Re: STARTTLS available?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Marten Lehmann wrote:

Hello,
Good, now show us your imapd.conf and any tls errors that appear in your log. 

configdirectory: /cyrus/config
partition-default: /cyrus/spool
admins: cyrus
sievedir: /cyrus/config/sieve
sendmail: /usr/sbin/sendmail

altnamespace: true
hashimapspool: true
unixhierarchysep: true
virtdomains: userid
allowusermoves: true

sasl_pwcheck_method: getpwent auxprop saslauthd
sasl_mech_list: PLAIN

servername: test
imaps_tls_cert_file: /cyrus/certs/imap.crt
imaps_tls_key_file: /cyrus/certs/imap.key
pop3s_tls_cert_file: /cyrus/certs/pop3.crt
pop3s_tls_key_file: /cyrus/certs/pop3.key

lmtp_over_quota_perm_failure: true
munge8bit: true
username_tolower: true
You have not configured tls_cert_file or tls_key_file, only TLS for the imaps (normally port 993) and pop3s (normally port 995) services.
There are no tls errors as TLS is working fine. Remember: pop3s is running with ssl on port 995 all the time, same with imaps on port 993. Whereas pop3 on port 110 and imap on port 143 are usually not encrypted. But with STARTTLS you can encrypt the session while still connecting to port 110/143, while you usually have to connect to the special ports to get encrypted connections. However, the server must show that he supports STARTTLS by mentioning it on the CAPABILITIES list, otherwise clients aren't trying to use it.
Configure tls_cert_file and tls_key_file, which will be shared by imap, imaps, pop3, and pop3s by default. Unless you have a compelling reason for offering different certificates, delete your (imaps|pop3s)_tls_* entries from imapd.conf. When you enable these services in cyrus.conf, they will use the key/cert specified in tls_(key|cert)_file, unless overridden with the prefix of the service name used in cyrus.conf, as you have done.
Remember, imaps and pop3s (started with -s) do not use or offer STARTTLS, and configuration settings applied to them will have no effect on the standard imap or pop3 services. 



----
Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
[Index of Archives]     [Cyrus SASL]     [Squirrel Mail]     [Asterisk PBX]     [Video For Linux]     [Photo]     [Yosemite News]     [gtk]     [KDE]     [Gimp on Windows]     [Steve's Art]

  Powered by Linux