Sounds like your /dev/random is empty. You can compile with /dev/urandom or add a source of entropy... "Chris Pepper" <pepper@xxxxxxxxxxxxxx> wrote: > mail.reppep.com (CentOS 5) is running cyrus-imapd-2.3.7-7.el5_4.3, >along with SquirrelMail, postfix, etc. Last night, I noticed that when I >sent mail from Thunderbird, it was not able to file copies in the Sent >mailbox, although they did reach the recipients, so postfix was >accepting mail on 587/tcp. > > I restarted Cyrus IMAPd but don't see any error messages in >/var/log/maillog, and the cert & key look fine. SquirrelMail is fine >using plain IMAP. I opened 143/tcp in the firewall, and am able to fetch >mail via IMAP with STARTTLS, so it looks like the cert and key are fine. > > But "telnet mail.reppep.com 993" and openssl fail to get any response. >Port 993 is open to the Internet, FWIW. > > Does anyone have any suggestions for what went wrong and/or how to fix? >I'll try tcpdump next to see if it's responding at all. > > Alternatively, is there a way to make sure Cyrus requires STARTTLS on >143? I was blocking external access to it to make sure users always use >encryption to connect, but port 143 with STARTTLS required would be an >acceptable alternative. > >Thanks, > >Chris Pepper > >> pepper@imp:~$ !openssl >> openssl s_client -connect www.reppep.com:993 >> CONNECTED(00000003) >> 4284:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:/SourceCache/OpenSSL098/OpenSSL098-32/src/ssl/s23_lib.c:188: > > >> [root@inspector ~]# cat /etc/imapd.conf >> admins: cyrus >> altnamespace: yes >> configdirectory: /var/lib/imap >> duplicatesuppression: yes >> hashimapspool: no >> partition-default: /var/spool/imap >> servername: mail.reppep.com >> singleinstancestore: yes >> #syslog_prefix: cyrus >> unixhierarchysep: yes >> >> lmtp_downcase_rcpt: yes >> maxmessagesize: 20971520 >> sendmail: /usr/sbin/sendmail >> #quotawarn: 80 >> >> #allowplaintext: yes >> #allowplainwithouttls: yes >> sasl_pwcheck_method: saslauthd >> #imap_auth_login: yes >> #imap_auth_cram_md5: yes >> #imap_auth_plain: yes >> >> autocreateinboxfolders: Junk >> autocreatequota: -1 >> #autocreate_sieve_script: /etc/junk.sieve >> autocreate_sieve_compiledscript: /etc/sieve.bc >> autosievefolders: Junk >> autosubscribeinboxfolders: Junk >> createonpost: yes >> #sievedir: /var/lib/imap/sieve >> sieveusehomedir: true >> >> tls_ca_file: /etc/pki/tls/certs/mail.reppep.com.20100115.crt >> tls_cert_file: /etc/pki/tls/certs/mail.reppep.com.20100115.crt >> tls_key_file: /etc/pki/tls/private/mail.reppep.com.20080219.key >> tls_cipher_list: SSLv3:TLSv1:!NULL:!EXPORT:!DES:!LOW:@STRENGTH >> [root@inspector ~]# ls -l /etc/pki/tls/certs/mail.reppep.com.20100115.crt /etc/pki/tls/private/mail.reppep.com.20080219.key >> -rw-r--r-- 1 root root 6466 Oct 1 17:13 /etc/pki/tls/certs/mail.reppep.com.20100115.crt >> -rw-r----- 1 root mail 497 Feb 19 2008 /etc/pki/tls/private/mail.reppep.com.20080219.key >> [root@inspector ~]# netstat -an|grep LIST|grep tcp|sort -n >> tcp 0 0 0.0.0.0:110 0.0.0.0:* LISTEN >> tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN >> tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN >> tcp 0 0 0.0.0.0:143 0.0.0.0:* LISTEN >> tcp 0 0 0.0.0.0:2000 0.0.0.0:* LISTEN >> tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN >> tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN >> tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN >> tcp 0 0 0.0.0.0:587 0.0.0.0:* LISTEN >> tcp 0 0 0.0.0.0:993 0.0.0.0:* LISTEN >> tcp 0 0 0.0.0.0:995 0.0.0.0:* LISTEN >> tcp 0 0 10.0.104.200:53 0.0.0.0:* LISTEN >> tcp 0 0 :::110 :::* LISTEN >> tcp 0 0 127.0.0.1:10024 0.0.0.0:* LISTEN >> tcp 0 0 127.0.0.1:10025 0.0.0.0:* LISTEN >> tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN >> tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN >> tcp 0 0 :::143 :::* LISTEN >> tcp 0 0 ::1:953 :::* LISTEN >> tcp 0 0 :::2000 :::* LISTEN >> tcp 0 0 :::22 :::* LISTEN >> tcp 0 0 :::4242 :::* LISTEN >> tcp 0 0 :::443 :::* LISTEN >> tcp 0 0 :::5222 :::* LISTEN >> tcp 0 0 :::5223 :::* LISTEN >> tcp 0 0 :::5229 :::* LISTEN >> tcp 0 0 :::5269 :::* LISTEN >> tcp 0 0 66.92.104.200:53 0.0.0.0:* LISTEN >> tcp 0 0 :::8080 :::* LISTEN >> tcp 0 0 :::80 :::* LISTEN >> tcp 0 0 :::8483 :::* LISTEN >> tcp 0 0 :::9090 :::* LISTEN >> tcp 0 0 :::9091 :::* LISTEN >> tcp 0 0 :::993 :::* LISTEN >> tcp 0 0 :::995 :::* LISTEN >> tcp 0 0 ::ffff:127.0.0.1:4243 :::* LISTEN > >---- >Cyrus Home Page: http://www.cyrusimap.org/ >List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ -- Sent from my Android phone with K-9 Mail. Please excuse my brevity. ---- Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
