Bron, So the kolab guys got back to me and said this is done purposely to check against cache. I am CCing the kolab user list and fwith many active users who are watching over this scenario and well as a few friends too. Can you think of any other reasons that this auth process would be slow? Again it's not horribly slow just it's noticeable for those that use roundcube with less of this "check ins" from multiple roundcube plugins during each message select. I suspect that the four plugins mentioned in the bug I reported are checking in with IMAP with each and EVERY message view (just viewing messages without changing folders) They're wondering why my installation is so slow. Again, don't think it's the IO, it's running on a pretty high tech environment. Any logs or anything I can provide for further analysis on the Cyrus end of things? Thanks again man! - Paul > On Sep 7, 2015, at 12:26 AM, Bron Gondwana <brong@xxxxxxxxxxx> wrote: > > Yeah, so tls to localhost is dumb. That's security theatre at its silliest. Best to turn that off. > > Here's some possibilities to make it not required: > > imapd.conf: > allowplaintext: yes > sasl_mech_list: PLAIN LOGIN > > There used to be a sasl layer thing we did too... "-p 1" in cyrus.conf for the imapd line that listens on localhost will tell sasl that you already have a protection layer. > > Bron. > > >> On Mon, Sep 7, 2015, at 12:15, signaldeveloper@xxxxxxxxx wrote: >> Hey Rudy! >> >> As far as entropy: Probably not, it's brand new. One user (me.. Testing) is playing on it. This is something I've never touched and know very little about, can you explain? >> >> And can you explain: Is saslauthd compiled against /dev/urandom? >> >> Thanks again guys.. >> >> - Paul >> >> >> >> >> Sent from my iPhone >> >>> On Sep 6, 2015, at 9:50 PM, Rudy Gevaert <Rudy.Gevaert@xxxxxxxx> wrote: >>> >>> >>> Quoting signaldeveloper@xxxxxxxxx, Mon, 07 Sep 2015: >>> >>>> Hosts file is fine I checked that, thanks. Kolab uses 389 to >>>> authenticate for everything, so Cyrus is using LDAP as you can see >>>> above. I think the problem lies in the constant TLS logins into >>>> Cyrus for every click: >>>> >>>> imap[2281]: login: localhost [::1] johndoe@xxxxxxxxxx PLAIN+TLS User >>>> logged in >>>> SESSIONID=<es1.domain.com-2281-1441500890-1-15740725055571902363> >>>> Sep 5 20:54:51 es1 imap[2281]: USAGE johndoe@xxxxxxxxxx user: >>>> 0.009998 sys: 0.006999 >>>> >>>> >>>> Again its only one user, on roundcube... I am afraid to put any more >>>> users on it. There doesn't seem to be much of performance tweaks >>>> with Cyrus around the web either... >>> >>> does your system have enough entropy? >>> >>> Is saslauthd compiled against /dev/urandom? >>> >>> Rudy >>> >>> -- >>> -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- >>> Rudy Gevaert e-mail: Rudy.Gevaert@xxxxxxxx >>> Directie ICT, Afdeling Infrastructuur >>> Groep Systemen tel: +32 9 264 4750 >>> Universiteit Gent fax: +32 9 264 4994 >>> Krijgslaan 281, gebouw S9, 9000 Gent, Belgie www.UGent.be >>> -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- >>> >>> >>> ---- >>> Cyrus Home Page: http://www.cyrusimap.org/ >>> List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ >>> To Unsubscribe: >>> https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus >> ---- >> Cyrus Home Page: http://www.cyrusimap.org/ >> List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ >> To Unsubscribe: >> https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus > > > -- > Bron Gondwana > brong@xxxxxxxxxxx > ---- > Cyrus Home Page: http://www.cyrusimap.org/ > List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ > To Unsubscribe: > https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus ---- Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus