SSL/TLS

From: Lee Hoffman (no email)
Date: Tue May 21 2002 - 23:20:59 EDT

• Next message: San Segkhoonthod: "Re: SSL/TLS"
• Previous message: Lawrence Greenfield: "Re: imapd timeout"
• Next in thread: San Segkhoonthod: "Re: SSL/TLS"
• Reply: San Segkhoonthod: "Re: SSL/TLS"
• Reply: Jeff Bert: "RE: SSL/TLS"
• Reply: Jeff Bert: "RE: SSL/TLS"
• Maybe reply: Lee Hoffman: "RE: SSL/TLS"
• Maybe reply: Lee Hoffman: "RE: SSL/TLS"
• Maybe reply: Lee Hoffman: "RE: SSL/TLS"
• Maybe reply: Lee Hoffman: "RE: SSL/TLS"
• Maybe reply: Lee Hoffman: "RE: SSL/TLS"
• Maybe reply: Jeff Bert: "RE: SSL/TLS"
• Maybe reply: Jeff Bert: "RE: SSL/TLS"
• Maybe reply: Lee Hoffman: "RE: SSL/TLS"
• Maybe reply: Lee Hoffman: "RE: SSL/TLS"
• Maybe reply: Lee Hoffman: "RE: SSL/TLS"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hey all,
I'm trying to get SSL/TLS working on cyrus 2.0.16. I followed the
instructions to a "T" to create the certificate. I also compiled cyrus
-with-ssl=/usr/local/ssl (the latest version of openssl is installed,
and working with the sshd daemon). Anyway, cyrus (which is
authenticating off PAM/ldap) works fine. However, as soon as I try to
enable ssl from my email client, the client is unable to connect to the
server. I tried telneting into the box on port 993 and cyrus does
answer.

Here is the output from imtest:

Server-name:~# imtest -t "" -u lee server-name.com
C: C01 CAPABILITY
S: * OK server-name.com Cyrus IMAP4 v2.0.16 server ready
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ NAMESPACE UIDPLUS ID
NO_ATOMIC_RENAME UNSELECT MULTIAPPEND SORT THREAD=ORDEREDSUBJECT
THREAD=REFERENCES IDLE
S: C01 OK Completed
Password:
C: L01 LOGIN root {8}
+ go ahead
C: <omitted>
L01 NO Login failed: authentication failure
Authentication failed. generic failure
Security strength factor: 0

What really worries me is that STARTTLS is even listed in CAPABILITIES
(it should be shouldn't it?).

My cyrus.conf file:

# standard standalone server implementation

START {
  # do not delete these entries!
  mboxlist cmd="ctl_mboxlist -r"
  deliver cmd="ctl_deliver -r"

  # this is only necessary if using idled for IMAP IDLE
# idled cmd="idled"
}

# UNIX sockets start with a slash and are put into /var/imap/sockets
SERVICES {
  # add or remove based on preferences
  imap cmd="imapd" listen="imap" prefork=5
  imaps cmd="imapd -s" listen="imaps" prefork=1
# pop3 cmd="pop3d" listen="pop3" prefork=3
# pop3s cmd="pop3d -s" listen="pop3s" prefork=1
# sieve cmd="timsieved" listen="sieve" prefork=0

  # at least one LMTP is required for delivery
# lmtp cmd="lmtpd" listen="lmtp" prefork=0
  lmtpunix cmd="lmtpd" listen="/var/imap/socket/lmtp" prefork=1
}

EVENTS {
  # this is required
  checkpoint cmd="ctl_mboxlist -c" period=30

  # this is only necessary if using duplicate delivery suppression
  delprune cmd="ctl_deliver -E 3" period=1440
}

Any ideas?

Thanks,
Lee

• Next message: San Segkhoonthod: "Re: SSL/TLS"
• Previous message: Lawrence Greenfield: "Re: imapd timeout"
• Next in thread: San Segkhoonthod: "Re: SSL/TLS"
• Reply: San Segkhoonthod: "Re: SSL/TLS"
• Reply: Jeff Bert: "RE: SSL/TLS"
• Reply: Jeff Bert: "RE: SSL/TLS"
• Maybe reply: Lee Hoffman: "RE: SSL/TLS"
• Maybe reply: Lee Hoffman: "RE: SSL/TLS"
• Maybe reply: Lee Hoffman: "RE: SSL/TLS"
• Maybe reply: Lee Hoffman: "RE: SSL/TLS"
• Maybe reply: Lee Hoffman: "RE: SSL/TLS"
• Maybe reply: Jeff Bert: "RE: SSL/TLS"
• Maybe reply: Jeff Bert: "RE: SSL/TLS"
• Maybe reply: Lee Hoffman: "RE: SSL/TLS"
• Maybe reply: Lee Hoffman: "RE: SSL/TLS"
• Maybe reply: Lee Hoffman: "RE: SSL/TLS"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]