Fatal error: tls_start_servertls()

David Newman dnewman at networktest.com
Mon Apr 2 18:40:52 EDT 2007


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

cyrus-imap-2.3.7
cyrus-sasl-2.1.22
FreeBSD 6.1-RELEASE (as guest OS on VMware-server 1.02 on CentOS 4.4)

Somewhere between every 12-72 hours the server's CPU goes to 100 percent
and stays there until I manually restart imapd.

/var/log/messages gets an entry like this:

Apr  2 15:00:01 lancelot imaps[21872]: imaps TLS negotiation failed:
[172.31.0.254]
Apr  2 15:00:01 lancelot imaps[21872]: Fatal error:
tls_start_servertls() failed

After restarting imapd, everything's OK until the next time.

I'm not an expert in either cyrus-imap or SSL; thanks in advance for any
guidance in troubleshooting this problem.

dn


possibly helpful data for troubleshooting:

from end of /usr/local/etc/imapd.conf:

virtdomains: yes
defaultdomain: domain1.tld
allowusermoves: yes
sasl_auxprop_plugin: sql
sasl_sql_user: postfix
sasl_sql_passwd: <deleted>
sasl_sql_database: postfix
sasl_sql_hostnames: localhost
sasl_sql_select: SELECT password FROM mailbox WHERE username='%u@%r' AND
active='1'
sasl_sql_verbose: yes
sasl_sql_engine: mysql
sasl_mech_list: plain login
sasl_password_format: crypt
createonpost: yes
autocreateinboxfolders: spam

from imtest:

lancelot# imtest -m plain -u cyrus -a cyrus -s localhost
verify error:num=19:self signed certificate in certificate chain
TLS connection established: TLSv1 with cipher AES256-SHA (256/256 bits)
S: * OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID AUTH=LOGIN AUTH=PLAIN
SASL-IR] networktest.com Cyrus IMAP4 v2.3.7 server ready
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID AUTH=LOGIN AUTH=PLAIN
SASL-IR ACL RIGHTS=kxte QUOTA MAILBOX-REFERRALS NAMESPACE UIDPLUS
NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT SORT=MODSEQ
THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE CATENATE CONDSTORE
IDLE URLAUTH
S: C01 OK Completed
Please enter your password:
C: A01 AUTHENTICATE PLAIN Y3lydXMAY3lydXMAMVFhWjJXc1g=
S: A01 OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID LOGINDISABLED ACL
RIGHTS=kxte QUOTA MAILBOX-REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME
UNSELECT CHILDREN MULTIAPPEND BINARY SORT SORT=MODSEQ
THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE CATENATE CONDSTORE
IDLE URLAUTH] Success (tls protection)
Authenticated.
Security strength factor: 256
. logout
* BYE LOGOUT received
. OK Completed
Connection closed.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (Darwin)

iD8DBQFGEYZlyPxGVjntI4IRAqWmAKD4MQYkcIZTqlLflVYKtzGN79KTsgCgpCT+
CsleJy4ApIdSUC3PluqdozY=
=BPSx
-----END PGP SIGNATURE-----


More information about the Info-cyrus mailing list