Just to follow up and help others with similar problem, here is what
I did.
- Research showed that entropy is needed and low entropy is a
typical problem of headless servers where there is no mouse and
keyboard connected.
- Installed munin to check entropy levels by time. During the two
hours of observation, it went down as low as 160 and went up to a
maximum of 850. I think the minimum is pretty low compared to the
levels talked on the internet.
- Installed haveged utility and adjusted the entropy pool for 2048.
- It is now stabilized around 2048.
I believe this was the problem with my server. Thank you Patrick for
taking my attention to magic word "entropy".
I am now monitoring the server to verify.
On 15.02.2016 00:39, Patrick Boutilier
via Info-cyrus wrote:
On
02/14/2016 02:46 AM, Mufit Eribol via Info-cyrus wrote:
Hi All,
I am running cyrus-imapd-2.4.17 on CentOS 7.2.1511 for appx. 20
mailboxes. I get the following messages every 10-12 days.
imaps TLS negotiation failed: [ip address of a client]
Fatal error: tls_start_servertls() failed
Although cyrus-imapd, saslauthd are still running after this
error,
login credentials are not accepted. As I don't know where the
problem
is, restart the server fixes the problem, well for another 10-12
days.
I would appreciate any hint you may give.
Thanks,
Mufit
Below are the configuration files:
/etc/cyrus.conf:
START {
recover cmd="ctl_cyrusdb -r"
idled cmd="idled"
}
SERVICES {
# imap cmd="imapd" listen="imap" prefork=5
imaplocal cmd="imapd -C /etc/imapd-local.conf"
listen="127.0.0.1:imap" prefork=0
imaps cmd="imapd -s" listen="imaps" prefork=1
imapslocal cmd="imapd -C /etc/imapd-local.conf"
listen="127.0.0.1:imaps" prefork=0
# pop3 cmd="pop3d" listen="pop3" prefork=3
# pop3s cmd="pop3d -s" listen="pop3s" prefork=1
sieve cmd="timsieved" listen="sieve" prefork=0
sievelocal cmd="timsieved -C /etc/imapd-local.conf"
listen="127.0.0.1:sieve" prefork=0
# these are only necessary if receiving/exporting usenet via
NNTP
# nntp cmd="nntpd" listen="nntp" prefork=3
# nntps cmd="nntpd -s" listen="nntps" prefork=1
# lmtp cmd="lmtpd" listen="lmtp" prefork=0
lmtpunix cmd="lmtpd" listen="/var/lib/imap/socket/lmtp"
prefork=1
# notify cmd="notifyd"
listen="/var/lib/imap/socket/notify"
proto="udp" prefork=1
}
EVENTS {
checkpoint cmd="ctl_cyrusdb -c" period=30
delprune cmd="cyr_expire -E 3" at=0400
tlsprune cmd="tls_prune" at=0400
}
/etc/imapd.conf:
postmaster: postmaster
configdirectory: /var/lib/imap
partition-default: /var/spool/imap
#admins: cyrus
allowanonymouslogin: no
allowplaintext: no
#tls_require_cert: 1
sasl_minimum_layer: 128
servername: mail.wintess.com
autocreatequota: 200000
maxmessagesize: 0
reject8bit: 0
munge8bit: 0
quotawarn: 90
timeout: 30
poptimeout: 10
dracinterval: 0
drachost: localhost
sasl_pwcheck_method: saslauthd
sasl_mech_list: PLAIN
sievedir: /var/lib/imap/sieve
sieve_maxscriptsize: 32
sieve_maxscripts: 5
sieve_allowplaintext: 1
sendmail: /usr/sbin/sendmail
#hashimapspool: true
#defaultdomain: mail
tls_cert_file: /etc/pki/tls/certs/wintess-imap.pem
tls_key_file: /etc/pki/tls/certs/wintess-imap.pem
tls_ca_file: /etc/pki/tls/certs/wintess-imap.pem
/etc/sasl2/smtpd.conf:
pwcheck_method: saslauthd
mech_list: plain login
----
Almost sounds like you are running out of entropy.
----
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
|
----
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
