Re: Cyrus + TLS problem

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi Jools,

hmmm...

tls_ca_file:  /var/lib/imap/server.pem
tls_cert_file:  /var/lib/imap/server.pem
tls_key_file:  /var/lib/imap/server.pem
you have everything (CA-cert, server cert and server key) in one file. It could easily be that that is fine for cyrus but it might be an easy test to split its content up into 3 individual files an check if your problems are gone. 

Best regards
Roland


Julian Pilfold-Bagwell wrote:

Hi All,
I'm configuring a mail server using Postfix and Cyrus-Imap on Mandriva 2007 spring and am having a hell of a time getting it to run in imaps secure mode although it works fine in unsecure imap mode.
I've generated certificates for the Cyrus imap installation and have copied them into a folder in /var. su'ing to user Cyrus allows me to cat the certificates in their directory so I know it's not permissions thing but whenever I try to log in from a remote machine I get the following in /var/log/mail/info : 

Aug 19 10:45:18 webhost cyrus-master[11589]: process 11596 exited, status 0
Aug 19 10:45:18 webhost cyrus-master[11606]: about to exec /usr/lib/cyrus-imapd/imapd 
Aug 19 10:45:18 webhost imap[11606]: executed
Aug 19 10:45:18 webhost cyrus-master[11607]: about to exec /usr/lib/cyrus-imapd/pop3d 
Aug 19 10:45:18 webhost pop3[11607]: executed
Aug 19 10:45:18 webhost cyrus-master[11608]: about to exec /usr/lib/cyrus-imapd/imapd Aug 19 10:45:18 webhost cyrus-master[11609]: about to exec /usr/lib/cyrus-imapd/pop3d 
Aug 19 10:45:18 webhost imap[11608]: executed
Aug 19 10:45:18 webhost pop3[11609]: executed
Aug 19 10:45:20 webhost cyrus-master[11610]: about to exec /usr/lib/cyrus-imapd/imapd 
Aug 19 10:45:20 webhost imap[11610]: executed
Aug 19 10:45:20 webhost cyrus-master[11611]: about to exec /usr/lib/cyrus-imapd/imapd Aug 19 10:45:20 webhost cyrus-master[11612]: about to exec /usr/lib/cyrus-imapd/imapd 
Aug 19 10:45:20 webhost imap[11611]: executed
Aug 19 10:45:20 webhost imap[11612]: executed
Aug 19 10:45:20 webhost cyrus-master[11613]: about to exec /usr/lib/cyrus-imapd/pop3d 
Aug 19 10:45:20 webhost pop3[11613]: executed
Aug 19 10:45:20 webhost cyrus-master[11614]: about to exec /usr/lib/cyrus-imapd/imapd 
Aug 19 10:45:20 webhost imap[11614]: executed
Aug 19 10:45:20 webhost cyrus-master[11615]: about to exec /usr/lib/cyrus-imapd/imapd Aug 19 10:45:20 webhost cyrus-master[11616]: about to exec /usr/lib/cyrus-imapd/imapd 
Aug 19 10:45:20 webhost imap[11616]: executed
Aug 19 10:45:20 webhost cyrus-master[11617]: about to exec /usr/lib/cyrus-imapd/pop3d 
Aug 19 10:45:20 webhost pop3[11617]: executed
Aug 19 10:45:20 webhost imap[11615]: executed
Aug 19 10:45:46 webhost imap[11602]: accepted connection
Aug 19 10:45:46 webhost cyrus-master[11618]: about to exec /usr/lib/cyrus-imapd/imapd 
Aug 19 10:45:46 webhost imap[11618]: executed
Aug 19 10:46:06 webhost imaps[11603]: accepted connection
Aug 19 10:46:06 webhost cyrus-master[11628]: about to exec /usr/lib/cyrus-imapd/imapd 
Aug 19 10:46:06 webhost imaps[11628]: executed
Aug 19 10:47:03 webhost cyrus-master[11589]: process 11602 exited, status 0
Aug 19 10:47:46 webhost imaps[11603]: imaps TLS negotiation failed: [172.20.0.212] 
Aug 19 10:47:46 webhost cyrus-master[11589]: process 11603 exited, status 75
Aug 19 10:47:46 webhost cyrus-master[11589]: service imaps pid 11603 in BUSY state: terminated abnormally
It sounds like it's hanging on trying to load the SSL cert but I can't see any reason why it wouldn't be able to if I can cat the cert file as user cyrus. 

imap conf file as follows:

configdirectory: /var/lib/imap
partition-default: /var/spool/imap
admins: cyrus
allowanonymouslogin: no
sieveusehomedir: no
sievedir: /var/lib/imap/sieve
sendmail: /usr/sbin/sendmail
hashimapspool: true
sasl_pwcheck_method: saslauthd
sasl_mech_list: PLAIN
tls_ca_file:  /var/lib/imap/server.pem
tls_cert_file:  /var/lib/imap/server.pem
tls_key_file:  /var/lib/imap/server.pem



Any help gratefully appreciated.

Cheers,

Jools

----
Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

----
Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
[Index of Archives]     [Cyrus SASL]     [Squirrel Mail]     [Asterisk PBX]     [Video For Linux]     [Photo]     [Yosemite News]     [gtk]     [KDE]     [Gimp on Windows]     [Steve's Art]

  Powered by Linux