Hey all,
I'm trying to get SSL/TLS working on cyrus 2.0.16. I followed the
instructions to a "T" to create the certificate. I also compiled cyrus
-with-ssl=/usr/local/ssl (the latest version of openssl is installed,
and working with the sshd daemon). Anyway, cyrus (which is
authenticating off PAM/ldap) works fine. However, as soon as I try to
enable ssl from my email client, the client is unable to connect to the
server. I tried telneting into the box on port 993 and cyrus does
answer.
Here is the output from imtest:
Server-name:~# imtest -t "" -u lee server-name.com
C: C01 CAPABILITY
S: * OK server-name.com Cyrus IMAP4 v2.0.16 server ready
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ NAMESPACE UIDPLUS ID
NO_ATOMIC_RENAME UNSELECT MULTIAPPEND SORT THREAD=ORDEREDSUBJECT
THREAD=REFERENCES IDLE
S: C01 OK Completed
Password:
C: L01 LOGIN root {8}
+ go ahead
C: <omitted>
L01 NO Login failed: authentication failure
Authentication failed. generic failure
Security strength factor: 0
What really worries me is that STARTTLS is even listed in CAPABILITIES
(it should be shouldn't it?).
My cyrus.conf file:
# standard standalone server implementation
START {
# do not delete these entries!
mboxlist cmd="ctl_mboxlist -r"
deliver cmd="ctl_deliver -r"
# this is only necessary if using idled for IMAP IDLE
# idled cmd="idled"
}
# UNIX sockets start with a slash and are put into /var/imap/sockets
SERVICES {
# add or remove based on preferences
imap cmd="imapd" listen="imap" prefork=5
imaps cmd="imapd -s" listen="imaps" prefork=1
# pop3 cmd="pop3d" listen="pop3" prefork=3
# pop3s cmd="pop3d -s" listen="pop3s" prefork=1
# sieve cmd="timsieved" listen="sieve" prefork=0
# at least one LMTP is required for delivery
# lmtp cmd="lmtpd" listen="lmtp" prefork=0
lmtpunix cmd="lmtpd" listen="/var/imap/socket/lmtp" prefork=1
}
EVENTS {
# this is required
checkpoint cmd="ctl_mboxlist -c" period=30
# this is only necessary if using duplicate delivery suppression
delprune cmd="ctl_deliver -E 3" period=1440
}
Any ideas?
Thanks,
Lee
