Hi, what are the following messages supposed to tell me and does this indicate a problem? # systemctl status cyrus-imapd [...] master[3766]: unable to setsocketopt(IP_TOS): Operation not supported master[3766]: unable to setsocketopt(IP_TOS): Operation not supported [...] Exim says it can not connect to the lmtp socket even when selinux doesn?t get in the way. The configuration looks like this: cyrus.conf (none of the two options work): [...] # lmtp cmd="lmtpd -a" listen="lmtp:127.0.0.1" prefork=4 lmtpunix cmd="lmtpd -a" listen="/var/lib/imap/socket/lmtp" prefork=4 [...] exim.conf: [...] begin transports # cyrus_ltcp: # driver = smtp # protocol = lmtp # delivery_date_add # envelope_to_add # return_path_add # hosts = localhost # allow_localhost lmtp_socket: driver = lmtp socket = /var/lib/imap/socket/lmtp delivery_date_add envelope_to_add return_path_add # ls -la /var/lib/imap/socket/lmtp srwxrwxrwx. 1 root root 0 Mar 16 12:58 /var/lib/imap/socket/lmtp I have this working on the old server (which doesn?t run Centos) and am trying to migrate it to the new one (which runs Centos 7.4). The version of cyrus and sasl are the same on both machines. What?s the problem with Centos that these things don?t just work as they usually do?
Am 16.03.2018 um 13:07 schrieb hw:> > Hi, > > what are the following messages supposed to tell me and does this > indicate a problem? > > > # systemctl status cyrus-imapd > [...] > master[3766]: unable to setsocketopt(IP_TOS): Operation not supported > master[3766]: unable to setsocketopt(IP_TOS): Operation not supported > [...]That's cyrus-imapd itself failing and has nothing to do with Exim.> Exim says it can not connect to the lmtp socket even when selinux > doesn?t get in the way.? The configuration looks like this: > > > cyrus.conf (none of the two options work): > > [...] > ? # lmtp??????????????? cmd="lmtpd -a" listen="lmtp:127.0.0.1" prefork=4 > ? lmtpunix????? cmd="lmtpd -a" listen="/var/lib/imap/socket/lmtp" > prefork=4 > [...]Providing just a snipped from the complete configuration of cyrus-imapd is insufficient.> exim.conf: > > [...] > begin transports > > > > # cyrus_ltcp: > #?? driver = smtp > #?? protocol = lmtp > #?? delivery_date_add > #?? envelope_to_add > #?? return_path_add > #?? hosts = localhost > #?? allow_localhost > > lmtp_socket: > ? driver = lmtp > ? socket = /var/lib/imap/socket/lmtp > ? delivery_date_add > ? envelope_to_add > ? return_path_add > > > # ls -la /var/lib/imap/socket/lmtp > srwxrwxrwx. 1 root root 0 Mar 16 12:58 /var/lib/imap/socket/lmtp > > > I have this working on the old server (which doesn?t run Centos) and am > trying to migrate it to the new one (which runs Centos 7.4).? The > version of cyrus and sasl are the same on both machines.So cyrus-imapd and cyrus-sasl are not the ones shipped by CentOS?> What?s the problem with Centos that these things don?t just work as they > usually do?It works on CentOS, I can assure you that. Alexander
Am 16.03.2018 um 13:07 schrieb hw:> [...] > ? # lmtp??????????????? cmd="lmtpd -a" listen="lmtp:127.0.0.1" prefork=4 > ? lmtpunix????? cmd="lmtpd -a" listen="/var/lib/imap/socket/lmtp" > prefork=4 > [...]Both definitions are wrong: 1) the lmtp line man cyrus.conf listen=<no default> The UNIX or internet socket to listen on. This string field is required and takes one of the following forms: path [ host : ] port So listen="lmtp:127.0.0.1" is utterly nonsense. It would be listen="127.0.0.1:lmtp" if you want to restrict access to localhost. 2) the lmtpunix line man lmtpd -a Preauthorize connections initiated on an internet socket, instead of requiring LMTP AUTH. This should only be used for connections coming from trusted hosts. So no pre-auth on the unix socket. And why do you define a prefork of 4? Alexander
On 03/16/2018 08:14 PM, Alexander Dalloz wrote:> Am 16.03.2018 um 13:07 schrieb hw: >> >> Hi, >> >> what are the following messages supposed to tell me and does this >> indicate a problem? >> >> >> # systemctl status cyrus-imapd >> [...] >> master[3766]: unable to setsocketopt(IP_TOS): Operation not supported >> master[3766]: unable to setsocketopt(IP_TOS): Operation not supported >> [...] > > That's cyrus-imapd itself failing and has nothing to do with Exim.Well, it probably means that a socket option can not be set. That can mean that the socket can not be used at all or that the socket can be used just not as well. That socket option makes it so that the TOS bit on all packets is being set. I don?t see how that would be required here, so maybe the socket works nonetheless.>> Exim says it can not connect to the lmtp socket even when selinux >> doesn?t get in the way.? The configuration looks like this: >> >> >> cyrus.conf (none of the two options work): >> >> [...] >> ?? # lmtp??????????????? cmd="lmtpd -a" listen="lmtp:127.0.0.1" prefork=4 >> ?? lmtpunix????? cmd="lmtpd -a" listen="/var/lib/imap/socket/lmtp" >> prefork=4 >> [...] > > Providing just a snipped from the complete configuration of cyrus-imapd > is insufficient.It?s currently this: # standard standalone server implementation START { # do not delete this entry! recover cmd="ctl_cyrusdb -r" # this is only necessary if using idled for IMAP IDLE idled cmd="idled" } # UNIX sockets start with a slash and are put into /var/lib/imap/sockets SERVICES { # add or remove based on preferences # imap cmd="imapd" listen="127.0.0.1:imap" prefork=2 imaps cmd="imapd -s" listen="imaps" prefork=1 # pop3 cmd="pop3d" listen="pop3" prefork=3 # pop3s cmd="pop3d -s" listen="pop3s" prefork=1 sieve cmd="timsieved" listen="gupta:sieve" prefork=0 # managesieve cmd="timsieved" listen="gupta:sieve" prefork=0 # sieve cmd="timsieved" listen="4190" prefork=1 # these are only necessary if receiving/exporting usenet via NNTP # nntp cmd="nntpd" listen="nntp" prefork=3 # nntps cmd="nntpd -s" listen="nntps" prefork=1 # at least one LMTP is required for delivery lmtp cmd="lmtpd -a" listen="lmtp" prefork=1 # lmtpunix cmd="lmtpd -a" listen="/var/lib/imap/socket/lmtp" prefork=1 # this is only necessary if using notifications notify cmd="notifyd" listen="/var/lib/imap/socket/notify" proto="udp" prefork=1 } EVENTS { # this is required checkpoint cmd="ctl_cyrusdb -c" period=30 # this is only necessary if using duplicate delivery suppression, # Sieve or NNTP delprune cmd="cyr_expire -E 3" at=0400 # this is only necessary if caching TLS sessions tlsprune cmd="tls_prune" at=0400 } Apparently exim can not use the lmtp socket because of a permissions problem. Not using the socket works except that timsieved appears not to be able to find any authentication mechanics. I can connect to it but not authenticate: # sivtest -u hw -v gupta S: "IMPLEMENTATION" "Cyrus timsieved v2.4.17-Fedora-RPM-2.4.17-13.el7" S: "SIEVE" "comparator-i;ascii-numeric fileinto reject vacation imapflags notify envelope relational regex subaddress copy" S: "STARTTLS" S: "UNAUTHENTICATE" S: OK Authentication failed. generic failure Security strength factor: 0 logout OK "Logout Complete" Connection closed. I didn?t get to figure this out yet.> >> exim.conf: >> >> [...] >> begin transports >> >> >> >> # cyrus_ltcp: >> #?? driver = smtp >> #?? protocol = lmtp >> #?? delivery_date_add >> #?? envelope_to_add >> #?? return_path_add >> #?? hosts = localhost >> #?? allow_localhost >> >> lmtp_socket: >> ?? driver = lmtp >> ?? socket = /var/lib/imap/socket/lmtp >> ?? delivery_date_add >> ?? envelope_to_add >> ?? return_path_add >> >> >> # ls -la /var/lib/imap/socket/lmtp >> srwxrwxrwx. 1 root root 0 Mar 16 12:58 /var/lib/imap/socket/lmtp >> >> >> I have this working on the old server (which doesn?t run Centos) and >> am trying to migrate it to the new one (which runs Centos 7.4).? The >> version of cyrus and sasl are the same on both machines. > > So cyrus-imapd and cyrus-sasl are not the ones shipped by CentOS?They are from packages installed by yum and just happen to be the same versions as on the old server. I can?t tell if the same compiling options were used, though.>> What?s the problem with Centos that these things don?t just work as >> they usually do? > > It works on CentOS, I can assure you that.Hopefully so ...> Alexander > > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > https://lists.centos.org/mailman/listinfo/centos
On 03/16/2018 10:21 PM, Alexander Dalloz wrote:> Am 16.03.2018 um 13:07 schrieb hw: >> [...] >> ?? # lmtp??????????????? cmd="lmtpd -a" listen="lmtp:127.0.0.1" prefork=4 >> ?? lmtpunix????? cmd="lmtpd -a" listen="/var/lib/imap/socket/lmtp" >> prefork=4 >> [...] > > Both definitions are wrong: > > 1) the lmtp line > > man cyrus.conf > > listen=<no default> > The UNIX or internet socket to listen on. This string field is required > and takes one of the following forms: > > path > [ host : ] port > > So listen="lmtp:127.0.0.1" is utterly nonsense. It would be > listen="127.0.0.1:lmtp" if you want to restrict access to localhost.Right, that must have come from all the experimentation and gone unnoticed.> 2) the lmtpunix line > > man lmtpd > > -a > > ??? Preauthorize connections initiated on an internet socket, instead > of requiring LMTP AUTH. This should only be used for connections coming > from trusted hosts. > > So no pre-auth on the unix socket.I read it such that '-a' means I don?t need to worry about authorization. Do you mean to say it should only be used when the socket is not a file? If that is so, the manpage should say that, and it should say what the option does when the socket is a file. Maybe it?s ignored for files, maybe it breaks stuff. The manpage does not say that authorization is omitted when the socket is a file, so what does it actually say?> And why do you define a prefork of 4?Why not? The server has 4 cores, and I haven?t read any suggestions yet about how many processes should be preforked. I can imagine it might not make sense or not work at all when the socket is a file and that it might not make sense when the socket is not a file because there are no other hosts connecting. IIRC exim can spawn processes to do deliveries, so it might yet make sense despite no other hosts connect.> > Alexander > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > https://lists.centos.org/mailman/listinfo/centos