Backend attempting to proxy to itself?

Simon Beale simon at minos.org.uk
Mon Apr 26 07:44:35 EDT 2010 

I'm having problems with getting the backend responding correctly in a
murder cluster (using Simon Matter's 2.3.16 rpm built on CentOS 5.4). I've
got it so that I can run cyradm and issue 'cm user.simon' on the frontend,
see it make the mailbox on the backend, and doing 'ctl_mboxlist -d' on
murder, frontend and backend all list the relevant backend location:

user.simon      1 store-101.internal.example.com!default simon    
lrswipkxtecda


However, when I run imtest and login on the frontend:
. LIST "" "*"
* LIST (\HasNoChildren) "." "INBOX"
. OK Completed (0.000 secs 2 calls)
. SELECT INBOX
. NO Server(s) unavailable to complete operation


Looking at the output of strace and syslogs on the backend, it appears
that the backend is trying to make a new TLS connection back to itself
rather than directly answering the incoming SELECT.

Apr 26 13:24:09 store-101 imap[26128]: accepted connection
Apr 26 13:24:09 store-101 master[26615]: about to exec
/usr/lib/cyrus-imapd/imapd
Apr 26 13:24:09 store-101 imap[26128]: login:
switch-101.internal.example.com [10.10.10.37] simon DIGEST-MD5 User logged
in
Apr 26 13:24:09 store-101 imap[26615]: executed
Apr 26 13:24:09 store-101 imap[26615]: accepted connection
Apr 26 13:24:09 store-101 master[26616]: about to exec
/usr/lib/cyrus-imapd/imapd
Apr 26 13:24:09 store-101 imap[26616]: executed
Apr 26 13:24:09 store-101 imap[26615]: skiplist: checkpointed
/var/lib/imap/tls_sessions.db (1124 records, 206900 bytes) in 0 seconds
Apr 26 13:24:09 store-101 imap[26615]: imapd:Loading hard-coded DH parameters
Apr 26 13:24:09 store-101 imap[26615]: SSL_accept() incomplete -> wait
Apr 26 13:24:09 store-101 imap[26128]: Doing a peer verify
Apr 26 13:24:09 store-101 imap[26128]: Doing a peer verify
Apr 26 13:24:09 store-101 imap[26128]: received server certificate
Apr 26 13:24:09 store-101 imap[26128]: starttls: TLSv1 with cipher
DHE-RSA-AES256-SHA (256/256 bits new client) no authentication
Apr 26 13:24:09 store-101 imap[26615]: SSL_accept() succeeded -> done
Apr 26 13:24:09 store-101 imap[26615]: starttls: TLSv1 with cipher
DHE-RSA-AES256-SHA (256/256 bits new) no authentication
Apr 26 13:24:09 store-101 imap[26128]: couldn't authenticate to backend
server: no mechanism available

Can anyone help me work out why the backend appears to be attempting to
proxy onwards rather than answering the SELECT itself?

===================
Backend imapd.conf:

admins:                 cyrus cyrus-frontend
allowallsubscribe:      true
allowplaintext:         true
allowusermoves:         true
configdirectory:        /var/lib/imap
delete_mode:            delayed
duplicate_db:           skiplist
expunge_mode:           delayed
hashimapspool:          true
improved_mboxlist_sort: true
lmtp_downcase_rcpt:     true
mupdate_authname:       cyrus-frontend
mupdate_password:       ********
mupdate_server:         switch-102.internal.example.com
mupdate_username:       cyrus-frontend
normalizeuid:           true
partition-default:      /var/spool/imap
proxyservers:           cyrus-frontend
ptscache_db:            skiplist
sasl_mech_list:         PLAIN LOGIN DIGEST-MD5
sasl_pwcheck_method:    auxprop
servername:             store-101.internal.example.com
sievedir:               /var/lib/imap/sieve
statuscache_db:         skiplist
tlscache_db:            skiplist
tls_ca_file:            /etc/pki/tls/certs/ca-bundle.crt
tls_cert_file:          /etc/ssl/certs/wildcard.pem
tls_key_file:           /etc/ssl/certs/wildcard.pem
unix_group_enable:      false


====================
Frontend imapd.conf:

admins:                 cyrus
allowplaintext:         false
allowusermoves:         true
configdirectory:        /var/lib/imap
delete_mode:            delayed
duplicate_db:           skiplist
expunge_mode:           delayed
improved_mboxlist_sort: true
lmtp_downcase_rcpt:     true
mupdate_authname:       cyrus-frontend
mupdate_password:       ********
mupdate_server:         switch-102.internal.example.com
mupdate_username:       cyrus-frontend
normalizeuid:           true
partition-default:      /var/spool/imap
proxy_authname:         cyrus-frontend
proxyd_disable_mailbox_referrals:       true
proxy_password:         ********
ptscache_db:            skiplist
sasl_mech_list:         PLAIN
sasl_pwcheck_method:    auxprop saslauthd
serverlist:             store-101.internal.example.com
servername:             switch-101.internal.example.com
sieve_allowreferrals:   false
sievedir:               /var/lib/imap/sieve
sieveusehomedir:        0
statuscache_db:         skiplist
tlscache_db:            skiplist
tls_ca_file:            /etc/pki/tls/certs/ca-bundle.crt
tls_cert_file:          /etc/ssl/certs/wildcard.pem
tls_key_file:           /etc/ssl/certs/wildcard.pem
unix_group_enable:      false

More information about the Info-cyrus mailing list