Bug#691507: courier-imap-ssl: Please clarify description in regards to TLS

Fri, 26 Oct 2012 08:33:20 -0700 

Package: courier-imap-ssl
Version: 4.8.0-3
Severity: normal


Dear Debian folks,


I am confused by reading the SysV init.d script and the description of
the package.

        IMAP over SSL is handled by the regular IMAP daemon from
        courier-imap in conjunction with the SSL/TLS wrapper supplied by
        courier-ssl.

Looking at the configuration parameters

        $ grep START /etc/courier/imapd-ssl
        ##NAME: IMAPDSSLSTART:0
        IMAPDSSLSTART=NO
        ##NAME: IMAPDSTARTTLS:0
        #  Whether or not to implement IMAP STARTTLS extension instead:
        IMAPDSTARTTLS=YES
        # Set IMAP_TLS_REQUIRED to 1 if you REQUIRE STARTTLS for everyone.
        # (this option advertises the LOGINDISABLED IMAP capability, until 
STARTTLS
        ##NAME: TLS_STARTTLS_PROTOCOL:0
        # TLS_STARTTLS_PROTOCOL is used instead of TLS_PROTOCOL for the IMAP 
STARTTLS

and the following excerpt from `/etc/init.d/courier-imap-ssl`

        START=no
        case "$IMAPDSSLSTART" in
                [yY]*)START=yes;;
        esac
        
        case "$1" in
                start)
                if [ "$START" = "yes" ]; then
                        log_daemon_msg "Starting $PROGRAM" "$DAEMON"
        
                        umask $IMAP_UMASK
                        ulimit -v $IMAP_ULIMITD
                        /usr/bin/env - /bin/sh -c " . ${sysconfdir}/imapd ; \
                        . ${sysconfdir}/imapd-ssl ; \
                        IMAP_TLS=1 ; export IMAP_TLS ; \
                        `sed -n '/^#/d;/=/p' <${sysconfdir}/imapd | \
                                sed 's/=.*//;s/^/export /;s/$/;/'`
                        `sed -n '/^#/d;/=/p' <${sysconfdir}/imapd-ssl | \
                                sed 's/=.*//;s/^/export /;s/$/;/'`
                        PROXY_HOSTNAME=$PROXY_HOSTNAME ; \init.d
                        /usr/sbin/courierlogger -pid=$SSLPIDFILE -start 
$SSLLOGGEROPTS \
                        $TCPD -address=$SSLADDRESS \
                                -maxprocs=$MAXDAEMONS -maxperip=$MAXPERIP \
                                $TCPDOPTS \
                                $SSLPORT $COURIERTLS -server -tcpd \
                                ${libexecdir}/courier/imaplogin \
                                        ${bindir}/imapd $MAILDIRPATH"
                        log_end_msg 0
                fi
                ;;

it is not started, when `IMAPDSTARTTLS=YES` is set in the configuration
file. Maybe I am misunderstanding the configuration file, but I do not
read it that `IMAPDSSLSTART` is required for TLS. If I was right, the
script should be updated. If I am wrong, at least the script should
inform the user why the daemon is not started. Running

    $ sudo service courier-imap-ssl

and nothing happens is a bad user experience in my opinion.


Thanks,

Paul

Attachment: signature.asc
Description: This is a digitally signed message part

Reply via email to