From: Perry Brown (no email)
Date: Tue May 02 2006 - 15:24:22 EDT
Hi All,
Thank you for the suggestions. I'd love to get this working without the
extra dependency of stunnel. Following on Patricks suggestion I modified
imapd.conf
defaultpartition: imap1
configdirectory: /var/imap
partition-imap1: /var/spool/imap1
admins: cyrus support
srvtab: /var/imap/srvtab
quotawarn: 85
popminpoll: 0
autocreatequota: 30000
sasl_pwcheck_method: saslauthd
lmtp_over_quota_perm_failure: 1
allowusermoves: yes
proxy_authname: cyrus
proxy_password: password
tls_cert_file: /local/imap/server1.sub1.domain.com.pem (on the dest host
this is set to server2.sub2.domain.com.pem)
tls_key_file: /local/imap/server1.sub1.domain.com.pem (changed like above.)
I log into imtest:
/opt/mail/cyrus-imapd/bin/imtest -t "" -p imap -u cyrus -a cyrus -m plain
Run
C: XFER user.vbperry server2.sub2.domain.com
and get
C: NO Server(s) unavailable to complete operation
Am I using the right auth mode? should the imtest connect or xfer command be
formatted differently? I looking in the archives and could not locate the
thread you mentioned, was that on list?
Thanks for the help.
perry
>
>Ken, Richard Gilbert and I had a discusion about this last week (which I'll
>try to summarize).
>
>Here is an alternative to the stunnel stuff.
>
>1. Use imtest to issue XFER command (c: XFER user.phr2101test bacon)
>you may need to
>2. Remove 'force_sasl_client_mech: plain login' from the file. This line
>will prevent plain+tls from happening correctly between backends when
>issuing XFER from imtest (my understanding is that the mech list is checked
>prior to the STARTTLS, and since PLAIN isn't advertised until afterwards,
>Cyrus thinks the mechanism isn't available. Removing this option prevents
>the mech list from being checked.. or something).
>
>-PAtrick
>
>
>
>On Mon, 1 May 2006, Perry Brown wrote:
>
>>>From a thread last month some fine folks on this listed suggested I set
>>>up
>>tls for plain so that I could do an xfer of mailboxes from one host to
>>another.
>>
>>I got that set up and I am able to do an imtest from one host to the other
>>one and it gets authenticated with plain+tls.
>>
>>My problem now happens when going back to cyradm to do the xfer. When I
>>log into the source host I'm authenticated with plain and when I run the
>>xfer command it tries to connnect to the destination server as plain.
>>
>>How can I force cyradm to connect with plain+tls? Or possibly some work
>>around using Cyrus::IMAP::Shell
>>
>>I looked at just about every news group and website and a couple of them
>>mentioned it's not possible to force tls in cyradm but the date on those
>>sites where from a few years ago and my hope is something has changed in
>>the interum.
>>
>>Here is imapd.conf:
>>defaultpartition: imap1
>>configdirectory: /var/imap
>>partition-imap1: /var/spool/imap1
>>admins: cyrus support
>>srvtab: /var/imap/srvtab
>>quotawarn: 85
>>popminpoll: 0
>>autocreatequota: 30000
>>sasl_pwcheck_method: saslauthd
>>lmtp_over_quota_perm_failure: 1
>>allowusermoves: yes
>>proxy_authname: cyrus
>>proxy_password: password
>>force_sasl_client_mech: plain login
>>tls_cert_file: /local/imap/server1.sub1.domain.com.pem
>>tls_key_file: /local/imap/server1.sub1.domain.com.pem
>>
>>Thank you
>>Perry
>>
>>
>>----
>>Cyrus Home Page: http://asg.web.cmu.edu/cyrus
>>Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
>>List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
>>
---- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
|
|
|