Odd problem: IMAP/S suddenly not working, but no errors, and IMAP still works
Simon Matter
simon.matter at invoca.ch
Mon Nov 1 10:46:38 EDT 2010
> Bron,
>
> My Cyrus is from RPM, and I am just nursing it along until my users
> finish migrating off and FastMail manages to complete my own migration,
> so I don't want to build from source. Why would IMAP/S block on empty
> /dev/random, while IMAP+STARTTLS works? FWIW, SASL2 seems to use urandom.
If this is really stock CentOS 5 then I think everything Cyrus related
should use /dev/urandom and not /dev/random. But, could it be that other
software you installed uses /dev/random and makes it "empty"?
Simon
>
>> [root at inspector random]# strings /usr/lib/libsasl* |grep random
>> /dev/urandom
>> /dev/urandom
>
>
> But my /dev/random does seem quite low. Still surfing and looking for a
> good way to fill it on a mostly headless server -- I haven't found a
> good solution yet.
>
> Chris
>
>> [root at inspector ~]# ls -l /dev/*random
>> crw-rw-rw- 1 root root 1, 8 Oct 31 02:05 /dev/random
>> cr--r--r-- 1 root root 1, 9 Oct 31 02:05 /dev/urandom
>> [root at inspector ~]# cd /proc/sys/kernel/random
>> [root at inspector random]# more *|cat
>> ::::::::::::::
>> boot_id
>> ::::::::::::::
>> d3724e19-7462-4224-960b-49d5d3a18d7a
>> ::::::::::::::
>> entropy_avail
>> ::::::::::::::
>> 17
>> ::::::::::::::
>> poolsize
>> ::::::::::::::
>> 4096
>> ::::::::::::::
>> read_wakeup_threshold
>> ::::::::::::::
>> 64
>> ::::::::::::::
>> uuid
>> ::::::::::::::
>> a3ed2323-e04d-4034-a72a-76b5d4b697f7
>> ::::::::::::::
>> write_wakeup_threshold
>> ::::::::::::::
>> 128
>
>
> On 10/31/10 9:26 PM, Bron Gondwana wrote:
>> Sounds like your /dev/random is empty. You can compile with /dev/urandom
>> or add a source of entropy...
>>
>> "Chris Pepper"<pepper at cbio.mskcc.org> wrote:
>>
>>> mail.reppep.com (CentOS 5) is running cyrus-imapd-2.3.7-7.el5_4.3,
>>> along with SquirrelMail, postfix, etc. Last night, I noticed that when
>>> I
>>> sent mail from Thunderbird, it was not able to file copies in the Sent
>>> mailbox, although they did reach the recipients, so postfix was
>>> accepting mail on 587/tcp.
>>>
>>> I restarted Cyrus IMAPd but don't see any error messages in
>>> /var/log/maillog, and the cert& key look fine. SquirrelMail is fine
>>> using plain IMAP. I opened 143/tcp in the firewall, and am able to
>>> fetch
>>> mail via IMAP with STARTTLS, so it looks like the cert and key are
>>> fine.
>>>
>>> But "telnet mail.reppep.com 993" and openssl fail to get any response.
>>> Port 993 is open to the Internet, FWIW.
>>>
>>> Does anyone have any suggestions for what went wrong and/or how to
>>> fix?
>>> I'll try tcpdump next to see if it's responding at all.
>>>
>>> Alternatively, is there a way to make sure Cyrus requires STARTTLS on
>>> 143? I was blocking external access to it to make sure users always use
>>> encryption to connect, but port 143 with STARTTLS required would be an
>>> acceptable alternative.
>>>
>>> Thanks,
>>>
>>> Chris Pepper
>>>
>>>> pepper at imp:~$ !openssl
>>>> openssl s_client -connect www.reppep.com:993
>>>> CONNECTED(00000003)
>>>> 4284:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake
>>>> failure:/SourceCache/OpenSSL098/OpenSSL098-32/src/ssl/s23_lib.c:188:
>>>
>>>
>>>> [root at inspector ~]# cat /etc/imapd.conf
>>>> admins: cyrus
>>>> altnamespace: yes
>>>> configdirectory: /var/lib/imap
>>>> duplicatesuppression: yes
>>>> hashimapspool: no
>>>> partition-default: /var/spool/imap
>>>> servername: mail.reppep.com
>>>> singleinstancestore: yes
>>>> #syslog_prefix: cyrus
>>>> unixhierarchysep: yes
>>>>
>>>> lmtp_downcase_rcpt: yes
>>>> maxmessagesize: 20971520
>>>> sendmail: /usr/sbin/sendmail
>>>> #quotawarn: 80
>>>>
>>>> #allowplaintext: yes
>>>> #allowplainwithouttls: yes
>>>> sasl_pwcheck_method: saslauthd
>>>> #imap_auth_login: yes
>>>> #imap_auth_cram_md5: yes
>>>> #imap_auth_plain: yes
>>>>
>>>> autocreateinboxfolders: Junk
>>>> autocreatequota: -1
>>>> #autocreate_sieve_script: /etc/junk.sieve
>>>> autocreate_sieve_compiledscript: /etc/sieve.bc
>>>> autosievefolders: Junk
>>>> autosubscribeinboxfolders: Junk
>>>> createonpost: yes
>>>> #sievedir: /var/lib/imap/sieve
>>>> sieveusehomedir: true
>>>>
>>>> tls_ca_file: /etc/pki/tls/certs/mail.reppep.com.20100115.crt
>>>> tls_cert_file: /etc/pki/tls/certs/mail.reppep.com.20100115.crt
>>>> tls_key_file: /etc/pki/tls/private/mail.reppep.com.20080219.key
>>>> tls_cipher_list: SSLv3:TLSv1:!NULL:!EXPORT:!DES:!LOW:@STRENGTH
>>>> [root at inspector ~]# ls -l
>>>> /etc/pki/tls/certs/mail.reppep.com.20100115.crt
>>>> /etc/pki/tls/private/mail.reppep.com.20080219.key
>>>> -rw-r--r-- 1 root root 6466 Oct 1 17:13
>>>> /etc/pki/tls/certs/mail.reppep.com.20100115.crt
>>>> -rw-r----- 1 root mail 497 Feb 19 2008
>>>> /etc/pki/tls/private/mail.reppep.com.20080219.key
>>>> [root at inspector ~]# netstat -an|grep LIST|grep tcp|sort -n
>>>> tcp 0 0 0.0.0.0:110 0.0.0.0:*
>>>> LISTEN
>>>> tcp 0 0 0.0.0.0:111 0.0.0.0:*
>>>> LISTEN
>>>> tcp 0 0 0.0.0.0:139 0.0.0.0:*
>>>> LISTEN
>>>> tcp 0 0 0.0.0.0:143 0.0.0.0:*
>>>> LISTEN
>>>> tcp 0 0 0.0.0.0:2000 0.0.0.0:*
>>>> LISTEN
>>>> tcp 0 0 0.0.0.0:25 0.0.0.0:*
>>>> LISTEN
>>>> tcp 0 0 0.0.0.0:3306 0.0.0.0:*
>>>> LISTEN
>>>> tcp 0 0 0.0.0.0:445 0.0.0.0:*
>>>> LISTEN
>>>> tcp 0 0 0.0.0.0:587 0.0.0.0:*
>>>> LISTEN
>>>> tcp 0 0 0.0.0.0:993 0.0.0.0:*
>>>> LISTEN
>>>> tcp 0 0 0.0.0.0:995 0.0.0.0:*
>>>> LISTEN
>>>> tcp 0 0 10.0.104.200:53 0.0.0.0:*
>>>> LISTEN
>>>> tcp 0 0 :::110 :::*
>>>> LISTEN
>>>> tcp 0 0 127.0.0.1:10024 0.0.0.0:*
>>>> LISTEN
>>>> tcp 0 0 127.0.0.1:10025 0.0.0.0:*
>>>> LISTEN
>>>> tcp 0 0 127.0.0.1:53 0.0.0.0:*
>>>> LISTEN
>>>> tcp 0 0 127.0.0.1:953 0.0.0.0:*
>>>> LISTEN
>>>> tcp 0 0 :::143 :::*
>>>> LISTEN
>>>> tcp 0 0 ::1:953 :::*
>>>> LISTEN
>>>> tcp 0 0 :::2000 :::*
>>>> LISTEN
>>>> tcp 0 0 :::22 :::*
>>>> LISTEN
>>>> tcp 0 0 :::4242 :::*
>>>> LISTEN
>>>> tcp 0 0 :::443 :::*
>>>> LISTEN
>>>> tcp 0 0 :::5222 :::*
>>>> LISTEN
>>>> tcp 0 0 :::5223 :::*
>>>> LISTEN
>>>> tcp 0 0 :::5229 :::*
>>>> LISTEN
>>>> tcp 0 0 :::5269 :::*
>>>> LISTEN
>>>> tcp 0 0 66.92.104.200:53 0.0.0.0:*
>>>> LISTEN
>>>> tcp 0 0 :::8080 :::*
>>>> LISTEN
>>>> tcp 0 0 :::80 :::*
>>>> LISTEN
>>>> tcp 0 0 :::8483 :::*
>>>> LISTEN
>>>> tcp 0 0 :::9090 :::*
>>>> LISTEN
>>>> tcp 0 0 :::9091 :::*
>>>> LISTEN
>>>> tcp 0 0 :::993 :::*
>>>> LISTEN
>>>> tcp 0 0 :::995 :::*
>>>> LISTEN
>>>> tcp 0 0 ::ffff:127.0.0.1:4243 :::*
>>>> LISTEN
>>>
>>> ----
>>> Cyrus Home Page: http://www.cyrusimap.org/
>>> List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
>>
>
>
> ----
> Cyrus Home Page: http://www.cyrusimap.org/
> List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
>
More information about the Info-cyrus
mailing list