Re: how to use cyradm with imaps ?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



>>>> Hello,
>>>>
>>>> I want to desactivate completely imap service to keep only imaps.
>>>> But I can't manage to connect to my server with cyradm.
>>>> (Everything is working fine if I keep regulat imap service)
>>>>
>>>> I tried this (thanx to Simon Matter) but it doesn't work for me :
>>>> cyradm --auth login --tls -u cyrus@xxxxxxxxxxxx localhost
>>>> cyradm --auth login --tls --port 931 -u cyrus@xxxxxxxxxxxx localhost
>>>
>>> Port should be 993 I guess?
>>>
>>
>> Of course, my mistake (but already tried with the good value)
>> -bash-3.1$ cyradm --auth login --port 993 -u cyrus@xxxxxxxxxxxx localhost
>> IMAP Password:
>>               -bash-3.1$
>> -> Exits witthout doing anything (no core either)
>
> And what shows up in /var/log/maillog ?
>
> Simon

Apr 13 16:08:30 atlantis imaps[5908]: accepted connection
Apr 13 16:08:30 atlantis master[7389]: about to exec 
/usr/lib/cyrus-imapd/imapd
Apr 13 16:08:30 atlantis imaps[7389]: executed
Apr 13 16:08:30 atlantis imaps[5908]: imaps TLS negotiation failed: 
localhost.localdomain [127.0.0.1]
Apr 13 16:08:30 atlantis imaps[5908]: Fatal error: tls_start_servertls() 
failed
Apr 13 16:08:30 atlantis master[3454]: process 5908 exited, status 75
Apr 13 16:08:30 atlantis master[3454]: service imaps pid 5908 in BUSY state: 
terminated abnormally

In fact, I don't use and don't want to use TLS, but IMAP over SSL.
(TLS is through imap service n port 143, right ? I don't want to have 
anything listening on this port)
I'm sot sure cyradm supports this natively, maybe I should launch it through 
a SSH tunnel ?

>
>>
>> -bash-3.1$ cyradm --tls --auth login --port 993 -u cyrus@xxxxxxxxxxxx
>> localhost
>> TLS disabled.
>> cyradm: cannot authenticate to server with login as cyrus@xxxxxxxxxxxx
>> -bash-3.1$
>>
>>
>>>>
>>>> same result each time :
>>>> cyradm: cannot connect to server
>>>
>>> 1) Does server listen on localhost? Check with netstat.
>>> 2) Any firewall rule, SELinux?
>>>
>>> Simon
>>>
>> 1)
>> [root@atlantis ~]# netstat -a
>> Active Internet connections (servers and established)
>> Proto Recv-Q Send-Q Local Address               Foreign Address
>> State
>> tcp        0      0 *:imaps                     *:*
>> LISTEN
>> [...]
>>
>> 2)
>> Selinux : no :
>>
>> selinuxenabled(1)     SELinux Command Line documentation
>> selinuxenabled(1)
>>
>> NAME
>>        selinuxenabled - tool to be used within shell scripts to determine
>> if
>> selinux is enabled
>>
>> SYNOPSIS
>>        selinuxenabled
>>
>> DESCRIPTION
>>        selinuxenabled Indicates whether SELinux is enabled or disabled. 
>> It
>> exits with status 0 if SELinux is enabled and 1 if it is not enabled.
>>
>> [root@atlantis ~]# selinuxenabled ; echo $?
>> 1
>> -> Disabled
>>
>> Iptables : should be OK (I can connect remotely through imaps to access 
>> my
>> mailboxes) :
>> [root@atlantis ~]# iptables -L
>> Chain INPUT (policy ACCEPT)
>> target     prot opt source               destination
>> RH-Firewall-1-INPUT  all  --  anywhere             anywhere
>>
>> Chain FORWARD (policy ACCEPT)
>> target     prot opt source               destination
>> RH-Firewall-1-INPUT  all  --  anywhere             anywhere
>>
>> Chain OUTPUT (policy ACCEPT)
>> target     prot opt source               destination
>>
>> Chain RH-Firewall-1-INPUT (2 references)
>> target     prot opt source               destination
>> ACCEPT     all  --  anywhere             anywhere
>> ACCEPT     icmp --  anywhere             anywhere            icmp any
>> ACCEPT     all  --  anywhere             anywhere            state
>> RELATED,ESTABLISHED
>> ACCEPT     tcp  --  anywhere             anywhere            state NEW 
>> tcp
>> dpt:ssh
>> ACCEPT     tcp  --  anywhere             anywhere            state NEW 
>> tcp
>> dpt:imaps
>> ACCEPT     tcp  --  anywhere             anywhere            state NEW 
>> tcp
>> dpt:smtp
>> REJECT     all  --  anywhere             anywhere            reject-with
>> icmp-host-prohibited
>>
>>
>>>>
>>>> My configuration is (running Cyrus imapd 2.3.7) :
>>>> [root@atlantis ~]# more /etc/cyrus.conf
>>>> # standard standalone server implementation
>>>>
>>>> START {
>>>>   # do not delete this entry!
>>>>   recover       cmd="ctl_cyrusdb -r"
>>>>
>>>>   # this is only necessary if using idled for IMAP IDLE
>>>>   idled         cmd="idled"
>>>> }
>>>>
>>>> # UNIX sockets start with a slash and are put into
>>>> /var/lib/imap/sockets
>>>> SERVICES {
>>>>   # add or remove based on preferences
>>>> #  imap         cmd="imapd" listen="localhost:imap" prefork=0
>>>>   imaps         cmd="imapd -s" listen="imaps" prefork=5
>>>> #  pop3         cmd="pop3d" listen="pop3" prefork=3
>>>> #  pop3s                cmd="pop3d -s" listen="pop3s" prefork=1
>>>>   sieve         cmd="timsieved" listen="sieve" prefork=0
>>>>
>>>>   # these are only necessary if receiving/exporting usenet via NNTP
>>>> #  nntp         cmd="nntpd" listen="nntp" prefork=3
>>>> #  nntps                cmd="nntpd -s" listen="nntps" prefork=1
>>>>
>>>>   # at least one LMTP is required for delivery
>>>> #  lmtp         cmd="lmtpd" listen="localhost:lmtp" prefork=0
>>>>   lmtpunix      cmd="lmtpd" listen="/var/lib/imap/socket/lmtp"
>>>> prefork=1
>>>>
>>>>   # this is only necessary if using notifications
>>>> #  notify       cmd="notifyd" listen="/var/lib/imap/socket/notify"
>>>> proto="udp" prefork=1
>>>> }
>>>>
>>>> EVENTS {
>>>>   # this is required
>>>>   checkpoint    cmd="ctl_cyrusdb -c" period=30
>>>>
>>>>   # this is only necessary if using duplicate delivery suppression,
>>>>   # Sieve or NNTP
>>>>   delprune      cmd="cyr_expire -E 3" at=0400
>>>>
>>>>   # this is only necessary if caching TLS sessions
>>>>   tlsprune      cmd="tls_prune" at=0400
>>>> }
>>>>
>>>> [root@atlantis ~]# more /etc/imapd.conf
>>>> configdirectory: /var/lib/imap
>>>> partition-default: /var/spool/imap
>>>> admins: cyrus@xxxxxxxxxxxx cyrus@xxxxxxxxxxxx
>>>> sievedir: /var/lib/imap/sieve
>>>> sendmail: /usr/sbin/sendmail
>>>> hashimapspool: true
>>>> sasl_pwcheck_method: auxprop
>>>> sasl_mech_list: PLAIN
>>>> tls_cert_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem
>>>> tls_key_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem
>>>> tls_ca_file: /etc/pki/tls/certs/ca-bundle.crt
>>>> virtdomains: yes
>>>>
>>>> Thanx for any help
>>>> ----
>>>> Cyrus Home Page: http://cyrusimap.web.cmu.edu/
>>>> Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
>>>> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
>>>
>>>
>>>
>>
>
>
> 


----
Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

[Index of Archives]     [Cyrus SASL]     [Squirrel Mail]     [Asterisk PBX]     [Video For Linux]     [Photo]     [Yosemite News]     [gtk]     [KDE]     [Gimp on Windows]     [Steve's Art]

  Powered by Linux