Odd problem: IMAP/S suddenly not working, but no errors, and IMAP still works

Chris Pepper pepper at cbio.mskcc.org
Mon Nov 1 11:32:37 EDT 2010 

On 11/1/10 11:21 AM, Simon Matter wrote:
>> On 11/1/10 10:46 AM, Simon Matter wrote:
>>>> Bron,
>>>>
>>>> 	My Cyrus is from RPM, and I am just nursing it along until my users
>>>> finish migrating off and FastMail manages to complete my own migration,
>>>> so I don't want to build from source. Why would IMAP/S block on empty
>>>> /dev/random, while IMAP+STARTTLS works? FWIW, SASL2 seems to use
>>>> urandom.
>>>
>>> If this is really stock CentOS 5 then I think everything Cyrus related
>>> should use /dev/urandom and not /dev/random. But, could it be that other
>>> software you installed uses /dev/random and makes it "empty"?
>>
>> 	Most things are CentOS RPMs (thanks for those! ;), with a few from
>> RPMforge.
>>
>>> [root at inspector ~]# rpm -q cyrus-imapd amavisd-new clamav spamassassin
>>> postfix httpd mod_ssl
>>> cyrus-imapd-2.3.7-7.el5_4.3
>>> amavisd-new-2.6.4-3.el5.rf
>>> clamav-0.96.4-1.el5.rf
>>> spamassassin-3.3.1-3.el5.rf
>>> postfix-2.3.3-2.1.el5_2
>>> httpd-2.2.3-43.el5.centos.3
>>> mod_ssl-2.2.3-43.el5.centos.3
>>
>> 	Which still leaves me thinking my port 993 problem isn't entropy, because
>> STARTTLS works fine.
>
> That's my impression from the beginning, because lack of entropy has not
> been a known problem on the RHEL/CentOS configs. That's not much help of
> course.
>
> If you already restarted master and you know it's not stuck somehow, then
> the only thing I could think to check is your
> /var/lib/imap/tls_sessions.db database. I don't know if a broken TLS db
> could result in what you see but better check it out.

	Interesting. I moved tls_sessions.db aside & restarted IMAPd, and it's apparently in a new format -- perhaps the default format has changed since it was first created. But 993 is still open but not responsive. I am going to try disabling Cyrus' IMAP/SSL and swapping in stunnel, as Rob @ FastMail has suggested as a workaround.

Thanks,

Chris

> [root at inspector imap]# ls -l tls*
> -rw------- 1 cyrus mail 8192 Nov  1 11:27 tls_sessions.db
> -rw------- 1 cyrus mail 1976 Nov  1 11:27 tls_sessions.db.BAD
> [root at inspector imap]# file tls*
> tls_sessions.db:     Berkeley DB (Btree, version 9, native byte-order)
> tls_sessions.db.BAD: Cyrus skiplist DB


-- 
Chris Pepper:                <http://cbio.mskcc.org/>
                              <http://www.extrapepperoni.com/>

More information about the Info-cyrus mailing list