[I apologize if you don't think this is the correct place to query but the software is a combination from both the qmail-ldap and courier-imap efforts].
I'm bringing up qmail-ldap and have courier-imap working with it. I tried to add TLS support with Andre Oppermann's tcpserver SSL/TLS patch http://www.nrg4u.com/qmail/ucspi-tcp-ssl-20020705.patch.gz to the IMAP server and can get it to work as IMAPS on port 993, with Mozilla Mail on FreeBSD and Eudora-5.x on Windows. I run this as a service under svscan. I cannot, however, get the clients I've tried to do IMAP with TLS on the normal port 143. I invoke courier-imap differently than courier's own documentation suggests, and more like qmail[-ldap] invokes pop3d. It's basically how the Life With Qmail / LDAP document recommends in section 8.3, using a mechanism like the qmail-pop3d-conf tool: /var/service: lrwxr-xr-x 1 root wheel 24 Jul 18 14:50 imapd -> /var/qmail/service/imapd lrwxr-xr-x 1 root wheel 25 Jul 23 16:04 imapsd -> /var/qmail/service/imapsd lrwxr-xr-x 1 root wheel 24 Jul 15 17:23 pop3d -> /var/qmail/service/pop3d lrwxr-xr-x 1 root wheel 24 Jul 15 17:24 qmail -> /var/qmail/service/qmail lrwxr-xr-x 1 root wheel 24 Jul 15 17:42 smtpd -> /var/qmail/service/smtpd In /var/qmail/service/imapd/run: #!/bin/sh exec 2>&1 \ envdir ./env \ sh -c ' case "$REMOTENAME" in h) H=;; p) H=p;; *) H=H;; esac case "$REMOTEINFO" in r) R=;; [0-9]*) R="t$REMOTEINFO";; *) R=R;; esac exec \ softlimit ${DATALIMIT+"-d$DATALIMIT"} \ /usr/local/bin/tcpserver \ -s \ -vD"$H$R" \ ${LOCALNAME+"-l$LOCALNAME"} \ ${BACKLOG+"-b$BACKLOG"} \ ${CONCURRENCY+"-c$CONCURRENCY"} \ -xtcp.cdb \ -- "${IP-0}" "${PORT-143}" \ /usr/local/sbin/imaplogin \ /var/qmail/bin/auth_imap \ /usr/local/bin/imapd "${MAILDIRNAME-Maildir}" ' This is identical to the way I run imap with the tcpserver TLS patch for IMAPS, but the port here is 143 instead of 993. Notice the first option to tcpserver is "-s" to turn on SSL; the "cert.pem" file is in the same dir as "run" so I don't need the "-n" flag. Mozilla doesn't have any specific TLS options, though clicking on "Use secure connection (SSL)" auto-selects port 993 and that's what got me IMAPS access. I can select "use TLS" with Eudora but when it tries to connect it just hangs. Ethereal shows the three-way-handshake but that's as far as it gets. When I telnet to port 143 there is no greeting message like I got from IMAP without the tcpserver TLS/SSL patch. I'm not very familiar with TLS and how it negotiates but just scanned RFC2246 to try and understand the client/server negotiation phase. If Mozilla truly doesn't implement TLS yet, I expect it's waiting for an IMAP prompt rather than sending the client TLS handshake. I don't know why Eudora-5 wouldn't send the client TLS handshake, or why it can't negotiate TLS. Can someone point me in the right direction or at docs which would explain what I'm missing? If IMAPS is working, what am I doing wrong with IMAP over TLS? Thanks.
