/usr/portage/profiles/package.mask currently has the following lines: # Cyrus-imapd beta. Version 2.2.2_beta is planned to be the last release # before going final/stable. >=net-mail/cyrus-imapd-2.2 >=net-mail/cyrus-imap-admin-2.2 >=dev-libs/cyrus-imap-dev-2.2 The comment is out of date (it's dated Oct 2003, incidentally), and these hard masks should be removed, IMHO. cyrus-imapd 2.2.3 has been released, and there is an ebuild for it. Note that it is still masked by keywords, which is fine. I just want to be able to put "=net-mail/cyrus-imapd-2.2.3 ~x86" and have 'emerge -u world' stop complaining. :) Reproducible: Always Steps to Reproduce:
Yes, I've gone ahead and put them in /etc/portage/package.unmask, but still. ;)
I'm waiting for 2.2.4 to be out to move these into testing ~arch phase. 2.2.4 is slated to be released RSN. In the mean time, please post your success stories. :-)
ic...well, success! I've been using cyrus-imapd-2.2.3 (along with cyrus-imap-admin-2.2.3, of course) on a production server for about a month without a hiccup (cyrus-imapd USE flags are "ssl tcpd"). Even using it with cyrus-sasl-2.1.18 using the built-in mysql auxprop driver, which is also as yet marked as ~x86. USE flags for cyrus-sasl are "mysql ssl urandom" ('urandom' is my own tweak to get the ebuild to add "--with-devrandom=/dev/urandom" to the configure options - see bug #46038). All seems to work absolutely perfectly in my setup.
Thanks for the report. Just out of curiousity: which db version? how many users? what kind of hardware? (if it's not confidential information, of course). For sasl, do you allow cram-md5/digest-md5? do you store passwords securely in mysql? Here's a bit on my success story in the making (it'd be nice to get more reports here to push this thing out to stable soon): I'm switching my users to 2.2.3 (or 2.2.4 if that's out in time). I've got about 1200 users and they'll live on a dual xeon 2.8ghz dell poweredge. I've got sasl/mysql going with encrypted passwords (using mysql's encode() function). Along with this, postfix, and imsp are both using the same sasl database all doing cram-md5. On a separate (almost identical hardware) server I've set up Horde-cvs (my own ebuilds) for the "user portal" which includes webmail, addressbook, filtering, spam prefereces (for amavisd-new), file manager, calendar, password changer, tasks and notes. The whole system is going production next month, but from my own tests, cyrus-imapd has been rock solid with quotas, acls, ssl/tls and even top-level mailbox renames.
My setup is much more modest. I used to run an ISP with about 20,000 mail users, but I don't do that anymore. The production server I'm referring to is for a consulting client, and is my first mail server using Gentoo, postfix, OR cyrus-imapd, much less all of them (used to be a RedHat/sendmail guy, but I don't do that anymore either, since getting hooked on Gentoo ;D ). It only supports about ten users initially, and will never have ISP-like numbers. The DB version is mysql-4.0.18, and the hardware is a P4 2.53GHz with 512M RAM. It does support CRAM-MD5 and DIGEST-MD5 authentication for IMAP and SMTP (unfortunately, I have to allow LOGIN, too, because client likes braindead M$ mail clients). Passwords are stored clear in the database, as this is required for the hash-based authentication mechanisms - or at least I haven't figured out a clean way around that. The database is on the same server, and all database access is through UNIX sockets, so those clear passwords don't traverse the network. All authentication and routing control is done through the database for several different services (FTP, protected HTTP, email - not shell access because it is a closed server, so there's no need). Postfix is configured to trust *no* SMTP hosts, so SASL authentication is required for *all* outbound mail (i.e. *anything* outbound is considered a relay). It enforces SSL encryption for the IMAP sessions, and for authenticated SMTP sessions as well (so email between local users never hits the network in the clear - no way around it for external email, of course). I have not yet integrated antivirus and antispam, but I'll install amavisd-new and SpamAssassin in the next few days. Incidentally, today I'm migrating my personal domains to a similar server (PIII, 512M) of my own - in fact, I'm really just waiting for DNS changes to propogate.
I meant which sleepycat db version for imapd. Btw, see my notes on bug #45181 for a howto on setting up encoded passwords in the database.
OIC...I'm using the defaults on database types. My installed version is sys-libs/db-4.1.25_p1-r3. For tls_sessions.db and deliver.db, 'file' reports "Berkeley DB (Btree, version 9, native byte-order)". Everything else is skiplist. I hope I caught the answer to your question in there somewhere. ;) I thought about using encode/decode in the database, but such easy decoding seemed to not add too much security, but I suppose that every additional layer helps. I believe I'll go ahead and set that up. Thanks for the pointers!
As cyrus-imapd-2.2.8 is now in portage, this hard masking is becoming more and more pointless. The cyrus 2.2 series is now considered stable by the developers for several months. Having it keyworded ~arch should be sufficient and would still allow people to test it, so it can eventually be moved into stable.
cyrus-imap*-2.2.8 in portage and removved from package.mask. Closing. Thanks.