Odd problem: IMAP/S suddenly not working, but no errors, and IMAP still works
pepper at cbio.mskcc.org
Mon Nov 1 11:32:37 EDT 2010
On 11/1/10 11:21 AM, Simon Matter wrote:
>> On 11/1/10 10:46 AM, Simon Matter wrote:
>>>> My Cyrus is from RPM, and I am just nursing it along until my users
>>>> finish migrating off and FastMail manages to complete my own migration,
>>>> so I don't want to build from source. Why would IMAP/S block on empty
>>>> /dev/random, while IMAP+STARTTLS works? FWIW, SASL2 seems to use
>>> If this is really stock CentOS 5 then I think everything Cyrus related
>>> should use /dev/urandom and not /dev/random. But, could it be that other
>>> software you installed uses /dev/random and makes it "empty"?
>> Most things are CentOS RPMs (thanks for those! ;), with a few from
>>> [root at inspector ~]# rpm -q cyrus-imapd amavisd-new clamav spamassassin
>>> postfix httpd mod_ssl
>> Which still leaves me thinking my port 993 problem isn't entropy, because
>> STARTTLS works fine.
> That's my impression from the beginning, because lack of entropy has not
> been a known problem on the RHEL/CentOS configs. That's not much help of
> If you already restarted master and you know it's not stuck somehow, then
> the only thing I could think to check is your
> /var/lib/imap/tls_sessions.db database. I don't know if a broken TLS db
> could result in what you see but better check it out.
Interesting. I moved tls_sessions.db aside & restarted IMAPd, and it's apparently in a new format -- perhaps the default format has changed since it was first created. But 993 is still open but not responsive. I am going to try disabling Cyrus' IMAP/SSL and swapping in stunnel, as Rob @ FastMail has suggested as a workaround.
> [root at inspector imap]# ls -l tls*
> -rw------- 1 cyrus mail 8192 Nov 1 11:27 tls_sessions.db
> -rw------- 1 cyrus mail 1976 Nov 1 11:27 tls_sessions.db.BAD
> [root at inspector imap]# file tls*
> tls_sessions.db: Berkeley DB (Btree, version 9, native byte-order)
> tls_sessions.db.BAD: Cyrus skiplist DB
Chris Pepper: <http://cbio.mskcc.org/>
More information about the Info-cyrus