Upgrade to cyrus-imapd and connection drops when searching mailboxes

James B. Byrne byrnejb at harte-lyne.ca
Sat Jan 12 08:47:25 EST 2019 

On Fri, January 11, 2019 17:51, Michael Menge wrote:

Thank you for your assistance.

>
> have you configured a search engine? and have you enabled the
> conversation db.
> Xapian and Squatter seam to require enabled conversation db to use the
> search index. At least for squatter there is even a performance
> regression for TEXT search even if conversation db is enabled
> (https://github.com/cyrusimap/cyrus-imapd/issues/2598)

I do not believe that I have configured a search engine.
>
>
>> Are the longlock reports and the imap connection drop related?
>>
> An cyrus processes tires to gain access to the mailbox while an
> other process is still accessing it. If this takes to long the client
> might disconnect. You can try telemetry logging to discover what is
> happening.

>> If imap drops a connection is the reason for that event logged?  Can
>> it be logged?
>>
> The question is which side drops the connection the cyrus-imapd
> process or the imap client (squirrelmail)? tcpdum and telemetry
> logging might reveal the answer.

Squirrelmail reports that the IMAP server dropped the connection as
part of the error message. In any case, even if it is the squrrelmail
client that is dropping the connection one would expect that imap
service could report this event.

So the question remains, how does one log the cause of cyrus_imapd
dropping a connection?

As to the cause of the problem.  It was an excessive load on the imap
daemon from a persistent brute force attack.  A recent reconfiguration
and change of server host resulted in port 993 being opened to
unrestricted public access.  This attracted the usual assortment of
script kiddies, security 'researchers' of various ilk, and so forth. 
Closing that port down immediately resolved the issue.

Thanks for the suggestions. I will look into these now that the crisis
has passed.

Regards,

-- 
***          e-Mail is NOT a SECURE channel          ***
        Do NOT transmit sensitive data via e-Mail
 Do NOT open attachments nor follow links sent by e-Mail

James B. Byrne                mailto:ByrneJB at Harte-Lyne.ca
Harte & Lyne Limited          http://www.harte-lyne.ca
9 Brockley Drive              vox: +1 905 561 1241
Hamilton, Ontario             fax: +1 905 561 0757
Canada  L8E 3C3

More information about the Info-cyrus mailing list