Fatal error: tls_start_servertls() failed

Müfit Eribol hme at onart.com.tr
Mon Feb 15 03:05:07 EST 2016 

On 15.02.2016 00:39, Patrick Boutilier via Info-cyrus wrote:
> On 02/14/2016 02:46 AM, Mufit Eribol via Info-cyrus wrote:
>> Hi All,
>>
>> I am running cyrus-imapd-2.4.17 on CentOS 7.2.1511 for appx. 20
>> mailboxes. I get the following messages every 10-12 days.
>>
>> imaps TLS negotiation failed: [ip address of a client]
>> Fatal error: tls_start_servertls() failed
>>
>> Although cyrus-imapd, saslauthd are still running after this error,
>> login credentials are not accepted. As I don't know where the problem
>> is, restart the server fixes the problem, well for another 10-12 days.
>>
>> I would appreciate any hint you may give.
>>
>> Thanks,
>> Mufit
>>
>> Below are the configuration files:
>>
>> /etc/cyrus.conf:
>> START {
>>    recover       cmd="ctl_cyrusdb -r"
>>    idled         cmd="idled"
>> }
>> SERVICES {
>> #  imap         cmd="imapd" listen="imap" prefork=5
>> imaplocal     cmd="imapd -C /etc/imapd-local.conf"
>> listen="127.0.0.1:imap" prefork=0
>>
>>    imaps         cmd="imapd -s" listen="imaps" prefork=1
>> imapslocal    cmd="imapd -C /etc/imapd-local.conf"
>> listen="127.0.0.1:imaps" prefork=0
>>
>> #  pop3         cmd="pop3d" listen="pop3" prefork=3
>> #  pop3s                cmd="pop3d -s" listen="pop3s" prefork=1
>>    sieve         cmd="timsieved" listen="sieve" prefork=0
>> sievelocal      cmd="timsieved -C /etc/imapd-local.conf"
>> listen="127.0.0.1:sieve" prefork=0
>>    # these are only necessary if receiving/exporting usenet via NNTP
>> #  nntp         cmd="nntpd" listen="nntp" prefork=3
>> #  nntps                cmd="nntpd -s" listen="nntps" prefork=1
>>
>> #  lmtp         cmd="lmtpd" listen="lmtp" prefork=0
>>    lmtpunix      cmd="lmtpd" listen="/var/lib/imap/socket/lmtp" 
>> prefork=1
>>
>> #  notify       cmd="notifyd" listen="/var/lib/imap/socket/notify"
>> proto="udp" prefork=1
>> }
>> EVENTS {
>>    checkpoint    cmd="ctl_cyrusdb -c" period=30
>>    delprune      cmd="cyr_expire -E 3" at=0400
>>    tlsprune      cmd="tls_prune" at=0400
>> }
>>
>> /etc/imapd.conf:
>> postmaster: postmaster
>> configdirectory: /var/lib/imap
>> partition-default: /var/spool/imap
>> #admins: cyrus
>> allowanonymouslogin: no
>> allowplaintext: no
>> #tls_require_cert: 1
>> sasl_minimum_layer: 128
>> servername: mail.wintess.com
>> autocreatequota: 200000
>> maxmessagesize: 0
>> reject8bit: 0
>> munge8bit: 0
>> quotawarn: 90
>> timeout: 30
>> poptimeout: 10
>> dracinterval: 0
>> drachost: localhost
>> sasl_pwcheck_method: saslauthd
>> sasl_mech_list: PLAIN
>> sievedir: /var/lib/imap/sieve
>> sieve_maxscriptsize: 32
>> sieve_maxscripts: 5
>> sieve_allowplaintext: 1
>> sendmail: /usr/sbin/sendmail
>> #hashimapspool: true
>> #defaultdomain: mail
>> tls_cert_file: /etc/pki/tls/certs/wintess-imap.pem
>> tls_key_file: /etc/pki/tls/certs/wintess-imap.pem
>> tls_ca_file: /etc/pki/tls/certs/wintess-imap.pem
>>
>> /etc/sasl2/smtpd.conf:
>>
>> pwcheck_method: saslauthd
>> mech_list: plain login
>>
>>
>> ----
>
> Almost sounds like you are running out of entropy.
>
Ups, a brand new term for me. Thank you for pointing out.

Sorry for my ignorance. How can I fix this problem? If it helps it is a 
small kvm VM with 2G allocated memory.

More information about the Info-cyrus mailing list