Re: telnet 993 asks for PEM passphrase

Wed, 22 Aug 2001 21:06:17 -0700 

chirs charter wrote:
> So run the following then:
>
> openssl rsa -in file.key -out newfile.key
>
That's right.

> Does this pose a potential security threat though?

It depends. If someone gets access to your key then they can pretend to be
you. If you keep your key secure then you'll be fine. I'm no crypto expert,
but I think it's reasonably standard for server keys to have no password,
since many servers need to start up without interactive input.

> Also do I need inetd running ? Many of the HOW TOs
> mention the presence of inetd but I am under the
> impression that this is what the 'master' program's
> responsibility is.

No you don't need inetd for IMAPd. Check /etc/inetd.conf to see whether
there's any other services there that you need before you kill it though. If
you don't kill inetd at least remove imap related entries from
/etc/inetd.conf.

> I have noticed though if I kill
> inetd I get the following which seems a bit spartan
> no?
>
> catfish# ps -ef | grep inetd
>     root  1627     1  0 21:30:54 ?        0:00
> /usr/sbin/inetd -s
> catfish# kill 1627
> catfish# telnet localhost 993
> Trying 127.0.0.1...
> Connected to localhost.
> Escape character is '^]'.
>
A bit spartan... You'd need a very advanced mail client to display your mail
with so little to go on... although it _is_ very secure ;-)

Make sure that /etc/cyrus.conf looks a bit like:
----
START {
  # do not delete these entries!
  mboxlist  cmd="ctl_mboxlist -r"
  deliver cmd="ctl_deliver -r"
}

# UNIX sockets start with a slash and are put into /var/imap/socket
SERVICES {
  # add or remove based on preferences
  imap    cmd="imapd" listen="imap" prefork=0
  imaps   cmd="imapd -s" listen="imaps" prefork=0
  pop3    cmd="pop3d" listen="pop3" prefork=0
  pop3s   cmd="pop3d -s" listen="pop3s" prefork=0
  sieve   cmd="timsieved" listen="sieve" prefork=0

  # at least one LMTP is required for delivery
#  lmtp   cmd="lmtpd" listen="lmtp" prefork=0
  lmtpunix  cmd="lmtpd" listen="/var/imap/socket/lmtp" prefork=0
}

EVENTS {
  # this is required
  checkpoint  cmd="ctl_mboxlist -c" period=30

  # this is only necessary if using duplicate delivery suppression
  delprune  cmd="ctl_deliver -E 3" period=1440
}
----
Then when you start /usr/cyrus/bin/master it will be able to fork off imapd
processes as required.

Reply via email to