Re: Odd problem: IMAP/S suddenly not working, but no errors, and IMAP still works
Bron Gondwana
brong at fastmail.fm
Sun Oct 31 21:26:53 EDT 2010
Sounds like your /dev/random is empty. You can compile with /dev/urandom or add a source of entropy...
"Chris Pepper" <pepper at cbio.mskcc.org> wrote:
> mail.reppep.com (CentOS 5) is running cyrus-imapd-2.3.7-7.el5_4.3,
>along with SquirrelMail, postfix, etc. Last night, I noticed that when I
>sent mail from Thunderbird, it was not able to file copies in the Sent
>mailbox, although they did reach the recipients, so postfix was
>accepting mail on 587/tcp.
>
> I restarted Cyrus IMAPd but don't see any error messages in
>/var/log/maillog, and the cert & key look fine. SquirrelMail is fine
>using plain IMAP. I opened 143/tcp in the firewall, and am able to fetch
>mail via IMAP with STARTTLS, so it looks like the cert and key are fine.
>
> But "telnet mail.reppep.com 993" and openssl fail to get any response.
>Port 993 is open to the Internet, FWIW.
>
> Does anyone have any suggestions for what went wrong and/or how to fix?
>I'll try tcpdump next to see if it's responding at all.
>
> Alternatively, is there a way to make sure Cyrus requires STARTTLS on
>143? I was blocking external access to it to make sure users always use
>encryption to connect, but port 143 with STARTTLS required would be an
>acceptable alternative.
>
>Thanks,
>
>Chris Pepper
>
>> pepper at imp:~$ !openssl
>> openssl s_client -connect www.reppep.com:993
>> CONNECTED(00000003)
>> 4284:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:/SourceCache/OpenSSL098/OpenSSL098-32/src/ssl/s23_lib.c:188:
>
>
>> [root at inspector ~]# cat /etc/imapd.conf
>> admins: cyrus
>> altnamespace: yes
>> configdirectory: /var/lib/imap
>> duplicatesuppression: yes
>> hashimapspool: no
>> partition-default: /var/spool/imap
>> servername: mail.reppep.com
>> singleinstancestore: yes
>> #syslog_prefix: cyrus
>> unixhierarchysep: yes
>>
>> lmtp_downcase_rcpt: yes
>> maxmessagesize: 20971520
>> sendmail: /usr/sbin/sendmail
>> #quotawarn: 80
>>
>> #allowplaintext: yes
>> #allowplainwithouttls: yes
>> sasl_pwcheck_method: saslauthd
>> #imap_auth_login: yes
>> #imap_auth_cram_md5: yes
>> #imap_auth_plain: yes
>>
>> autocreateinboxfolders: Junk
>> autocreatequota: -1
>> #autocreate_sieve_script: /etc/junk.sieve
>> autocreate_sieve_compiledscript: /etc/sieve.bc
>> autosievefolders: Junk
>> autosubscribeinboxfolders: Junk
>> createonpost: yes
>> #sievedir: /var/lib/imap/sieve
>> sieveusehomedir: true
>>
>> tls_ca_file: /etc/pki/tls/certs/mail.reppep.com.20100115.crt
>> tls_cert_file: /etc/pki/tls/certs/mail.reppep.com.20100115.crt
>> tls_key_file: /etc/pki/tls/private/mail.reppep.com.20080219.key
>> tls_cipher_list: SSLv3:TLSv1:!NULL:!EXPORT:!DES:!LOW:@STRENGTH
>> [root at inspector ~]# ls -l /etc/pki/tls/certs/mail.reppep.com.20100115.crt /etc/pki/tls/private/mail.reppep.com.20080219.key
>> -rw-r--r-- 1 root root 6466 Oct 1 17:13 /etc/pki/tls/certs/mail.reppep.com.20100115.crt
>> -rw-r----- 1 root mail 497 Feb 19 2008 /etc/pki/tls/private/mail.reppep.com.20080219.key
>> [root at inspector ~]# netstat -an|grep LIST|grep tcp|sort -n
>> tcp 0 0 0.0.0.0:110 0.0.0.0:* LISTEN
>> tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN
>> tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN
>> tcp 0 0 0.0.0.0:143 0.0.0.0:* LISTEN
>> tcp 0 0 0.0.0.0:2000 0.0.0.0:* LISTEN
>> tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN
>> tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN
>> tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN
>> tcp 0 0 0.0.0.0:587 0.0.0.0:* LISTEN
>> tcp 0 0 0.0.0.0:993 0.0.0.0:* LISTEN
>> tcp 0 0 0.0.0.0:995 0.0.0.0:* LISTEN
>> tcp 0 0 10.0.104.200:53 0.0.0.0:* LISTEN
>> tcp 0 0 :::110 :::* LISTEN
>> tcp 0 0 127.0.0.1:10024 0.0.0.0:* LISTEN
>> tcp 0 0 127.0.0.1:10025 0.0.0.0:* LISTEN
>> tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN
>> tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN
>> tcp 0 0 :::143 :::* LISTEN
>> tcp 0 0 ::1:953 :::* LISTEN
>> tcp 0 0 :::2000 :::* LISTEN
>> tcp 0 0 :::22 :::* LISTEN
>> tcp 0 0 :::4242 :::* LISTEN
>> tcp 0 0 :::443 :::* LISTEN
>> tcp 0 0 :::5222 :::* LISTEN
>> tcp 0 0 :::5223 :::* LISTEN
>> tcp 0 0 :::5229 :::* LISTEN
>> tcp 0 0 :::5269 :::* LISTEN
>> tcp 0 0 66.92.104.200:53 0.0.0.0:* LISTEN
>> tcp 0 0 :::8080 :::* LISTEN
>> tcp 0 0 :::80 :::* LISTEN
>> tcp 0 0 :::8483 :::* LISTEN
>> tcp 0 0 :::9090 :::* LISTEN
>> tcp 0 0 :::9091 :::* LISTEN
>> tcp 0 0 :::993 :::* LISTEN
>> tcp 0 0 :::995 :::* LISTEN
>> tcp 0 0 ::ffff:127.0.0.1:4243 :::* LISTEN
>
>----
>Cyrus Home Page: http://www.cyrusimap.org/
>List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
--
Sent from my Android phone with K-9 Mail. Please excuse my brevity.
More information about the Info-cyrus
mailing list