>>>> Hello,
>>>>
>>>> I want to desactivate completely imap service to keep only imaps.
>>>> But I can't manage to connect to my server with cyradm.
>>>> (Everything is working fine if I keep regulat imap service)
>>>>
>>>> I tried this (thanx to Simon Matter) but it doesn't work for me :
>>>> cyradm --auth login --tls -u cyrus@xxxxxxxxxxxx localhost
>>>> cyradm --auth login --tls --port 931 -u cyrus@xxxxxxxxxxxx localhost
>>>
>>> Port should be 993 I guess?
>>>
>>
>> Of course, my mistake (but already tried with the good value)
>> -bash-3.1$ cyradm --auth login --port 993 -u cyrus@xxxxxxxxxxxx localhost
>> IMAP Password:
>> -bash-3.1$
>> -> Exits witthout doing anything (no core either)
>
> And what shows up in /var/log/maillog ?
>
> Simon
Apr 13 16:08:30 atlantis imaps[5908]: accepted connection
Apr 13 16:08:30 atlantis master[7389]: about to exec
/usr/lib/cyrus-imapd/imapd
Apr 13 16:08:30 atlantis imaps[7389]: executed
Apr 13 16:08:30 atlantis imaps[5908]: imaps TLS negotiation failed:
localhost.localdomain [127.0.0.1]
Apr 13 16:08:30 atlantis imaps[5908]: Fatal error: tls_start_servertls()
failed
Apr 13 16:08:30 atlantis master[3454]: process 5908 exited, status 75
Apr 13 16:08:30 atlantis master[3454]: service imaps pid 5908 in BUSY state:
terminated abnormally
In fact, I don't use and don't want to use TLS, but IMAP over SSL.
(TLS is through imap service n port 143, right ? I don't want to have
anything listening on this port)
I'm sot sure cyradm supports this natively, maybe I should launch it through
a SSH tunnel ?
>
>>
>> -bash-3.1$ cyradm --tls --auth login --port 993 -u cyrus@xxxxxxxxxxxx
>> localhost
>> TLS disabled.
>> cyradm: cannot authenticate to server with login as cyrus@xxxxxxxxxxxx
>> -bash-3.1$
>>
>>
>>>>
>>>> same result each time :
>>>> cyradm: cannot connect to server
>>>
>>> 1) Does server listen on localhost? Check with netstat.
>>> 2) Any firewall rule, SELinux?
>>>
>>> Simon
>>>
>> 1)
>> [root@atlantis ~]# netstat -a
>> Active Internet connections (servers and established)
>> Proto Recv-Q Send-Q Local Address Foreign Address
>> State
>> tcp 0 0 *:imaps *:*
>> LISTEN
>> [...]
>>
>> 2)
>> Selinux : no :
>>
>> selinuxenabled(1) SELinux Command Line documentation
>> selinuxenabled(1)
>>
>> NAME
>> selinuxenabled - tool to be used within shell scripts to determine
>> if
>> selinux is enabled
>>
>> SYNOPSIS
>> selinuxenabled
>>
>> DESCRIPTION
>> selinuxenabled Indicates whether SELinux is enabled or disabled.
>> It
>> exits with status 0 if SELinux is enabled and 1 if it is not enabled.
>>
>> [root@atlantis ~]# selinuxenabled ; echo $?
>> 1
>> -> Disabled
>>
>> Iptables : should be OK (I can connect remotely through imaps to access
>> my
>> mailboxes) :
>> [root@atlantis ~]# iptables -L
>> Chain INPUT (policy ACCEPT)
>> target prot opt source destination
>> RH-Firewall-1-INPUT all -- anywhere anywhere
>>
>> Chain FORWARD (policy ACCEPT)
>> target prot opt source destination
>> RH-Firewall-1-INPUT all -- anywhere anywhere
>>
>> Chain OUTPUT (policy ACCEPT)
>> target prot opt source destination
>>
>> Chain RH-Firewall-1-INPUT (2 references)
>> target prot opt source destination
>> ACCEPT all -- anywhere anywhere
>> ACCEPT icmp -- anywhere anywhere icmp any
>> ACCEPT all -- anywhere anywhere state
>> RELATED,ESTABLISHED
>> ACCEPT tcp -- anywhere anywhere state NEW
>> tcp
>> dpt:ssh
>> ACCEPT tcp -- anywhere anywhere state NEW
>> tcp
>> dpt:imaps
>> ACCEPT tcp -- anywhere anywhere state NEW
>> tcp
>> dpt:smtp
>> REJECT all -- anywhere anywhere reject-with
>> icmp-host-prohibited
>>
>>
>>>>
>>>> My configuration is (running Cyrus imapd 2.3.7) :
>>>> [root@atlantis ~]# more /etc/cyrus.conf
>>>> # standard standalone server implementation
>>>>
>>>> START {
>>>> # do not delete this entry!
>>>> recover cmd="ctl_cyrusdb -r"
>>>>
>>>> # this is only necessary if using idled for IMAP IDLE
>>>> idled cmd="idled"
>>>> }
>>>>
>>>> # UNIX sockets start with a slash and are put into
>>>> /var/lib/imap/sockets
>>>> SERVICES {
>>>> # add or remove based on preferences
>>>> # imap cmd="imapd" listen="localhost:imap" prefork=0
>>>> imaps cmd="imapd -s" listen="imaps" prefork=5
>>>> # pop3 cmd="pop3d" listen="pop3" prefork=3
>>>> # pop3s cmd="pop3d -s" listen="pop3s" prefork=1
>>>> sieve cmd="timsieved" listen="sieve" prefork=0
>>>>
>>>> # these are only necessary if receiving/exporting usenet via NNTP
>>>> # nntp cmd="nntpd" listen="nntp" prefork=3
>>>> # nntps cmd="nntpd -s" listen="nntps" prefork=1
>>>>
>>>> # at least one LMTP is required for delivery
>>>> # lmtp cmd="lmtpd" listen="localhost:lmtp" prefork=0
>>>> lmtpunix cmd="lmtpd" listen="/var/lib/imap/socket/lmtp"
>>>> prefork=1
>>>>
>>>> # this is only necessary if using notifications
>>>> # notify cmd="notifyd" listen="/var/lib/imap/socket/notify"
>>>> proto="udp" prefork=1
>>>> }
>>>>
>>>> EVENTS {
>>>> # this is required
>>>> checkpoint cmd="ctl_cyrusdb -c" period=30
>>>>
>>>> # this is only necessary if using duplicate delivery suppression,
>>>> # Sieve or NNTP
>>>> delprune cmd="cyr_expire -E 3" at=0400
>>>>
>>>> # this is only necessary if caching TLS sessions
>>>> tlsprune cmd="tls_prune" at=0400
>>>> }
>>>>
>>>> [root@atlantis ~]# more /etc/imapd.conf
>>>> configdirectory: /var/lib/imap
>>>> partition-default: /var/spool/imap
>>>> admins: cyrus@xxxxxxxxxxxx cyrus@xxxxxxxxxxxx
>>>> sievedir: /var/lib/imap/sieve
>>>> sendmail: /usr/sbin/sendmail
>>>> hashimapspool: true
>>>> sasl_pwcheck_method: auxprop
>>>> sasl_mech_list: PLAIN
>>>> tls_cert_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem
>>>> tls_key_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem
>>>> tls_ca_file: /etc/pki/tls/certs/ca-bundle.crt
>>>> virtdomains: yes
>>>>
>>>> Thanx for any help
>>>> ----
>>>> Cyrus Home Page: http://cyrusimap.web.cmu.edu/
>>>> Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
>>>> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
>>>
>>>
>>>
>>
>
>
>
----
Cyrus Home Page: http://cyrusimap.web.cmu.edu/
Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
