Fatal error: tls_start_servertls() failed

Patrick Boutilier boutilpj at ednet.ns.ca
Sun Feb 14 17:39:09 EST 2016 

On 02/14/2016 02:46 AM, Mufit Eribol via Info-cyrus wrote:
> Hi All,
>
> I am running cyrus-imapd-2.4.17 on CentOS 7.2.1511 for appx. 20
> mailboxes. I get the following messages every 10-12 days.
>
> imaps TLS negotiation failed: [ip address of a client]
> Fatal error: tls_start_servertls() failed
>
> Although cyrus-imapd, saslauthd are still running after this error,
> login credentials are not accepted. As I don't know where the problem
> is, restart the server fixes the problem, well for another 10-12 days.
>
> I would appreciate any hint you may give.
>
> Thanks,
> Mufit
>
> Below are the configuration files:
>
> /etc/cyrus.conf:
> START {
>    recover       cmd="ctl_cyrusdb -r"
>    idled         cmd="idled"
> }
> SERVICES {
> #  imap         cmd="imapd" listen="imap" prefork=5
> imaplocal     cmd="imapd -C /etc/imapd-local.conf"
> listen="127.0.0.1:imap" prefork=0
>
>    imaps         cmd="imapd -s" listen="imaps" prefork=1
> imapslocal    cmd="imapd -C /etc/imapd-local.conf"
> listen="127.0.0.1:imaps" prefork=0
>
> #  pop3         cmd="pop3d" listen="pop3" prefork=3
> #  pop3s                cmd="pop3d -s" listen="pop3s" prefork=1
>    sieve         cmd="timsieved" listen="sieve" prefork=0
> sievelocal      cmd="timsieved -C /etc/imapd-local.conf"
> listen="127.0.0.1:sieve" prefork=0
>    # these are only necessary if receiving/exporting usenet via NNTP
> #  nntp         cmd="nntpd" listen="nntp" prefork=3
> #  nntps                cmd="nntpd -s" listen="nntps" prefork=1
>
> #  lmtp         cmd="lmtpd" listen="lmtp" prefork=0
>    lmtpunix      cmd="lmtpd" listen="/var/lib/imap/socket/lmtp" prefork=1
>
> #  notify       cmd="notifyd" listen="/var/lib/imap/socket/notify"
> proto="udp" prefork=1
> }
> EVENTS {
>    checkpoint    cmd="ctl_cyrusdb -c" period=30
>    delprune      cmd="cyr_expire -E 3" at=0400
>    tlsprune      cmd="tls_prune" at=0400
> }
>
> /etc/imapd.conf:
> postmaster: postmaster
> configdirectory: /var/lib/imap
> partition-default: /var/spool/imap
> #admins: cyrus
> allowanonymouslogin: no
> allowplaintext: no
> #tls_require_cert: 1
> sasl_minimum_layer: 128
> servername: mail.wintess.com
> autocreatequota: 200000
> maxmessagesize: 0
> reject8bit: 0
> munge8bit: 0
> quotawarn: 90
> timeout: 30
> poptimeout: 10
> dracinterval: 0
> drachost: localhost
> sasl_pwcheck_method: saslauthd
> sasl_mech_list: PLAIN
> sievedir: /var/lib/imap/sieve
> sieve_maxscriptsize: 32
> sieve_maxscripts: 5
> sieve_allowplaintext: 1
> sendmail: /usr/sbin/sendmail
> #hashimapspool: true
> #defaultdomain: mail
> tls_cert_file: /etc/pki/tls/certs/wintess-imap.pem
> tls_key_file: /etc/pki/tls/certs/wintess-imap.pem
> tls_ca_file: /etc/pki/tls/certs/wintess-imap.pem
>
> /etc/sasl2/smtpd.conf:
>
> pwcheck_method: saslauthd
> mech_list: plain login
>
>
> ----



Almost sounds like you are running out of entropy.




-------------- next part --------------
A non-text attachment was scrubbed...
Name: boutilpj.vcf
Type: text/x-vcard
Size: 286 bytes
Desc: not available
URL: <http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20160214/91f1c5d7/attachment.vcf>

More information about the Info-cyrus mailing list