A message from a retired president to Germany and the world …

This morning my day started with a message of a former president of Germany, Joachim Gauck. As Christmas is coming in a time of war and terror I want to share his words with my readers:

“Wir sehen zu deutlich die Absicht Putins, eine ganze Bevölkerung unterschiedslos zu terrorisieren, sie erfrieren zu lassen, sie um ihre Rechte, sogar um ihr Lebensrecht zu bringen. Auch angesichts des imperialen Wahns, von dem dieser Mann offenkundig besessen ist, ist leider Schlimmes zu erwarten.”


Ihm werde es in diesem Jahr nicht gelingen, Weihnachten so zu feiern wie in früheren Jahren, sagte Gauck.

“Aber wir dürfen uns andererseits nicht von einem kaltblütigen Kriegsverbrecher unsere Lebensart ruinieren lassen.”

Quoted according to a publication of the newspaper “Die Zeit” (Link. This was a contribution to the Zeit-blog on the war in Ukraine.

Clear words – especially about the Putler. Nothing to add …

I wish all the people in Ukraine at least some peaceful hours during the next days. Our thoughts are with you – and I hope you will get in 2023 all the equipment you need to defend your and our freedom in a democratic Europe.


Problems with upgrading Cyrus based IMAP servers to Opensuse Leap 15.3

I use 2 Mail servers whose IMAP components are based on Cyrus. The mail servers are major parts of KVM/Qemu based VMs. The OS of these VMs over more than a decade was some edition of Opensuse Linux (after SLES got too expensive for a Freelancer). Authorization to access the IMAP-servers is granted by a separate LDAP server via an SASL interface. All clients access the mail servers via a TLS connection. The communication to the LDAP system uses TLS, too. TLS connections are handled by SSSD which in turn uses PAM.

The configuration of all involved clients and servers is a bit tricky – and all components have special settings to interact smoothly. So I was always happy when upgrade processes of the servers respected my settings and things went smoothly. This was not always the case, but at least the main components survived the upgrade processes. But NOT this time.

The Leap 15.3 repositories do not contain Cyrus packages any longer! And I became aware of this when it was too late. Also the SLES update repositories available after the upgrade did not contain any Cyrus packages. After the upgrade the IMAP components of my mail servers were annihilated. Not funny at all!

Fortunately, I had backuped my VMs – and could restore them to bridge the time when I had to solve the problem. Afterward I spent some hours to try to reconstruct a running Cyrus configuration on the upgraded Leap 15.3 version of the mail server VM.

I got a suitable version of a Cyrus package which works with Leap 15.3 versions from the following repository :
download.opensuse.org / repositories / server: / mail / 15.3/.

However, while the installation after some changes of the configuration file worked well locally, I could not get access to it from external clients. In Kmail I got the message that the server did not support any security mechanisms. But STARTTLS should have worked! I checked the SSSD configuration, checked the imapd.config, nsswitch, ldap.config and certificate references. All OK.

I found the solution after having read some of my own old blog posts. The Leap upgrade had brutally deleted my carefully crafted PAM files “imap” and “smtp” in “/etc/pam.d/”. This has happened before. See:

Mail-server-upgrade to Opensuse Leap 15 – and some hours with authentication trouble …

So: Keep backpus of your PAM configuration if you have some complicated TLS-interactions between your Opensuse machines!

And start acquiring knowledge on Dovecot and the migration from Cyrus to Dovecot. Who knows when Cyrus disappears from all SuSE Repositories. And be prepared for problems with Cyrus and Leap 15.4, too.

I find it also frustrating that “https://doc.opensuse.org/release-notes/x86_64/openSUSE/Leap/15.3/” does not explicitly state that the package “cyrus_imapd” was removed. The information refers to changes in “cyrus-sasl” – but this is a different package. Which ironically still exists (though modified) …

But I am too old to explode just because of the lack of important information …