Sporadic TLS/STARTTLS negotitation failed
Hello, We run a cyrus-imap 2.5.11 server under FreeBSD and we are experiencing issues with TLS/STARTTLS negotiation failed entries in the log, which show as timeouts on the client side. It’s all different email clients and even our monitoring experiencing these failures. Other TLS services (https mostly) on the same server do not have these failures. There are also times when these errors ramp up and happen to most TLS clients, which is only solved by restarting cyrus. Has anyone else experiences these issues or have any tips on where to look to figure out the root cause? Thanks! Andrew Nichols Quadrant Newmedia supp...@quadrant.net 306.664.9100 Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Info-cyrus Digest, Vol 152, Issue 6
> > Am 07.03.2018 um 17:00 schrieb Andrew Nichols via Info-cyrus: >> Hello, >> >> We run a cyrus-imap 2.5.11 server under FreeBSD and we are experiencing >> issues with TLS/STARTTLS negotiation failed entries in the log, which show >> as timeouts on the client side. It?s all different email clients and even >> our monitoring experiencing these failures. Other TLS services (https >> mostly) on the same server do not have these failures. There are also times >> when these errors ramp up and happen to most TLS clients, which is only >> solved by restarting cyrus.Has anyone else experiences these issues or >> have any tips on where to look to figure out the root cause? > > Has your server enough entropy? > Specially cloud servers with no physical ports can run low on entropy > and the random number generator used for SSL/TLS stuff needs to way > until it is filled up again. > > To check the amount of bytes of entropy currently available, use > > |cat /proc/sys/kernel/random/entropy_avail From > https://serverfault.com/questions/214605/gpg-does-not-have-enough-entropy| > That’s what I had though at the start, but this is a physical server and /dev/random in FreeBSD is the same as /dev/urandom so it doesn’t block once seeded. Also, when this starts happening the other services on the machine that need entropy aren’t affected. Andrew Nichols Quadrant Newmedia supp...@quadrant.net 306.664.9100 Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
CPU usage issue with Append command (cyrus 3.0.6)
Hello, We've recently upgrade to cyrus 3.0.6 and we've been experiencing issue where imapd will get stuck in an Append and take 100% CPU time. The client doesn't see anything weird. I've tried leaving the processes to see if they resolve, but they never did. Doing a kill -TERM twice will kill the process. I did not notice any issues with cyrus 3.0.5, but we've been trying to get Xapian indexing going, so we moved to 3.0.6. Does anyone have any information on where I can look to rectify this issue? Here's an example of the ps output: 87556 cyrus 1 102 0 163M 24192K CPU7 7 1:56 96.71% imapd: imap: hostname> [] user.. Append (imapd) 89680 cyrus 1 102 0 163M 24280K CPU4 4 3:10 96.22% imapd: imap: hostname> [] user.. Append (imapd) 43932 cyrus 1 102 0 161M 23416K CPU5 5 1:41 96.17% imapd: imap: hostname> [] user.. Append (imapd) 81590 cyrus 1 102 0 163M 24976K CPU6 6 3:14 94.76% imapd: imap: hostname> [] user.. Append (imapd) -- Andrew Nichols Quadrant Newmedia and...@quadrant.net 306.664.9100 Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Re: CPU usage issue with Append command (cyrus 3.0.6)
> Date: Wed, 9 May 2018 08:27:33 -0400 > From: Ben Carter > > > For starters: > > strace one of the processes & see if it's making any system calls at all. > > pstack a process multiple times to get PC samples. > > gcore a process to get a core dump & take a look at the core dump with gdb. > > If you know that a specific account is likely to have this issue, enable > IMAP protocol logging for the account. This may tell you something. > > Ben > > On 05/08/2018 02:04 PM, Andrew Nichols via Info-cyrus wrote: >> Hello, >> >> We've recently upgrade to cyrus 3.0.6 and we've been experiencing issue >> where imapd will get stuck in an Append and take 100% CPU time.? The >> client doesn't see anything weird.? I've tried leaving the processes to >> see if they resolve, but they never did.? Doing a kill -TERM twice will >> kill the process.?? I did not notice any issues with cyrus 3.0.5, but >> we've been trying to get Xapian indexing going, so we moved to 3.0.6. >> >> Does anyone have any information on where I can look to rectify this issue? >> >> >> Here's an example of the ps output: >> >> 87556 cyrus 1 102 0 163M 24192K CPU7 7 1:56 96.71% imapd: imap: > hostname> [] user.. Append (imapd) >> 89680 cyrus 1 102 0 163M 24280K CPU4 4 3:10 96.22% imapd: imap: > hostname> [] user.. Append (imapd) >> 43932 cyrus 1 102 0 161M 23416K CPU5 5 1:41 96.17% imapd: imap: > hostname> [] user.. Append (imapd) >> 81590 cyrus 1 102 0 163M 24976K CPU6 6 3:14 94.76% imapd: imap: > hostname> [] user.. Append (imapd) >> I was watching the processes with truss, and they weren’t making any system calls or creating any network traffic. The examples I gave were all from the same user, but we were having multiple users cause the same issue. I was able to get some core dumps using gcore and it looks to be an issue in the new EOF code in 3.0.6. I’d added a bug report on GitHub. Andrew Andrew Nichols Quadrant Newmedia supp...@quadrant.net 306.664.9100 Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
