Here is my imapd.conf:
configdirectory: /var/imap
partition-default: /var/spool/imap
admins: adminuser
sasl_pwcheck_method: PAM
tls_cert_file: /var/imap/server.pem
tls_key_file: /var/imap/server.pem
(/var/imap/server.pem exists and is readable by the cyrus user)
ok running: 'imtest -t "" -u lee -a lee -r servername.com
servername.com' gets auth working, but still no STARTTLS:
C: C01 CAPABILITY
S: * OK servername.com Cyrus IMAP4 v2.0.16 server ready
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ NAMESPACE UIDPLUS ID
NO_ATOMIC_RENAME UNSELECT MULTIAPPEND SORT THREAD=ORDEREDSUBJECT
THREAD=REFERENCES IDLE
S: C01 OK Completed
Password:
C: L01 LOGIN lee {8}
+ go ahead
C: <omitted>
L01 OK User logged in
Authenticated.
Security strength factor: 0
Any other ideas?
Lee
-----Original Message-----
From: Jeff Bert [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, May 22, 2002 12:28 AM
To: Lee Hoffman; [EMAIL PROTECTED]
Subject: RE: SSL/TLS
did you add these to your imapd.conf:
tls_ca_path: /path-to-ca-folder/
tls_ca_file: /path-to-ca-file/
tls_cert_file: /path-to-cert-file/
tls_key_file: /path-to-key-file/
?
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of Lee Hoffman
> Sent: Tuesday, May 21, 2002 8:21 PM
> To: [EMAIL PROTECTED]
> Subject: SSL/TLS
>
>
> Hey all,
> I'm trying to get SSL/TLS working on cyrus 2.0.16. I followed the
> instructions to a "T" to create the certificate. I also compiled cyrus
> -with-ssl=/usr/local/ssl (the latest version of openssl is installed,
> and working with the sshd daemon). Anyway, cyrus (which is
> authenticating off PAM/ldap) works fine. However, as soon as I try to
> enable ssl from my email client, the client is unable to connect to
the
> server. I tried telneting into the box on port 993 and cyrus does
> answer.
>
> Here is the output from imtest:
>
> Server-name:~# imtest -t "" -u lee server-name.com
> C: C01 CAPABILITY
> S: * OK server-name.com Cyrus IMAP4 v2.0.16 server ready
> S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ NAMESPACE UIDPLUS
ID
> NO_ATOMIC_RENAME UNSELECT MULTIAPPEND SORT THREAD=ORDEREDSUBJECT
> THREAD=REFERENCES IDLE
> S: C01 OK Completed
> Password:
> C: L01 LOGIN root {8}
> + go ahead
> C: <omitted>
> L01 NO Login failed: authentication failure
> Authentication failed. generic failure
> Security strength factor: 0
>
>
> What really worries me is that STARTTLS is even listed in CAPABILITIES
> (it should be shouldn't it?).
>
> My cyrus.conf file:
>
> # standard standalone server implementation
>
> START {
> # do not delete these entries!
> mboxlist cmd="ctl_mboxlist -r"
> deliver cmd="ctl_deliver -r"
>
> # this is only necessary if using idled for IMAP IDLE
> # idled cmd="idled"
> }
>
> # UNIX sockets start with a slash and are put into /var/imap/sockets
> SERVICES {
> # add or remove based on preferences
> imap cmd="imapd" listen="imap" prefork=5
> imaps cmd="imapd -s" listen="imaps" prefork=1
> # pop3 cmd="pop3d" listen="pop3" prefork=3
> # pop3s cmd="pop3d -s" listen="pop3s" prefork=1
> # sieve cmd="timsieved" listen="sieve" prefork=0
>
> # at least one LMTP is required for delivery
> # lmtp cmd="lmtpd" listen="lmtp" prefork=0
> lmtpunix cmd="lmtpd" listen="/var/imap/socket/lmtp" prefork=1
> }
>
> EVENTS {
> # this is required
> checkpoint cmd="ctl_mboxlist -c" period=30
>
> # this is only necessary if using duplicate delivery suppression
> delprune cmd="ctl_deliver -E 3" period=1440
> }
>
>
> Any ideas?
>
> Thanks,
> Lee
>
>
