Cyrus was designed to use a local filesystem with Unix semantics and a working mmap()/write() combination. AFS doesn't provide these semantics so won't work correctly.
A: If you're using Berkeley DB 3.0.55, try installing some patches to Berkeley DB available from http://www.sleepycat.com/update/3.0.55/patch.3.0.55.html.
A: Make sure /etc/sasldb2 is readable by the Cyrus user.
A: Make sure that the saslauthd daemon is running (you'll want to start it when the system boots). imapd is unable to connect to saslauthd if the following message appears in the logs:
Dec 6 12:58:57 mail3.andrew.cmu.edu imapd[1297]: cannot connect to saslauthd server
Make sure that saslauthd is running and that the cyrus user can access the unix domain socket (defaults to /var/run/saslauthd/mux in Debian).
A: These messages look like
Jan 14 13:46:24 grant ctl_deliver[9060]: duplicate_prune: opening /var/imap/deliverdb/deliver-x.db: No such file or directory Jan 14 13:46:24 grant ctl_deliver[9060]: duplicate_prune: opening /var/imap/deliverdb/deliver-y.db: No such file or directory Jan 14 13:46:24 grant ctl_deliver[9060]: duplicate_prune: opening /var/imap/deliverdb/deliver-z.db: No such file or directory
These messages are normal; one file is maintained for each user beginning with "x", "y", "z", etc. If you're first starting or you have no users beginning with these letters, these messages are completely normal and can be ignored.
A: Remove all imap, pop, lmtp and sieve lines from [x]inetd.conf and restart [x]inetd.
A: Specify the different certs using the appropriate options in imapd.conf. Read imapd.conf(5) for details.
A: Disable TLS for the kpop service. Either set tls_pop3_cert_file to disabled in imapd.conf (which will also disable SSL/TLS for pop3), or use a separate config file for kpop. For example, change the kpop service in cyrus.conf to something like:
kpop cmd="pop3d -k -C /etc/kpopd.conf" listen="kpop"
then copy /etc/imapd.conf to /etc/kpopd.conf and remove the tls_* options.
A: First, complain to QUALCOMM because their STARTTLS implementation is broken. Eudora doesn't support TLSv1 (per RFC2246) and Cyrus requires it. If you really need this before it is fixed in Eudora, remove or comment out the following lines in tls.c:
if (tlsonly) { off |= SSL_OP_NO_SSLv2; off |= SSL_OP_NO_SSLv3; }
Sep 11 17:23:55 ogg lmtpd[773]: DBERROR db3: 16 lockers Sep 11 17:23:55 ogg lmtpd[1409]: DBERROR db3: 17 lockers Sep 11 17:23:56 ogg lmtpd[1508]: DBERROR db3: 9 lockers Sep 11 17:23:56 ogg lmtpd[776]: DBERROR db3: 9 lockersWhat's wrong?
A: Nothing is wrong. These messages are logged whenever Berkeley db encounters lock contention, but isn't necessarily a problem by themselves. This is especially likely when you have an empty or small duplicate delivery database and are receiving a large volume of e-mail.
Berkeley db 4.0 has a bug where the number of lockers isn't decremented properly, causing this number to be unreliable.