Re: Odd problem: IMAP/S suddenly not working, but no errors, and IMAP still works

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Sounds like your /dev/random is empty. You can compile with /dev/urandom or add a source of entropy...

"Chris Pepper" <pepper@xxxxxxxxxxxxxx> wrote:

>	mail.reppep.com (CentOS 5) is running cyrus-imapd-2.3.7-7.el5_4.3, 
>along with SquirrelMail, postfix, etc. Last night, I noticed that when I 
>sent mail from Thunderbird, it was not able to file copies in the Sent 
>mailbox, although they did reach the recipients, so postfix was 
>accepting mail on 587/tcp.
>
>	I restarted Cyrus IMAPd but don't see any error messages in 
>/var/log/maillog, and the cert & key look fine. SquirrelMail is fine 
>using plain IMAP. I opened 143/tcp in the firewall, and am able to fetch 
>mail via IMAP with STARTTLS, so it looks like the cert and key are fine.
>
>	But "telnet mail.reppep.com 993" and openssl fail to get any response. 
>Port 993 is open to the Internet, FWIW.
>
>	Does anyone have any suggestions for what went wrong and/or how to fix? 
>I'll try tcpdump next to see if it's responding at all.
>
>	Alternatively, is there a way to make sure Cyrus requires STARTTLS on 
>143? I was blocking external access to it to make sure users always use 
>encryption to connect, but port 143 with STARTTLS required would be an 
>acceptable alternative.
>
>Thanks,
>
>Chris Pepper
>
>> pepper@imp:~$ !openssl
>> openssl s_client -connect www.reppep.com:993
>> CONNECTED(00000003)
>> 4284:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:/SourceCache/OpenSSL098/OpenSSL098-32/src/ssl/s23_lib.c:188:
>
>
>> [root@inspector ~]# cat /etc/imapd.conf
>> admins: cyrus
>> altnamespace: yes
>> configdirectory: /var/lib/imap
>> duplicatesuppression: yes
>> hashimapspool: no
>> partition-default: /var/spool/imap
>> servername: mail.reppep.com
>> singleinstancestore: yes
>> #syslog_prefix: cyrus
>> unixhierarchysep: yes
>>
>> lmtp_downcase_rcpt: yes
>> maxmessagesize: 20971520
>> sendmail: /usr/sbin/sendmail
>> #quotawarn: 80
>>
>> #allowplaintext: yes
>> #allowplainwithouttls: yes
>> sasl_pwcheck_method: saslauthd
>> #imap_auth_login: yes
>> #imap_auth_cram_md5: yes
>> #imap_auth_plain: yes
>>
>> autocreateinboxfolders:      Junk
>> autocreatequota: -1
>> #autocreate_sieve_script: /etc/junk.sieve
>> autocreate_sieve_compiledscript: /etc/sieve.bc
>> autosievefolders: Junk
>> autosubscribeinboxfolders:   Junk
>> createonpost: yes
>> #sievedir: /var/lib/imap/sieve
>> sieveusehomedir: true
>>
>> tls_ca_file:   /etc/pki/tls/certs/mail.reppep.com.20100115.crt
>> tls_cert_file: /etc/pki/tls/certs/mail.reppep.com.20100115.crt
>> tls_key_file:  /etc/pki/tls/private/mail.reppep.com.20080219.key
>> tls_cipher_list: SSLv3:TLSv1:!NULL:!EXPORT:!DES:!LOW:@STRENGTH
>> [root@inspector ~]# ls -l /etc/pki/tls/certs/mail.reppep.com.20100115.crt /etc/pki/tls/private/mail.reppep.com.20080219.key
>> -rw-r--r-- 1 root root 6466 Oct  1 17:13 /etc/pki/tls/certs/mail.reppep.com.20100115.crt
>> -rw-r----- 1 root mail  497 Feb 19  2008 /etc/pki/tls/private/mail.reppep.com.20080219.key
>> [root@inspector ~]# netstat -an|grep LIST|grep tcp|sort -n
>> tcp        0      0 0.0.0.0:110                 0.0.0.0:*                   LISTEN
>> tcp        0      0 0.0.0.0:111                 0.0.0.0:*                   LISTEN
>> tcp        0      0 0.0.0.0:139                 0.0.0.0:*                   LISTEN
>> tcp        0      0 0.0.0.0:143                 0.0.0.0:*                   LISTEN
>> tcp        0      0 0.0.0.0:2000                0.0.0.0:*                   LISTEN
>> tcp        0      0 0.0.0.0:25                  0.0.0.0:*                   LISTEN
>> tcp        0      0 0.0.0.0:3306                0.0.0.0:*                   LISTEN
>> tcp        0      0 0.0.0.0:445                 0.0.0.0:*                   LISTEN
>> tcp        0      0 0.0.0.0:587                 0.0.0.0:*                   LISTEN
>> tcp        0      0 0.0.0.0:993                 0.0.0.0:*                   LISTEN
>> tcp        0      0 0.0.0.0:995                 0.0.0.0:*                   LISTEN
>> tcp        0      0 10.0.104.200:53             0.0.0.0:*                   LISTEN
>> tcp        0      0 :::110                      :::*                        LISTEN
>> tcp        0      0 127.0.0.1:10024             0.0.0.0:*                   LISTEN
>> tcp        0      0 127.0.0.1:10025             0.0.0.0:*                   LISTEN
>> tcp        0      0 127.0.0.1:53                0.0.0.0:*                   LISTEN
>> tcp        0      0 127.0.0.1:953               0.0.0.0:*                   LISTEN
>> tcp        0      0 :::143                      :::*                        LISTEN
>> tcp        0      0 ::1:953                     :::*                        LISTEN
>> tcp        0      0 :::2000                     :::*                        LISTEN
>> tcp        0      0 :::22                       :::*                        LISTEN
>> tcp        0      0 :::4242                     :::*                        LISTEN
>> tcp        0      0 :::443                      :::*                        LISTEN
>> tcp        0      0 :::5222                     :::*                        LISTEN
>> tcp        0      0 :::5223                     :::*                        LISTEN
>> tcp        0      0 :::5229                     :::*                        LISTEN
>> tcp        0      0 :::5269                     :::*                        LISTEN
>> tcp        0      0 66.92.104.200:53            0.0.0.0:*                   LISTEN
>> tcp        0      0 :::8080                     :::*                        LISTEN
>> tcp        0      0 :::80                       :::*                        LISTEN
>> tcp        0      0 :::8483                     :::*                        LISTEN
>> tcp        0      0 :::9090                     :::*                        LISTEN
>> tcp        0      0 :::9091                     :::*                        LISTEN
>> tcp        0      0 :::993                      :::*                        LISTEN
>> tcp        0      0 :::995                      :::*                        LISTEN
>> tcp        0      0 ::ffff:127.0.0.1:4243       :::*                        LISTEN
>
>----
>Cyrus Home Page: http://www.cyrusimap.org/
>List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/

-- 
Sent from my Android phone with K-9 Mail. Please excuse my brevity.
----
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/


[Index of Archives]     [Cyrus SASL]     [Squirrel Mail]     [Asterisk PBX]     [Video For Linux]     [Photo]     [Yosemite News]     [gtk]     [KDE]     [Gimp on Windows]     [Steve's Art]

  Powered by Linux