Backend attempting to proxy to itself?
Brian Awood
bawood at umich.edu
Mon Apr 26 10:52:10 EDT 2010
imapd is trying to proxy because the entry "1
store-101.internal.example.com" tells it that it's remote, even though it
is not. Theoretically this would work correctly with a unified murder
configuration, where any machine can proxy for another, but it isn't
implemented. The mailbox entry on the backend should look like;
user.simon 0 default simon lrswipkxtecda
I'm not sure how the mailbox list ended up with entries like that on your
backend. Are you running mupdate there? There should probably be a
warning in the docs about not starting mupdate on a backend, if there isn't
already. To fix it, you may need to dump the db to text, use sed/awk/perl
(pick your favorite) and change all the "1 servername!default" to "0
default", remove the old db and reload it. Hope that helps.
-Brian
On Mon, 26 Apr 2010 12:44:35 +0100 (BST), "Simon Beale"
<simon at minos.org.uk>
wrote:
> I'm having problems with getting the backend responding correctly in a
> murder cluster (using Simon Matter's 2.3.16 rpm built on CentOS 5.4).
I've
> got it so that I can run cyradm and issue 'cm user.simon' on the
frontend,
> see it make the mailbox on the backend, and doing 'ctl_mboxlist -d' on
> murder, frontend and backend all list the relevant backend location:
>
> user.simon 1 store-101.internal.example.com!default simon
> lrswipkxtecda
>
>
> However, when I run imtest and login on the frontend:
> . LIST "" "*"
> * LIST (\HasNoChildren) "." "INBOX"
> . OK Completed (0.000 secs 2 calls)
> . SELECT INBOX
> . NO Server(s) unavailable to complete operation
>
>
> Looking at the output of strace and syslogs on the backend, it appears
> that the backend is trying to make a new TLS connection back to itself
> rather than directly answering the incoming SELECT.
>
> Apr 26 13:24:09 store-101 imap[26128]: accepted connection
> Apr 26 13:24:09 store-101 master[26615]: about to exec
> /usr/lib/cyrus-imapd/imapd
> Apr 26 13:24:09 store-101 imap[26128]: login:
> switch-101.internal.example.com [10.10.10.37] simon DIGEST-MD5 User
logged
> in
> Apr 26 13:24:09 store-101 imap[26615]: executed
> Apr 26 13:24:09 store-101 imap[26615]: accepted connection
> Apr 26 13:24:09 store-101 master[26616]: about to exec
> /usr/lib/cyrus-imapd/imapd
> Apr 26 13:24:09 store-101 imap[26616]: executed
> Apr 26 13:24:09 store-101 imap[26615]: skiplist: checkpointed
> /var/lib/imap/tls_sessions.db (1124 records, 206900 bytes) in 0 seconds
> Apr 26 13:24:09 store-101 imap[26615]: imapd:Loading hard-coded DH
> parameters
> Apr 26 13:24:09 store-101 imap[26615]: SSL_accept() incomplete -> wait
> Apr 26 13:24:09 store-101 imap[26128]: Doing a peer verify
> Apr 26 13:24:09 store-101 imap[26128]: Doing a peer verify
> Apr 26 13:24:09 store-101 imap[26128]: received server certificate
> Apr 26 13:24:09 store-101 imap[26128]: starttls: TLSv1 with cipher
> DHE-RSA-AES256-SHA (256/256 bits new client) no authentication
> Apr 26 13:24:09 store-101 imap[26615]: SSL_accept() succeeded -> done
> Apr 26 13:24:09 store-101 imap[26615]: starttls: TLSv1 with cipher
> DHE-RSA-AES256-SHA (256/256 bits new) no authentication
> Apr 26 13:24:09 store-101 imap[26128]: couldn't authenticate to backend
> server: no mechanism available
>
> Can anyone help me work out why the backend appears to be attempting to
> proxy onwards rather than answering the SELECT itself?
>
> ===================
> Backend imapd.conf:
>
> admins: cyrus cyrus-frontend
> allowallsubscribe: true
> allowplaintext: true
> allowusermoves: true
> configdirectory: /var/lib/imap
> delete_mode: delayed
> duplicate_db: skiplist
> expunge_mode: delayed
> hashimapspool: true
> improved_mboxlist_sort: true
> lmtp_downcase_rcpt: true
> mupdate_authname: cyrus-frontend
> mupdate_password: ********
> mupdate_server: switch-102.internal.example.com
> mupdate_username: cyrus-frontend
> normalizeuid: true
> partition-default: /var/spool/imap
> proxyservers: cyrus-frontend
> ptscache_db: skiplist
> sasl_mech_list: PLAIN LOGIN DIGEST-MD5
> sasl_pwcheck_method: auxprop
> servername: store-101.internal.example.com
> sievedir: /var/lib/imap/sieve
> statuscache_db: skiplist
> tlscache_db: skiplist
> tls_ca_file: /etc/pki/tls/certs/ca-bundle.crt
> tls_cert_file: /etc/ssl/certs/wildcard.pem
> tls_key_file: /etc/ssl/certs/wildcard.pem
> unix_group_enable: false
>
>
> ====================
> Frontend imapd.conf:
>
> admins: cyrus
> allowplaintext: false
> allowusermoves: true
> configdirectory: /var/lib/imap
> delete_mode: delayed
> duplicate_db: skiplist
> expunge_mode: delayed
> improved_mboxlist_sort: true
> lmtp_downcase_rcpt: true
> mupdate_authname: cyrus-frontend
> mupdate_password: ********
> mupdate_server: switch-102.internal.example.com
> mupdate_username: cyrus-frontend
> normalizeuid: true
> partition-default: /var/spool/imap
> proxy_authname: cyrus-frontend
> proxyd_disable_mailbox_referrals: true
> proxy_password: ********
> ptscache_db: skiplist
> sasl_mech_list: PLAIN
> sasl_pwcheck_method: auxprop saslauthd
> serverlist: store-101.internal.example.com
> servername: switch-101.internal.example.com
> sieve_allowreferrals: false
> sievedir: /var/lib/imap/sieve
> sieveusehomedir: 0
> statuscache_db: skiplist
> tlscache_db: skiplist
> tls_ca_file: /etc/pki/tls/certs/ca-bundle.crt
> tls_cert_file: /etc/ssl/certs/wildcard.pem
> tls_key_file: /etc/ssl/certs/wildcard.pem
> unix_group_enable: false
>
>
> ----
> Cyrus Home Page: http://cyrusimap.web.cmu.edu/
> Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
More information about the Info-cyrus
mailing list