I'm having problems with getting the backend responding correctly in a murder cluster (using Simon Matter's 2.3.16 rpm built on CentOS 5.4). I've got it so that I can run cyradm and issue 'cm user.simon' on the frontend, see it make the mailbox on the backend, and doing 'ctl_mboxlist -d' on murder, frontend and backend all list the relevant backend location: user.simon 1 store-101.internal.example.com!default simon lrswipkxtecda However, when I run imtest and login on the frontend: . LIST "" "*" * LIST (\HasNoChildren) "." "INBOX" . OK Completed (0.000 secs 2 calls) . SELECT INBOX . NO Server(s) unavailable to complete operation Looking at the output of strace and syslogs on the backend, it appears that the backend is trying to make a new TLS connection back to itself rather than directly answering the incoming SELECT. Apr 26 13:24:09 store-101 imap[26128]: accepted connection Apr 26 13:24:09 store-101 master[26615]: about to exec /usr/lib/cyrus-imapd/imapd Apr 26 13:24:09 store-101 imap[26128]: login: switch-101.internal.example.com [10.10.10.37] simon DIGEST-MD5 User logged in Apr 26 13:24:09 store-101 imap[26615]: executed Apr 26 13:24:09 store-101 imap[26615]: accepted connection Apr 26 13:24:09 store-101 master[26616]: about to exec /usr/lib/cyrus-imapd/imapd Apr 26 13:24:09 store-101 imap[26616]: executed Apr 26 13:24:09 store-101 imap[26615]: skiplist: checkpointed /var/lib/imap/tls_sessions.db (1124 records, 206900 bytes) in 0 seconds Apr 26 13:24:09 store-101 imap[26615]: imapd:Loading hard-coded DH parameters Apr 26 13:24:09 store-101 imap[26615]: SSL_accept() incomplete -> wait Apr 26 13:24:09 store-101 imap[26128]: Doing a peer verify Apr 26 13:24:09 store-101 imap[26128]: Doing a peer verify Apr 26 13:24:09 store-101 imap[26128]: received server certificate Apr 26 13:24:09 store-101 imap[26128]: starttls: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits new client) no authentication Apr 26 13:24:09 store-101 imap[26615]: SSL_accept() succeeded -> done Apr 26 13:24:09 store-101 imap[26615]: starttls: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits new) no authentication Apr 26 13:24:09 store-101 imap[26128]: couldn't authenticate to backend server: no mechanism available Can anyone help me work out why the backend appears to be attempting to proxy onwards rather than answering the SELECT itself? =================== Backend imapd.conf: admins: cyrus cyrus-frontend allowallsubscribe: true allowplaintext: true allowusermoves: true configdirectory: /var/lib/imap delete_mode: delayed duplicate_db: skiplist expunge_mode: delayed hashimapspool: true improved_mboxlist_sort: true lmtp_downcase_rcpt: true mupdate_authname: cyrus-frontend mupdate_password: ******** mupdate_server: switch-102.internal.example.com mupdate_username: cyrus-frontend normalizeuid: true partition-default: /var/spool/imap proxyservers: cyrus-frontend ptscache_db: skiplist sasl_mech_list: PLAIN LOGIN DIGEST-MD5 sasl_pwcheck_method: auxprop servername: store-101.internal.example.com sievedir: /var/lib/imap/sieve statuscache_db: skiplist tlscache_db: skiplist tls_ca_file: /etc/pki/tls/certs/ca-bundle.crt tls_cert_file: /etc/ssl/certs/wildcard.pem tls_key_file: /etc/ssl/certs/wildcard.pem unix_group_enable: false ==================== Frontend imapd.conf: admins: cyrus allowplaintext: false allowusermoves: true configdirectory: /var/lib/imap delete_mode: delayed duplicate_db: skiplist expunge_mode: delayed improved_mboxlist_sort: true lmtp_downcase_rcpt: true mupdate_authname: cyrus-frontend mupdate_password: ******** mupdate_server: switch-102.internal.example.com mupdate_username: cyrus-frontend normalizeuid: true partition-default: /var/spool/imap proxy_authname: cyrus-frontend proxyd_disable_mailbox_referrals: true proxy_password: ******** ptscache_db: skiplist sasl_mech_list: PLAIN sasl_pwcheck_method: auxprop saslauthd serverlist: store-101.internal.example.com servername: switch-101.internal.example.com sieve_allowreferrals: false sievedir: /var/lib/imap/sieve sieveusehomedir: 0 statuscache_db: skiplist tlscache_db: skiplist tls_ca_file: /etc/pki/tls/certs/ca-bundle.crt tls_cert_file: /etc/ssl/certs/wildcard.pem tls_key_file: /etc/ssl/certs/wildcard.pem unix_group_enable: false ---- Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
