Cyrus tweaks (slow on roundcube)

Bron Gondwana brong at fastmail.fm
Mon Sep 7 00:26:36 EDT 2015


Yeah, so tls to localhost is dumb.  That's security theatre at its silliest.  Best to turn that off.

Here's some possibilities to make it not required:

imapd.conf:
allowplaintext: yes
sasl_mech_list: PLAIN LOGIN

There used to be a sasl layer thing we did too... "-p 1" in cyrus.conf for the imapd line that listens on localhost will tell sasl that you already have a protection layer.

Bron.


On Mon, Sep 7, 2015, at 12:15, signaldeveloper at gmail.com wrote:
> Hey Rudy!
> 
> As far as entropy: Probably not, it's brand new. One user (me.. Testing) is playing on it. This is something I've never touched and know very little about, can you explain? 
> 
> And can you explain: Is saslauthd compiled against /dev/urandom?
> 
> Thanks again guys..
> 
> - Paul
> 
> 
> 
> 
> Sent from my iPhone
> 
> > On Sep 6, 2015, at 9:50 PM, Rudy Gevaert <Rudy.Gevaert at UGent.be> wrote:
> > 
> > 
> > Quoting signaldeveloper at gmail.com, Mon, 07 Sep 2015:
> > 
> >> Hosts file is fine I checked that, thanks. Kolab uses 389 to  
> >> authenticate for everything, so Cyrus is using LDAP as you can see  
> >> above. I think the problem lies in the constant TLS logins into  
> >> Cyrus for every click:
> >> 
> >> imap[2281]: login: localhost [::1] johndoe at domain.com PLAIN+TLS User  
> >> logged in  
> >> SESSIONID=<es1.domain.com-2281-1441500890-1-15740725055571902363>
> >> Sep  5 20:54:51 es1 imap[2281]: USAGE johndoe at domain.com user:  
> >> 0.009998 sys: 0.006999
> >> 
> >> 
> >> Again its only one user, on roundcube... I am afraid to put any more  
> >> users on it. There doesn't seem to be much of performance tweaks  
> >> with Cyrus around the web either...
> > 
> > does your system have enough entropy?
> > 
> > Is saslauthd compiled against /dev/urandom?
> > 
> > Rudy
> > 
> > -- 
> >  -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
> >  Rudy Gevaert                             e-mail: Rudy.Gevaert at UGent.be
> >  Directie ICT, Afdeling Infrastructuur
> >  Groep Systemen                                      tel: +32 9 264 4750
> >  Universiteit Gent                                   fax: +32 9 264 4994
> >  Krijgslaan 281, gebouw S9, 9000 Gent, Belgie               www.UGent.be
> >  -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
> > 
> > 
> > ----
> > Cyrus Home Page: http://www.cyrusimap.org/
> > List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
> > To Unsubscribe:
> > https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
> ----
> Cyrus Home Page: http://www.cyrusimap.org/
> List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
> To Unsubscribe:
> https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus


-- 
  Bron Gondwana
  brong at fastmail.fm


More information about the Info-cyrus mailing list