This has been bugging me for a while, and I've finally isolated the 
cause of my IMAP server hanging.  The server is running NetBSD/i386 1.6, 
with cyrus-imapd from pkgsrc.  It has a firewall in front of it, also 
running NetBSD/i386 1.6, which is tunnelling traffic via IPSEC with a 
machine at a remote office.

If a machine from the remote office connects to the IMAP port, the 
service hangs.  Specifically, the /usr/local/cyrus/bin/master process 
never returns from its select(2) call.  The select is on a bunch of 
fd's, including the socket that's listening for new connections on the 
IMAP port.  I can kill the master process and restart it, and everything 
works fine.  (Until somebody tries to connect from the remote office again.)

Here's tcpdump output from a bad packet.  My feeble knowledge of TCP 
says it looks fine:

gamera# tcpdump -vv -l -x host sedc.sri.com
tcpdump: listening on fxp0
13:50:39.727262 sedc.SRI.COM.42989 > gamera.mt.sri.com.imap: S [tcp sum 
ok] 1409559804:1409559804(0) win 24820 <nop,nop,sackOK,mss 1460> (ttl 
60, id 49965, len 48)
                          4500 0030 c32d 0000 3c06 f876 8012 2815
                          ce7f 4c7d a7ed 008f 5404 2cfc 0000 0000
                          7002 60f4 358a 0000 0101 0402 0204 05b4

Any insight into the cause of this problem would be much appreciated.

Chris

-- 
Chris Jones               chris@cjones.org                www.cjones.org