<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Just to follow up and help others with similar problem, here is what
I did.<br>
<br>
- Research showed that entropy is needed and low entropy is a
typical problem of headless servers where there is no mouse and
keyboard connected.<br>
- Installed munin to check entropy levels by time. During the two
hours of observation, it went down as low as 160 and went up to a
maximum of 850. I think the minimum is pretty low compared to the
levels talked on the internet.<br>
- Installed haveged utility and adjusted the entropy pool for 2048.<br>
- It is now stabilized around 2048.<br>
<br>
I believe this was the problem with my server. Thank you Patrick for
taking my attention to magic word "entropy".<br>
<br>
I am now monitoring the server to verify.<br>
<br>
<br>
<div class="moz-cite-prefix">On 15.02.2016 00:39, Patrick Boutilier
via Info-cyrus wrote:<br>
</div>
<blockquote cite="mid:56C1020D.10802@ednet.ns.ca" type="cite">On
02/14/2016 02:46 AM, Mufit Eribol via Info-cyrus wrote:
<br>
<blockquote type="cite">Hi All,
<br>
<br>
I am running cyrus-imapd-2.4.17 on CentOS 7.2.1511 for appx. 20
<br>
mailboxes. I get the following messages every 10-12 days.
<br>
<br>
imaps TLS negotiation failed: [ip address of a client]
<br>
Fatal error: tls_start_servertls() failed
<br>
<br>
Although cyrus-imapd, saslauthd are still running after this
error,
<br>
login credentials are not accepted. As I don't know where the
problem
<br>
is, restart the server fixes the problem, well for another 10-12
days.
<br>
<br>
I would appreciate any hint you may give.
<br>
<br>
Thanks,
<br>
Mufit
<br>
<br>
Below are the configuration files:
<br>
<br>
/etc/cyrus.conf:
<br>
START {
<br>
recover cmd="ctl_cyrusdb -r"
<br>
idled cmd="idled"
<br>
}
<br>
SERVICES {
<br>
# imap cmd="imapd" listen="imap" prefork=5
<br>
imaplocal cmd="imapd -C /etc/imapd-local.conf"
<br>
listen="127.0.0.1:imap" prefork=0
<br>
<br>
imaps cmd="imapd -s" listen="imaps" prefork=1
<br>
imapslocal cmd="imapd -C /etc/imapd-local.conf"
<br>
listen="127.0.0.1:imaps" prefork=0
<br>
<br>
# pop3 cmd="pop3d" listen="pop3" prefork=3
<br>
# pop3s cmd="pop3d -s" listen="pop3s" prefork=1
<br>
sieve cmd="timsieved" listen="sieve" prefork=0
<br>
sievelocal cmd="timsieved -C /etc/imapd-local.conf"
<br>
listen="127.0.0.1:sieve" prefork=0
<br>
# these are only necessary if receiving/exporting usenet via
NNTP
<br>
# nntp cmd="nntpd" listen="nntp" prefork=3
<br>
# nntps cmd="nntpd -s" listen="nntps" prefork=1
<br>
<br>
# lmtp cmd="lmtpd" listen="lmtp" prefork=0
<br>
lmtpunix cmd="lmtpd" listen="/var/lib/imap/socket/lmtp"
prefork=1
<br>
<br>
# notify cmd="notifyd"
listen="/var/lib/imap/socket/notify"
<br>
proto="udp" prefork=1
<br>
}
<br>
EVENTS {
<br>
checkpoint cmd="ctl_cyrusdb -c" period=30
<br>
delprune cmd="cyr_expire -E 3" at=0400
<br>
tlsprune cmd="tls_prune" at=0400
<br>
}
<br>
<br>
/etc/imapd.conf:
<br>
postmaster: postmaster
<br>
configdirectory: /var/lib/imap
<br>
partition-default: /var/spool/imap
<br>
#admins: cyrus
<br>
allowanonymouslogin: no
<br>
allowplaintext: no
<br>
#tls_require_cert: 1
<br>
sasl_minimum_layer: 128
<br>
servername: mail.wintess.com
<br>
autocreatequota: 200000
<br>
maxmessagesize: 0
<br>
reject8bit: 0
<br>
munge8bit: 0
<br>
quotawarn: 90
<br>
timeout: 30
<br>
poptimeout: 10
<br>
dracinterval: 0
<br>
drachost: localhost
<br>
sasl_pwcheck_method: saslauthd
<br>
sasl_mech_list: PLAIN
<br>
sievedir: /var/lib/imap/sieve
<br>
sieve_maxscriptsize: 32
<br>
sieve_maxscripts: 5
<br>
sieve_allowplaintext: 1
<br>
sendmail: /usr/sbin/sendmail
<br>
#hashimapspool: true
<br>
#defaultdomain: mail
<br>
tls_cert_file: /etc/pki/tls/certs/wintess-imap.pem
<br>
tls_key_file: /etc/pki/tls/certs/wintess-imap.pem
<br>
tls_ca_file: /etc/pki/tls/certs/wintess-imap.pem
<br>
<br>
/etc/sasl2/smtpd.conf:
<br>
<br>
pwcheck_method: saslauthd
<br>
mech_list: plain login
<br>
<br>
<br>
----
<br>
</blockquote>
<br>
<br>
<br>
Almost sounds like you are running out of entropy.
<br>
<br>
<br>
<br>
<br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">----
Cyrus Home Page: <a class="moz-txt-link-freetext" href="http://www.cyrusimap.org/">http://www.cyrusimap.org/</a>
List Archives/Info: <a class="moz-txt-link-freetext" href="http://lists.andrew.cmu.edu/pipermail/info-cyrus/">http://lists.andrew.cmu.edu/pipermail/info-cyrus/</a>
To Unsubscribe:
<a class="moz-txt-link-freetext" href="https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus">https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus</a></pre>
</blockquote>
<br>
</body>
</html>