[pkg-kolab] r211 - trunk/kolab-cyrus-imapd/debian
Steffen Joeris
white-guest at costa.debian.org
Tue Jan 24 12:55:26 UTC 2006
Author: white-guest
Date: 2006-01-24 12:55:25 +0000 (Tue, 24 Jan 2006)
New Revision: 211
Modified:
trunk/kolab-cyrus-imapd/debian/README.Debian
trunk/kolab-cyrus-imapd/debian/changelog
Log:
* wrote some notes
Modified: trunk/kolab-cyrus-imapd/debian/README.Debian
===================================================================
--- trunk/kolab-cyrus-imapd/debian/README.Debian 2006-01-24 12:26:21 UTC (rev 210)
+++ trunk/kolab-cyrus-imapd/debian/README.Debian 2006-01-24 12:55:25 UTC (rev 211)
@@ -1,330 +1,15 @@
-Cyrus IMAP for Debian
-$Id: README.Debian 5 2005-03-12 23:19:45Z sven $
----------------------
+Kolab-Cyrus IMAP for Debian
- "All systems administrators have their horror stories. For me, it was
- setting up a HP Color Bubblejet under Linux using ghostscript before
- linuxprinting.org was alive. Well that was a piece of cake compared
- to what I am about to describe in this document."
- -- "Hosting email for virtual domains using Postfix and Cyrus"
- Haim Dimermanas, 2001-08-01
+This is a special version of the cyrus package to run
+in a Kolab system. Please notice that this package is only
+for use with Kolab. If you need the cyrus for other purposes
+please use the cyrus22 package from the Debian Cyrus Maintainers.
+Our advice is to always install the kolabd package and then this one
+will be installed automatically, so there is normally no need to
+manually install this package.
- "I warned you to read all the documentation first, didn't I?"
- -- Henrique M. Holschuh, 2002-10-01
+At this point we want to thank the Cyrus Maintainers for their help.
+We will keep in contact with them about changes and coordinate our
+cyrus work with them.
-IMPORTANT: Cyrus is a closed-box email system. Your system will access your
-email through LMTP, IMAP and POP3 *only*. No direct file access to the email
-store is supposed to take place.
-
-For more information, please consult http://asg.web.cmu.edu/cyrus/imapd/ and
-http://asg.web.cmu.edu/twiki/bin/view/Cyrus/WebHome (Cyrus WiKi). There is
-also Cyrus-HOWTO (Cyrus-IMAP.txt) available as part of the LDP HOWTO
-collection. Upgrade hints are in UPGRADE.Debian. Outdated documentation will
-cause you much grief, so beware of that when hunting anywhere else than the
-Cyrus mailinglist for information.
-
-Information about updated packages for Debian stable (i.e. of updates that
-are not necessarily security updates) is available at
-http://people.debian.org/~hmh/
-
-WARNING: For one to get Cyrus IMAPd to work correctly, one must first get the
-SASL layer to work correctly. This is far from trivial, so if you don't manage
-at first, don't go around filling bugs against Cyrus IMAPd before you make damn
-sure it is not a SASL configuration error. Read the hint list later on this
-file as well. Start by reading README.Debian.simpleinstall.
-
-The Debian packaging of Cyrus has a few quirks which are important to know
-about:
-
-1. Renaming of some Cyrus IMAP utilities
-
- The quota, reconstruct, master and deliver utilities have been renamed to
- cyrquota, cyrreconstruct, cyrmaster and cyrdeliver, following the template
- set by upstream with "cyradm". This was done because both Cyrus Debian
- maintainers found the original names to be too generic and likely to cause
- namespace collisions later.
-
- Since documentation may refer to these utilities using their original
- name, you must be aware of this fact. Also, installsieve is deprecated
- and not included in the Debian package; use sieveshell instead.
-
-2. Relocation of many Cyrus IMAP files
-
- The default Cyrus install scatters files all over the place. The Debian
- package installs only a few files in /usr/bin (cyradm, sieveshell).
- IMAP/email administrator utilities are installed in /usr/sbin (such as
- cyrreconstruct). Programs that must be run by cyrmaster are installed in
- /usr/lib/cyrus (such as imapd and pop3d). Sockets go into
- /var/run/cyrus/socket, per FHS 2.2. Sieve files go in /var/spool/sieve, but
- an /etc/sieve compatibility symlink is also installed just in case.
-
- The imapd.conf and cyrus.conf configuration files are in /etc. The PAM
- policy files are in /etc/pam.d.
-
- Feel free to use dpkg-statoverride to change the permission of
- /var/run/cyrus/socket, the cyrus packages will not override your
- configuration if dpkg-statoverride is used. In fact, you will most probably
- have to do so for postfix to deliver to Cyrus, for example.
-
-3. Removal of netnews support
-
- Netnews support as it were is dead. Cyrus 2.2 has a brand new approach,
- and the stuff in Cyrus 2.2 is not functional, and thus removed from this
- package.
-
-4. Debian Cyrus IMAPd logs with facility MAIL instead of LOCAL6. Also, it
- prefixes *all* log output with "cyrus/" (e.g.: imapd logs appear as
- "cyrus/imapd[#####]" instead of "imapd[#####]"). This last change was
- accepted upstream for Cyrus 2.2.
-
-5. Cyrus Murder, the Cyrus IMAPd/POP3 aggregator is available.
-
- However, you will have to configure it yourself. No pre-packaged
- configuration of Murder is available at this time... The documentation is
- all there, and the Cyrus packages will happily preserve your Cyrus Murder
- configuration. You do not have to install the cyrus22-imapd or
- cyrus22-pop3d packages in hosts that only need the proxy daemons running,
- but do note that the /etc/pam.d/imap and /etc/pam.d/pop files are in those
- packages (and they are needed by the proxies), so you will have to create
- the files manually.
-
- One important note: MUPDATE doesn't support TLS, so you won't be able to
- use plaintext authentication methods. The easiest thing to do is to put
- an entry for your mupdate user in sasldb2 and use DIGEST-MD5.
-
-
-General notes and hints:
-------------------------
-
- o *** ALWAYS READ /usr/share/doc/cyrus22-common/NEWS.Debian *** after
- you upgrade the package.
-
- o QUOTAS ARE LIMITIED TO 2GB on some platforms.
- Be careful to not set quotas over that ammount if your platform doesn't
- support the C datatype "long long". Things will break in very bad ways.
- Yes, it is a big glitch, and no, there are no easy workarounds.
- see https://bugzilla.andrew.cmu.edu/show_bug.cgi?id=1212
-
- o Either turn off logging of the DEBUG level, or don't complain about cyrus
- verbosity on the logs. Don't ever ask in the mailing lists about messages
- logged in the DEBUG level before reading the source code.
-
- o Watch out for your /dev/random bitbucket! SASL may use it, and if it
- empties, it will hang the processes wrapped up by SASL. This means
- just about every Cyrus service (lmtp, imap, pop3, sieve)... Disable
- APOP in /etc/imapd.conf if you don't need it, as it is a serious draw
- on randomness resources.
-
- o One extremely important point to notice is that saslauthd works ONLY
- with plaintext. APOP, CRAM-MD5, OTP, DIGEST-MD5 and any other "auxprop"
- SASL mech will *not* work through saslauthd. This can and will cause
- serious issues in Cyrus murder environments.
-
- o When using ext3, Cyrus really wants data=journal. However, up to
- kernel 2.4.20 there are dangerous bugs in that option, so you're better
- off not using that. xfs is faster and better for Cyrus, anyway.
-
- o nscd users: nscd is highly incompatible with ldap, and somewhat buggy
- otherwise. If you use nscd and Cyrus segfaults on you, try restarting
- nscd, or disabling it.
-
- o "The Debian libldap2 and cyrus-imapd packages are both compiled using the
- SASL library. If you use cyrus-imapd together with libnss-ldap, or
- saslauthd together with libpam-ldap, the resulting double calls to SASL
- library functions can trigger a double-free bug which may cause the calling
- process to crash. To avoid such a crash, you must recompile the libldap2
- package --without-cyrus-sasl." -- http://bugs.debian.org/145766 [!@#$%!!!
- I didn't expect SASL 2.1 to still have this annoying problem]
-
- o The lmtp service (allocated in Debian Woody to port 2003, and non-existent
- on Debian Sarge) is non-standard. It has no port officially allocated
- anywhere; it is usually run bound to the localhost interface, unless one
- needs it for clustering and high-availability scenarios. If you need it
- elsewhere, by all means move it -- you only need to edit /etc/services, or
- change the port for the lmtp service in /etc/cyrus.conf.
-
- o The lmtp service will only allow Cyrus lmtp administrators to authenticate.
- Set them in /etc/imapd.conf.
-
- o Cyrus can now use two different namespaces (the standard one, where all
- subfolders are children of INBOX, and one where they are all in the same
- hierarchical level).
-
- See /usr/share/doc/cyrus22-common/html/altnamespace.html for details. If
- you deal with a large population of winboze users, this option can save
- you some headaches.
-
- o One can also chose between netnews-style notation for folders
- (INBOX.subfolder), where the "." character is reserved to separate folders;
- or UNIX-style notation (INBOX/subfolder), where dots are allowed in names,
- and the slash separate folders (the "^" character is reserved in this
- mode).
-
- See /usr/share/doc/cyrus22-common/html/altnamespace.html for details.
-
- o When using SASL, do keep in mind that cyrus runs under user cyrus, and not
- root. It cannot read shadow files (unless you add the user cyrus to group
- shadow), or perform any root-only operations directly. You need to use the
- saslauthd (or, if available, auxpropd) mechanism to authenticate against
- root-only data. And that also means user cyrus must be able to talk to the
- unix socket saslauthd uses (which is controlled by SASL, not Cyrus IMAPd).
-
- o Any of the SASL configure options can be inserted in imapd.conf, just
- prefix it with "sasl_" (e.g.: sasl_mech_list: PLAIN). The list of SASL
- options is in /usr/share/doc/libsasl2/options.html.
-
- o The services are tcp-wrapped. Their hosts.allow/hosts.deny id is the
- service name in /etc/cyrus.conf. See hosts_access(5).
-
- o The PAM service names for use with SASL (via saslauthd) are:
- "imap", "sieve", "lmtp", "pop", "mupdate".
-
- o You need to specify your admin users in /etc/imapd.conf before you can
- add mailboxes, or deliver through authenticated lmtp. Do NOT use root.
- We suggest user cyrus, which is already used by the system for all
- things Cyrus IMAPd... but it need not be an existing user. As long as
- SASL will authenticate against it, it will work.
-
- o Do NOT read your admin user's email via IMAP (see the FAQ for details).
-
- o Don't export your mail store over NFS or AFS (read the FAQ for more info).
- You have been warned. You really want a journaled (as in journaling for the
- metadata), local filesystem for the store. Failing that, you need
- something with very strict and correct lock semanthics, and full mmap
- support.
-
- o Ext2 is slow on very large directories (right now), and sync medatada
- writes enabled are a huge performance hit. If you need high IO throughput
- from Cyrus, you will need to use ext3, reiserfs, xfs or something like
- that. xfs is probably the best one.
-
- o You may want to enable/disable synchronous metadata writes to your mail
- store dirs (check /usr/share/doc/cyrus22-doc/html/install.html for more
- info, in package cyrus22-docs). The cyrus-makedirs script tries to do the
- right thing for ext2 and ext3 filesystems. Failure to correctly update the
- metadata in the right order can completely screw up your Cyrus store on a
- power-loss or another disk failure.
-
- o Try mounting the store and cyrus database filesystems with noatime for
- performance gains. Load-balance the store using multiple partitions on
- different physical devices for even better performance gains.
-
- o Cyrus IMAPd should be fed mail through LMTP. If at all possible, use
- the Unix socket for that -- it automatically authenticates as user
- postman and that will help wonders. cyrdeliver can also be used to
- inject mail, but it will simply open an LMTP socket to cyrus and
- deliver through that -- this is much slower than using LMTP directly.
- The UNIX socket is in /var/run/cyrus/socket/lmtp. Use dpkg-statoverride
- if you need to change the permissions of the socket directory.
-
- o You can use /usr/sbin/cyrus-makedirs to generate the needed directories
- for cyrus partitions. It is run automatically by the package postinst,
- and it knows to parse the /etc/imapd.conf file to verify if hash
- subdirectories are needed or not. It cannot detect what kind of hashing
- should be used yet. If you recompile the package with full hashing,
- change it.
-
- o Refer to cyrus-utils.sourceforge.net and the info-cyrus mailinglist
- for mailbox/imap to cyrus conversion scripts.
-
- o If you don't use pop3, or something else enabled by default in cyrus.conf,
- disable it. Otherwise, Cyrus master will log warnings that the service
- could not be started.
-
- o If you want to run something that is not in /usr/lib/cyrus/bin in
- cyrus.conf, just use the full path in cyrus.conf (e.g.:
- cmd="/usr/sbin/squatter").
-
- o Sieveshell is really lacking on auth capabilities, and timsieved is quite
- strict on what auth capabilities it offers. So, pay attention to
- sasl_minimum_layer, and see bug #151925 for more details
- (http://bugs.debian.org/151925). Also, make sure you have the correct set
- of SASL2 modules installed in in your system.
-
- o uw-mailutils has some nice utilities to migrate mail stores from/to imap
- servers. You might find it quite useful to migrate a site to Cyrus.
-
-Known bugs
-----------
-
- o Group lookups in LDAP (through nss-ldap) will not work well. See Debian
- bug #156671.
-
-
-SNMP logging
-------------
-
-cyrmaster is an agentx SNMP subagent, and it can interface to a agentx SNMP
-master. It will export data at OID .1.3.6.1.4.1.3.6.1 (cyrusMasterMIB).
-
-The ucd-snmp daemon (package snmpd) is NOT configured to work
-as agentx master agent by default -- you have to do that manually,
-by adding "master agentx" to the /etc/snmp/snmpd.conf file.
-
-cyrmaster will register with the snmp agentx master when it is started,
-so if the snmp master is restarted after cyrmaster, it will not forward
-the snmp requests to cyrmaster anymore. Check your system for any cron
-scripts that might be restarting the snmp process if that happens.
-
-See /usr/share/snmp/mib/CYRUS-MASTER-MIB.txt for more details.
-
-
-Backing up for rainy days
-------------------------
-
-Cyrus automatically checkpoints and backups some of its databases, using the
-ctl_cyrusdb(8) utility (EVENTS in /etc/cyrus.conf). It is supposed to be also
-capable of recovering automatically from these backups, and to attempt to do so
-at startup. However, ctl_cyrusdb -r is NOT FULLY IMPLEMENTED YET... you are on
-your own to recover from corrupt databases.
-
-This recovery can be done using the db3 utilities, and even by smart usage of
-cvt_cyrusdb(8) and ctl_mboxlist(8). The automatic backups are useful, too,
-even if they are not restored automatically.
-
-The database backups are stored at /var/lib/cyrus/db.backup*, you may want to
-copy the files there to backup media in a cronjob, or something like that. You
-can kill the TLS cache database, as long as Cyrus is stopped when you do it.
-Loss of the delivery database is not very bad, it just means some users might
-get duplicated messages.
-
-Cyrus does NOT backup the mail store automatically. To backup the mail store
-partitions, you must stop Cyrus and dump the entire partition to your backup
-media. The MH-like structure of the Cyrus store do make them suitable for
-incremental backups. Hot-backups of the store can be made, but you risk losing
-some non-critical metadata when the restore is done.
-
-You can backup all Cyrus non-text databases to a flat text file format using the
-cvt_cyrusdb utility (and recover back from the flat text file format), but you
-should stop Cyrus first.
-
-If you ever need to recover the mail store from backup, you should run
-cyrreconstruct(8) to rebuild the mailbox indexes.
-
-A daily maintenance cronjob uses ctl_mboxlist(8) to dump the mailboxes database
-to /var/backup. That backup copy can be used as a last-resort copy if the hot
-backups become corrupted somehow.
-
-
-Debian source package quirks
-----------------------------
-
-There aren't many. Patchset numbers as provided by the cvsps utility in its
-default configuration are used to denote patches taken from upstream CVS in the
-changelog. Less important patches from upstream CVS (such as documentation
-updates) are applied without adding a changelog entry.
-
-
-THANKS
-------
-
-Thanks go to the CMU crew for producing Cyrus IMAPd in the first place;
-Michael-John Turner <mj at debian.org> for maintaining the v1.5 branch and setting
-the groundstones for the v2.1 package; David Parker <david at neongoat.com> and
-David D. Kilzer <ddkilzer at theracingworld.com> for their huge help in getting
-the v2.1 packages out-of-the-door, and the upgrade from v1.5 guide; Fabian
-Fagerholm <fabbe at paniq.net> for stress testing the daemons, and useful
-feedback; and Gilles Bouthenot <gilles.bouthenot at fcomte.iufm.fr> for good
-feedback.
-
- -- Henrique de Moraes Holschuh <hmh at debian.org>
+-- Steffen Joeris <steffen.joeris at skolelinux.de> Tue, 24 Jan 2006 13:49:19 +0000
Modified: trunk/kolab-cyrus-imapd/debian/changelog
===================================================================
--- trunk/kolab-cyrus-imapd/debian/changelog 2006-01-24 12:26:21 UTC (rev 210)
+++ trunk/kolab-cyrus-imapd/debian/changelog 2006-01-24 12:55:25 UTC (rev 211)
@@ -1,130 +1,27 @@
kolab-cyrus-imapd (2.2.12-1) experimental; urgency=low
- * Build for kolab
+ * Build for kolab, based on packaging from cyrus22
+ special thanks to cyrus-maintainers
+
+ [ Steffen Joeris ]
- -- <steffen.joeris at skolelinux.de> Thu, 5 Jan 2006 12:11:51 +0000
+ * conflicts against cyrus22 package
+ * drop pam, because we use saslauthd and direclty ldap
+ * new build-depends mainly for ldap
+ * include patches from Kolab usptream
+ ( 100-kolab-imapd, 105-cyradm.sh, 110-Admin.pm, 120-kolab-Shell.pm,
+ 130-kolab-imapd-goodchars, 140-kolab-ldap, 150-kolab-auth_unix)
+ * remove -doc package, because we can use the cyrus22-doc package
+ * drop nntp because there is no need for it with kolab
+ * remove various README files, because they only belong to the
+ cyrus22 package
+ * wrote README.Debian
+ * add lintian override for source
+ * change various pathes to make kolab- packages
+ * change pathes in scripts to make it kolab compatible
-cyrus22-imapd (2.2.12-1) experimental; urgency=low
+ [ Noel Koethe ]
+
+ * change configuration in conffiles
- [ Benjamin Seidenberg ]
- * Revised to build against pristine upstream sources.
- [ Sven Mueller ]
- * Fixed a discrepancy between documentation and actual behaviour of the
- "dracinterval" imapd.conf option. Documentation always said the default
- would be 0, while the default was actually 5.
- [ Henrique de Moraes Holschuh ]
- * Change build-dependency from libsnmp4.2-dev (ucd snmp) to libsnmp9-dev |
- libsnmp5-dev (netsnmp), so that it works right in sid/etch and sarge
- * Upload to experimental
-
- -- Henrique de Moraes Holschuh <hmh at debian.org> Tue, 29 Nov 2005 02:10:21 -0200
-
-cyrus22-imapd (2.2.12-0.9) unstable; urgency=low
-
- [ Sven Mueller ]
- * Add patch to be compatible with BerkeleyDB 4.3
- * Add patch to fix TLS/SSL shutdown in timsieved
-
- -- Sven Mueller <debian at incase.de> Mon, 14 Nov 2005 14:56:20 +0100
-
-cyrus22-imapd (2.2.12-0.8) unstable; urgency=low
-
- [ Sven Mueller ]
- * Fix a problem in the init scripts new status check, found by Benjamin
- Seidenberg.
-
- -- Sven Mueller <debian at incase.de> Sun, 13 Nov 2005 20:14:05 +0100
-
-cyrus22-imapd (2.2.12-0.7) unstable; urgency=low
-
- [ Sven Mueller ]
- * Switch most deletions of autogenerated files to use debian/deletable.files
- * Switch all remaining patches to dpatch so that the .diff.gz should now be
- clean except for the files in debian/.
-
- -- Sven Mueller <debian at incase.de> Thu, 10 Nov 2005 16:06:09 +0100
-
-cyrus22-imapd (2.2.12-0.6) unstable; urgency=low
-
- [ Sven Mueller ]
- * Added kolab2 annotation patch as proposed by Christoper Sacca
- * Added a small patch to lower the minimum pop3 timeout to 1 minute.
- The default is still at 10 minutes. I also added some documentation to make
- it clear to admins that it is _not_ recommended to lower the value to less
- than 10 minutes (because that is what the standard says it should be at).
- I needed this change for use at my workplace though. The patch is disabled
- by default.
- * Patched init script to support everything LSB 3.0 asks for, including the
- "right" return codes, as far as we can.
- * Add patch to enhance sieveshell a bit:
- - Add --execfile parameter to read commands from a file
- - Add --password parameter to pass the users parameter on the commandline
- - Add code to return with a non-zero exit code if the last command
- executed failed for some reason.
-
- [ Ondřej Surý ]
- * Add 64bit quota dpatch.
- * Rerun autoconf and add result as dpatch.
-
- -- Sven Mueller <debian at incase.de> Fri, 23 Sep 2005 18:55:57 +0200
-
-cyrus22-imapd (2.2.12-0.5) unstable; urgency=low
-
- * Update upgrading information
- * Include masssievec in cyrus22-common
- * Applied patch from Raphaël 'SurcouF' Bordet <surcouf at debianfr.net> to add
- nntp support again.
- * Eliminate an unused variable from tools/masssievec to get rid of perl
- warning.
- * Update Recommends and Suggests for cyrus22-common as suggested by HMH
- * Move several patches from patching the source directly to patching through
- the use of dpatch
-
- -- Sven Mueller <debian at incase.de> Tue, 24 May 2005 23:13:18 +0200
-
-cyrus22-imapd (2.2.12-0.4) unstable; urgency=low
-
- * Fix usage message in deliver.c to reflect Debian naming of (cyr)deliver,
- (cyr)quota and (cyr)reconstruct
- * Document the defaultdomain setting a bit better (hopefully)
- * fix deletion of debian/cyrus-hardwired-config.txt during cleanup
- * build both arch-dependend and arch-independend parts when debian/rules is
- called for the build target
- * Add Sven Mueller to the list of uploaders
-
- -- Sven Mueller <debian at incase.de> Fri, 29 Apr 2005 00:14:04 +0200
-
-cyrus22-imapd (2.2.12-0.3) unstable; urgency=low
-
- * Add a README which contains the configure options used to
- compile the package. The README is auto-generated by debian/rules
- * cyrus22-clients needs to conflict with cyrus21-clients
- * cyrus22-common needs to conflict with cyrus21-common
- * Add a guess of what the problem might be to the set_cert_stuff failure
- message
- * Update a few Replaces:, Provides: and Conflicts: lines in debian/control
-
- -- Sven Mueller <debian at incase.de> Thu, 24 Mar 2005 12:26:27 +0100
-
-cyrus22-imapd (2.2.12-0.2) unstable; urgency=low
-
- * Fix some more perl executable paths
- * clean up debian directory a bit
- * install sievec with cyrus22-common
- * install mbexamine with cyrus22-common
- * install smmapd with cyrus22-common
- * install cyr_expire with cyrus22-common
- * install installsieve with cyrus22-admin
-
- -- Sven Mueller <debian at incase.de> Tue, 22 Mar 2005 14:48:33 +0100
-
-cyrus22-imapd (2.2.12-0.1) unstable; urgency=low
-
- * Initial revision of cyrus22-imapd package
- - debian packaging taken from cyrus21-imapd_2.1.18-1
- * Add/fix imapd.conf info regarding virtual domains
- * Add DRAC support (i.e. apply DRAC patch from /contrib)
- * Add syncldap2cyrus.pl script from #260833 (a cyrus21 bug)
-
- -- Sven Mueller <debian at incase.de> Fri, 18 Mar 2005 13:34:09 +0100
-
+ -- Steffen Joeris <steffen.joeris at skolelinux.de> Thu, 5 Jan 2006 12:11:51 +0000
More information about the pkg-kolab-devel
mailing list