did you restart cyrus-imapd after putting the tls options in the imapd.conf (not a reload but a restart)?
reload just reloads the /etc/cyrus.conf file AFAIK also, as I recall I got it to work fine with 2.0.15 without compiling --with-ssl... maybe you should try recompiling without that option. maybe there's a conflict with SSL and TLS... dunno for sure but it's worth a try. lastly, i remember I had to put in tls_ca_path: tls_ca_file: into imapd.conf to get it working... maybe you should try that first.. then try the re-compile. jeff > -----Original Message----- > From: Lee Hoffman [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, May 21, 2002 9:59 PM > To: 'Jeff Bert'; [EMAIL PROTECTED] > Subject: RE: SSL/TLS > > > Here is my imapd.conf: > > configdirectory: /var/imap > partition-default: /var/spool/imap > admins: adminuser > sasl_pwcheck_method: PAM > > tls_cert_file: /var/imap/server.pem > tls_key_file: /var/imap/server.pem > > (/var/imap/server.pem exists and is readable by the cyrus user) > > ok running: 'imtest -t "" -u lee -a lee -r servername.com > servername.com' gets auth working, but still no STARTTLS: > > C: C01 CAPABILITY > S: * OK servername.com Cyrus IMAP4 v2.0.16 server ready > S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ NAMESPACE UIDPLUS ID > NO_ATOMIC_RENAME UNSELECT MULTIAPPEND SORT THREAD=ORDEREDSUBJECT > THREAD=REFERENCES IDLE > S: C01 OK Completed > Password: > C: L01 LOGIN lee {8} > + go ahead > C: <omitted> > L01 OK User logged in > Authenticated. > Security strength factor: 0 > > Any other ideas? > > Lee > > > -----Original Message----- > From: Jeff Bert [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, May 22, 2002 12:28 AM > To: Lee Hoffman; [EMAIL PROTECTED] > Subject: RE: SSL/TLS > > did you add these to your imapd.conf: > > tls_ca_path: /path-to-ca-folder/ > tls_ca_file: /path-to-ca-file/ > tls_cert_file: /path-to-cert-file/ > tls_key_file: /path-to-key-file/ > > ? > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED]]On Behalf Of Lee Hoffman > > Sent: Tuesday, May 21, 2002 8:21 PM > > To: [EMAIL PROTECTED] > > Subject: SSL/TLS > > > > > > Hey all, > > I'm trying to get SSL/TLS working on cyrus 2.0.16. I followed the > > instructions to a "T" to create the certificate. I also compiled cyrus > > -with-ssl=/usr/local/ssl (the latest version of openssl is installed, > > and working with the sshd daemon). Anyway, cyrus (which is > > authenticating off PAM/ldap) works fine. However, as soon as I try to > > enable ssl from my email client, the client is unable to connect to > the > > server. I tried telneting into the box on port 993 and cyrus does > > answer. > > > > Here is the output from imtest: > > > > Server-name:~# imtest -t "" -u lee server-name.com > > C: C01 CAPABILITY > > S: * OK server-name.com Cyrus IMAP4 v2.0.16 server ready > > S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ NAMESPACE UIDPLUS > ID > > NO_ATOMIC_RENAME UNSELECT MULTIAPPEND SORT THREAD=ORDEREDSUBJECT > > THREAD=REFERENCES IDLE > > S: C01 OK Completed > > Password: > > C: L01 LOGIN root {8} > > + go ahead > > C: <omitted> > > L01 NO Login failed: authentication failure > > Authentication failed. generic failure > > Security strength factor: 0 > > > > > > What really worries me is that STARTTLS is even listed in CAPABILITIES > > (it should be shouldn't it?). > > > > My cyrus.conf file: > > > > # standard standalone server implementation > > > > START { > > # do not delete these entries! > > mboxlist cmd="ctl_mboxlist -r" > > deliver cmd="ctl_deliver -r" > > > > # this is only necessary if using idled for IMAP IDLE > > # idled cmd="idled" > > } > > > > # UNIX sockets start with a slash and are put into /var/imap/sockets > > SERVICES { > > # add or remove based on preferences > > imap cmd="imapd" listen="imap" prefork=5 > > imaps cmd="imapd -s" listen="imaps" prefork=1 > > # pop3 cmd="pop3d" listen="pop3" prefork=3 > > # pop3s cmd="pop3d -s" listen="pop3s" prefork=1 > > # sieve cmd="timsieved" listen="sieve" prefork=0 > > > > # at least one LMTP is required for delivery > > # lmtp cmd="lmtpd" listen="lmtp" prefork=0 > > lmtpunix cmd="lmtpd" listen="/var/imap/socket/lmtp" prefork=1 > > } > > > > EVENTS { > > # this is required > > checkpoint cmd="ctl_mboxlist -c" period=30 > > > > # this is only necessary if using duplicate delivery suppression > > delprune cmd="ctl_deliver -E 3" period=1440 > > } > > > > > > Any ideas? > > > > Thanks, > > Lee > > > > > > >
