Kolab/Roundcube/iRony very slow/hangs

Daniel daniel at duerrenbuehl.de
Wed Aug 1 17:13:26 CEST 2018 

tldr;
Sending a calender invit to e.g. gmail-address(or any other) takes over 
30 minutes
and freezes the kolab installation completly during that time.


Hi everyone, I hit a dead end, searching the internet for a solution.
So I really hope you guys can help me.

I want to run kolab for my personal use on a virtual server with the 
following setup:

Hardware:
VM  server4you M8,  6 vCores, 8GB RAM, 4Gb swap ~200GB SSD storage

Operating system
  * Ubuntu 16.04.5 LTS
  * only IPv4(hoster does not yet provid ipv6)

Installed Software:
   * Kolab 16 -- like descriped in the wiki using 
http://obs.kolabsys.com/repositories/Kolab:/16/Ubuntu_16.04
   * fail2ban -- default settings for ssh
   * letsencrypt
   * up to date on all packages

Configuration/Modifications:
   * created TLS certificat via letsencrypt
     letsencrypt certonly --webroot -w /var/www/html/ -d my-domain.com

   * Apache is configured as the floowing:
     * modules enabled: headers, ssl
     * redirect port/all requests from 80 to 443
     * added TLS config
     * enambled the iRony.conf without modifications
     * See [1] for the whole apache2 config
     * test with ssllabs.com shows A+ rating :-)

   * Guam /etc/guam/sys.config
     * added tls certificats

   * postfix /etc/postfix/main.cf
     * only added/replaces tls certificats

   * Cyrus /etc/imapd.conf
     * only added/replaces tls certificats

   * dirsrv /etc/dirsrv/slapd-*/dse.ldif
     * added nsslapd-listenhost: 127.0.0.1
     * otherwise dirsrv listens on the internet

   * /etc/kolab/kolab.conf
     * I only changed the mailaddress creation, as I want only 
firstname at my-domain.com

What works good:
   * Creating a user
   * logging in into Roundcube via https
   * connecting via Thunderbrid imaps(993 SSL/TLS)/smtps(587 STARTTLS)
   * sending/receiving mails via Tunderbird and Roundcube works create 
and fast as well
   * Calender import and CalDav sync to Thunderbird and Android works 
good as well

What does not work good is very slow
   * Sending an Calender Invitation to another E-Mail-Addresse e.g. an 
gmail-address
     * sending an invit via Roundcube to an gmail-address
     * Event is added, and looks good
     * after approx 10sec. Roundcube Calender spins and says "Refreshing"
     * All events disapear during this time
     * Gmail receives the invit in approx 30 Minutes or longer
     * Looking at the runnning processes on the server via htop, it 
looks good. No process is running at a height cpu rate
     * During that time, I cannot sync mails, send mails from or to the 
kolab server

Load on the server
   Only 230 Calender events have been imported
   and maybe 10 mails have been send/received, so any imap access does 
not need to read trough a big database.
   Monitoring the processes on the server, do not indicate any 
bottlenecks. And the provided hardware should be plenty.


The look into the logs and could not indicate any issues, as far as I 
understand it. So I have no glue what it could be.
In addition I tried to use no tls for Roundcube connecting to imap, as 
some threads say it helps when it is slow, without luck.
But it's not just a bit slow, something hangs really bad and renders the 
system unusable.

disabling fail2ban has also no impact on this.

So any advice or experience with this kind of issue would be very 
appreciated.
And please tell me if you need more information/configs/logs.

Thank you

dan




[1]  /etc/apache2/sites-enabled/000-Default.conf
============================================================
     <VirtualHost *:80>
         ServerAdmin webmaster at localhost
         ErrorLog ${APACHE_LOG_DIR}/error.log
         CustomLog ${APACHE_LOG_DIR}/access.log combined
         ServerName my-domain.com
         Protocols h2 h2c http/1.1
         Redirect permanent / https://my-domain.com/
     </VirtualHost>

     Listen 443
     Protocols h2 h2c http/1.1
     SSLProtocol             all -SSLv3 -TLSv1 -TLSv1.1
     SSLCipherSuite 
ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:!TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384:!TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
     SSLHonorCipherOrder     on
     SSLCompression          off
     SSLSessionTickets       off
     SSLUseStapling          on
     SSLStaplingResponderTimeout 5
     SSLStaplingReturnResponderErrors off
     SSLStaplingCache        shmcb:/var/run/ocsp(128000)

     <VirtualHost *:443>
       ServerName my-domain.com
       Header always set Strict-Transport-Security "max-age=15768000"
       SSLEngine on
       SSLCertificateFile 
"/etc/letsencrypt/live/my-domain.com/fullchain.pem"
       SSLCertificateKeyFile 
"/etc/letsencrypt/live/my-domain.com/privkey.pem"
       SSLOpenSSLConfCmd DHParameters 
"/etc/letsencrypt/live/my-domain.com/dhparam.pem"
       ServerAdmin webmaster at localhost
       DocumentRoot /var/www/html

       ErrorLog ${APACHE_LOG_DIR}/error_ssl.log
       CustomLog ${APACHE_LOG_DIR}/access_ssl.log combined

       RewriteEngine on
       RewriteRule   "^/$"  "/webmail/"  [R]
     </VirtualHost>

More information about the users mailing list