mail.reppep.com (CentOS 5) is running cyrus-imapd-2.3.7-7.el5_4.3,
along with SquirrelMail, postfix, etc. Last night, I noticed that when I
sent mail from Thunderbird, it was not able to file copies in the Sent
mailbox, although they did reach the recipients, so postfix was
accepting mail on 587/tcp.
I restarted Cyrus IMAPd but don't see any error messages in
/var/log/maillog, and the cert & key look fine. SquirrelMail is fine
using plain IMAP. I opened 143/tcp in the firewall, and am able to fetch
mail via IMAP with STARTTLS, so it looks like the cert and key are fine.
But "telnet mail.reppep.com 993" and openssl fail to get any response.
Port 993 is open to the Internet, FWIW.
Does anyone have any suggestions for what went wrong and/or how to fix?
I'll try tcpdump next to see if it's responding at all.
Alternatively, is there a way to make sure Cyrus requires STARTTLS on
143? I was blocking external access to it to make sure users always use
encryption to connect, but port 143 with STARTTLS required would be an
acceptable alternative.
Thanks,
Chris Pepper
> pep...@imp:~$ !openssl
> openssl s_client -connect www.reppep.com:993
> CONNECTED(00000003)
> 4284:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake
> failure:/SourceCache/OpenSSL098/OpenSSL098-32/src/ssl/s23_lib.c:188:
> [r...@inspector ~]# cat /etc/imapd.conf
> admins: cyrus
> altnamespace: yes
> configdirectory: /var/lib/imap
> duplicatesuppression: yes
> hashimapspool: no
> partition-default: /var/spool/imap
> servername: mail.reppep.com
> singleinstancestore: yes
> #syslog_prefix: cyrus
> unixhierarchysep: yes
>
> lmtp_downcase_rcpt: yes
> maxmessagesize: 20971520
> sendmail: /usr/sbin/sendmail
> #quotawarn: 80
>
> #allowplaintext: yes
> #allowplainwithouttls: yes
> sasl_pwcheck_method: saslauthd
> #imap_auth_login: yes
> #imap_auth_cram_md5: yes
> #imap_auth_plain: yes
>
> autocreateinboxfolders: Junk
> autocreatequota: -1
> #autocreate_sieve_script: /etc/junk.sieve
> autocreate_sieve_compiledscript: /etc/sieve.bc
> autosievefolders: Junk
> autosubscribeinboxfolders: Junk
> createonpost: yes
> #sievedir: /var/lib/imap/sieve
> sieveusehomedir: true
>
> tls_ca_file: /etc/pki/tls/certs/mail.reppep.com.20100115.crt
> tls_cert_file: /etc/pki/tls/certs/mail.reppep.com.20100115.crt
> tls_key_file: /etc/pki/tls/private/mail.reppep.com.20080219.key
> tls_cipher_list: SSLv3:TLSv1:!NULL:!EXPORT:!DES:!LOW:@STRENGTH
> [r...@inspector ~]# ls -l /etc/pki/tls/certs/mail.reppep.com.20100115.crt
> /etc/pki/tls/private/mail.reppep.com.20080219.key
> -rw-r--r-- 1 root root 6466 Oct 1 17:13
> /etc/pki/tls/certs/mail.reppep.com.20100115.crt
> -rw-r----- 1 root mail 497 Feb 19 2008
> /etc/pki/tls/private/mail.reppep.com.20080219.key
> [r...@inspector ~]# netstat -an|grep LIST|grep tcp|sort -n
> tcp 0 0 0.0.0.0:110 0.0.0.0:*
> LISTEN
> tcp 0 0 0.0.0.0:111 0.0.0.0:*
> LISTEN
> tcp 0 0 0.0.0.0:139 0.0.0.0:*
> LISTEN
> tcp 0 0 0.0.0.0:143 0.0.0.0:*
> LISTEN
> tcp 0 0 0.0.0.0:2000 0.0.0.0:*
> LISTEN
> tcp 0 0 0.0.0.0:25 0.0.0.0:*
> LISTEN
> tcp 0 0 0.0.0.0:3306 0.0.0.0:*
> LISTEN
> tcp 0 0 0.0.0.0:445 0.0.0.0:*
> LISTEN
> tcp 0 0 0.0.0.0:587 0.0.0.0:*
> LISTEN
> tcp 0 0 0.0.0.0:993 0.0.0.0:*
> LISTEN
> tcp 0 0 0.0.0.0:995 0.0.0.0:*
> LISTEN
> tcp 0 0 10.0.104.200:53 0.0.0.0:*
> LISTEN
> tcp 0 0 :::110 :::*
> LISTEN
> tcp 0 0 127.0.0.1:10024 0.0.0.0:*
> LISTEN
> tcp 0 0 127.0.0.1:10025 0.0.0.0:*
> LISTEN
> tcp 0 0 127.0.0.1:53 0.0.0.0:*
> LISTEN
> tcp 0 0 127.0.0.1:953 0.0.0.0:*
> LISTEN
> tcp 0 0 :::143 :::*
> LISTEN
> tcp 0 0 ::1:953 :::*
> LISTEN
> tcp 0 0 :::2000 :::*
> LISTEN
> tcp 0 0 :::22 :::*
> LISTEN
> tcp 0 0 :::4242 :::*
> LISTEN
> tcp 0 0 :::443 :::*
> LISTEN
> tcp 0 0 :::5222 :::*
> LISTEN
> tcp 0 0 :::5223 :::*
> LISTEN
> tcp 0 0 :::5229 :::*
> LISTEN
> tcp 0 0 :::5269 :::*
> LISTEN
> tcp 0 0 66.92.104.200:53 0.0.0.0:*
> LISTEN
> tcp 0 0 :::8080 :::*
> LISTEN
> tcp 0 0 :::80 :::*
> LISTEN
> tcp 0 0 :::8483 :::*
> LISTEN
> tcp 0 0 :::9090 :::*
> LISTEN
> tcp 0 0 :::9091 :::*
> LISTEN
> tcp 0 0 :::993 :::*
> LISTEN
> tcp 0 0 :::995 :::*
> LISTEN
> tcp 0 0 ::ffff:127.0.0.1:4243 :::*
> LISTEN
----
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
