[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Cyrus Sendmail problems

Posted on 2006-06-07
12
Medium Priority
?
987 Views
Last Modified: 2010-08-05
I had cyrus and sendmail installed for quite while now on a CentOs4 box.
Everything worked fine, but now, after arestart, it stopped working.

I constantly get the following error in maillog:

SYSERR(root): makeconnection_ds: unsafe domain socket /var/imap/socket/lmtp

What puzzles me tho is that imapd.conf and cyrus.conf clearly points the location for lmtpd to be /var/lib/imap/socket/lmtp and NOT /var/imap

any ideas?

0
Comment
Question by:psimation
  • 6
  • 5
12 Comments
 
LVL 22

Accepted Solution

by:
pjedmond earned 800 total points
ID: 16855752
From:

http://www.burtonsigns.com/david/howto.html

-------X8-------------------------------
One time consuming problem I ran into with cyrus was that the lmtp socket location needed to be changed.
Below is error that I got:
SYSERR(root): makeconnection_ds: unsafe domain socket: No such file or directory

To fix this edit the /etc/cyrus.conf - and change the lmtpunix line like below

#  lmtpunix     cmd="lmtpd" listen="/var/lib/imap/socket/lmtp" prefork=0
  lmtpunix      cmd="lmtpd" listen="/var/imap/socket/lmtp" prefork=0

Now create the directory structure "mkdir -p /var/imap/socket/'
"chown cyrus:mail /var/imap/socket"
-------X8-------------------------------

Is /var/lib/imap/socket/lmtp linked in any way to /var/imap?

...or perhaps as a result of an unforseen termination condition, is the /var/imap/socket/lmtp socket left over from the previous running of the daemon and does it need removing so that a new socket can be created?

I'd also suggest looking at the permissions for the socket. It should be owned by the identity that the cyrus daemon runs as. If the permissions are such that other identities can connect, then I'd say that the error message is appropriate to that scenario.

HTH:)



0
 
LVL 17

Author Comment

by:psimation
ID: 16856389
Hi pjedmond

Unfortunately, changing the location of lmtpd in cyrus.conf does not work. var/imap is not linked to /var/lib/imap, I did try that at some stage, ie. to make a symlink to the lmtp socket in /var/lib/imap, but that didn't work either.

I did however find in sendmsil.cf that it is looking for lmtp in /var/imap/socket, but I tried to change it there with seemingly no luck still...

What I get now is errors stating the user is not known...
0
 
LVL 22

Expert Comment

by:pjedmond
ID: 16856495
Can I suggest deleting:

/var/imap/socket/

and then:
--------8X-----------
Now create the directory structure "mkdir -p /var/imap/socket/'
"chown cyrus:mail /var/imap/socket"
--------8X-----------

If a process terminates unexpectedly, then this is the area that is normally left in an unknown state that causes problems of this nature.

HTH:)
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 17

Author Comment

by:psimation
ID: 16859554
Hi pjedmond.

OK, I made the var/imap/socket folder as suggested, and made sure sendmail.cf also looks there for lmtp. I also changed my cyrus.conf file to point to that location ( one question here though: there are 2 lmtpd's mentioned in cyrus.conf; lmtp, and lmtpunix. does it matter which one is commented out, ie. which one should be used here?)

After a restart of cyrus and sendmail, I still get messages in maillog stating the message was accepted for delivery, but then it gives me an error stating "user unknown".

Should I post all my config files?

0
 
LVL 22

Expert Comment

by:pjedmond
ID: 16859849
Unfortunately, I'm not a cyrus user, but I'd guess that lmtp and lmtpunix are 2 different types of socket (or connectivity). On linux I'd suspect that both are supported, so leave as is.

The error that you're getting 'user unknown' implies that you haven't got a rule to deal with all users, or that the user cyrus isn't allowed to do something.......Basically, we need more information. I agree that posting your config files would help. Also post the FULL context of the 'user unknown' error  - Say up to 10 lines before it.

0
 
LVL 17

Author Comment

by:psimation
ID: 16859902
cyrus.conf:

# standard standalone server implementation

START {
  # do not delete this entry!
  recover       cmd="ctl_cyrusdb -r"

  # this is only necessary if using idled for IMAP IDLE
#  idled                cmd="idled"
}

# UNIX sockets start with a slash and are put into /var/lib/imap/sockets
SERVICES {
  # add or remove based on preferences
  imap          cmd="imapd" listen="imap" prefork=5
  imaps         cmd="imapd -s" listen="imaps" prefork=1
  pop3          cmd="pop3d" listen="pop3" prefork=3
  pop3s         cmd="pop3d -s" listen="pop3s" prefork=1
  sieve         cmd="timsieved" listen="sieve" prefork=0

  # these are only necessary if receiving/exporting usenet via NNTP
#  nntp         cmd="nntpd" listen="nntp" prefork=3
#  nntps                cmd="nntpd -s" listen="nntps" prefork=1

  # at least one LMTP is required for delivery
   lmtp         cmd="lmtpd" listen="/var/imap/socket/lmtp" prefork=0
#  lmtpunix     cmd="lmtpd" listen="/var/lib/imap/socket/lmtp" prefork=1

  # this is only necessary if using notifications
#  notify       cmd="notifyd" listen="/var/lib/imap/socket/notify" proto="udp" prefork=1
}

EVENTS {
  # this is required
  checkpoint    cmd="ctl_cyrusdb -c" period=30

  # this is only necessary if using duplicate delivery suppression,
  # Sieve or NNTP
  delprune      cmd="cyr_expire -E 3" at=0400

  # this is only necessary if caching TLS sessions
  tlsprune      cmd="tls_prune" at=0400
}



/etc/imapd.conf

configdirectory: /var/lib/imap
partition-default: /var/spool/imap
admins: cyrus
sievedir: /var/lib/imap/sieve
sendmail: /usr/sbin/sendmail
hashimapspool: true
sasl_pwcheck_method: auxprop
sasl_mech_list: CRAM-MD5 DIGEST-MD5 PLAIN LOGIN
allowplaintext: yes
tls_cert_file: /usr/share/ssl/certs/cyrus-imapd.pem
tls_key_file: /usr/share/ssl/certs/cyrus-imapd.pem
tls_ca_file: /usr/share/ssl/certs/ca-bundle.crt


Errors:

Jun  8 03:04:16 zeus lmtp[6700]: verify_user(user.internet) failed: Mailbox does not exist
Jun  8 03:04:16 zeus sendmail[6699]: k5814EFo006692: to=<internet@XXX.co.za>, delay=00:00:02, xdelay=00:00:00, mailer=cyrusv2, pri=120340, relay=localhost, dsn=5.1.1, stat=User unknown
Jun  8 03:04:16 zeus sendmail[6699]: k5814EFo006692: k5814G8N006699: DSN: User unknown
Jun  8 03:04:16 zeus lmtp[6700]: verify_user(user.root) failed: Mailbox does not exist
Jun  8 03:04:16 zeus sendmail[6699]: k5814G8N006699: to=<root@zeus.XXX.com>, delay=00:00:00, xdelay=00:00:00, mailer=cyrusv2, pri=31737, relay=localhost [[UNIX: /var/imap/socket/lmtp]], dsn=5.1.1, stat=User unknown
Jun  8 03:04:16 zeus sendmail[6699]: k5814G8N006699: k5814G8O006699: return to sender: User unknown
Jun  8 03:04:16 zeus lmtp[6700]: verify_user(user.root) failed: Mailbox does not exist
Jun  8 03:04:16 zeus sendmail[6699]: k5814G8O006699: to=root, delay=00:00:00, xdelay=00:00:00, mailer=cyrusv2, pri=32761, relay=localhost [[UNIX: /var/imap/socket/lmtp]], dsn=5.1.1, stat=User unknown
Jun  8 03:04:16 zeus sendmail[6699]: k5814G8N006699: Losing ./qfk5814G8N006699: savemail panic
Jun  8 03:04:16 zeus sendmail[6699]: k5814G8N006699: SYSERR(root): savemail: cannot save rejected email anywhere


This error was when I tried to send a mail to an account that was correctly setup with cyradm from root from the command line.


The first line of the error snippet it saus user.internet Mailbox does not exist. Yet Cyrus was setup to drop mail for the internet@XXX.co.za domain into the "test" box I created, so maybe either sendmail or cyrus is not authenticating correctly against sasldb but from /etc/passwd ( yet, auxprop is set as the auth method which is supposed to make them use sasldb and not the system users...)
0
 
LVL 22

Expert Comment

by:pjedmond
ID: 16860045
Looking at your log, the failure is occuring when the mail is under sendmail control.

The behaviour of sendmail at this stage is controlled by /etc/aliases

If you want a 'catch all', then add:

*:  root

at the end of the /etc/aliases file and these emails will get forwarded to roots inbox.

http://www.unet.univie.ac.at/aix/files/aixfiles/aliases.htm

for more info.

Transalation of your log file:

Jun  8 03:04:16 zeus lmtp[6700]: verify_user(user.internet) failed: Mailbox does not exist
   (internet@@XXX.co.za doesn't exist...but we know that)
Jun  8 03:04:16 zeus sendmail[6699]: k5814EFo006692: to=<internet@XXX.co.za>, delay=00:00:02, xdelay=00:00:00, mailer=cyrusv2, pri=120340, relay=localhost, dsn=5.1.1, stat=User unknown
    (The email has been forwarded to sendmail so is no longer under the control of cyrus - Therefore Cyrus is forwarding the email to a 'local' account, NOT a cyrus IMAP account - in this case root@zeus.XXX.com.)
Jun  8 03:04:16 zeus sendmail[6699]: k5814EFo006692: k5814G8N006699: DSN: User unknown
Jun  8 03:04:16 zeus lmtp[6700]: verify_user(user.root) failed: Mailbox does not exist
    (root@zeus.XXX.com doesn't exit as a local mail box)
Jun  8 03:04:16 zeus sendmail[6699]: k5814G8N006699: to=<root@zeus.XXX.com>, delay=00:00:00, xdelay=00:00:00, mailer=cyrusv2, pri=31737, relay=localhost [[UNIX: /var/imap/socket/lmtp]], dsn=5.1.1, stat=User unknown
Jun  8 03:04:16 zeus sendmail[6699]: k5814G8N006699: k5814G8O006699: return to sender: User unknown
Jun  8 03:04:16 zeus lmtp[6700]: verify_user(user.root) failed: Mailbox does not exist
    (root@zeus.XXX.com doesn't exist....)
Jun  8 03:04:16 zeus sendmail[6699]: k5814G8O006699: to=root, delay=00:00:00, xdelay=00:00:00, mailer=cyrusv2, pri=32761, relay=localhost [[UNIX: /var/imap/socket/lmtp]], dsn=5.1.1, stat=User unknown
Jun  8 03:04:16 zeus sendmail[6699]: k5814G8N006699: Losing ./qfk5814G8N006699: savemail panic
Jun  8 03:04:16 zeus sendmail[6699]: k5814G8N006699: SYSERR(root): savemail: cannot save rejected email anywhere

So I think that the overall cyrus setup is functional...*BUT* you haven't got all the imap accounts that you need to accept emails. Why have you got 2 different domains?

HTH:)
0
 
LVL 17

Author Comment

by:psimation
ID: 16860162
Hi pjedmond

With cyrus I use the /etc/mail/virtusertable and /etc/mail/local-host-names to tell sendmail what to listen for, and where to drop the mail , the virtusertable tells sendmail to drop mail for internet@XXX.co.za in cyrus mailbox "test".

the root account doesn't have a cyrus mailbox, but the internet@XXX.co.za does have one, and even then it does not deliver to it. It's a simple matter to add root as a cyrus account, but the problem lies before root's mail cannot be dropped (root sends to internet, mail bounces back to root), hence I didn't even bother to create a mailbox for root...

0
 
LVL 22

Expert Comment

by:pjedmond
ID: 16860243
In which case, I'm going to suggest a closer look at the rules in these 2 files:

/etc/mail/virtusertable

setup currently converts internet@XXX.co.za to root@zeus.XXX.com rather than test looking at the output from your log. Therefore I am guessing that /etc/mail/virtusertable

contains something akin to:

internet@XXX.co.za           root

whereas I suspect that you need something like:

internet@XXX.co.za          test@XXX.co.za

or perhaps:

@XXX.co.za                     test@XXX.co.za

at the end of all the rules to forward all remaining XXX.co.za to the test@XXX.co.uk

Please note that I have never used this setup, and I'm just explaining where I'd look and why. Obviously take a backup of all these files before following my suggestions, and remember that you will need to restart the sendmail/IMAP daemons after changing configuration files in order for the new settings to become effective.

HTH:)
0
 
LVL 1

Assisted Solution

by:ico2
ico2 earned 200 total points
ID: 16862547
chmod 700 /var/imap/socket/lmtp
0
 
LVL 17

Author Comment

by:psimation
ID: 16863040
I think I solved it!

The problem was that the FQDN was not in the /etc/mail/local-host-names file.

I changed the hostname a couple of days ago, and the problem only started after that. I still don't know why it would cause this tho; the recipient "internet@XXX.co.za" was correctly configured, ie. XXX.co.za was in the local-host-names...

Anyway, thanks alot for all the help.

0
 
LVL 22

Expert Comment

by:pjedmond
ID: 16863096
Well done! Glad to have been of any assistance.:)
0

Featured Post

NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The purpose of this article is to demonstrate how we can use conditional statements using Python.
This article will show you step-by-step instructions to build your own NTP CentOS server.  The network diagram shows the best practice to setup the NTP server farm for redundancy.  This article also serves as your NTP server documentation.
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
Suggested Courses
Course of the Month19 days, 7 hours left to enroll

873 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question