headers
Kevin Kobb | 1 Mar 2011 15:22

Re: SSL certificates

On 2/28/2011 9:44 AM, Anthony Tibbs wrote:
> Good morning,
>
> I've been running Cyrus at a couple of small sites since 2001 or so.
> I've run into a snag trying to setup SSL using something other than the
> self-signed, auto-generated certificate. The domain has a GoDaddy
> 2048-bit SSL certificate. From the SSL manager, one downloads a bundle
> that contains a certificate chain bundle, and a separate file with the
> certificate for the domain itself.
>
> The key and CSR was generated with:
>
> openssl genrsa -des3 -out xxx.key 2048
> openssl req -new -key xxx.key -out xxx.csr
>
> I've seen a few different methodologies posted about how to install
> this. One is to conctenate the domain certificate, the certificate
> chain, and the private key into one .pem file and set tls_cert_file,
> tls_ca_file, and tls_key_file to point to the same '.pem' file. Another
> is to keep the files completely separate.
>
> No matter what I have tried, I've been unsuccessful. Thunderbird reports
> that it received an SSL record that is too long, and/or the imapd
> process becomes stuck at 100% CPU utilization until it is killed forcibly.
>
> Is there something I'm missing on this?
>
> - Anthony
>
>
(Continue reading)

Permalink | Reply | 2 comments |
headers
Chris Mattingly | 1 Mar 2011 15:55

Re: SSL certificates

  I use a GoDaddy 2048bit cert on my personal server with no issues.  In 
imapd.conf I have set the following:

tls_cert_file: /etc/pki/cyrus-imapd/<domain>.crt
tls_key_file: /etc/pki/cyrus-imapd/server.key
tls_ca_file: /etc/pki/cyrus-imapd/gd_intermediate_bundle.crt

(I think this one is only for authorizing inbound client certs)
tls_ca_path: /etc/ssl/certs

My gd_intermediate_bundle.crt contains the 2 intermediates and the root 
certs in PEM format, cat'd together.  Order shouldn't be significant, 
but in mine, the order is (by cert subject):
CN=Go Daddy Secure Certification Authority/serialNumber=07969287
C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification 
Authority
L=ValiCert Validation Network, O=ValiCert, Inc., OU=ValiCert Class 2 
Policy Validation Authority, 
CN=http://www.valicert.com//emailAddress=info <at> valicert.com

Basically listed in the 'correct' order of the chain.

To Kevin's point about the private key, I agree that you should remove 
the passphrase from your key.  It will only cause complications with 
startup.

Hope this helps,
-Chris

On 3/1/2011 9:22 AM, Kevin Kobb wrote:
(Continue reading)

Permalink | Reply | 0 comments |
headers
Lars Kellogg-Stedman | 2 Mar 2011 05:47
Gravatar

Problems with NNTP access

Hello all,

I'm getting some odd errors from Cyrus trying to access mailboxes via
NNTP, and I'm hoping you can help out.  The basic symptoms are that
the mailboxes should up in an NNTP LIST command, but trying to select
the via GROUP results in an a "unknown error":

 LIST
 215 List of newsgroups follows:
 sample 0 1 y
 .
 GROUP sample
 411 No such newsgroup (Unknown error: 0)

Cyrus doesn't appear to log anything regarding this failure.  In my
imap.conf, I have:

partition-news: /var/spool/news
newsspool: /var/spool/news
newsprefix: news

And I created the mailbox like this:

cm news.sample
sam news.sample anyone post

And in /var/spool/imap/news I see:

 drwx------  2 cyrus  cyrus  5 Mar  1 23:36 /var/spool/imap/news/sample/
(Continue reading)

Permalink | Reply | 4 comments |
headers
Bron Gondwana | 2 Mar 2011 09:49
Gravatar

Re: Problems with NNTP access

On Tue, 1 Mar 2011 23:47:20 -0500
Lars Kellogg-Stedman <lars <at> oddbit.com> wrote:

> Hello all,
> 
> I'm getting some odd errors from Cyrus trying to access mailboxes via
> NNTP, and I'm hoping you can help out.  The basic symptoms are that
> the mailboxes should up in an NNTP LIST command, but trying to select
> the via GROUP results in an a "unknown error":

Oh good - someone who actually USES NNTP!

>  LIST
>  215 List of newsgroups follows:
>  sample 0 1 y
>  .
>  GROUP sample
>  411 No such newsgroup (Unknown error: 0)

Can you please create a bug report at bugzilla.cyrusimap.org, with a copy of the config files (imapd.conf
and cyrus.conf) you're using, and a summary of the traffic.

I didn't have any NNTP users to test when putting 2.4.x together, so it will be good to get this fixed.

Thanks,

Bron.
----
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
(Continue reading)

Permalink | Reply | 3 comments |
headers
Dave McMurtrie | 2 Mar 2011 11:13
Picon

Re: Problems with NNTP access

On Mar 2, 2011, at 3:49 AM, Bron Gondwana <brong <at> fastmail.fm> wrote:

> On Tue, 1 Mar 2011 23:47:20 -0500
> Lars Kellogg-Stedman <lars <at> oddbit.com> wrote:
> 
>> Hello all,
>> 
>> I'm getting some odd errors from Cyrus trying to access mailboxes via
>> NNTP, and I'm hoping you can help out.  The basic symptoms are that
>> the mailboxes should up in an NNTP LIST command, but trying to select
>> the via GROUP results in an a "unknown error":
> 
> Oh good - someone who actually USES NNTP!
> 
>> LIST
>> 215 List of newsgroups follows:
>> sample 0 1 y
>> .
>> GROUP sample
>> 411 No such newsgroup (Unknown error: 0)
> 
> Can you please create a bug report at bugzilla.cyrusimap.org, with a copy of the config files (imapd.conf
and cyrus.conf) you're using, and a summary of the traffic.
> 
> I didn't have any NNTP users to test when putting 2.4.x together, so it will be good to get this fixed.
> 

We tested it and we're running 2.4.x nntpd in production now.  I thought I had mentioned that to you, but I
guess not.  Let me know if you need me to test anything for you.
(Continue reading)

Permalink | Reply | 0 comments |
headers
Riccardo Veraldi | 2 Mar 2011 12:36
Picon
Picon
Favicon

mailbox reconstruct and empty inbox

Hello,
a user has lost for mistake a part of his own emails

so I have restored all of them from tape to a different directory location
so the original user was

/var/spool/imap/u/user/user1

the restore went in

/var/spool/imap/u/user/user2

and I created s new cyrus user

cm  user.user

after this i reconstructed the new mailbox as cyrus user and also the quota

reconstruct -r -f user.user2

quota -f user.user2

the mailbox is reconstructed succesfully and I can see the dump with

ctl_mboxlist -d

i can see the new user.user2 mailbox with subfolders

the problem is that when I try to access to the new mailbox with IMAP 
client (thunderbird or whatever)
(Continue reading)

Permalink | Reply | 0 comments |
headers
Lars Kellogg-Stedman | 2 Mar 2011 13:50
Gravatar

Re: Problems with NNTP access

> Can you please create a bug report at bugzilla.cyrusimap.org, with a copy of the config files (imapd.conf
and cyrus.conf) you're using, and a summary of the traffic.

Posted as:

http://bugzilla.cyrusimap.org/show_bug.cgi?id=3415
----
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
Permalink | Reply | 1 comment |
headers
Bron Gondwana | 2 Mar 2011 14:47
Gravatar

Re: Problems with NNTP access

On Wed, 2 Mar 2011 07:50:00 -0500
Lars Kellogg-Stedman <lars <at> oddbit.com> wrote:

> > Can you please create a bug report at bugzilla.cyrusimap.org, with a copy of the config files
(imapd.conf and cyrus.conf) you're using, and a summary of the traffic.
> 
> Posted as:
> 
> http://bugzilla.cyrusimap.org/show_bug.cgi?id=3415

Great - I'll have a look at it.  Might not get to it today, but I'll do it as soon as I can.

Bron.
----
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
Permalink | Reply | 0 comments |
headers
Jeroen van Meeuwen (Kolab Systems | 2 Mar 2011 16:00
Gravatar

Tuning defaults for 2.5

Hello,

I just wanted to let those of us on this list, but not the development list, know about a review of default configuration values that you may be interested in;

http://lists.andrew.cmu.edu/pipermail/cyrus-devel/2011-March/001742.html

Kind regards,

Jeroen van Meeuwen

--

Senior Engineer, Kolab Systems AG

e: vanmeeuwen <at> kolabsys.com

t: +316 42 801 403

w: http://www.kolabsys.com

pgp: 9342 BF08

----
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
Permalink | Reply | 6 comments |
headers
Tom Plancon | 2 Mar 2011 19:18

All user's mail marked as junk

Hello,
We have one user for whom all incoming mail is immediately marked as junk. This is happening no matter which email client she uses: Thunderbird, eGroupware (web interface). So I'm assuming it is not the function of a filter applied at the client, but rather on the server.
this is an older installation of Cyrus, (2.2.12) on CentOS. This is the first issue I've seen as a server problem in the 5+ years it has been in use.
I've done a reconstruct on the user's Inbox but it made no difference
Any help as to what is going on/ how to correct is appreciated. Thanks!
--
myEMAILsignature body { font-family:'Gill Sans MT', 'arial', 'helvetica'; } .name { font-size:14px; font-weight:bold; line-height:1.0em; color:#2a56a4; } .address { width:140px; text-align: justify; font-size:14px; line-height:1.0em; color:#2a56a4; } .info { font-size:14px; line-height:1.0em; color:#2a56a4; } .cntct { word-spacing:2px; font-size:14px; line-height:1.0em; color:#2a56a4; } .message { word-spacing:2px; font-size:18px; line-height:1.0em; color:#FF0000; Thomas E. Plancon
CAD/IS Manager

B K A Architects, Inc.
142 Crescent Street
Brockton, MA 02302

tel: 508 . 583 . 5603 ext 313
fax: 508 . 584 . 2914
www.bkaarchitects.com 
----
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
Permalink | Reply | 2 comments |

Gmane