On Thu, Jan 21, 2010 at 11:36:02AM +0100, Eric Luyten wrote:
> On Thu, January 21, 2010 11:27 am, Michael Menge wrote:
> >
> > Hi,
> >
> > Quoting Scott Lambert <lambert@xxxxxxxxxxxxxx>:
> >
> >> The only thing I've been able to figure is that I will need to at least
> >> have multiple imapd-domainX.conf files and have multiple pop3(s)/imap(s)
> >> lines in cyrus.conf for each domain so that the secure certs can match the
> >> hostname configured in the user's existing mail program.
> >>
> >> Is there a more elegant method than something like the below plan?
> >>
> >>
> >> SERVICES {
> >> # add or remove based on preferences
> >> imap cmd="imapd -C imapd-domain1.conf" listen="mail.domain1.com:imap"
> >> imaps cmd="imapd -s -C imapd-domain1.conf"
> >> listen="mail.domain1.com:imaps"
> >> pop3 cmd="pop3d -C imapd-domain1.conf" listen="mail.domain1.com:pop3"
> >> pop3s cmd="pop3d -s -C imapd-domain1.conf"
> >> listen="mail.domain1.com:pop3s"
> >> imap cmd="imapd -C imapd-domain2.conf" listen="mail.domain2.com:imap"
> >> imaps cmd="imapd -s -C imapd-domain2.conf"
> >> listen="mail.domain2.com:imaps"
> >> pop3 cmd="pop3d -C imapd-domain2.conf" listen="mail.domain2.com:pop3"
> >> pop3s cmd="pop3d -s -C imapd-domain2.conf"
> >> listen="mail.domain2.com:pop3s"
> >> ...
> >> imap cmd="imapd -C imapd-domainN.conf" listen="mail.domainN.com:imap"
> >> imaps cmd="imapd -s -C imapd-domainN.conf"
> >> listen="mail.domainN.com:imaps"
> >> pop3 cmd="pop3d -C imapd-domainN.conf" listen="mail.domainN.com:pop3"
> >> pop3s cmd="pop3d -s -C imapd-domainN.conf"
> >> listen="mail.domainN.com:pop3s"
> >> sieve cmd="timsieved" listen="sieve" prefork=0
> >>
> >> lmtpunix cmd="lmtpd" listen="/var/imap/socket/lmtp" prefork=0 }
> >>
> >
> > You have to use different service name. Each service name may only
> > apeare once.
That seems obvious, now that you have pointed it out. ;-) Perhaps my
reading comprehension needs work, but I don't see the requirement
of uniqueness of the "name" parameter spelled out in cyrus.conf(5).
Perhaps I should build a documentation patch to help other people as dense as
me assuming such people exist. :-)
> Correct (I overlooked that, but it would have become pretty obvious when
> starting Cyrus :-)
Actually, no errors were shown... But I did have a problem I couldn't
figure out.
I initially had prefork=5 for the non-SSL wrapped entries. After a
couple of minutes I had many sockets in FIN_WAIT_1 and FIN_WAIT_2 and
CLOSED and CLOSED_WAIT status. After about 10 minutes, none of the
services were responding quickly enough for Nagios.
After I took out the prefork entries, the services on domain1 behaved
nicely. The services on [127.0.0.1]:(110|143) and domain2:* took 20
to 60 seconds to display the banner. The delay was highly variable.
I couldn't find any errors in imap.log. But it's run several hours
without angering Nagios for domain1.
> As an aside, this will enable you to attribute log lines to the correct
> service, since Cyrus syslogs to one and the same facility.
Ah, very nice. I was looking for any indications such as that in the
logs this morning.
--
Scott Lambert KC5MLE Unix SysAdmin
lambert@xxxxxxxxxxxxxx
----
Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
