Okay so I figured out since this is a container and not a VM I can't install
haveged on it. Awesome I learned something. Okay now... Next question to solve
this insanity.
Can I point everything Cyrus/SASL and TLS Related to use urandom instead of
random?
I found this:
http://security.stackex
So I tried:
haveged -r 0
and the service now works but entropy is still 129
- Paul
> On Sep 11, 2015, at 8:03 PM, Patrick Boutilier wrote:
>
> Delete it. Then you can try to start havaged and see if it crashes again.
>
>
>> On 09/11/2015 08:30 PM, signaldevelo...@gmail.com wrote:
>> Hi Pat
Nope, dies instantly and locks it again. "Haveged dead but subsys locked"
- Paul
> On Sep 11, 2015, at 8:03 PM, Patrick Boutilier wrote:
>
> Delete it. Then you can try to start havaged and see if it crashes again.
>
>
>> On 09/11/2015 08:30 PM, signaldevelo...@gmail.com wrote:
>> Hi Patrick
Delete it. Then you can try to start havaged and see if it crashes again.
On 09/11/2015 08:30 PM, signaldevelo...@gmail.com wrote:
Hi Patrick,
Then do what with it?
- Paul
On Sep 11, 2015, at 3:53 PM, Patrick Boutilier wrote:
On 09/11/2015 04:12 PM, signaldevelo...@gmail.com wrote:
Andre
Hi Patrick,
Then do what with it?
- Paul
> On Sep 11, 2015, at 3:53 PM, Patrick Boutilier wrote:
>
>> On 09/11/2015 04:12 PM, signaldevelo...@gmail.com wrote:
>> Andre,
>>
>> Thanks for the info!! Two questions since sasl is still new to me:
>>
>> 1) How many processes should I have running?
I use imapproxy with Horde Webmail here. Assuming the proxy is using
cached connections instead of making a new connection each click, then I
would look into performance problems within Cyrus itself. It would be
interesting to see what IMAP commands Roundcube is issuing to Cyrus.
Perhaps it i
On 09/11/2015 04:12 PM, signaldevelo...@gmail.com wrote:
Andre,
Thanks for the info!! Two questions since sasl is still new to me:
1) How many processes should I have running? Is there an option
somewhere to adjust this or see it?
2) I installed havaged, but the process instantly crashes and t
Andre,
Thanks for the info!! Two questions since sasl is still new to me:
1) How many processes should I have running? Is there an option somewhere to
adjust this or see it?
2) I installed havaged, but the process instantly crashes and tells me a sub
system is locked when I try to restart it.
Hello,
By your numbers it seems that your machine is able to generate random numbers
at good speed. But the problem is WHEN and HOW OFTEN.
Afaik, the linux kernel waits too long to trigger the process to generate
random numbers and fast paced process spawning or ssl connections could deplet
I tried imapproxy. It is the same speed. And again, definitely not hardware
related.
I see in the logs in queries the proxy and that works fine but not sure why
it's still the same speed.
- Paul
> On Sep 11, 2015, at 2:47 PM, Andrew Morgan wrote:
>
>> On Thu, 10 Sep 2015, signaldevelo...@
On Thu, 10 Sep 2015, signaldevelo...@gmail.com wrote:
> Is there some type of log I can provide from Cyrus / sasl to help
> diagnose this better to the kolab guys? Other kolab guys I know say
> their entropy is right where I'm at and they aren't experiencing these
> slowness issues.
>
> Are the
Hello
This is difficult to diagnose, if not looking at the pool size.
No error is logged, it is only "slow" or even suffering hiccups on extreme loads
and or under specified cpu.
"Every time a process is started, or allocates memory, it will reduce the
entropy pool because entropy is used to ran
When I installed havaged the process died instantly and gives me a locked sub
system. If I restart it again, instantly dies again. Im on centos. Any ideas
why this is happening?
Anyone else experienced this?
- Paul
> On Sep 11, 2015, at 1:54 PM, Andre Felipe Machado
> wrote:
>
> Hello,
> W
Hello,
We setup haveged threshold at 2048 (its max pool size is 4096 , afaik) for our
high load cyrus imap servers.
At our cyrus imap servers the depletion bursts are amazing.
Watch the entropy available during your peak ours and you will get an overview
of your needs.
Regards.
Andre Felipe
Is there some type of log I can provide from Cyrus / sasl to help diagnose this
better to the kolab guys? Other kolab guys I know say their entropy is right
where I'm at and they aren't experiencing these slowness issues.
Are their sasl or Cyrus logs I can provide?
- Paul
> On Sep 10, 2015, a
Guys,
I ran cat /dev/urandom | rngtest -c 1000
and got:
rngtest: starting FIPS tests...
rngtest: bits received from input: 2032
rngtest: FIPS 140-2 successes: 998
rngtest: FIPS 140-2 failures: 2
rngtest: FIPS 140-2(2001-10-10) Monobit: 0
rngtest: FIPS 140-2(2001-10-10) Poker: 0
rngtest: FIPS
Andre,
Really? What should it be? I was curious and checked.. Entropy on some of my
other big time production servers for email is only about 200) and its
lightning fast?
- Paul
> On Sep 10, 2015, at 5:00 PM, Andre Felipe Machado
> wrote:
>
> Hello,
> Entropy of 158 is way too low for produ
Hello,
Entropy of 158 is way too low for production servers. And this *MAY* cause weird
slowness without logging any errors.
You could install "haveged" and configure for max threshold levels on production
servers.
https://packages.debian.org/search?keywords=haveged
Regards.
Andre Felipe
http://
Slow auth would be down to your authentication config or authentication daemon.
We run a custom saslauthd at FastMail and it's plenty fast, so that's purely
down to how Kolab is set up.
I don't know how Kolab works well enough to help here sorry.
Bron.
On Wed, Sep 9, 2015, at 08:04, signaldev
Bron,
So the kolab guys got back to me and said this is done purposely to check
against cache. I am CCing the kolab user list and fwith many active users who
are watching over this scenario and well as a few friends too.
Can you think of any other reasons that this auth process would be slow?
Bron,
I found the issue. I've logged this with Kolab. Their plugins are
initiating unneeded imap logins every time the user simply select a
message. If you are interested, here's the bug report.
https://issues.kolab.org/show_bug.cgi?id=5219
Thanks for all your help!!!
On Mon, Sep 7, 2015 at 1
Yeah, so tls to localhost is dumb. That's security theatre at its silliest.
Best to turn that off.
Here's some possibilities to make it not required:
imapd.conf:
allowplaintext: yes
sasl_mech_list: PLAIN LOGIN
There used to be a sasl layer thing we did too... "-p 1" in cyrus.conf for the
ima
Rudy,
Entropy is 158 I just looked. And as far as compiling against urandom, to be
honest I'm
not sure.
- Paul
> On Sep 6, 2015, at 9:50 PM, Rudy Gevaert wrote:
>
>
> Quoting signaldevelo...@gmail.com, Mon, 07 Sep 2015:
>
>> Hosts file is fine I checked that, thanks. Kolab uses 389 to
Hey Rudy!
As far as entropy: Probably not, it's brand new. One user (me.. Testing) is
playing on it. This is something I've never touched and know very little about,
can you explain?
And can you explain: Is saslauthd compiled against /dev/urandom?
Thanks again guys..
- Paul
Sent from my
Quoting signaldevelo...@gmail.com, Mon, 07 Sep 2015:
> Hosts file is fine I checked that, thanks. Kolab uses 389 to
> authenticate for everything, so Cyrus is using LDAP as you can see
> above. I think the problem lies in the constant TLS logins into
> Cyrus for every click:
>
> imap[2281]:
Haha hey bron. Sorry, I'm a 24/7 workaholic. :)
I don't think it's IO. It's a VM on a HA cluster. The node its on is 64GB of
RAM, I have 1 user and assigned everything to it for now. Everything else runs
beautifully on it the identical nodes. I have similar setups (non kolab) that
run off of do
On a Sunday night? Not really.
So Cyrus itself isn't this slow unless you have a horrible IO system
under it or so little RAM that you can't fit the entire index into
memory and it goes swapping.
A possible issue would be failed DNS resolution on every connect, so you
could check your hosts file
Anyone have any ideas on this?
On Sat, Sep 5, 2015 at 10:22 PM, Paul Bronson
wrote:
> Okay guys, I have put a lot of research into this so bear with me.
>
> Here's what I am up against. I have been working with RC (roundcube) for a
> long time and I know some awesome mySQL tweaks that work wonde
28 matches
Mail list logo
