Andre, Thanks for the info!! Two questions since sasl is still new to me:
1) How many processes should I have running? Is there an option somewhere to adjust this or see it? 2) I installed havaged, but the process instantly crashes and tells me a sub system is locked when I try to restart it. Any ideas on that? (On centos 6) Thanks again! - Paul > On Sep 11, 2015, at 2:59 PM, Andre Felipe Machado > <andremach...@techforce.com.br> wrote: > > Hello, > > By your numbers it seems that your machine is able to generate random numbers > at good speed. But the problem is WHEN and HOW OFTEN. > > Afaik, the linux kernel waits too long to trigger the process to generate > random numbers and fast paced process spawning or ssl connections could > deplete pool before the process is triggered again. > > This is the problem that haveged could solve. Triggering a random numbers > generation at a higher threshold and at higher frequency. > > http://blog-ftweedal.rhcloud.com/2014/05/more-entropy-with-haveged/ > > Well, it is only ONE of possible causes of your problem. Unfortunately one > obscure and difficult to identify because it does not generate errors, > crashes or logs. Simply slowness. > > Had you checked disk latency? Does your servers have enough sasl processes? > > We use Debian and did not find haveged installation issues, so you will have > to search a bit more about your running errors. > > Regards. > > Andre Felipe > > http://www.techforce.com.br > > > > Paul Bronson <signaldevelo...@gmail.com> wrote .. > > Guys, > > I ran cat /dev/urandom | rngtest -c 1000 > > and got: > > rngtest: starting FIPS tests... > rngtest: bits received from input: 20000032 > rngtest: FIPS 140-2 successes: 998 > rngtest: FIPS 140-2 failures: 2 > rngtest: FIPS 140-2(2001-10-10) Monobit: 0 > rngtest: FIPS 140-2(2001-10-10) Poker: 0 > rngtest: FIPS 140-2(2001-10-10) Runs: 1 > rngtest: FIPS 140-2(2001-10-10) Long run: 1 > rngtest: FIPS 140-2(2001-10-10) Continuous run: 0 > rngtest: input channel speed: (min=22.980; avg=501.129; max=19073.486)Mibits/s > rngtest: FIPS tests speed: (min=98.317; avg=121.603; max=131.541)Mibits/s > rngtest: Program run time: 198018 microseconds > > > Does this look bad to you considering all of my slow SASL auths? (no haveged > is on at this point.. available entropy is between 131 - 160... pool size is > default 4096. > > I also tried installing haveged, which worked fine, but as soon as I started > the service it said something like process dead, sub sys locked... ? Sorry, > entropy is fairly new to me. > > > >> On Thu, Sep 10, 2015 at 5:24 PM, <signaldevelo...@gmail.com> wrote: >> Andre, >> >> Really? What should it be? I was curious and checked.. Entropy on some of my >> other big time production servers for email is only about 200) and its >> lightning fast? >> >> - Paul >> >> > On Sep 10, 2015, at 5:00 PM, Andre Felipe Machado >> > <andremach...@techforce.com.br> wrote: >> > >> > Hello, >> > Entropy of 158 is way too low for production servers. And this *MAY* cause >> > weird >> > slowness without logging any errors. >> > You could install "haveged" and configure for max threshold levels on >> > production >> > servers. >> > https://packages.debian.org/search?keywords=haveged >> > >> > Regards. >> > >> > Andre Felipe >> > http://www.techforce.com.br >> > >> > >> > >> > signaldevelo...@gmail.com wrote .. >> &g! t;> Ru dy, >> >> >> >> Entropy is 158 I just looked. And as far as compiling against urandom, to >> >> be >> > honest >> >> I'm >> >> not sure. >> >> >> >> - Paul >> >> >> >> >> >> >> >> >> >>> On Sep 6, 2015, at 9:50 PM, Rudy Gevaert <rudy.geva...@ugent.be> wrote: >> >>> >> >>> >> >>> Quoting signaldevelo...@gmail.com, Mon, 07 Sep 2015: >> >>> >> >>>> Hosts file is fine I checked that, thanks. Kolab uses 389 to >> >>>> authenticate for everything, so Cyrus is using LDAP as you can see >> >>>> above. I think the problem lies in the constant TLS logins into >> >>>> Cyrus for every click: >> >>>> >> >>>> imap[2281]: login: localhost [::1] john...@domain.com PLAIN+TLS User >> >>>> logged in >> >>>> SESSIONID=<es1.domain.com-2281-1441500890-1-15740725055571902363> >> >>>> Sep 5 20:54:51 es1 imap[2281]: USAGE john...@domain.com user: >> >>>> 0.009998 sys: 0.006999 >> >>>> >> >>>> >> >>>> Again its only one user, on roundcube... I am afraid to put any more >> >>>> users on it. There doesn't seem to be much of performance tweaks >> >>>> with Cyrus around the web either... >> >>> >> >>> does your system have enough entropy? >> >>> >> >>> Is saslauthd compiled against /dev/urandom? >> >>> >> >>> Rudy >> >>> >> >>> -- >> >>> -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- ! -- -- -- -- -- -- >> >>> Rudy Gevaert e-mail: rudy.geva...@ugent.be >> >>> Directie ICT, Afdeling Infrastructuur >> >>> Groep Systemen tel: +32 9 264 4750 >> >>> Universiteit Gent fax: +32 9 264 4994 >> >>> Krijgslaan 281, gebouw S9, 9000 Gent, Belgie www.UGent.be >> >>> -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- >> >>> > ;>> >> >>> ---- >> >>> Cyrus Home Page: http://www.cyrusimap.org/ >> >>> List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ >> >>> To Unsubscribe: >> >>> https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus >> >> ---- >> >> Cyrus Home Page: http://www.cyrusimap.org/ >> >> List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ >> >> To Unsubscribe: >> >> https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus >> > ---- >> > Cyrus Home Page: http://www.cyrusimap.org/ >> > List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ >> > To Unsubscribe: >> > https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus > > > > ---- > Cyrus Home Page: http://www.cyrusimap.org/ > List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ > To Unsubscribe: > https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
---- Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
