When I run /usr/local/ssl/bin/openssl s_client -connect localhost:993 The following is printed:
CONNECTED(00000003) Then it just hangs. L -----Original Message----- From: Ken Murchison [mailto:[EMAIL PROTECTED]] Sent: Wednesday, May 22, 2002 11:31 AM To: Lee Hoffman Cc: Cyrus Mailing List Subject: Re: SSL/TLS Lee Hoffman wrote: > > This is VERY weird!!! When I telnet into the mailserver on 993: > > Trying 127.0.0.1... > Connected to localhost. > Escape character is '^]'. > . logout > ^X > > No commands works, yet it says that its connected! '. logout' does > nothing, '. starttls' does nothing etc... I checked inetd, and other > services running, and none bind to 993. Could the master process be > listening on 993 and then *not* spawning a new imapd -s when a > connection comes in?? Port 993 is IMAP over SSL (imaps) which expects an SSL negotiation to be made as soon as the connection is opened. Try doing this instead: openssl s_client -connect localhost:993 > -----Original Message----- > From: Scott M Likens [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, May 22, 2002 2:41 AM > To: Lee Hoffman; 'Jeff Bert'; [EMAIL PROTECTED] > Subject: RE: SSL/TLS > > *sigh* > > Telnet to your imap port and please verify that the STARTTLS command > exists... > > Easiest way to do that instead of doing . logout > > do . starttls > > Trying 127.0.0.1... > Connected to localhost. > Escape character is '^]'. > * OK shell Cyrus IMAP4 v2.1.4 server ready > . starttls > . OK Begin TLS negotiation now > > like that > > *bleh* > > Stop using imtest like a golden rule folks. Use an ACTUAL mail client > to > test things!!!!!!! > > --On Wednesday, May 22, 2002 12:58 AM -0400 Lee Hoffman > <[EMAIL PROTECTED]> wrote: > > > Here is my imapd.conf: > > > > configdirectory: /var/imap > > partition-default: /var/spool/imap > > admins: adminuser > > sasl_pwcheck_method: PAM > > > > tls_cert_file: /var/imap/server.pem > > tls_key_file: /var/imap/server.pem > > > > (/var/imap/server.pem exists and is readable by the cyrus user) > > > > ok running: 'imtest -t "" -u lee -a lee -r servername.com > > servername.com' gets auth working, but still no STARTTLS: > > > > C: C01 CAPABILITY > > S: * OK servername.com Cyrus IMAP4 v2.0.16 server ready > > S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ NAMESPACE UIDPLUS > ID > > NO_ATOMIC_RENAME UNSELECT MULTIAPPEND SORT THREAD=ORDEREDSUBJECT > > THREAD=REFERENCES IDLE > > S: C01 OK Completed > > Password: > > C: L01 LOGIN lee {8} > > + go ahead > > C: <omitted> > > L01 OK User logged in > > Authenticated. > > Security strength factor: 0 > > > > Any other ideas? > > > > Lee > > > > > > -----Original Message----- > > From: Jeff Bert [mailto:[EMAIL PROTECTED]] > > Sent: Wednesday, May 22, 2002 12:28 AM > > To: Lee Hoffman; [EMAIL PROTECTED] > > Subject: RE: SSL/TLS > > > > did you add these to your imapd.conf: > > > > tls_ca_path: /path-to-ca-folder/ > > tls_ca_file: /path-to-ca-file/ > > tls_cert_file: /path-to-cert-file/ > > tls_key_file: /path-to-key-file/ > > > > ? > > > >> -----Original Message----- > >> From: [EMAIL PROTECTED] > >> [mailto:[EMAIL PROTECTED]]On Behalf Of Lee > Hoffman > >> Sent: Tuesday, May 21, 2002 8:21 PM > >> To: [EMAIL PROTECTED] > >> Subject: SSL/TLS > >> > >> > >> Hey all, > >> I'm trying to get SSL/TLS working on cyrus 2.0.16. I followed the > >> instructions to a "T" to create the certificate. I also compiled > cyrus > >> -with-ssl=/usr/local/ssl (the latest version of openssl is installed, > >> and working with the sshd daemon). Anyway, cyrus (which is > >> authenticating off PAM/ldap) works fine. However, as soon as I try to > >> enable ssl from my email client, the client is unable to connect to > > the > >> server. I tried telneting into the box on port 993 and cyrus does > >> answer. > >> > >> Here is the output from imtest: > >> > >> Server-name:~# imtest -t "" -u lee server-name.com > >> C: C01 CAPABILITY > >> S: * OK server-name.com Cyrus IMAP4 v2.0.16 server ready > >> S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ NAMESPACE UIDPLUS > > ID > >> NO_ATOMIC_RENAME UNSELECT MULTIAPPEND SORT THREAD=ORDEREDSUBJECT > >> THREAD=REFERENCES IDLE > >> S: C01 OK Completed > >> Password: > >> C: L01 LOGIN root {8} > >> + go ahead > >> C: <omitted> > >> L01 NO Login failed: authentication failure > >> Authentication failed. generic failure > >> Security strength factor: 0 > >> > >> > >> What really worries me is that STARTTLS is even listed in > CAPABILITIES > >> (it should be shouldn't it?). > >> > >> My cyrus.conf file: > >> > >> # standard standalone server implementation > >> > >> START { > >> # do not delete these entries! > >> mboxlist cmd="ctl_mboxlist -r" > >> deliver cmd="ctl_deliver -r" > >> > >> # this is only necessary if using idled for IMAP IDLE > >> # idled cmd="idled" > >> } > >> > >> # UNIX sockets start with a slash and are put into /var/imap/sockets > >> SERVICES { > >> # add or remove based on preferences > >> imap cmd="imapd" listen="imap" prefork=5 > >> imaps cmd="imapd -s" listen="imaps" prefork=1 > >> # pop3 cmd="pop3d" listen="pop3" prefork=3 > >> # pop3s cmd="pop3d -s" listen="pop3s" prefork=1 > >> # sieve cmd="timsieved" listen="sieve" prefork=0 > >> > >> # at least one LMTP is required for delivery > >> # lmtp cmd="lmtpd" listen="lmtp" prefork=0 > >> lmtpunix cmd="lmtpd" listen="/var/imap/socket/lmtp" prefork=1 > >> } > >> > >> EVENTS { > >> # this is required > >> checkpoint cmd="ctl_mboxlist -c" period=30 > >> > >> # this is only necessary if using duplicate delivery suppression > >> delprune cmd="ctl_deliver -E 3" period=1440 > >> } > >> > >> > >> Any ideas? > >> > >> Thanks, > >> Lee > >> > >> > > > > > > --- > > "If Thyne Eyes Deceivee Thee, Pluck Them Out". -- Kenneth Murchison Oceana Matrix Ltd. Software Engineer 21 Princeton Place 716-662-8973 x26 Orchard Park, NY 14127 --PGP Public Key-- http://www.oceana.com/~ken/ksm.pgp
