On Wed, Jul 23, 2003 at 06:46:34PM -0400, Chris Shenton wrote: > [I apologize if you don't think this is the correct place to query > but the software is a combination from both the qmail-ldap and > courier-imap efforts]. > > I'm bringing up qmail-ldap and have courier-imap working with it. I > tried to add TLS support with Andre Oppermann's tcpserver SSL/TLS > patch > > http://www.nrg4u.com/qmail/ucspi-tcp-ssl-20020705.patch.gz > > to the IMAP server
This doesn't make any sense to me. You are using courier-imap as the IMAP server? But this patch is to ucspi-tcp, not to the IMAP server. What version of courier-imap are you using? courier-imap has TLS support natively (both TLS on port 993, and STARTTLS on port 143), and has had for quite a long time. > I invoke courier-imap differently than courier's own documentation > suggests, and more like qmail[-ldap] invokes pop3d. It's basically > how the Life With Qmail / LDAP document recommends in section 8.3, > using a mechanism like the qmail-pop3d-conf tool: ... > This is identical to the way I run imap with the tcpserver TLS patch > for IMAPS, but the port here is 143 instead of 993. Notice the first > option to tcpserver is "-s" to turn on SSL Well, that sounds very badly wrong to me. When you connect on port 143, there is *no* TLS/SSL in place initially. The client then issues a STARTTLS command (unencrypted), at which point the connection switches to TLS. Hence if tcpserver has already tried to start TLS, it can't possibly work. > When I telnet to port 143 there is no greeting message like I got from > IMAP without the tcpserver TLS/SSL patch. Yep. That confirms you have a very broken configuration. My suggestion would be: first, install a fresh unpatched courier-imap and run it out of the box, to show how it should work. Then, if you are sure you want to run it under a service manager (looks like you are using daemontools perhaps?) then examine the imapd.rc and imapd-ssl.rc scripts carefully and duplicate what they do in your own environment. However, you're on your own if you do so. Regards, Brian.
