Cyrus tweaks (slow on roundcube)

Paul Bronson signaldeveloper at gmail.com
Thu Sep 10 20:14:30 EDT 2015 

Guys,

I ran cat /dev/urandom | rngtest -c 1000

and got:

rngtest: starting FIPS tests...
rngtest: bits received from input: 20000032
rngtest: FIPS 140-2 successes: 998
rngtest: FIPS 140-2 failures: 2
rngtest: FIPS 140-2(2001-10-10) Monobit: 0
rngtest: FIPS 140-2(2001-10-10) Poker: 0
rngtest: FIPS 140-2(2001-10-10) Runs: 1
rngtest: FIPS 140-2(2001-10-10) Long run: 1
rngtest: FIPS 140-2(2001-10-10) Continuous run: 0
rngtest: input channel speed: (min=22.980; avg=501.129;
max=19073.486)Mibits/s
rngtest: FIPS tests speed: (min=98.317; avg=121.603; max=131.541)Mibits/s
rngtest: Program run time: 198018 microseconds


Does this look bad to you considering all of my slow SASL auths? (no
haveged is on at this point.. available entropy is between 131 - 160...
pool size is default 4096.

I also tried installing haveged, which worked fine, but as soon as I
started the service it said something like process dead, sub sys locked...
? Sorry, entropy is fairly new to me.



On Thu, Sep 10, 2015 at 5:24 PM, <signaldeveloper at gmail.com> wrote:

> Andre,
>
> Really? What should it be? I was curious and checked.. Entropy on some of
> my other big time production servers for email is only about 200) and its
> lightning fast?
>
> - Paul
>
> > On Sep 10, 2015, at 5:00 PM, Andre Felipe Machado <
> andremachado at techforce.com.br> wrote:
> >
> > Hello,
> > Entropy of 158 is way too low for production servers. And this *MAY*
> cause weird
> > slowness without logging any  errors.
> > You could install "haveged" and configure for max threshold levels on
> production
> > servers.
> > https://packages.debian.org/search?keywords=haveged
> >
> > Regards.
> >
> > Andre Felipe
> > http://www.techforce.com.br
> >
> >
> >
> > signaldeveloper at gmail.com wrote ..
> >> Rudy,
> >>
> >> Entropy is 158 I just looked. And as far as compiling against urandom,
> to be
> > honest
> >> I'm
> >> not sure.
> >>
> >> - Paul
> >>
> >>
> >>
> >>
> >>> On Sep 6, 2015, at 9:50 PM, Rudy Gevaert <Rudy.Gevaert at UGent.be>
> wrote:
> >>>
> >>>
> >>> Quoting signaldeveloper at gmail.com, Mon, 07 Sep 2015:
> >>>
> >>>> Hosts file is fine I checked that, thanks. Kolab uses 389 to
> >>>> authenticate for everything, so Cyrus is using LDAP as you can see
> >>>> above. I think the problem lies in the constant TLS logins into
> >>>> Cyrus for every click:
> >>>>
> >>>> imap[2281]: login: localhost [::1] johndoe at domain.com PLAIN+TLS User
> >>>> logged in
> >>>> SESSIONID=<es1.domain.com-2281-1441500890-1-15740725055571902363>
> >>>> Sep  5 20:54:51 es1 imap[2281]: USAGE johndoe at domain.com user:
> >>>> 0.009998 sys: 0.006999
> >>>>
> >>>>
> >>>> Again its only one user, on roundcube... I am afraid to put any more
> >>>> users on it. There doesn't seem to be much of performance tweaks
> >>>> with Cyrus around the web either...
> >>>
> >>> does your system have enough entropy?
> >>>
> >>> Is saslauthd compiled against /dev/urandom?
> >>>
> >>> Rudy
> >>>
> >>> --
> >>> -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
> >>> Rudy Gevaert                             e-mail: Rudy.Gevaert at UGent.be
> >>> Directie ICT, Afdeling Infrastructuur
> >>> Groep Systemen                                      tel: +32 9 264
> 4750
> >>> Universiteit Gent                                   fax: +32 9 264
> 4994
> >>> Krijgslaan 281, gebouw S9, 9000 Gent, Belgie
> www.UGent.be
> >>> -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
> >>>
> >>>
> >>> ----
> >>> Cyrus Home Page: http://www.cyrusimap.org/
> >>> List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
> >>> To Unsubscribe:
> >>> https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
> >> ----
> >> Cyrus Home Page: http://www.cyrusimap.org/
> >> List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
> >> To Unsubscribe:
> >> https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
> > ----
> > Cyrus Home Page: http://www.cyrusimap.org/
> > List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
> > To Unsubscribe:
> > https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20150910/56bd99e1/attachment.html

More information about the Info-cyrus mailing list