*sigh*
Telnet to your imap port and please verify that the STARTTLS command
exists...
Easiest way to do that instead of doing . logout
do . starttls
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
* OK shell Cyrus IMAP4 v2.1.4 server ready
. starttls
. OK Begin TLS negotiation now
like that
*bleh*
Stop using imtest like a golden rule folks. Use an ACTUAL mail client to
test things!!!!!!!
--On Wednesday, May 22, 2002 12:58 AM -0400 Lee Hoffman
<[EMAIL PROTECTED]> wrote:
> Here is my imapd.conf:
>
> configdirectory: /var/imap
> partition-default: /var/spool/imap
> admins: adminuser
> sasl_pwcheck_method: PAM
>
> tls_cert_file: /var/imap/server.pem
> tls_key_file: /var/imap/server.pem
>
> (/var/imap/server.pem exists and is readable by the cyrus user)
>
> ok running: 'imtest -t "" -u lee -a lee -r servername.com
> servername.com' gets auth working, but still no STARTTLS:
>
> C: C01 CAPABILITY
> S: * OK servername.com Cyrus IMAP4 v2.0.16 server ready
> S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ NAMESPACE UIDPLUS ID
> NO_ATOMIC_RENAME UNSELECT MULTIAPPEND SORT THREAD=ORDEREDSUBJECT
> THREAD=REFERENCES IDLE
> S: C01 OK Completed
> Password:
> C: L01 LOGIN lee {8}
> + go ahead
> C: <omitted>
> L01 OK User logged in
> Authenticated.
> Security strength factor: 0
>
> Any other ideas?
>
> Lee
>
>
> -----Original Message-----
> From: Jeff Bert [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, May 22, 2002 12:28 AM
> To: Lee Hoffman; [EMAIL PROTECTED]
> Subject: RE: SSL/TLS
>
> did you add these to your imapd.conf:
>
> tls_ca_path: /path-to-ca-folder/
> tls_ca_file: /path-to-ca-file/
> tls_cert_file: /path-to-cert-file/
> tls_key_file: /path-to-key-file/
>
> ?
>
>> -----Original Message-----
>> From: [EMAIL PROTECTED]
>> [mailto:[EMAIL PROTECTED]]On Behalf Of Lee Hoffman
>> Sent: Tuesday, May 21, 2002 8:21 PM
>> To: [EMAIL PROTECTED]
>> Subject: SSL/TLS
>>
>>
>> Hey all,
>> I'm trying to get SSL/TLS working on cyrus 2.0.16. I followed the
>> instructions to a "T" to create the certificate. I also compiled cyrus
>> -with-ssl=/usr/local/ssl (the latest version of openssl is installed,
>> and working with the sshd daemon). Anyway, cyrus (which is
>> authenticating off PAM/ldap) works fine. However, as soon as I try to
>> enable ssl from my email client, the client is unable to connect to
> the
>> server. I tried telneting into the box on port 993 and cyrus does
>> answer.
>>
>> Here is the output from imtest:
>>
>> Server-name:~# imtest -t "" -u lee server-name.com
>> C: C01 CAPABILITY
>> S: * OK server-name.com Cyrus IMAP4 v2.0.16 server ready
>> S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ NAMESPACE UIDPLUS
> ID
>> NO_ATOMIC_RENAME UNSELECT MULTIAPPEND SORT THREAD=ORDEREDSUBJECT
>> THREAD=REFERENCES IDLE
>> S: C01 OK Completed
>> Password:
>> C: L01 LOGIN root {8}
>> + go ahead
>> C: <omitted>
>> L01 NO Login failed: authentication failure
>> Authentication failed. generic failure
>> Security strength factor: 0
>>
>>
>> What really worries me is that STARTTLS is even listed in CAPABILITIES
>> (it should be shouldn't it?).
>>
>> My cyrus.conf file:
>>
>> # standard standalone server implementation
>>
>> START {
>> # do not delete these entries!
>> mboxlist cmd="ctl_mboxlist -r"
>> deliver cmd="ctl_deliver -r"
>>
>> # this is only necessary if using idled for IMAP IDLE
>> # idled cmd="idled"
>> }
>>
>> # UNIX sockets start with a slash and are put into /var/imap/sockets
>> SERVICES {
>> # add or remove based on preferences
>> imap cmd="imapd" listen="imap" prefork=5
>> imaps cmd="imapd -s" listen="imaps" prefork=1
>> # pop3 cmd="pop3d" listen="pop3" prefork=3
>> # pop3s cmd="pop3d -s" listen="pop3s" prefork=1
>> # sieve cmd="timsieved" listen="sieve" prefork=0
>>
>> # at least one LMTP is required for delivery
>> # lmtp cmd="lmtpd" listen="lmtp" prefork=0
>> lmtpunix cmd="lmtpd" listen="/var/imap/socket/lmtp" prefork=1
>> }
>>
>> EVENTS {
>> # this is required
>> checkpoint cmd="ctl_mboxlist -c" period=30
>>
>> # this is only necessary if using duplicate delivery suppression
>> delprune cmd="ctl_deliver -E 3" period=1440
>> }
>>
>>
>> Any ideas?
>>
>> Thanks,
>> Lee
>>
>>
>
>
---
"If Thyne Eyes Deceivee Thee, Pluck Them Out".
