From: Gyorgy Knyihar (no email)
Date: Fri Sep 28 2007 - 10:27:57 EDT
Hi Alain,
Quoting Alain Spineux <>:
> On 9/22/07, Gyorgy Knyihar <> wrote:
>> Hello Simon,
>>
>> I reconstructed all mailboxes but it did not help.
>> I found that the service outages happen usually during nights.
>> There were two backups run by cron every night which gzipped a lot of data.
>> I disabled these CPU intensive backups and the cyrus processes are
>> stable for more than 6 days now. I can understand why pop3s, imaps
>> request timed out during the CPU sensitive backups but I still don't
>> understand why only restart helped. I tried to run the backups with
>> lower priority using nice but it did not help.
>>
>> Thanks for your help.
>
> Hi
> If you have TLS error, you could try to switch from /dev/random to
> /dev/urandom
> TLS should use /dev/random to create session keys using self machine
> entropy (activity on the machine) and block when the "entropy buffer"
> is empty. Unblocking (u)random use also entropy buffer but switch to
> predictable random number when entropy is empty and then never block.
> Maybe you could try to make a link from random to urandom for testing.
>
> # rm /dev/random
> # ln /dev/urandom /dev/random
>
> About you lmtp socket and chrooted postfix, why not to setup option
> lmtpsocket in imapd.conf to point into postfix directory. Be careful
> to the file and directory right!
Thanks for your help. I will try this.
Regards, Gyorgy
>
>
>>
>> Regards, Gyorgy
>>
>> Idézet (Gyorgy Knyihar <>):
>>
>> > Hello Simon,
>> >
>> > Thank you very much for your help.
>> > Please see my answers below.
>> >
>> > Idezet (Simon Matter <>):
>> >
>> >>> Hello Simon,
>> >>>
>> >>> I tried you suggestion and there are no more
>> >>> "Sep 3 07:45:59 srv1 deliver[20650]:
>> >>> connect(/var/lib/imap/socket/lmtp) failed: Connection refused"
>> >>> messages appearing in the error log file.
>> >>>
>> >>> Many thanks for your help.
>> >>>
>> >>> I run postfix chrooted so a hardlink pointing to
>> >>> /var/lib/imap/socket/lmtp was required in
>> >>> /var/spool/postfix/var/lib/imap/socket directory. This needs to be
>> >>> refreshed every time cyrus is restarted.
>> >>
>> >> It's much easier to make lmtp not chrooted. Simply remove the chroot
>> >> option from lmtp service in master.cf. I don't think that's a
>> big security
>> >> problem.
>> >
>> > Yes, this sounds easier, thanks.
>> >
>> >>
>> >>>
>> >>> But my collegaues told me that this is not the only problem. Cyrus
>> >>> pop3, pop3s, imap and imaps services become unavailable time to time.
>> >>> And only restart helps.
>> >>> Delivery from postfix to cyrus mailboxes via this new setup (direct
>> >>> lmtp) is OK during the outage of pop3, pop3s, imap, imaps service. The
>> >>> services don't die at the same time. Sometimes imap dies but pop3
>> >>> still works. Restart helps. It is really strange. It was a stable
>> >>> system before and nothing was changed. I could find only the following
>> >>> errormessages in the log files:
>> >>>
>> >>> Sep 8 01:35:00 srv1 pop3s[15591]: Fatal error: tls_start_servertls()
>> >>> failed
>> >>> Sep 8 01:37:09 srv1 imaps[15687]: Fatal error: tls_start_servertls()
>> >>> failed
>> >>
>> >> Do you only have problems with pop3s and imaps, or also with pop3 and
>> >> imap? If it's only SSL/TLS, there yould be a problem with /dev/random and
>> >> you should try using /dev/urandom instead. Otherwise it could be that one
>> >> or more of your cyrus databases are corrupt. Did you try a reconstruct on
>> >> all you mailboxes?
>> >
>> > It is a problem with pop3 and imap as well. I monitor the services
>> > with nagios running on the same machine and there are problems with
>> > all services.
>> > Time to time these services die and only restart helps.
>> > I haven't tried to reconstruct mailboxes yet. I will try.
>> > I don't know if it does matter but lot of users are over their quota.
>> >
>> > Thanks a lot for your help.
>> >
>> > Regards, Gyorgy
>> >
>> >>
>> >> Simon
>> >>
>> >>>
>> >>> and
>> >>>
>> >>> Sep 8 02:17:47 srv1 cyrus-master[20423]: pop3 has -5 workers?!?
>> >>>
>> >>> There are many of such messages. I can access my mailbox using TLS
>> >>> without any problem.
>> >>>
>> >>> Any help would be appreciated.
>> >>>
>> >>> Thanks, Gyorgy
>> >>>
>> >>> IdĂ(c)zet (Simon Matter <>):
>> >>>
>> >>>>> Hello,
>> >>>>>
>> >>>>> We had a properly working postfix + cyrus-imap system till 23rd of
>> >>>>> July. Then messages like the below one started to appear in the log
>> >>>>> file.
>> >>>>>
>> >>>>> Sep 3 07:45:59 srv1 deliver[20650]:
>> >>>>> connect(/var/lib/imap/socket/lmtp) failed: Connection refused
>> >>>>>
>> >>>>> The postfix log shows:
>> >>>>>
>> >>>>> Sep 3 07:45:59 srv1 postfix/pipe[19972]: B88D01DC8EF8: to=<xxx@
>> >>>>> srv1.xxx.xx>, orig_to=<>, relay=cyrus-deliver, delay=2
>> >>>>> 49424, status=deferred (temporary failure. Command output: couldn't
>> >>>>> connect to l
>> >>>>> mtpd: Connection refused_ 421 4.3.0 deliver: couldn't connect
>> to lmtpd_
>> >>>>> )
>> >>>>>
>> >>>>>
>> >>>>> Do you have any ideas what could happen? It worked fine before.
>> >>>>>
>> >>>>>
>> >>>>> cyrus.conf contains:
>> >>>>>
>> >>>>> # at least one LMTP is required for delivery
>> >>>>> # lmtp cmd="lmtpd" listen="lmtp" prefork=0
>> >>>>> lmtpunix cmd="lmtpd" listen="/var/lib/imap/socket/lmtp"
>> >>>>> prefork=5
>> >>>>>
>> >>>>>
>> >>>>> postfix/master.cf contains:
>> >>>>>
>> >>>>> cyrus-deliver unix - n n - - pipe
>> >>>>> user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m
>> >>>>> ${extension} ${user}
>> >>>>>
>> >>>>>
>> >>>>> postfix/main.cf contains:
>> >>>>>
>> >>>>> mailbox_transport = cyrus-deliver
>> >>>>
>> >>>> Hi,
>> >>>>
>> >>>> I don't know why things suddenly fail but you shouldn't use the cyrus
>> >>>> transport anymore. You should use lmtp as a mailtransport directly. If
>> >>>> your postfix setup isn't somehow exotic you should be able to simply
>> >>>> switch with this config:
>> >>>> mailbox_transport = lmtp:unix:/var/lib/imap/socket/lmtp
>> >>>>
>> >>>> Maybe you could give it a try.
>> >>>>
>> >>>> Simon
>> >>>>
>> >>>>
>> >>>
>> >>>
>> >>>
>> >>> ----
>> >>> Cyrus Home Page: http://cyrusimap.web.cmu.edu/
>> >>> Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
>> >>> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
>> >>
>> >
>> >
>> >
>> > ----
>> > Cyrus Home Page: http://cyrusimap.web.cmu.edu/
>> > Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
>> > List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
>>
>>
>>
>> ----
>> Cyrus Home Page: http://cyrusimap.web.cmu.edu/
>> Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
>> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
>
>
> --
> Alain Spineux
> aspineux gmail com
> May the sources be with you
>
---- Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
|
|
|