Fix Kmail IMAP SSL Storm in Gentoo / Ubuntu
Symptoms
After a while (minutes) KMail (respectively akonadi_imap_resource which belongs to the ebuild kdepim-runtime) starts pounding the imaps (IMAP over SSL/TLS) service. In my IMAP log (cyrus imapd) I see Matrix-style messages these:
[..] Jan 21 17:05:24 atlantis imaps[1626]: accepted connection Jan 21 17:05:24 atlantis imaps[1626]: SSL_accept() incomplete -> wait Jan 21 17:05:24 atlantis imaps[58466]: accepted connection Jan 21 17:05:24 atlantis imaps[1627]: accepted connection Jan 21 17:05:24 atlantis imaps[1628]: SSL_accept() succeeded -> done Jan 21 17:05:24 atlantis imaps[58466]: SSL_accept() incomplete -> wait Jan 21 17:05:24 atlantis imaps[1625]: accepted connection Jan 21 17:05:24 atlantis imaps[1626]: SSL_accept() succeeded -> done [..]
On the client side you may notice remarkable traffic "backgroundnoise". I had a constant 500kbit/s just from these handshakes.
Problem
The Akonadi-resource seems to have a problem with the SSL/TLS fallback. See KDE Bug 316840 .
Solution
It's said to be fixed in KDE 4.12.0
Fix for Versions < 4.12.0 in Gentoo
Create a user patch from the patch provided by Christian Mollekopf for the ebuild of kdepimlibs (kdepimlibs-4.11.2-r1 at the time of writing):
# mkdir -p /etc/portage/patches/kde-base/kdepimlibs-4.11.2-r1 # wget -0 /etc/portage/patches/kde-base/kdepimlibs-4.11.2-r1/imap-ssl-storm.patch http://bugsfiles.kde.org/attachment.cgi?id=83637
and recompile kdepimlibs:
# emerge -1 kdepimlibs
Now stop KMail and akonadi:
$ akonadictl stop
As soon akonadi is gone, you can start KMail which now hopefully works and behaves as intended.
Important: If you include the version in the directory name, keep in mind to rename the directory of the patch any time the version of kdepim bumps until release 4.12 (where it should be fixed).
As an alternative you may save the patch in /etc/portage/patches/kde-base/kdepimlibs/ and emerge will try to apply the patch to any version you compile (including 4.12.x). So remember to remove it when no longer needed.
Fix for Versions < 4.12.0 in Ubuntu
We ned to patch the package kdepimlibs-kio-plugins (Version 4.11.3 in Saucy Salamander/13.10 at the time of writing):
Install the build tools:
# apt-get install build-essential
Get the source of the package and its build dependencies:
# apt-get build-dep kdepimlibs-kio-plugins $ apt-get source kdepimlibs-kio-plugins
Get and apply the patch:
$ cd kdepimlibs-4.11.3/ $ wget -O imap-ssl-storm.patch http://bugsfiles.kde.org/attachment.cgi?id=83637 $ patch -p1 < imap-ssl-storm.patch
Commit the changes to the package..
$ dpkg-source --commit
and build it.
$ dpkg-buildpackage
You can now install the package which has been generated:
$ cd .. # dpkg -i kdepimlibs-kio-plugins_4.11.3-0ubuntu0.1_amd64.deb