Lee Hoffman wrote:
>
> This is VERY weird!!! When I telnet into the mailserver on 993:
>
> Trying 127.0.0.1...
> Connected to localhost.
> Escape character is '^]'.
> . logout
> ^X
>
> No commands works, yet it says that its connected! '. logout' does
> nothing, '. starttls' does nothing etc... I checked inetd, and other
> services running, and none bind to 993. Could the master process be
> listening on 993 and then *not* spawning a new imapd -s when a
> connection comes in??
Port 993 is IMAP over SSL (imaps) which expects an SSL negotiation to be
made as soon as the connection is opened. Try doing this instead:
openssl s_client -connect localhost:993
> -----Original Message-----
> From: Scott M Likens [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, May 22, 2002 2:41 AM
> To: Lee Hoffman; 'Jeff Bert'; [EMAIL PROTECTED]
> Subject: RE: SSL/TLS
>
> *sigh*
>
> Telnet to your imap port and please verify that the STARTTLS command
> exists...
>
> Easiest way to do that instead of doing . logout
>
> do . starttls
>
> Trying 127.0.0.1...
> Connected to localhost.
> Escape character is '^]'.
> * OK shell Cyrus IMAP4 v2.1.4 server ready
> . starttls
> . OK Begin TLS negotiation now
>
> like that
>
> *bleh*
>
> Stop using imtest like a golden rule folks. Use an ACTUAL mail client
> to
> test things!!!!!!!
>
> --On Wednesday, May 22, 2002 12:58 AM -0400 Lee Hoffman
> <[EMAIL PROTECTED]> wrote:
>
> > Here is my imapd.conf:
> >
> > configdirectory: /var/imap
> > partition-default: /var/spool/imap
> > admins: adminuser
> > sasl_pwcheck_method: PAM
> >
> > tls_cert_file: /var/imap/server.pem
> > tls_key_file: /var/imap/server.pem
> >
> > (/var/imap/server.pem exists and is readable by the cyrus user)
> >
> > ok running: 'imtest -t "" -u lee -a lee -r servername.com
> > servername.com' gets auth working, but still no STARTTLS:
> >
> > C: C01 CAPABILITY
> > S: * OK servername.com Cyrus IMAP4 v2.0.16 server ready
> > S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ NAMESPACE UIDPLUS
> ID
> > NO_ATOMIC_RENAME UNSELECT MULTIAPPEND SORT THREAD=ORDEREDSUBJECT
> > THREAD=REFERENCES IDLE
> > S: C01 OK Completed
> > Password:
> > C: L01 LOGIN lee {8}
> > + go ahead
> > C: <omitted>
> > L01 OK User logged in
> > Authenticated.
> > Security strength factor: 0
> >
> > Any other ideas?
> >
> > Lee
> >
> >
> > -----Original Message-----
> > From: Jeff Bert [mailto:[EMAIL PROTECTED]]
> > Sent: Wednesday, May 22, 2002 12:28 AM
> > To: Lee Hoffman; [EMAIL PROTECTED]
> > Subject: RE: SSL/TLS
> >
> > did you add these to your imapd.conf:
> >
> > tls_ca_path: /path-to-ca-folder/
> > tls_ca_file: /path-to-ca-file/
> > tls_cert_file: /path-to-cert-file/
> > tls_key_file: /path-to-key-file/
> >
> > ?
> >
> >> -----Original Message-----
> >> From: [EMAIL PROTECTED]
> >> [mailto:[EMAIL PROTECTED]]On Behalf Of Lee
> Hoffman
> >> Sent: Tuesday, May 21, 2002 8:21 PM
> >> To: [EMAIL PROTECTED]
> >> Subject: SSL/TLS
> >>
> >>
> >> Hey all,
> >> I'm trying to get SSL/TLS working on cyrus 2.0.16. I followed the
> >> instructions to a "T" to create the certificate. I also compiled
> cyrus
> >> -with-ssl=/usr/local/ssl (the latest version of openssl is installed,
> >> and working with the sshd daemon). Anyway, cyrus (which is
> >> authenticating off PAM/ldap) works fine. However, as soon as I try to
> >> enable ssl from my email client, the client is unable to connect to
> > the
> >> server. I tried telneting into the box on port 993 and cyrus does
> >> answer.
> >>
> >> Here is the output from imtest:
> >>
> >> Server-name:~# imtest -t "" -u lee server-name.com
> >> C: C01 CAPABILITY
> >> S: * OK server-name.com Cyrus IMAP4 v2.0.16 server ready
> >> S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ NAMESPACE UIDPLUS
> > ID
> >> NO_ATOMIC_RENAME UNSELECT MULTIAPPEND SORT THREAD=ORDEREDSUBJECT
> >> THREAD=REFERENCES IDLE
> >> S: C01 OK Completed
> >> Password:
> >> C: L01 LOGIN root {8}
> >> + go ahead
> >> C: <omitted>
> >> L01 NO Login failed: authentication failure
> >> Authentication failed. generic failure
> >> Security strength factor: 0
> >>
> >>
> >> What really worries me is that STARTTLS is even listed in
> CAPABILITIES
> >> (it should be shouldn't it?).
> >>
> >> My cyrus.conf file:
> >>
> >> # standard standalone server implementation
> >>
> >> START {
> >> # do not delete these entries!
> >> mboxlist cmd="ctl_mboxlist -r"
> >> deliver cmd="ctl_deliver -r"
> >>
> >> # this is only necessary if using idled for IMAP IDLE
> >> # idled cmd="idled"
> >> }
> >>
> >> # UNIX sockets start with a slash and are put into /var/imap/sockets
> >> SERVICES {
> >> # add or remove based on preferences
> >> imap cmd="imapd" listen="imap" prefork=5
> >> imaps cmd="imapd -s" listen="imaps" prefork=1
> >> # pop3 cmd="pop3d" listen="pop3" prefork=3
> >> # pop3s cmd="pop3d -s" listen="pop3s" prefork=1
> >> # sieve cmd="timsieved" listen="sieve" prefork=0
> >>
> >> # at least one LMTP is required for delivery
> >> # lmtp cmd="lmtpd" listen="lmtp" prefork=0
> >> lmtpunix cmd="lmtpd" listen="/var/imap/socket/lmtp" prefork=1
> >> }
> >>
> >> EVENTS {
> >> # this is required
> >> checkpoint cmd="ctl_mboxlist -c" period=30
> >>
> >> # this is only necessary if using duplicate delivery suppression
> >> delprune cmd="ctl_deliver -E 3" period=1440
> >> }
> >>
> >>
> >> Any ideas?
> >>
> >> Thanks,
> >> Lee
> >>
> >>
> >
> >
>
> ---
>
> "If Thyne Eyes Deceivee Thee, Pluck Them Out".
--
Kenneth Murchison Oceana Matrix Ltd.
Software Engineer 21 Princeton Place
716-662-8973 x26 Orchard Park, NY 14127
--PGP Public Key-- http://www.oceana.com/~ken/ksm.pgp