[gentoo-user] courier imap over nfs

[gentoo-user] courier imap over nfs

[Matt Harrison]

[-- Attachment #1: Type: text/plain, Size: 474 bytes --]

Just wondering if anyone has any experience with courier-imap serving mailboxes over
NFS. From googling around it seems courier should support remote homedirs but I can't
get it working.

My user authenticates according to the logs, but the client reports invalid
credentials. Remove the NFS home directory and it works again.

Any help would be appreciated, otherwise I'm going to have to install courier-imap on
solaris, and I really don't feel like that :P

Thanks

Matt

[-- Attachment #2: Type: application/pgp-signature, Size: 198 bytes --]

Re: [gentoo-user] courier imap over nfs

[kashani]

On 8/1/2010 8:06 AM, Matt Harrison wrote:
> Just wondering if anyone has any experience with courier-imap serving mailboxes over
> NFS. From googling around it seems courier should support remote homedirs but I can't
> get it working.
>
> My user authenticates according to the logs, but the client reports invalid
> credentials. Remove the NFS home directory and it works again.
>
> Any help would be appreciated, otherwise I'm going to have to install courier-imap on
> solaris, and I really don't feel like that :P
>

	I'd suspect UID/GID mismatches somewhere. Make sure the machine 
delivering the email, the home dirs, and the machine running 
courier-imap all see .maildir as the same user account. You may want to 
put Courier-imap into verbose or debug mode as well.
	I'd also look at your NFS config to see if you're doing any squashes 
into other UIDs. And just for the hell of it, never use mbox over NFS. 
The locking will kill you on a busy system.

kashani

Re: [gentoo-user] courier imap over nfs

[Stroller]

On 1 Aug 2010, at 16:06, Matt Harrison wrote:
> Any help would be appreciated, otherwise I'm going to have to  
> install courier-imap on
> solaris, and I really don't feel like that :P

Have you considered dovecot?

Stroller.

Re: [gentoo-user] courier imap over nfs

[Alex Schuster]

Matt Harrison writes:

> Just wondering if anyone has any experience with courier-imap serving
> mailboxes over NFS. From googling around it seems courier should
> support remote homedirs but I can't get it working.
> 
> My user authenticates according to the logs, but the client reports
> invalid credentials. Remove the NFS home directory and it works again.

Are your users in more than 16 groups? NFS only manages up to 16, which 
once gave me weird side effects.

	Wonko

Re: [gentoo-user] courier imap over nfs

[Matt Harrison]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
Hi, thanks for the replies guys

On 01/08/2010 18:17, kashani wrote:
> On 8/1/2010 8:06 AM, Matt Harrison wrote:
>> Just wondering if anyone has any experience with courier-imap
>> serving mailboxes over
>> NFS. From googling around it seems courier should support remote
>> homedirs but I can't
>> get it working.
>>
>> My user authenticates according to the logs, but the client reports
>> invalid
>> credentials. Remove the NFS home directory and it works again.
>>
>> Any help would be appreciated, otherwise I'm going to have to
>> install courier-imap on
>> solaris, and I really don't feel like that :P
>>
>
>     I'd suspect UID/GID mismatches somewhere. Make sure the machine
> delivering the email, the home dirs, and the machine running
> courier-imap all see .maildir as the same user account. You may want
> to put Courier-imap into verbose or debug mode as well.
>     I'd also look at your NFS config to see if you're doing any
> squashes into other UIDs. And just for the hell of it, never use
> mbox over NFS. The locking will kill you on a busy system.
>
> kashani
>
Ok, the machine that is serving the home directories never gets
accessed directly by the users, the UIDs/GIDs are set on creation at
the client end. The users have no problems at all using the home
directory via a shell on any client machine, so I believe permissions
are ok.

Also, I was a bit misleading when I spoke about mailboxes, we are
using Maildir. I just said mailboxes as a term to encompass the mail
folders serverd by imap for each account :)

I've tried to put courier-imap into debug mode (level 1) and I get
what appears to be a successful authentication from pam, but the mail
clients still don't like it:

authdaemond: received auth request, service=imap, authtype=login
authdaemond: authpam: trying this module
authdaemond: authpam: sysusername=matt, sysuserid=<null>,
sysgroupid=100, homedir=/home/matt, address=matt, fullname=,
maildir=<null>, quota=<null>, options=<null>
genesis authdaemond: pam_service=imap, pam_username=matt
genesis authdaemond: dopam successful
genesis authdaemond: Authenticated: sysusername=matt,
sysuserid=<null>, sysgroupid=100, homedir=/home/matt address=matt,
fullname=, maildir=<null>, quota=<null>, options=<null>

The only difference in the logs is that an NFS user ends with the
above snippet, whereas a normal user goes on to log the imap connection:

imapd-ssl: LOGIN, user=matt, ip=[xxx.xxx.xxx.xxx], port=[3276],
protocol=IMAP

On 01/08/2010 18:19, Stroller wrote:
> Have you considered dovecot?
>
> Stroller.
>
I haven't, no. Not for any reason other than I hit upon courier first
and I has always worked pretty well until now. Is there a large
advantage to using dovecot for imap over nfs? Or were you implying
that it would be easier to setup on solaris?

On 01/08/2010 19:10, Alex Schuster wrote:
> Are your users in more than 16 groups? NFS only manages up to 16, which
> once gave me weird side effects.
>
>     Wonko
No we're not using that many groups, and just to be sure I created a
test user in only one group and it still have me the problem :(

Grateful for the input guys, and for any more light you can shed on
this :)

thanks

Matt
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
 
iEYEARECAAYFAkxV/yAACgkQdG+qMRd5kKpSEACaAlXaCNCD8wizWJ2Nb0Rvtd+u
NTgAoLHObEBfdk3Mbvt7EkXcAG4jSu8W
=TeFA
-----END PGP SIGNATURE-----

Re: [gentoo-user] courier imap over nfs

[Stroller]

On 2 Aug 2010, at 00:11, Matt Harrison wrote:
> ...
> On 01/08/2010 18:19, Stroller wrote:
>> Have you considered Dovecot?
>>
>
> I haven't, no. Not for any reason other than I hit upon courier first
> and I has always worked pretty well until now. Is there a large
> advantage to using dovecot for imap over nfs? Or were you implying
> that it would be easier to setup on solaris?

It might be easier to set up Dovecot on Gentoo than Courier on Solaris.

I have been using courier for years, but when I needed to deploy at a  
site, authenticating via Samba, I used Dovecot. I think this was  
necessary because Dovecot supported PAM modules in a way that Courier  
did not.

At one point a problem I asked for help with on the Dovecot mailing- 
list proved to be a bug and was fixed by the developer within 36 hours  
of me experiencing it.

I have the impression that Dovecot is lightweight, fast and secure. It  
will be my first choice of IMAP server in the future, and I'll be  
replacing my Courier installation here with Dovecot just as soon as I  
get time.

Stroller.

Re: [gentoo-user] courier imap over nfs

[Matt Harrison]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 02/08/2010 08:17, Stroller wrote:
> 
> On 2 Aug 2010, at 00:11, Matt Harrison wrote:
>> ...
>> On 01/08/2010 18:19, Stroller wrote:
>>> Have you considered Dovecot?
>>>
>>
>> I haven't, no. Not for any reason other than I hit upon courier first
>> and I has always worked pretty well until now. Is there a large
>> advantage to using dovecot for imap over nfs? Or were you implying
>> that it would be easier to setup on solaris?
> 
> It might be easier to set up Dovecot on Gentoo than Courier on Solaris.
> 
> I have been using courier for years, but when I needed to deploy at a
> site, authenticating via Samba, I used Dovecot. I think this was
> necessary because Dovecot supported PAM modules in a way that Courier
> did not.
> 
> At one point a problem I asked for help with on the Dovecot mailing-list
> proved to be a bug and was fixed by the developer within 36 hours of me
> experiencing it.
> 
> I have the impression that Dovecot is lightweight, fast and secure. It
> will be my first choice of IMAP server in the future, and I'll be
> replacing my Courier installation here with Dovecot just as soon as I
> get time.
> 
> Stroller.
> 
> 

Well I've switched that server over to dovecot and so far everything is
working well :) There's a few deep nested folders that aren't
subscribable normally, but are after a manual tweak of the subscriptions
file but I'll work that out later.

Thanks for the input, dovecot does seem to be faster and more
lightweight which is perfect for this installation.

Thanks

Matt
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkxXA7sACgkQdG+qMRd5kKrH7gCgpu/t614mZ7zcK5+7B/jqiSNg
s4wAn3PUxEQ/DzyyeGCy7iXnUcNmMFxF
=buLS
-----END PGP SIGNATURE-----