strange tls_start_servertls() error

Tobias Blass tobiasblass at t-online.de
Fri Nov 30 10:53:47 EST 2012 

On Fri, Nov 30, 2012 at 09:46:33AM -0600, Dan White wrote:
> On 11/30/12 10:45 +0100, Tobias Blass wrote:
> >Hi all,
> >I'm administrating an IMAP server for about 25 people running cyrus version 2.2.13-19+squeeze3.
> >Multiple times per day the following error message appears in the logs:
> >
> >imaps TLS negotiation failed: [IP address of a client]
> >Fatal error: tls_start_servertls() failed
> >process 31912 exited, status 75
> >service imaps pid 31912 in BUSY state: terminated abnormally
> >
> >I haven't found a pattern yet, I only know that it calms down a bit when I
> >restart cyrus. Even though there are no real problems with the imap service the
> >log message doesn't look like I can ignore it safely.
> >Here is my cyrus.conf (without comments)
> >
> >START {
> >        recover         cmd="/usr/sbin/ctl_cyrusdb -r"
> >
> >        idled           cmd="idled"
> >        delprune        cmd="/usr/sbin/cyr_expire -E 3"
> >        tlsprune        cmd="/usr/sbin/tls_prune"
> >}
> ># maxchild is so huge because I suspected it to be responsible for the error.
> ># Increasing this value didn't fix it, though
> >SERVICES {
> >        imap            cmd="imapd -U 30" listen="localhost:imap" prefork=2 maxchild=1000
> >        imaps           cmd="imapd -s -U 30" listen="imaps" prefork=2 maxchild=1000
> >        lmtpunix        cmd="lmtpd" listen="/var/run/cyrus/socket/lmtp" prefork=0 maxchild=20
> >        sieve           cmd="timsieved" listen="*:sieve" prefork=0 maxchild=300
> >        notify          cmd="notifyd" listen="/var/run/cyrus/socket/notify" proto="udp" prefork=1
> >}
> >EVENTS {
> >        checkpoint      cmd="/usr/sbin/ctl_cyrusdb -c" period=30
> >        delprune        cmd="/usr/sbin/cyr_expire -E 3" at=0401
> >        tlsprune        cmd="/usr/sbin/tls_prune" at=0401
> >
> >}
> 
> Sound like:
> 
> https://bugzilla.cyrusimap.org/show_bug.cgi?id=3207
> 
> There have been a few TLS fixes since 2.2.x, discussed in the 2.4.16 
> changes file.
> 

Well if it was that error then increasing maxchild to 1000 should fix it,
shouldn't it? I don't think that I can hit the maxchild limit of 1000 with about
25 people. Is it possible that cyrus doesn't really reuse the already spawned
children and hit the limit with 970 unused child proxesses?
Tobias

More information about the Info-cyrus mailing list