IMAP errors

pedz

pedz

Registered
I see various messages about this topic but I do not see it resolved anywhere. I have found in the other messages that I need to run

reconstruct -r user/pedz

as cyrusimap (I have unixhierarchysep set -- I did not set it that I know of). I've tried that several times and it does no seem to help.

The Mail client interface, when these errors occurs stalls. It is very frustrating to use. I've also tried deleting various mail boxes from the client that are on the server and the problem never seems to go away. I've also tried "Synchronize" from the Mail client.

I am running 10.4.4 Server on a Quad G5.

Here are samples of the two errors (with some context):

Feb 1 10:21:41 EaseServer imap[343]: login: easeserver.easesoftware.net [64.192.143.210] pedz GSSAPI User logged in
Feb 1 10:21:41 EaseServer imap[343]: quota set to "unlimited" for mailbox user.pedz
Feb 1 10:22:46 EaseServer imap[343]: IOERROR: reading message: unexpected end of file
Feb 1 10:22:47 EaseServer imap[343]: accepted connection
Feb 1 10:22:47 EaseServer imap[343]: AOD: user opts: no-lookup for: pedz

and

Feb 1 10:05:11 EaseServer imap[557]: seen_db: user pedz opened /var/imap/user/p/pedz.seen
Feb 1 10:05:11 EaseServer imap[557]: open: user pedz opened Deleted Messages
Feb 1 10:05:11 EaseServer imap[557]: SQUAT failed to open index file
Feb 1 10:05:11 EaseServer imap[557]: SQUAT failed
Feb 1 10:05:25 EaseServer imap[557]: open: user pedz opened Deleted Messages
Feb 1 10:05:46 EaseServer imap[557]: open: user pedz opened Sent Messages
 
I have tracked down my problems to a call to sasl_decode in prot_fill (in imapd).

To recap: I am getting IOERROR: unexpected end of file in my imapd log file. The client interface is also slow and sometimes crashes.

It turns out that if the client has Kerberos GSSAI authentication and the client tries to do an "APPEND" command (which is what the imap protocol uses to add a message to an existing mailbox), the APPEND frequently fails (but not always). The rest of my Kerberos stuff appears to be fine.

The APPEND is sent across to the server. The client can be set up to do LITERAL+ or not. The client sends all of the message in either case. The server reads all of the packets. Usually the first packets go through the sasl_decode and result in valid text. But after the first block (4096) or so of data, the remaining data is lost and sasl_decode reports back that there is only two valid characters. No errors are reported back (that I am aware of).

I ended my quest at this point last night and I probably will not pick it up again. For now, I can work around the problem by switching to plain authentication and just set up a VPN before using mail.

I hope this helps whoever follows in my footsteps...

Perry
 
You don't necessarily need Kerberos to get your mail in a secure method. Start with SSL, as that will begin protecting your passwords against most commonly seen sniffing techniques.

What have you done to check into your Kerberos installation?

Michael
 
pedz said:
I see various messages about this topic but I do not see it resolved anywhere. I have found in the other messages that I need to run

reconstruct -r user/pedz
Click to expand...

SERVER ADMIN has the option reconstruct build in under maintenance.

Maybe run a complete reconstruct for all mailboxes.

I use the following script to do that, but be carefull with it.

su
mv /var/imap /var/imap.old
mkdir /var/imap
/usr/bin/cyrus/tools/mkimap
chown -R cyrusimap:mail /var/imap
chown -R cyrusimap:mail /var/spool/imap
sudo -u cyrusimap /usr/bin/cyrus/bin/reconstruct -i
sudo -u cyrusimap /usr/bin/cyrus/bin/cyrus-quota -f

Good luck
 
Go3iverson said:
You don't necessarily need Kerberos to get your mail in a secure method. Start with SSL, as that will begin protecting your passwords against most commonly seen sniffing techniques.

What have you done to check into your Kerberos installation?

Michael
Click to expand...

Hi Michael,

I have not done much on this since my last post a week ago. I don't really know what to do to track down my Kerberos install. It just seems odd that everything else is working, just one particular action in one particular application.

For now, when I'm local, I just don't do things in a secure way. I'm a one man shop so, I don't need the security. The password traffic should never leave my LAN (I'm assuming).

When I take my laptop on the road, I plan to set up a VPN and just get my security that way. I want to set up the SSL layer at some point but I'm waiting for the Mac OS X book you suggested in another thread. I bought the version of the book for Tiger which is not published yet. I'm also feeling "behind" on my other projects so I'm trying to limit the time I spend working on my server.

I never hit the button in Server Admin=> Open Directory that says "Add Kerberos Record ...". The manual says to go through the steps then go back to Overview and if Kerberos is running, you are done.

How would I go about checking my Kerberos install?
 
You must log in or register to reply here.
Back
Top