I notice the following problem on my mail-system:
When the system load increases, once in a while, the number of tls
sessions explode (up to 2500 processes) and no user is connected to it.
During this, the system slows down and the only thing I can do is stop
and start the cyrus daemons.
Has anyone else noticed the same problem
If you need additional info, please ask
Freerk Bosscha
Noordelijke Hogeschool Leeuwarden
The Netherlands
e-mail: [EMAIL PROTECTED]
Mailsystem: RedHat 7.3 raid 5 with cyrus imap 2.1.11 and cyrus sasl
2.1.10
CPU: 686 dual processor 2 Gb internal and 300 Gb disk
All the accounts are validated through an openldap server (local).
Imap is compiled as follow:
./configure \
--with-auth=unix \
--enable-sieve \
--with-sasl=/usr/lib/sasl2 \
--with-openssl=../openssl-0.9.6g \
--with-ucdsnmp \
--with-duplicate-db=db3_nosync \
--with-mboxlist-db=skiplist \
--with-seen-db=skiplist \
--with-dbdir=/usr/local/BerkeleyDB.4.0
sasl is compiled as follow:
./configure \
--with-bdb-libdir=/usr/local/BerkeleyDB.4.0/lib \
--with-bdb-incdir=/usr/local/BerkeleyDB.4.0/include \
--disable-cram \
--disable-digest \
--with-pam \
--with-dblin=gdbm \
--with-saslauthd=/var/run/saslauthd \
--without-pwcheck \
--enable-login \
--enable-plain \
--with-rc4 \
--enable-static \
--with-pic \
--enable-shared \
--disable-java \
--disable-krb4
My cyrus.conf file looks like:
# standard standalone server implementation
START {
# do not delete these entries!
recover cmd="/usr/cyrus/bin/ctl_cyrusdb -r"
# this is only necessary if using idled for IMAP IDLE
# idled cmd="/usr/cyrus/bin/idled"
}
# UNIX sockets start with a slash and are put into /var/imap/socket
SERVICES {
# add or remove based on preferences
imap cmd="/usr/cyrus/bin/imapd" listen="imap" prefork=5
imaps cmd="/usr/cyrus/bin/imapd -s" listen="imaps" prefork=1
# pop3 cmd="/usr/cyrus/bin/pop3d" listen="pop3" prefork=0
# pop3s cmd="/usr/cyrus/bin/pop3d -s" listen="pop3s" prefork=0
sieve cmd="/usr/cyrus/bin/timsieved" listen="sieve" prefork=1
# at least one LMTP listener is required for proper delivery
# lmtp cmd="lmtpd" listen="/var/imap/socket/lmtp" prefork=5
lmtpunix cmd="lmtpd" listen="/var/imap/socket/lmtp" prefork=1
}
EVENTS {
# this is required
checkpoint cmd="/usr/cyrus/bin/ctl_cyrusdb -c" period=30
# this is only necessary if using duplicate delivery suppression
delprune cmd="/usr/cyrus/bin/ctl_deliver -E 3" period=1440
# this is only necessary if caching TLS sessions
tlsprune cmd="/usr/cyrus/bin/tls_prune" period=1440
}
my imapd.conf looks like
configdirectory: /var/imap
partition-default: /imap
admins: cyrus admin cyrusbeh
srvtab: /imap/srvtab
allowanonymouslogin: no
quotawarn: 90
umask: 077
tls_cert_file: /var/imap/server.pem
tls_key_file: /var/imap/server.pem
#
# Sieve parameters
#
sieveusehomedir: false
sievedir: /usr/sieve
sieve_maxscripts: 10
sendmail: /usr/sbin/sendmail
postmaster: postmaster
# To use the PAM for authentication (but not /etc/passwd or shadow), change
# the following line to specify "pam" instead of "sasldb".
#sasl_pwcheck_method: pam
sasl_pwcheck_method: saslauthd
--
Freerk J. Bosscha
tel. xx-31(0)58 2961435
fax. xx-31(0)58 2961466
e-mail: [EMAIL PROTECTED]
url: http://www.bosscha.nu/
