Hi All,
Thank you for the suggestions. I'd love to get this working without the
extra dependency of stunnel. Following on Patricks suggestion I modified
imapd.conf
defaultpartition: imap1
configdirectory: /var/imap
partition-imap1: /var/spool/imap1
admins: cyrus support
srvtab: /var/imap/srvtab
quotawarn: 85
popminpoll: 0
autocreatequota: 30000
sasl_pwcheck_method: saslauthd
lmtp_over_quota_perm_failure: 1
allowusermoves: yes
proxy_authname: cyrus
proxy_password: password
tls_cert_file: /local/imap/server1.sub1.domain.com.pem (on the dest host
this is set to server2.sub2.domain.com.pem)
tls_key_file: /local/imap/server1.sub1.domain.com.pem (changed like above.)
I log into imtest:
/opt/mail/cyrus-imapd/bin/imtest -t "" -p imap -u cyrus -a cyrus -m plain
Run
C: XFER user.vbperry server2.sub2.domain.com
and get
C: NO Server(s) unavailable to complete operation
Am I using the right auth mode? should the imtest connect or xfer command be
formatted differently? I looking in the archives and could not locate the
thread you mentioned, was that on list?
Thanks for the help.
perry
Ken, Richard Gilbert and I had a discusion about this last week (which I'll
try to summarize).
Here is an alternative to the stunnel stuff.
1. Use imtest to issue XFER command (c: XFER user.phr2101test bacon)
you may need to
2. Remove 'force_sasl_client_mech: plain login' from the file. This line
will prevent plain+tls from happening correctly between backends when
issuing XFER from imtest (my understanding is that the mech list is checked
prior to the STARTTLS, and since PLAIN isn't advertised until afterwards,
Cyrus thinks the mechanism isn't available. Removing this option prevents
the mech list from being checked.. or something).
-PAtrick
On Mon, 1 May 2006, Perry Brown wrote:
From a thread last month some fine folks on this listed suggested I set
up
tls for plain so that I could do an xfer of mailboxes from one host to
another.
I got that set up and I am able to do an imtest from one host to the other
one and it gets authenticated with plain+tls.
My problem now happens when going back to cyradm to do the xfer. When I
log into the source host I'm authenticated with plain and when I run the
xfer command it tries to connnect to the destination server as plain.
How can I force cyradm to connect with plain+tls? Or possibly some work
around using Cyrus::IMAP::Shell
I looked at just about every news group and website and a couple of them
mentioned it's not possible to force tls in cyradm but the date on those
sites where from a few years ago and my hope is something has changed in
the interum.
Here is imapd.conf:
defaultpartition: imap1
configdirectory: /var/imap
partition-imap1: /var/spool/imap1
admins: cyrus support
srvtab: /var/imap/srvtab
quotawarn: 85
popminpoll: 0
autocreatequota: 30000
sasl_pwcheck_method: saslauthd
lmtp_over_quota_perm_failure: 1
allowusermoves: yes
proxy_authname: cyrus
proxy_password: password
force_sasl_client_mech: plain login
tls_cert_file: /local/imap/server1.sub1.domain.com.pem
tls_key_file: /local/imap/server1.sub1.domain.com.pem
Thank you
Perry
----
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
----
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
