Should I have a socket for imaps and or imap in
/var/imap/socket ? Currently I only have an lmtp
socket:
/var/imap/socket
catfish# ls -l
total 0
srwxrwxrwx 1 root other 0 Aug 22 22:31
lmtp
This is the error I am seeing in my log when I use
Navigator or Outlook to connect. The connection never
works however:
Aug 23 05:01:54 catfish master[1736]: [ID 392559
local6.debug] about to exec /us
r/local/bin/ctl_mboxlist
Aug 23 05:01:54 catfish ctl_mboxlist[1736]: [ID 197397
local6.notice] checkpoint
ing mboxlist
Aug 23 05:01:54 catfish master[1692]: [ID 310780
local6.debug] process 1736 exit
ed, status 0
Now if I telnet localhost 993 I will get the
following:
catfish# telnet localhost 993
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
* BYE Fatal error: tls_init() failed
Connection closed by foreign host.
The error in the log is as follows:
Aug 23 05:15:04 catfish master[1754]: [ID 392559
local6.debug] about to exec /us
r/local/bin/imapd
Aug 23 05:15:04 catfish service-imaps[1754]: [ID
518349 local6.debug] executed
Aug 23 05:15:04 catfish imapd[1754]: [ID 921384
local6.debug] accepted connectio
n
Aug 23 05:15:04 catfish imapd[1754]: [ID 459655
local6.notice] TLS engine: canno
t load CA data
Aug 23 05:15:04 catfish imapd[1754]: [ID 164529
local6.error] unable to get priv
ate key from '/var/imap/catfish-cert.pem'
Aug 23 05:15:04 catfish imapd[1754]: [ID 992616
local6.error] TLS engine: cannot
load cert/key data
Aug 23 05:15:04 catfish imapd[1754]: [ID 953259
local6.error] error initializing
TLS: [CA_file: ] [CA_path: ] [cert_file:
/var/imap/catfish-cert.pem] [key_file:
/var/imap/catfish-cert.pem]
Aug 23 05:15:04 catfish master[1692]: [ID 310780
local6.debug] process 1754 exit
ed, status 75
I have my key and cert combined in one file as this
made testing with "imtest -t /path/to/cert" possible
since the "-t" option can only take one file as an
agrument. Any ideas?
Thanks
--- Jeremy Howard <[EMAIL PROTECTED]> wrote:
> chirs charter wrote:
> > So run the following then:
> >
> > openssl rsa -in file.key -out newfile.key
> >
> That's right.
>
> > Does this pose a potential security threat though?
>
> It depends. If someone gets access to your key then
> they can pretend to be
> you. If you keep your key secure then you'll be
> fine. I'm no crypto expert,
> but I think it's reasonably standard for server keys
> to have no password,
> since many servers need to start up without
> interactive input.
>
> > Also do I need inetd running ? Many of the HOW TOs
> > mention the presence of inetd but I am under the
> > impression that this is what the 'master'
> program's
> > responsibility is.
>
> No you don't need inetd for IMAPd. Check
> /etc/inetd.conf to see whether
> there's any other services there that you need
> before you kill it though. If
> you don't kill inetd at least remove imap related
> entries from
> /etc/inetd.conf.
>
> > I have noticed though if I kill
> > inetd I get the following which seems a bit
> spartan
> > no?
> >
> > catfish# ps -ef | grep inetd
> > root 1627 1 0 21:30:54 ? 0:00
> > /usr/sbin/inetd -s
> > catfish# kill 1627
> > catfish# telnet localhost 993
> > Trying 127.0.0.1...
> > Connected to localhost.
> > Escape character is '^]'.
> >
> A bit spartan... You'd need a very advanced mail
> client to display your mail
> with so little to go on... although it _is_ very
> secure ;-)
>
> Make sure that /etc/cyrus.conf looks a bit like:
> ----
> START {
> # do not delete these entries!
> mboxlist cmd="ctl_mboxlist -r"
> deliver cmd="ctl_deliver -r"
> }
>
> # UNIX sockets start with a slash and are put into
> /var/imap/socket
> SERVICES {
> # add or remove based on preferences
> imap cmd="imapd" listen="imap" prefork=0
> imaps cmd="imapd -s" listen="imaps" prefork=0
> pop3 cmd="pop3d" listen="pop3" prefork=0
> pop3s cmd="pop3d -s" listen="pop3s" prefork=0
> sieve cmd="timsieved" listen="sieve" prefork=0
>
> # at least one LMTP is required for delivery
> # lmtp cmd="lmtpd" listen="lmtp" prefork=0
> lmtpunix cmd="lmtpd"
> listen="/var/imap/socket/lmtp" prefork=0
> }
>
> EVENTS {
> # this is required
> checkpoint cmd="ctl_mboxlist -c" period=30
>
> # this is only necessary if using duplicate
> delivery suppression
> delprune cmd="ctl_deliver -E 3" period=1440
> }
> ----
> Then when you start /usr/cyrus/bin/master it will be
> able to fork off imapd
> processes as required.
>
>
__________________________________________________
Do You Yahoo!?
Make international calls for as low as $.04/minute with Yahoo! Messenger
http://phonecard.yahoo.com/
