On 11/1/10 11:21 AM, Simon Matter wrote: >> On 11/1/10 10:46 AM, Simon Matter wrote: >>>> Bron, >>>> >>>> My Cyrus is from RPM, and I am just nursing it along until my users >>>> finish migrating off and FastMail manages to complete my own migration, >>>> so I don't want to build from source. Why would IMAP/S block on empty >>>> /dev/random, while IMAP+STARTTLS works? FWIW, SASL2 seems to use >>>> urandom. >>> >>> If this is really stock CentOS 5 then I think everything Cyrus related >>> should use /dev/urandom and not /dev/random. But, could it be that other >>> software you installed uses /dev/random and makes it "empty"? >> >> Most things are CentOS RPMs (thanks for those! ;), with a few from >> RPMforge. >> >>> [root@inspector ~]# rpm -q cyrus-imapd amavisd-new clamav spamassassin >>> postfix httpd mod_ssl >>> cyrus-imapd-2.3.7-7.el5_4.3 >>> amavisd-new-2.6.4-3.el5.rf >>> clamav-0.96.4-1.el5.rf >>> spamassassin-3.3.1-3.el5.rf >>> postfix-2.3.3-2.1.el5_2 >>> httpd-2.2.3-43.el5.centos.3 >>> mod_ssl-2.2.3-43.el5.centos.3 >> >> Which still leaves me thinking my port 993 problem isn't entropy, because >> STARTTLS works fine. > > That's my impression from the beginning, because lack of entropy has not > been a known problem on the RHEL/CentOS configs. That's not much help of > course. > > If you already restarted master and you know it's not stuck somehow, then > the only thing I could think to check is your > /var/lib/imap/tls_sessions.db database. I don't know if a broken TLS db > could result in what you see but better check it out. Interesting. I moved tls_sessions.db aside & restarted IMAPd, and it's apparently in a new format -- perhaps the default format has changed since it was first created. But 993 is still open but not responsive. I am going to try disabling Cyrus' IMAP/SSL and swapping in stunnel, as Rob @ FastMail has suggested as a workaround. Thanks, Chris > [root@inspector imap]# ls -l tls* > -rw------- 1 cyrus mail 8192 Nov 1 11:27 tls_sessions.db > -rw------- 1 cyrus mail 1976 Nov 1 11:27 tls_sessions.db.BAD > [root@inspector imap]# file tls* > tls_sessions.db: Berkeley DB (Btree, version 9, native byte-order) > tls_sessions.db.BAD: Cyrus skiplist DB -- Chris Pepper: <http://cbio.mskcc.org/> <http://www.extrapepperoni.com/> ---- Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
