strange tls_start_servertls() error

Tobias Blass tobiasblass at t-online.de
Fri Nov 30 04:45:06 EST 2012


Hi all,
I'm administrating an IMAP server for about 25 people running cyrus version 2.2.13-19+squeeze3.
Multiple times per day the following error message appears in the logs:

imaps TLS negotiation failed: [IP address of a client]
Fatal error: tls_start_servertls() failed
process 31912 exited, status 75
service imaps pid 31912 in BUSY state: terminated abnormally

I haven't found a pattern yet, I only know that it calms down a bit when I
restart cyrus. Even though there are no real problems with the imap service the
log message doesn't look like I can ignore it safely.
Here is my cyrus.conf (without comments)

START { 
        recover         cmd="/usr/sbin/ctl_cyrusdb -r"

        idled           cmd="idled"
        delprune        cmd="/usr/sbin/cyr_expire -E 3"
        tlsprune        cmd="/usr/sbin/tls_prune"
}
# maxchild is so huge because I suspected it to be responsible for the error.
# Increasing this value didn't fix it, though
SERVICES {
        imap            cmd="imapd -U 30" listen="localhost:imap" prefork=2 maxchild=1000
        imaps           cmd="imapd -s -U 30" listen="imaps" prefork=2 maxchild=1000
        lmtpunix        cmd="lmtpd" listen="/var/run/cyrus/socket/lmtp" prefork=0 maxchild=20
        sieve           cmd="timsieved" listen="*:sieve" prefork=0 maxchild=300
        notify          cmd="notifyd" listen="/var/run/cyrus/socket/notify" proto="udp" prefork=1
}       
EVENTS {
        checkpoint      cmd="/usr/sbin/ctl_cyrusdb -c" period=30
        delprune        cmd="/usr/sbin/cyr_expire -E 3" at=0401
        tlsprune        cmd="/usr/sbin/tls_prune" at=0401

}  

Here is my imapd.conf (again without comments)

configdirectory: /var/lib/cyrus
defaultpartition: default
partition-default: /var/spool/cyrus/mail
partition-news: /var/spool/cyrus/news
newsspool: /var/spool/news
altnamespace: no
unixhierarchysep: no
admins: cyrus
allowanonymouslogin: no
popminpoll: 1
autocreatequota: 0
umask: 077
sieveusehomedir: false
sievedir: /var/spool/sieve
hashimapspool: true
allowplaintext: yes
sasl_mech_list: PLAIN
allowapop: no
sasl_minimum_layer: 0
sasl_pwcheck_method: saslauthd
sasl_auto_transition: no
# I modified the paths here for privacy reasons, but I'm sure they are correct
tls_cert_file: /etc/ssl/certs/mail.domain.crt
tls_key_file: /etc/ssl/certs-private/mail.domain.key
tls_imap_cert_file: /etc/ssl/certs/mail.domain.crt
tls_imap_key_file: /etc/ssl/certs-private/mail.domain.key
tls_ca_path: /etc/ssl/certs
tls_session_timeout: 1440
tls_cipher_list: TLSv1+HIGH:!aNULL:@STRENGTH
lmtpsocket: /var/run/cyrus/socket/lmtp
idlemethod: idled
idlesocket: /var/run/cyrus/socket/idle
notifysocket: /var/run/cyrus/socket/notify
syslog_prefix: cyrus

Tobias


More information about the Info-cyrus mailing list