks you
> > may have a look at this one :
> > http://www.icp-vortex.com/english/product/pci/rz_sata_8/8586rz_e.htm
>
> I'm actually very afraif of all those cards with plenty of cache and no
> battery backup for it. It has been proven (on certain notebook disks iirc)
> that even 2mb cache on disks themselves if not flushed properly on shutdown
> can be a disaster for the filesystem. Don't want to expirience what happens
> if you manage to create a 128mb large "hole" in your data. That's why you
> see write caching disabled everywhere by default. And write caching is what
> we in the mail business want the most ...
>
> 3ware has gotten the right idea recently and started offering batery backup
> units for their cards. I'm trying to get one to test ...

Than you are at the higher end (not SATA) :
http://www.icp-vortex.com/english/product/pci/rzu320/8524rz_e.htm

> Because of that (and because I already have FC infrastructure in place) I'm
> mostly interested in standalone disk enclosures doing their own raid with
> cheap sata drives and big caches with batteries.

Be aware that you must disable the *internal* cache of the SATA drives ...
Maybe http://www.infortrend.com is more interesting for you in this case.

Regards

Andreas

---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Re: Which database to use?

[lst_hoe01]

Zitat von Martin Balint <[EMAIL PROTECTED]>:

> Hello,
>
> Me and a couple of friends are starting a small server (FreeBSD 5.3),
> which should serve our own homepages, projects, family emails
> ([EMAIL PROTECTED]), ...
> I decided to use Cyrus-IMAP + Postfix as a mail system.
> There should be more virtual domains (www and mail).
> W: Apache 2 + PHP5 + Mysql 4.1
> M: Postfix 2.2 + Cyrus IMAP 2.2 + Amavis + SA3 + Squirrelmail
> In general, imagine yourself a commercial webhosting - this should be a
> very similar setup, and requests.
>
> Now, I have a dilemma, which DB to use to store mail accounts. There are
> 2 candidates, MySQL 4.1 and OpenLDAP.
> Are there any advantages for which one to choose?
>
> What is important:
> * Virtual mailboxes - nobody will have shell access to the machine,
> except admin
> * Easy administration - a small php backend would be created, where
> domain admin can manage mailboxes (Sieve filters through SqMail plugin
> manageable by mailbox  owners)
>
> I have quite big experiences with MySQL, but almost none with LDAP
> (maybe it's a good reason to learn something).
>
> With MySQL 4.1 I have a feeling, that it won't be possible to use
> pam-mysql, which is required by Cyrus-IMAP?

If you are lazy (most of the admins are) choose MySQL because you already know
how to handle it. If you want to learn LDAP choose OpenLDAP.

Postfix can handle both well and Cyrus only use some authentication backend
supported by pam.

Regards

Andreas

---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Re: case sensitivity

[lst_hoe01]

Zitat von Dag-Erling Smørgrav <[EMAIL PROTECTED]>:
I discovered by accident that lmtpd (or possibly deliver, or both) is
case-sensitive; mail to [EMAIL PROTECTED] will bounce with
550-Mailbox unknown.  Either there is no mailbox associated with this
550-name or you do not have authorization to see it.
Is this intentional?  It doesn't seem right; mail addresses are
supposed to be case insensitive.  Can this be fixed in Cyrus, or do I
have to set up my SMTP server (Postfix) to lowercase the address
before delivering each message to Cyrus?
Set in imapd.conf
lmtp_downcase_rcpt : yes
Regards
Andreas

---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Re: Spam coming from list server??

[lst_hoe01]

Zitat von Charles Marcus <[EMAIL PROTECTED]>:
What the heck is all this spam I'm getting from the cyrus servers all 
of a sudden??
A new variant of the Sober worm blasting out "brown coloured" spam. More 
info
(only in german) at http://www.heise.de/newsticker/meldung/59562
Regards
Andreas
---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

RE: Tutorial on how to backup/restore cyrus

[lst_hoe01]

Zitat von [EMAIL PROTECTED]:


Hello again.

Is it really no one on the list can suggest me some backup/restore 
howto for Cyrus mailboxes?

I believe that there are some guys on the list who can help.

So please be so nice to answer me.


As a starting point have a look at
http://acs-wiki.andrew.cmu.edu/twiki/bin/view/Cyrus/Backup

Regards

Andreas


Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Re: Slow delivery to Outlook 2k/2k3

[lst_hoe01]

Zitat von Bill Kearney <[EMAIL PROTECTED]>:


Get people using crap like outlook to use pop3, their clients are not good
enough for anything else anyway.


Well, considering how well calendaring is implemented, along with contact
integration, Outlook's far from 'crap', at least in the minds of the people
happily using it.  Just not with IMAP.

It's really odd, apparently the folks on the Outlook development team either
don't give a damn or have no idea how many users are being driven off the
platform because of it's defects.  It's really pretty surprising they've let
it remain so shitty for so long.


Yupp. Outlook is a really good PIM (Personal Information Manager) but 
fails horribly for e-Mail. It is astonishing that it is even getting 
worse for every new version and the same company give out Outlook 
Express with a decent IMAP support for free.


Regards

Andreas



Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html