psimation
asked on
Cyrus Sendmail problems
I had cyrus and sendmail installed for quite while now on a CentOs4 box.
Everything worked fine, but now, after arestart, it stopped working.
I constantly get the following error in maillog:
SYSERR(root): makeconnection_ds: unsafe domain socket /var/imap/socket/lmtp
What puzzles me tho is that imapd.conf and cyrus.conf clearly points the location for lmtpd to be /var/lib/imap/socket/lmtp and NOT /var/imap
any ideas?
Everything worked fine, but now, after arestart, it stopped working.
I constantly get the following error in maillog:
SYSERR(root): makeconnection_ds: unsafe domain socket /var/imap/socket/lmtp
What puzzles me tho is that imapd.conf and cyrus.conf clearly points the location for lmtpd to be /var/lib/imap/socket/lmtp and NOT /var/imap
any ideas?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Can I suggest deleting:
/var/imap/socket/
and then:
--------8X-----------
Now create the directory structure "mkdir -p /var/imap/socket/'
"chown cyrus:mail /var/imap/socket"
--------8X-----------
If a process terminates unexpectedly, then this is the area that is normally left in an unknown state that causes problems of this nature.
HTH:)
/var/imap/socket/
and then:
--------8X-----------
Now create the directory structure "mkdir -p /var/imap/socket/'
"chown cyrus:mail /var/imap/socket"
--------8X-----------
If a process terminates unexpectedly, then this is the area that is normally left in an unknown state that causes problems of this nature.
HTH:)
ASKER
Hi pjedmond.
OK, I made the var/imap/socket folder as suggested, and made sure sendmail.cf also looks there for lmtp. I also changed my cyrus.conf file to point to that location ( one question here though: there are 2 lmtpd's mentioned in cyrus.conf; lmtp, and lmtpunix. does it matter which one is commented out, ie. which one should be used here?)
After a restart of cyrus and sendmail, I still get messages in maillog stating the message was accepted for delivery, but then it gives me an error stating "user unknown".
Should I post all my config files?
OK, I made the var/imap/socket folder as suggested, and made sure sendmail.cf also looks there for lmtp. I also changed my cyrus.conf file to point to that location ( one question here though: there are 2 lmtpd's mentioned in cyrus.conf; lmtp, and lmtpunix. does it matter which one is commented out, ie. which one should be used here?)
After a restart of cyrus and sendmail, I still get messages in maillog stating the message was accepted for delivery, but then it gives me an error stating "user unknown".
Should I post all my config files?
Unfortunately, I'm not a cyrus user, but I'd guess that lmtp and lmtpunix are 2 different types of socket (or connectivity). On linux I'd suspect that both are supported, so leave as is.
The error that you're getting 'user unknown' implies that you haven't got a rule to deal with all users, or that the user cyrus isn't allowed to do something.......Basically, we need more information. I agree that posting your config files would help. Also post the FULL context of the 'user unknown' error - Say up to 10 lines before it.
The error that you're getting 'user unknown' implies that you haven't got a rule to deal with all users, or that the user cyrus isn't allowed to do something.......Basically,
ASKER
cyrus.conf:
# standard standalone server implementation
START {
# do not delete this entry!
recover cmd="ctl_cyrusdb -r"
# this is only necessary if using idled for IMAP IDLE
# idled cmd="idled"
}
# UNIX sockets start with a slash and are put into /var/lib/imap/sockets
SERVICES {
# add or remove based on preferences
imap cmd="imapd" listen="imap" prefork=5
imaps cmd="imapd -s" listen="imaps" prefork=1
pop3 cmd="pop3d" listen="pop3" prefork=3
pop3s cmd="pop3d -s" listen="pop3s" prefork=1
sieve cmd="timsieved" listen="sieve" prefork=0
# these are only necessary if receiving/exporting usenet via NNTP
# nntp cmd="nntpd" listen="nntp" prefork=3
# nntps cmd="nntpd -s" listen="nntps" prefork=1
# at least one LMTP is required for delivery
lmtp cmd="lmtpd" listen="/var/imap/socket/l mtp" prefork=0
# lmtpunix cmd="lmtpd" listen="/var/lib/imap/sock et/lmtp" prefork=1
# this is only necessary if using notifications
# notify cmd="notifyd" listen="/var/lib/imap/sock et/notify" proto="udp" prefork=1
}
EVENTS {
# this is required
checkpoint cmd="ctl_cyrusdb -c" period=30
# this is only necessary if using duplicate delivery suppression,
# Sieve or NNTP
delprune cmd="cyr_expire -E 3" at=0400
# this is only necessary if caching TLS sessions
tlsprune cmd="tls_prune" at=0400
}
/etc/imapd.conf
configdirectory: /var/lib/imap
partition-default: /var/spool/imap
admins: cyrus
sievedir: /var/lib/imap/sieve
sendmail: /usr/sbin/sendmail
hashimapspool: true
sasl_pwcheck_method: auxprop
sasl_mech_list: CRAM-MD5 DIGEST-MD5 PLAIN LOGIN
allowplaintext: yes
tls_cert_file: /usr/share/ssl/certs/cyrus -imapd.pem
tls_key_file: /usr/share/ssl/certs/cyrus -imapd.pem
tls_ca_file: /usr/share/ssl/certs/ca-bu ndle.crt
Errors:
Jun 8 03:04:16 zeus lmtp[6700]: verify_user(user.internet) failed: Mailbox does not exist
Jun 8 03:04:16 zeus sendmail[6699]: k5814EFo006692: to=<internet@XXX.co.za>, delay=00:00:02, xdelay=00:00:00, mailer=cyrusv2, pri=120340, relay=localhost, dsn=5.1.1, stat=User unknown
Jun 8 03:04:16 zeus sendmail[6699]: k5814EFo006692: k5814G8N006699: DSN: User unknown
Jun 8 03:04:16 zeus lmtp[6700]: verify_user(user.root) failed: Mailbox does not exist
Jun 8 03:04:16 zeus sendmail[6699]: k5814G8N006699: to=<root@zeus.XXX.com>, delay=00:00:00, xdelay=00:00:00, mailer=cyrusv2, pri=31737, relay=localhost [[UNIX: /var/imap/socket/lmtp]], dsn=5.1.1, stat=User unknown
Jun 8 03:04:16 zeus sendmail[6699]: k5814G8N006699: k5814G8O006699: return to sender: User unknown
Jun 8 03:04:16 zeus lmtp[6700]: verify_user(user.root) failed: Mailbox does not exist
Jun 8 03:04:16 zeus sendmail[6699]: k5814G8O006699: to=root, delay=00:00:00, xdelay=00:00:00, mailer=cyrusv2, pri=32761, relay=localhost [[UNIX: /var/imap/socket/lmtp]], dsn=5.1.1, stat=User unknown
Jun 8 03:04:16 zeus sendmail[6699]: k5814G8N006699: Losing ./qfk5814G8N006699: savemail panic
Jun 8 03:04:16 zeus sendmail[6699]: k5814G8N006699: SYSERR(root): savemail: cannot save rejected email anywhere
This error was when I tried to send a mail to an account that was correctly setup with cyradm from root from the command line.
The first line of the error snippet it saus user.internet Mailbox does not exist. Yet Cyrus was setup to drop mail for the internet@XXX.co.za domain into the "test" box I created, so maybe either sendmail or cyrus is not authenticating correctly against sasldb but from /etc/passwd ( yet, auxprop is set as the auth method which is supposed to make them use sasldb and not the system users...)
# standard standalone server implementation
START {
# do not delete this entry!
recover cmd="ctl_cyrusdb -r"
# this is only necessary if using idled for IMAP IDLE
# idled cmd="idled"
}
# UNIX sockets start with a slash and are put into /var/lib/imap/sockets
SERVICES {
# add or remove based on preferences
imap cmd="imapd" listen="imap" prefork=5
imaps cmd="imapd -s" listen="imaps" prefork=1
pop3 cmd="pop3d" listen="pop3" prefork=3
pop3s cmd="pop3d -s" listen="pop3s" prefork=1
sieve cmd="timsieved" listen="sieve" prefork=0
# these are only necessary if receiving/exporting usenet via NNTP
# nntp cmd="nntpd" listen="nntp" prefork=3
# nntps cmd="nntpd -s" listen="nntps" prefork=1
# at least one LMTP is required for delivery
lmtp cmd="lmtpd" listen="/var/imap/socket/l
# lmtpunix cmd="lmtpd" listen="/var/lib/imap/sock
# this is only necessary if using notifications
# notify cmd="notifyd" listen="/var/lib/imap/sock
}
EVENTS {
# this is required
checkpoint cmd="ctl_cyrusdb -c" period=30
# this is only necessary if using duplicate delivery suppression,
# Sieve or NNTP
delprune cmd="cyr_expire -E 3" at=0400
# this is only necessary if caching TLS sessions
tlsprune cmd="tls_prune" at=0400
}
/etc/imapd.conf
configdirectory: /var/lib/imap
partition-default: /var/spool/imap
admins: cyrus
sievedir: /var/lib/imap/sieve
sendmail: /usr/sbin/sendmail
hashimapspool: true
sasl_pwcheck_method: auxprop
sasl_mech_list: CRAM-MD5 DIGEST-MD5 PLAIN LOGIN
allowplaintext: yes
tls_cert_file: /usr/share/ssl/certs/cyrus
tls_key_file: /usr/share/ssl/certs/cyrus
tls_ca_file: /usr/share/ssl/certs/ca-bu
Errors:
Jun 8 03:04:16 zeus lmtp[6700]: verify_user(user.internet)
Jun 8 03:04:16 zeus sendmail[6699]: k5814EFo006692: to=<internet@XXX.co.za>, delay=00:00:02, xdelay=00:00:00, mailer=cyrusv2, pri=120340, relay=localhost, dsn=5.1.1, stat=User unknown
Jun 8 03:04:16 zeus sendmail[6699]: k5814EFo006692: k5814G8N006699: DSN: User unknown
Jun 8 03:04:16 zeus lmtp[6700]: verify_user(user.root) failed: Mailbox does not exist
Jun 8 03:04:16 zeus sendmail[6699]: k5814G8N006699: to=<root@zeus.XXX.com>, delay=00:00:00, xdelay=00:00:00, mailer=cyrusv2, pri=31737, relay=localhost [[UNIX: /var/imap/socket/lmtp]], dsn=5.1.1, stat=User unknown
Jun 8 03:04:16 zeus sendmail[6699]: k5814G8N006699: k5814G8O006699: return to sender: User unknown
Jun 8 03:04:16 zeus lmtp[6700]: verify_user(user.root) failed: Mailbox does not exist
Jun 8 03:04:16 zeus sendmail[6699]: k5814G8O006699: to=root, delay=00:00:00, xdelay=00:00:00, mailer=cyrusv2, pri=32761, relay=localhost [[UNIX: /var/imap/socket/lmtp]], dsn=5.1.1, stat=User unknown
Jun 8 03:04:16 zeus sendmail[6699]: k5814G8N006699: Losing ./qfk5814G8N006699: savemail panic
Jun 8 03:04:16 zeus sendmail[6699]: k5814G8N006699: SYSERR(root): savemail: cannot save rejected email anywhere
This error was when I tried to send a mail to an account that was correctly setup with cyradm from root from the command line.
The first line of the error snippet it saus user.internet Mailbox does not exist. Yet Cyrus was setup to drop mail for the internet@XXX.co.za domain into the "test" box I created, so maybe either sendmail or cyrus is not authenticating correctly against sasldb but from /etc/passwd ( yet, auxprop is set as the auth method which is supposed to make them use sasldb and not the system users...)
Looking at your log, the failure is occuring when the mail is under sendmail control.
The behaviour of sendmail at this stage is controlled by /etc/aliases
If you want a 'catch all', then add:
*: root
at the end of the /etc/aliases file and these emails will get forwarded to roots inbox.
http://www.unet.univie.ac.at/aix/files/aixfiles/aliases.htm
for more info.
Transalation of your log file:
Jun 8 03:04:16 zeus lmtp[6700]: verify_user(user.internet) failed: Mailbox does not exist
(internet@@XXX.co.za doesn't exist...but we know that)
Jun 8 03:04:16 zeus sendmail[6699]: k5814EFo006692: to=<internet@XXX.co.za>, delay=00:00:02, xdelay=00:00:00, mailer=cyrusv2, pri=120340, relay=localhost, dsn=5.1.1, stat=User unknown
(The email has been forwarded to sendmail so is no longer under the control of cyrus - Therefore Cyrus is forwarding the email to a 'local' account, NOT a cyrus IMAP account - in this case root@zeus.XXX.com.)
Jun 8 03:04:16 zeus sendmail[6699]: k5814EFo006692: k5814G8N006699: DSN: User unknown
Jun 8 03:04:16 zeus lmtp[6700]: verify_user(user.root) failed: Mailbox does not exist
(root@zeus.XXX.com doesn't exit as a local mail box)
Jun 8 03:04:16 zeus sendmail[6699]: k5814G8N006699: to=<root@zeus.XXX.com>, delay=00:00:00, xdelay=00:00:00, mailer=cyrusv2, pri=31737, relay=localhost [[UNIX: /var/imap/socket/lmtp]], dsn=5.1.1, stat=User unknown
Jun 8 03:04:16 zeus sendmail[6699]: k5814G8N006699: k5814G8O006699: return to sender: User unknown
Jun 8 03:04:16 zeus lmtp[6700]: verify_user(user.root) failed: Mailbox does not exist
(root@zeus.XXX.com doesn't exist....)
Jun 8 03:04:16 zeus sendmail[6699]: k5814G8O006699: to=root, delay=00:00:00, xdelay=00:00:00, mailer=cyrusv2, pri=32761, relay=localhost [[UNIX: /var/imap/socket/lmtp]], dsn=5.1.1, stat=User unknown
Jun 8 03:04:16 zeus sendmail[6699]: k5814G8N006699: Losing ./qfk5814G8N006699: savemail panic
Jun 8 03:04:16 zeus sendmail[6699]: k5814G8N006699: SYSERR(root): savemail: cannot save rejected email anywhere
So I think that the overall cyrus setup is functional...*BUT* you haven't got all the imap accounts that you need to accept emails. Why have you got 2 different domains?
HTH:)
The behaviour of sendmail at this stage is controlled by /etc/aliases
If you want a 'catch all', then add:
*: root
at the end of the /etc/aliases file and these emails will get forwarded to roots inbox.
http://www.unet.univie.ac.at/aix/files/aixfiles/aliases.htm
for more info.
Transalation of your log file:
Jun 8 03:04:16 zeus lmtp[6700]: verify_user(user.internet)
(internet@@XXX.co.za doesn't exist...but we know that)
Jun 8 03:04:16 zeus sendmail[6699]: k5814EFo006692: to=<internet@XXX.co.za>, delay=00:00:02, xdelay=00:00:00, mailer=cyrusv2, pri=120340, relay=localhost, dsn=5.1.1, stat=User unknown
(The email has been forwarded to sendmail so is no longer under the control of cyrus - Therefore Cyrus is forwarding the email to a 'local' account, NOT a cyrus IMAP account - in this case root@zeus.XXX.com.)
Jun 8 03:04:16 zeus sendmail[6699]: k5814EFo006692: k5814G8N006699: DSN: User unknown
Jun 8 03:04:16 zeus lmtp[6700]: verify_user(user.root) failed: Mailbox does not exist
(root@zeus.XXX.com doesn't exit as a local mail box)
Jun 8 03:04:16 zeus sendmail[6699]: k5814G8N006699: to=<root@zeus.XXX.com>, delay=00:00:00, xdelay=00:00:00, mailer=cyrusv2, pri=31737, relay=localhost [[UNIX: /var/imap/socket/lmtp]], dsn=5.1.1, stat=User unknown
Jun 8 03:04:16 zeus sendmail[6699]: k5814G8N006699: k5814G8O006699: return to sender: User unknown
Jun 8 03:04:16 zeus lmtp[6700]: verify_user(user.root) failed: Mailbox does not exist
(root@zeus.XXX.com doesn't exist....)
Jun 8 03:04:16 zeus sendmail[6699]: k5814G8O006699: to=root, delay=00:00:00, xdelay=00:00:00, mailer=cyrusv2, pri=32761, relay=localhost [[UNIX: /var/imap/socket/lmtp]], dsn=5.1.1, stat=User unknown
Jun 8 03:04:16 zeus sendmail[6699]: k5814G8N006699: Losing ./qfk5814G8N006699: savemail panic
Jun 8 03:04:16 zeus sendmail[6699]: k5814G8N006699: SYSERR(root): savemail: cannot save rejected email anywhere
So I think that the overall cyrus setup is functional...*BUT* you haven't got all the imap accounts that you need to accept emails. Why have you got 2 different domains?
HTH:)
ASKER
Hi pjedmond
With cyrus I use the /etc/mail/virtusertable and /etc/mail/local-host-names to tell sendmail what to listen for, and where to drop the mail , the virtusertable tells sendmail to drop mail for internet@XXX.co.za in cyrus mailbox "test".
the root account doesn't have a cyrus mailbox, but the internet@XXX.co.za does have one, and even then it does not deliver to it. It's a simple matter to add root as a cyrus account, but the problem lies before root's mail cannot be dropped (root sends to internet, mail bounces back to root), hence I didn't even bother to create a mailbox for root...
With cyrus I use the /etc/mail/virtusertable and /etc/mail/local-host-names
the root account doesn't have a cyrus mailbox, but the internet@XXX.co.za does have one, and even then it does not deliver to it. It's a simple matter to add root as a cyrus account, but the problem lies before root's mail cannot be dropped (root sends to internet, mail bounces back to root), hence I didn't even bother to create a mailbox for root...
In which case, I'm going to suggest a closer look at the rules in these 2 files:
/etc/mail/virtusertable
setup currently converts internet@XXX.co.za to root@zeus.XXX.com rather than test looking at the output from your log. Therefore I am guessing that /etc/mail/virtusertable
contains something akin to:
internet@XXX.co.za root
whereas I suspect that you need something like:
internet@XXX.co.za test@XXX.co.za
or perhaps:
@XXX.co.za test@XXX.co.za
at the end of all the rules to forward all remaining XXX.co.za to the test@XXX.co.uk
Please note that I have never used this setup, and I'm just explaining where I'd look and why. Obviously take a backup of all these files before following my suggestions, and remember that you will need to restart the sendmail/IMAP daemons after changing configuration files in order for the new settings to become effective.
HTH:)
/etc/mail/virtusertable
setup currently converts internet@XXX.co.za to root@zeus.XXX.com rather than test looking at the output from your log. Therefore I am guessing that /etc/mail/virtusertable
contains something akin to:
internet@XXX.co.za root
whereas I suspect that you need something like:
internet@XXX.co.za test@XXX.co.za
or perhaps:
@XXX.co.za test@XXX.co.za
at the end of all the rules to forward all remaining XXX.co.za to the test@XXX.co.uk
Please note that I have never used this setup, and I'm just explaining where I'd look and why. Obviously take a backup of all these files before following my suggestions, and remember that you will need to restart the sendmail/IMAP daemons after changing configuration files in order for the new settings to become effective.
HTH:)
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I think I solved it!
The problem was that the FQDN was not in the /etc/mail/local-host-names file.
I changed the hostname a couple of days ago, and the problem only started after that. I still don't know why it would cause this tho; the recipient "internet@XXX.co.za" was correctly configured, ie. XXX.co.za was in the local-host-names...
Anyway, thanks alot for all the help.
The problem was that the FQDN was not in the /etc/mail/local-host-names
I changed the hostname a couple of days ago, and the problem only started after that. I still don't know why it would cause this tho; the recipient "internet@XXX.co.za" was correctly configured, ie. XXX.co.za was in the local-host-names...
Anyway, thanks alot for all the help.
Well done! Glad to have been of any assistance.:)
ASKER
Unfortunately, changing the location of lmtpd in cyrus.conf does not work. var/imap is not linked to /var/lib/imap, I did try that at some stage, ie. to make a symlink to the lmtp socket in /var/lib/imap, but that didn't work either.
I did however find in sendmsil.cf that it is looking for lmtp in /var/imap/socket, but I tried to change it there with seemingly no luck still...
What I get now is errors stating the user is not known...