Добрый день.
система freeBSD 5.3
Sendmail помоему работает нормально на него почта идет.
Проблема с cyrus-imapd или с аутонтификацией sasl установлен.
imapd.log пишет
Jul 4 17:10:43 free master[456]: about to exec /usr/local/cyrus/bin/ctl_cyrusdb
Jul 4 17:10:44 free ctl_cyrusdb[456]: recovering cyrus databases
Jul 4 17:10:44 free ctl_cyrusdb[456]: skiplist: recovered /var/imap/mailboxes.db (1 record, 288 bytes) in 0 seconds
Jul 4 17:10:44 free ctl_cyrusdb[456]: skiplist: recovered /var/imap/annotations.db (0 records, 144 bytes) in 0 seconds
Jul 4 17:10:44 free ctl_cyrusdb[456]: done recovering cyrus databases
Jul 4 17:10:44 free master[453]: servname not supported for ai_socktype, disabling sieve
Jul 4 17:10:44 free master[453]: ready for work
Jul 4 17:10:44 free master[530]: about to exec /usr/local/cyrus/bin/ctl_cyrusdb
Jul 4 17:10:44 free ctl_cyrusdb[530]: checkpointing cyrus databases
Jul 4 17:10:44 free ctl_cyrusdb[530]: archiving database file: /var/imap/annotations.db
Jul 4 17:10:44 free ctl_cyrusdb[530]: DBERROR: error listing log files: DB_NOTFOUND: No matching key/data pair found
Jul 4 17:10:44 free ctl_cyrusdb[530]: DBERROR: archive /var/imap/db: cyrusdb error
Jul 4 17:10:44 free ctl_cyrusdb[530]: DBERROR: archive /var/imap/db: cyrusdb error
Jul 4 17:10:44 free ctl_cyrusdb[530]: archiving database file: /var/imap/mailboxes.db
Jul 4 17:10:44 free ctl_cyrusdb[530]: DBERROR: error listing log files: DB_NOTFOUND: No matching key/data pair found
Jul 4 17:10:44 free ctl_cyrusdb[530]: DBERROR: archive /var/imap/db: cyrusdb error
Jul 4 17:10:44 free ctl_cyrusdb[530]: done checkpointing cyrus databases
Jul 4 17:10:44 free master[453]: process 530 exited, status 1Пути все проверял,конфиги сверял, всё делал и как учили на курсе и по разным статьям пробовал настраивать.Ничего не идет помогите кому не в лом.
>Jul 4 17:10:44 free ctl_cyrusdb[530]: DBERROR: error listing log files: DB_NOTFOUND:Вроде все понятно говорит что не обнаружена база...
>
>>Jul 4 17:10:44 free ctl_cyrusdb[530]: DBERROR: error listing log files: DB_NOTFOUND:
>
>Вроде все понятно говорит что не обнаружена база...я тоже не понимаю база присутствует /var/imap/... там все базы лежат.
может где пути надо писать к этим базам?
>>
>>>Jul 4 17:10:44 free ctl_cyrusdb[530]: DBERROR: error listing log files: DB_NOTFOUND:
>>
>>Вроде все понятно говорит что не обнаружена база...
>
>я тоже не понимаю база присутствует /var/imap/... там все базы лежат.
>может где пути надо писать к этим базам?Или права доступа.
sun# ls -la /var/imap
total 88
drwxr-xr-x 10 cyrus cyrus 512 Jul 5 16:39 .
drwxr-xr-x 23 root wheel 512 Jun 30 17:08 ..
-rw------- 1 cyrus cyrus 144 Jun 30 13:09 annotations.db
drwxr-xr-x 2 cyrus cyrus 512 Jun 30 13:09 db
drwx------ 2 cyrus cyrus 512 Jul 5 16:39 db.backup1
drwx------ 2 cyrus cyrus 512 Jul 5 16:09 db.backup2
-rw------- 1 cyrus cyrus 32768 Jul 5 04:09 deliver.db
drwxr-xr-x 2 cyrus cyrus 512 Jun 21 20:58 log
-rw------- 1 cyrus cyrus 1192 Jun 30 13:09 mailboxes.db
drwxr-xr-x 2 cyrus cyrus 512 Jun 21 20:58 msg
drwxr-xr-x 2 cyrus cyrus 512 Jul 5 16:39 proc
drwxr-xr-x 2 cyrus cyrus 512 Jun 21 20:58 ptclient
drwxr-xr-x 2 cyrus cyrus 512 Jun 30 13:09 socket
-rw------- 1 cyrus cyrus 32768 Jul 5 04:09 tls_sessions.db
sun#
создавал директории при помощи mkimap ?
>sun#
>создавал директории при помощи mkimap ?да mkimap.
права теже самые за исключением 2-х строк у меня их нет.-rw------- 1 cyrus cyrus 32768 Jul 5 04:09 deliver.db
-rw------- 1 cyrus cyrus 32768 Jul 5 04:09 tls_sessions.db
>
>>sun#
>>создавал директории при помощи mkimap ?
>
>да mkimap.
> права теже самые за исключением 2-х строк у меня их нет.
>
>
>-rw------- 1 cyrus cyrus 32768 Jul 5
>04:09 deliver.db
>-rw------- 1 cyrus cyrus 32768 Jul 5
>04:09 tls_sessions.dbПопробуй запустить ctl_cyrusdb вручную
# su -l cyrus -c '/usr/sbin/ctl_cyrusdb -rx'
Какие будут ошибки?
>>
>>>sun#
>>>создавал директории при помощи mkimap ?
>>
>>да mkimap.
>> права теже самые за исключением 2-х строк у меня их нет.
>>
>>
>>-rw------- 1 cyrus cyrus 32768 Jul 5
>>04:09 deliver.db
>>-rw------- 1 cyrus cyrus 32768 Jul 5
>>04:09 tls_sessions.db
>
>Попробуй запустить ctl_cyrusdb вручную
>
># su -l cyrus -c '/usr/sbin/ctl_cyrusdb -rx'Вот так для твоего слуая
# su -l cyrus -c '/usr/local/cyrus/bin/ctl_cyrusdb -rx'>
>Какие будут ошибки?
>Попробуй запустить ctl_cyrusdb вручную
>
># su -l cyrus -c '/usr/sbin/ctl_cyrusdb -rx'
>
>Какие будут ошибки?после запуска
su -l cyrus -c '/usr/local/cyrus/bin/ctl_cyrusdb -rx'imapd.log пишет
Jul 5 17:42:46 free ctl_cyrusdb[1624]: recovering cyrus databases
Jul 5 17:42:46 free ctl_cyrusdb[1624]: done recovering cyrus databasesв принципе эти строки присутствуют и в первом логе.
>imapd.log пишет
>Jul 5 17:42:46 free ctl_cyrusdb[1624]: recovering cyrus databases
>Jul 5 17:42:46 free ctl_cyrusdb[1624]: done recovering cyrus databases
>
>в принципе эти строки присутствуют и в первом логе.Значит все ОК с базами и пользователю cyrus можно читать и писать в базы
ну а теперь запусти ctl_cyrusdb от пользователя, у которого нет доступа к cyrus-файлам и каталогам. Если ошибка будет такая же как и раньше наблюдалась, то можешь сделать выводы
>
>>imapd.log пишет
>>Jul 5 17:42:46 free ctl_cyrusdb[1624]: recovering cyrus databases
>>Jul 5 17:42:46 free ctl_cyrusdb[1624]: done recovering cyrus databases
>>
>>в принципе эти строки присутствуют и в первом логе.
>
>Значит все ОК с базами и пользователю cyrus можно читать и писать
>в базы
>ну а теперь запусти ctl_cyrusdb от пользователя, у которого нет доступа к
>cyrus-файлам и каталогам. Если ошибка будет такая же как и раньше
>наблюдалась, то можешь сделать выводыНу вобщем то я и предпологал что проблем а скорее в авторизации пользователей.
А ошибка следующая под другим пользователем
Jul 6 12:38:29 free ctl_cyrusdb[1530]: DBERROR db3: Unlink: /var/imap/db/__db.005: Permission denied
Jul 6 12:38:29 free ctl_cyrusdb[1530]: DBERROR db3: Unlink: /var/imap/db/__db.004: Permission denied
Jul 6 12:38:29 free ctl_cyrusdb[1530]: DBERROR db3: Unlink: /var/imap/db/__db.003: Permission denied
Jul 6 12:38:29 free ctl_cyrusdb[1530]: DBERROR db3: Unlink: /var/imap/db/__db.002: Permission denied
Jul 6 12:38:29 free ctl_cyrusdb[1530]: DBERROR db3: Unlink: /var/imap/db/__db.001: Permission denied
Jul 6 12:38:29 free ctl_cyrusdb[1530]: DBERROR: dbenv->open '/var/imap/db' failed: Permission denied
Jul 6 12:38:29 free ctl_cyrusdb[1530]: DBERROR: init() on berkeley
Jul 6 12:38:29 free ctl_cyrusdb[1530]: DBERROR: writing /var/imap/db/skipstamp: Permission denied
Jul 6 12:38:29 free ctl_cyrusdb[1530]: DBERROR: init() on skiplist
Jul 6 12:38:29 free ctl_cyrusdb[1530]: recovering cyrus databases
Jul 6 12:38:29 free ctl_cyrusdb[1530]: done recovering cyrus databases
с этим все понятно пользователь должен входить в группу cyrs.ещё обнаружилась ошибка auth.log
Jul 6 12:22:36 free imap[1407]: could not find auxprop plugin, was searching for 'sasldb2'
файл присутствует пользователи в сасл добовляется но cyrus их не видет.может у меня какаято не согласованость в портах?
не подскажете за одно как посмотреть установленные программы и их версии
чего то я не понял, как это под другим пользователем, этот пользователь должен быть в системе
>чего то я не понял, как это под другим пользователем, этот пользователь
>должен быть в системепользователи прсутствуют везде и в системе и в sasldb2.
я уже упарился непонимаю где несрастается.если это поможет могу выложить imap.config
но судя по этой строке из auth.log
Jul 7 14:54:10 free imap[1306]: could not find auxprop plugin, was searching for 'sasldb2'не проходит авторизация через auxprop как говорил выше сасл
работает пользователей вносит, базу сам читает.
бьюсь с этим уже недели 3 с перерывом на отпуск.
sun# uname -v
FreeBSD 5.4-RELEASE #1: Fri Jun 3 19:23:29 MSD 2005 root@sun.s.ru:/usr/obj/usr/src/sys/SUN-03052005
sun#cat /usr/local/etc/imapd.conf
#
# $FreeBSD: ports/mail/cyrus-imapd22/files/imapd.conf,v 1.13 2004/11/22 08:15:15 ume Exp $
#
configdirectory: /var/imap# The partition name used by default for new mailboxes
#
#defaultpartition: default# The directory for the different partitions
#
partition-default: /var/spool/imap# Use the UNIX separator character '/' for delimiting levels of
# mailbox hierarchy. The default is to use the netnews separator
# character '.'.
#unixhierarchysep: no# Use the alternate IMAP namespace, where personal folders reside at
# the same level in the hierarchy as INBOX.
#
#altnamespace: no# If using the alternate IMAP namespace, the prefix for the other
# users namespace. The hierarchy delimiter will be automatically
# appended.
#
#userprefix: Other Users# If using the alternate IMAP namespace, the prefix for the shared
# namespace. The hierarchy delimiter will be automatically appended.
#
#sharedprefix: Shared Folders# The umask value used by various Cyrus IMAP programs
#
#umask: 077# This is the hostname visible in the greeting messages of the POP,
# IMAP and LMTP daemons. If it is unset, then the result returned from
# gethostname(2) is used.
#
#servername: <result returned by gethostname(2)># Whether to allow anonymous logins
#
#allowanonymouslogin: no# Allow the use of cleartext passwords on the wire.
#
#allowplaintext: yes# The percent of quota utilization over which the server generates
# warnings.
#
#quotawarn: 90# The length of the IMAP server's inactivity autologout timer, in minutes.
# The minimum value is 30, the default.
#
#timeout: 30# The interval (in seconds) for polling the mailbox for changes while
# running the IDLE command. This option is used when idled can not be
# contacted or when polling is used exclusively. The minimum value is
# 1. A value of 0 will disable polling (and disable IDLE if polling
# is the only method available).
#
#imapidlepoll: 60# If enabled, the server responds to an ID command with a parameter
# list containing: version, vendor, support-url, os, os-version,
# command, arguments, environment. Otherwise the server returns NIL.
#
#imapidresponse: yes# Set the length of the POP server's inactivity autologout timer, in
# minutes. The minimum value is 10, the default.
#
#poptimeout: 10# Set the minimum amount of time the server forces users to wait between
# successive POP logins, in minutes. The default is 0.
#
#popminpoll: 0# The number of days advertised as being the minimum a message may be
# left on the POP server before it is deleted (via the CAPA command,
# defined in the POP3 Extension Mechanism, which some clients may
# support). "NEVER", the default, may be specified with a negative
# number. The Cyrus POP3 server never deletes mail, no matter what
# the value of this parameter is. However, if a site implements a
# less liberal policy, it needs to change this parameter accordingly.
#
#popexpiretime: 0# The list of userids with administrative rights. Separate each userid
# with a space. We recommend that administrator userids be separate from
# standard userids. Sites using Kerberos authentication may use separate
# "admin" instances.
#
#admins: <none>
admins: admin# A list of users and groups that are allowed to proxy for other
# users, seperated by spaces. Any user listed in this will be allowed
# to login for any other user: use with caution.
#
#proxyservers: <none># The Access Control List (ACL) placed on a newly-created (non-user)
# mailbox that does not have a parent mailbox.
#
#defaultacl: anyone lrs# The pathname of the news spool directory. Only used if the partition-news
# configuration option is set.
#
#newsspool: <no default># Prefix to be prepended to newsgroup names to make the corresponding IMAP
# mailbox names.
#
#newsprefix: <none># If nonzero, normal users may create their own IMAP accounts by creating
# the mailbox INBOX. The user's quota is set to the value if it is positive,
# otherwise the user has unlimited quota.
#
#autocreatequota: 0# Include notations in the protocol telemetry logs indicating the number
# of seconds since the last command or response.
#
#logtimestamps: no# Number of seconds to pause after a successful plaintext login. For systems
# that support strong authentication, this permits users to perceive a cost
# of using plaintext passwords.
#
#plaintextloginpause: 0# The pathname of srvtab file containing the server's private key.
# This option is passed to the SASL library and overrides its default
# setting.
#
#srvtab: /etc/srvtab# The list of remote realms whose users may log in using cross-realm
# authentications. Seperate each realm name by a space. This option is
# only used when the server is compiled with Kerberos authentication.
#
#loginrealms: <none># If enabled, any authentication identity which has a rights on a user's
# INBOX may log in as that user. This option is only used when the server
# is compiled with Kerberos authentication.
#
#loginuseacl: no# If enabled, lmtpd attempts to only write one copy of a message per
# partition and create hard links, resulting in a potentially large
# disk savings.
#
#singleinstancestore: yes# If enabled, lmtpd will suppress delivery of a message to a mailbox
# if a message with the same message-id (or resent-message-id) is
# recorded as having already been delivered to the mailbox. Records
# the mailbox and message-id/resent-message-id of all successful
# deliveries.
#
#duplicatesuppression: yes# If enabled, lmtpd rejects messages with 8-bit characters in the
# headers. Otherwise, 8-bit characters are changed to `X'. (A proper
# soultion to non-ASCII characters in headers is offered by RFC 2047
# and its predecessors.)
#
#reject8bit: no# Maximum incoming LMTP message size. If set, lmtpd will reject
# messages larger than maxmessagesize bytes. The default is to allow
# messages of any size.
#
#maxmessagesize: <unlimited># Userid used to deliver messages to shared folders. For example, if
# set to "bb", email sent to "bb+shared.blah" would be delivered to
# the "shared.blah" folder. By default, an email address of
# "+shared.blah" would be used.
#postuser: <none># If enabled at compile time, this specifies a URL to reply when
# Netscape asks the server where the mail administration HTTP server
# is. The default is a site at CMU with a hopefully informative
# message; administrators should set this to a local resource with
# some information of greater use.
#
#netscapeurl: http://andrew2.andrew.cmu.edu/cyrus/imapd/netscapeadmin.html# Notifyd(8) method to use for "MAIL" notifications. If not set,
# "MAIL" notifications are disabled.
#
#mailnotifier: <no default># Notifyd(8) method to use for "SIEVE" notifications. If not set,
# "SIEVE" notifications are disabled.
#
# This method is only used when no method is specified in the script.
#
#sievenotifier: <no default># If enabled, lmtpd will look for Sieve scripts in user's home
# directories: ~user/.sieve.
#
sieveusehomedir: false# If sieveusehomedir is false, this directory is searched for Sieve scripts.
# The active Sieve script is s called "default", placed in the users sieve
# sieve directory (ie. /var/imap/sieve/u/user).
#
sievedir: /var/imap/sieve# The pathname of the sendmail executable. Sieve uses sendmail for
# sending rejections, redirects and vaca- tion responses.
#
#sendmail: /usr/sbin/sendmail# Username that is used as the 'From' address in rejection MDNs
# produced by sieve.
#
#postmaster: postmaster# If enabled, the partitions will also be hashed, in addition to the hashing
# done on configuration directories. This is recommended if one partition has
# a very bushy mailbox tree.
#
#hashimapspool: false# Maximum size (in kilobytes) any sieve script can be, enforced at
# submission by timsieved(8).
#
#sieve_maxscriptsize: 32# Maximum number of sieve scripts any user may have, enforced at
# submission by timsieved(8).
#
#sieve_maxscripts: 5# The cyrusdb backend to use for mailbox annotations.
# Allowed values: berkeley, skiplist
#
#annotation_db: skiplist# The cyrusdb backend to use for the duplicate delivery suppression
# and sieve.
# Allowed values: berkeley, berkeley-nosync, skiplist
#
#duplicate_db: berkeley-nosync# The cyrusdb backend to use for the mailbox list.
# Allowed values: flat, berkeley, skiplist
#
#mboxlist_db: skiplist# The cyrusdb backend to use for the pts cache.
# Allowed values: berkeley, skiplist
#
#ptscache_db: berkeley# The cyrusdb backend to use for the seen state.
# Allowed values: flat, berkeley, skiplist
#
#seenstate_db: skiplist# The cyrusdb backend to use for the subscriptions list.
# Allowed values: flat, berkeley, skiplist
#
#subscription_db: flat# The cyrusdb backend to use for the TLS cache.
# Allowed values: berkeley, berkeley-nosync, skiplist
#
#tlscache_db: berkeley-nosync# Maximum SSF (security strength factor) that the server will allow a
# client to negotiate.
#
#sasl_maximum_layer: 256# The minimum SSF that the server will allow a client to negotiate. A
# value of 1 requires integrity protection; any higher value requires
# some amount of encryption.
#
#sasl_minimum_layer: 0# The mechanism used by the server to verify plaintext passwords. Possible
# values include "auxprop" or "saslauthd"
#
sasl_pwcheck_method: auxprop# If enabled, the SASL library will automatically create authentication
# secrets when given a plaintext password. See the SASL documentation.
#
#sasl_auto_transition: no# Whitespace separated list of mechanisms to allow (e.g. 'plain otp').
# Used to restrict the mechanisms to a subset of the installed
# plugins. The default is all available.
#
#sasl_mech_list: cram-md5 digest-md5# Location of the opiekeys file
#
#sasl_opiekeys: /etc/opiekeys# File containing the global certificate used for ALL services (imap,
# pop3, lmtp).
#
#tls_cert_file: <none># File containing the private key belonging to the global server
# certificate.
#
#tls_key_file: <none># File containing the certificate used for imap ONLY. If not
# specified, the global certificate is used. A value of "disabled"
# will disable SSL/TLS for imap.
#
#imap_tls_cert_file: <none># File containing the private key belonging to the imap-specific
# server certificate. If not specified, the global private key is
# used. A value of "disabled" will disable SSL/TLS for imap.
#
#imap_tls_key_file: <none># File containing the certificate used for pop3 ONLY. If not
# specified, the global certificate is used. A value of "disabled"
# will disable SSL/TLS for pop3.
#
#pop3_tls_cert_file: <none># File containing the private key belonging to the pop3-specific
# server certificate. If not specified, the global private key is
# used. A value of "disabled" will disable SSL/TLS for pop3.
#
#pop3_tls_key_file: <none># File containing the certificate used for lmtp ONLY. If not
# specified, the global certificate is used. A value of "disabled"
# will disable TLS for lmtp.
#
#lmtp_tls_cert_file: <none># File containing the private key belonging to the lmtp-specific
# server certificate. If not specified, the global private key is
# used. A value of "disabled" will disable TLS for lmtp.
#
#lmtp_tls_key_file: <none># File containing the certificate used for sieve ONLY. If not
# specified, the global certificate is used. A value of "disabled"
# will disable TLS for sieve.
#
#sieve_tls_cert_file: <none># File containing the private key belonging to the sieve-specific
# server certificate. If not specified, the global private key is
# used. A value of "disabled" will disable TLS for sieve.
#
#sieve_tls_key_file: <none># File containing one or more Certificate Authority (CA) certificates.
#
#tls_ca_file: <none># Path to directory with certificates of CAs.
#
#tls_ca_path: <none># The length of time (in minutes) that a TLS session will be cached
# for later reuse. The maximum value is 1440 (24 hours), the default.
# A value of 0 will disable session caching.
#
#tls_session_timeout: 1440# The right that a user needs to delete a mailbox.
#
#deleteright: c# Unix domain socket that lmtpd listens on, used by deliver(8).
#
#lmtpsocket: /var/imap/socket/lmtp# Unix domain socket that idled listens on.
#
#idlesocket: /var/imap/socket/idle# Unix domain socket that the new mail notification daemon listens on.
#
#notifysocket: /var/imap/socket/notifyvirtdomains: yes
defaultdomain: strs.ru#
# EOF