imapd is trying to proxy because the entry "1 store-101.internal.example.com" tells it that it's remote, even though it is not. Theoretically this would work correctly with a unified murder configuration, where any machine can proxy for another, but it isn't implemented. The mailbox entry on the backend should look like; user.simon 0 default simon lrswipkxtecda I'm not sure how the mailbox list ended up with entries like that on your backend. Are you running mupdate there? There should probably be a warning in the docs about not starting mupdate on a backend, if there isn't already. To fix it, you may need to dump the db to text, use sed/awk/perl (pick your favorite) and change all the "1 servername!default" to "0 default", remove the old db and reload it. Hope that helps. -Brian On Mon, 26 Apr 2010 12:44:35 +0100 (BST), "Simon Beale" <simon@xxxxxxxxxxxx> wrote: > I'm having problems with getting the backend responding correctly in a > murder cluster (using Simon Matter's 2.3.16 rpm built on CentOS 5.4). I've > got it so that I can run cyradm and issue 'cm user.simon' on the frontend, > see it make the mailbox on the backend, and doing 'ctl_mboxlist -d' on > murder, frontend and backend all list the relevant backend location: > > user.simon 1 store-101.internal.example.com!default simon > lrswipkxtecda > > > However, when I run imtest and login on the frontend: > . LIST "" "*" > * LIST (\HasNoChildren) "." "INBOX" > . OK Completed (0.000 secs 2 calls) > . SELECT INBOX > . NO Server(s) unavailable to complete operation > > > Looking at the output of strace and syslogs on the backend, it appears > that the backend is trying to make a new TLS connection back to itself > rather than directly answering the incoming SELECT. > > Apr 26 13:24:09 store-101 imap[26128]: accepted connection > Apr 26 13:24:09 store-101 master[26615]: about to exec > /usr/lib/cyrus-imapd/imapd > Apr 26 13:24:09 store-101 imap[26128]: login: > switch-101.internal.example.com [10.10.10.37] simon DIGEST-MD5 User logged > in > Apr 26 13:24:09 store-101 imap[26615]: executed > Apr 26 13:24:09 store-101 imap[26615]: accepted connection > Apr 26 13:24:09 store-101 master[26616]: about to exec > /usr/lib/cyrus-imapd/imapd > Apr 26 13:24:09 store-101 imap[26616]: executed > Apr 26 13:24:09 store-101 imap[26615]: skiplist: checkpointed > /var/lib/imap/tls_sessions.db (1124 records, 206900 bytes) in 0 seconds > Apr 26 13:24:09 store-101 imap[26615]: imapd:Loading hard-coded DH > parameters > Apr 26 13:24:09 store-101 imap[26615]: SSL_accept() incomplete -> wait > Apr 26 13:24:09 store-101 imap[26128]: Doing a peer verify > Apr 26 13:24:09 store-101 imap[26128]: Doing a peer verify > Apr 26 13:24:09 store-101 imap[26128]: received server certificate > Apr 26 13:24:09 store-101 imap[26128]: starttls: TLSv1 with cipher > DHE-RSA-AES256-SHA (256/256 bits new client) no authentication > Apr 26 13:24:09 store-101 imap[26615]: SSL_accept() succeeded -> done > Apr 26 13:24:09 store-101 imap[26615]: starttls: TLSv1 with cipher > DHE-RSA-AES256-SHA (256/256 bits new) no authentication > Apr 26 13:24:09 store-101 imap[26128]: couldn't authenticate to backend > server: no mechanism available > > Can anyone help me work out why the backend appears to be attempting to > proxy onwards rather than answering the SELECT itself? > > =================== > Backend imapd.conf: > > admins: cyrus cyrus-frontend > allowallsubscribe: true > allowplaintext: true > allowusermoves: true > configdirectory: /var/lib/imap > delete_mode: delayed > duplicate_db: skiplist > expunge_mode: delayed > hashimapspool: true > improved_mboxlist_sort: true > lmtp_downcase_rcpt: true > mupdate_authname: cyrus-frontend > mupdate_password: ******** > mupdate_server: switch-102.internal.example.com > mupdate_username: cyrus-frontend > normalizeuid: true > partition-default: /var/spool/imap > proxyservers: cyrus-frontend > ptscache_db: skiplist > sasl_mech_list: PLAIN LOGIN DIGEST-MD5 > sasl_pwcheck_method: auxprop > servername: store-101.internal.example.com > sievedir: /var/lib/imap/sieve > statuscache_db: skiplist > tlscache_db: skiplist > tls_ca_file: /etc/pki/tls/certs/ca-bundle.crt > tls_cert_file: /etc/ssl/certs/wildcard.pem > tls_key_file: /etc/ssl/certs/wildcard.pem > unix_group_enable: false > > > ==================== > Frontend imapd.conf: > > admins: cyrus > allowplaintext: false > allowusermoves: true > configdirectory: /var/lib/imap > delete_mode: delayed > duplicate_db: skiplist > expunge_mode: delayed > improved_mboxlist_sort: true > lmtp_downcase_rcpt: true > mupdate_authname: cyrus-frontend > mupdate_password: ******** > mupdate_server: switch-102.internal.example.com > mupdate_username: cyrus-frontend > normalizeuid: true > partition-default: /var/spool/imap > proxy_authname: cyrus-frontend > proxyd_disable_mailbox_referrals: true > proxy_password: ******** > ptscache_db: skiplist > sasl_mech_list: PLAIN > sasl_pwcheck_method: auxprop saslauthd > serverlist: store-101.internal.example.com > servername: switch-101.internal.example.com > sieve_allowreferrals: false > sievedir: /var/lib/imap/sieve > sieveusehomedir: 0 > statuscache_db: skiplist > tlscache_db: skiplist > tls_ca_file: /etc/pki/tls/certs/ca-bundle.crt > tls_cert_file: /etc/ssl/certs/wildcard.pem > tls_key_file: /etc/ssl/certs/wildcard.pem > unix_group_enable: false > > > ---- > Cyrus Home Page: http://cyrusimap.web.cmu.edu/ > Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html ---- Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
