On 11/30/18 3:30 PM, Eric Luyten wrote: > > On 30/11/2018 15:16, Patrick Boutilier wrote: >> On 11/30/18 10:00 AM, Charles Bradshaw via Info-cyrus wrote: >>> Javier >>> >>> On 30/11/2018 11:49, Javier Angulo wrote: >>>> On 11/29/18 8:00 PM, Charles Bradshaw via Info-cyrus wrote: >>>>> Now you tell me is cyrus syslog being sent to /var/log/maillog? Or >>>>> should it be going to /var/imapd.log as the configuration files, man >>>>> pages and cyrus installation guides ( found here: >>>>> https://www.cyrusimap.org/imap/installing.html ) say it should? >>>> I believe there is no "syslog_facility:" option in cyrus 2.4 (at >>>> least I >>>> was unable to find it). You can configure it in cyrus3 and maybe in >>>> cyrus 2.5. >>> I removed syslog_facility from imapd.conf >>>> So in /etc/imapd.conf I would remove the syslog_facility line and set: >>>> syslog_prefix: cyrus >>> Has no effect: present or not, or changed to test. >>>> And in /etc/rsyslog.conf: >>>> mail.* -/var/log/maillog >>> Has always been in my rsyslog.conf >>>> >>>> Restart rsyslog and check logs for cyrus/something ... >>> >>> # /etc/init.d/rsyslog restart >>> >>> # service sendmail restart >>> >>> Now when I connect (from another host) using Thunderbird Mail I see in >>> /etc/maillog: >>> >>> Nov 30 13:01:02 dell2600-1 sendmail[9865]: NOQUEUE: stopping daemon, >>> reason=signal >>> Nov 30 13:01:02 dell2600-1 sendmail[9950]: starting daemon (8.14.4): >>> SMTP+queueing@01:00:00 >>> Nov 30 13:01:02 dell2600-1 sendmail[9950]: STARTTLS: CRLFile missing >>> Nov 30 13:01:03 dell2600-1 sendmail[9950]: STARTTLS=server, >>> Diffie-Hellman init, key=1024 bit (1) >>> Nov 30 13:01:03 dell2600-1 sendmail[9950]: STARTTLS=server, init=1 >>> Nov 30 13:01:03 dell2600-1 sendmail[9950]: started as: >>> /usr/sbin/sendmail -bd -q1h >>> Nov 30 13:01:03 dell2600-1 sm-msp-queue[9960]: starting daemon (8.14.4): >>> queueing@01:00:00 >>> Nov 30 13:01:26 dell2600-1 cyrus/imaps[8645]: USAGE >>> brad@xxxxxxxxxxxxxxxxxxxxx user: 0.141978 sys: 0.087986 >>> Nov 30 13:05:59 dell2600-1 cyrus/imaps[8743]: starttls: TLSv1.2 with >>> cipher AES128-SHA (128/128 bits new) no authentication >>> Nov 30 13:05:59 dell2600-1 cyrus/imaps[8743]: login: [192.168.0.6] >>> brad@xxxxxxxxxxxxxxxxxxxxx CRAM-MD5+TLS User logged in >>> SESSIONID=<cyrus-8743-1543583158-1> >>> Nov 30 13:05:59 dell2600-1 cyrus/imaps[8743]: client id: "name" >>> "Thunderbird" "version" "60.2.1" >>> >>> Hum.. cyrus/imaps sends logging to /etc/maillog >>> >>> I think it is absolutely clear: >>> >>> 1 - where cyrus syslog goes to is a red herring. It goes to, and has >>> always gone to /var/maillog. It is simply that the prefix 'cyrus' only >>> appears for cyrus imap transactions and other sendmail is labeled >>> 'sendmail' >>> >>> 2 - imapd is working fine: allows brad.bradcan.homelinux.com to connect >>> an email client. Also to move email from one mailbox to another. The >>> proof is that since enabling telemetry logging >>> /var/lib/imap/log/brad@xxxxxxxxxxxxxxxxxxxxx/ reflects imap >>> transactions. >>> >>> 3 - A problem remains with LMTP. as is clearly evident from 'User >>> unknown' appearing in maillog. >>> >>> My original question remains: How do I diagnose this when a test email >>> is sent to brad@xxxxxxxxxxxxxxxxxxxxx : >>> >>> Nov 30 12:59:48 dell2600-1 sendmail[9882]: wAUCxmBS009882: >>> to=brad@xxxxxxxxxxxxxxxxxxxxx, delay=00:00:00, xdelay=00:00:00, >>> mailer=cyrusv2, pri=32701, relay=localhost [[UNIX: >>> /var/lib/imap/socket/lmtp]], dsn=5.1.1, stat=User unknown >> >> >> I think why people are concentrating on the logging is that there >> should be lmtp entries in your logs to indicate what the issue is. Are >> there any lmtp entries in either /etc/maillog or /var/log/maillog ? >> >> >> Another option is to limit lmtpd to one process and strace it. >> >> > > On our site we are not using Sendmail nor its cyrusv2 mailer but Postfix > and an lmtp channel to the Cyrus service on a different server. > > This lmtp connection requires authentication using a specific "system" > account, not the end user credentials. > > > Mr Bradshaw, did someone at your site nuke that account or its password, > not knowing what it was used for ? > > > >From what sendmail show in the logs (550 5.1.1 User unknown) I would try this: In /etc/cyrus.conf, uncomment # lmtp cmd="lmtpd" listen="lmtp" prefork=0 Restart cyrus and telnet lmtp: telnet $myip 24 LHLO foo.bar MAIL FROM:<foo@bar> RCPT TO:<brad@xxxxxxxxxxxxxxxxxxxxx> if lmtp does not find the user it will answer something like 550-Mailbox unknown. Either there is no mailbox associated with this 550-name or you do not have authorization to see it. 550 5.1.1 User unknown Cheers ---- Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
