From tomilepp at sun3.oulu.fi Fri Feb 15 03:21:54 2008 From: tomilepp at sun3.oulu.fi (Tomi Leppikangas) Date: Fri, 15 Feb 2008 10:21:54 +0200 Subject: [imapproxy-info] imapproxy.org site unavailable? Message-ID: <20080215082154.GK16939@sun3.oulu.fi> http://www.imapproxy.org/ gives me "404 Not Found", is it just me, or is site unavailable for others too? Is there mirror for downloading up-imapproxy-1.2.6 sources? -- ## tomilepp cc oulu fi ## ## http://www.student.oulu.fi/~tomilepp/ ## From Ralf.Hildebrandt at charite.de Fri Feb 15 03:51:36 2008 From: Ralf.Hildebrandt at charite.de (Ralf Hildebrandt) Date: Fri, 15 Feb 2008 09:51:36 +0100 Subject: [imapproxy-info] imapproxy.org site unavailable? In-Reply-To: <20080215082154.GK16939@sun3.oulu.fi> References: <20080215082154.GK16939@sun3.oulu.fi> Message-ID: <20080215085136.GE12588@charite.de> * Tomi Leppikangas : > http://www.imapproxy.org/ gives me "404 Not Found", > is it just me, or is site unavailable for others too? Jep. -- Ralf Hildebrandt (i.A. des IT-Zentrums) Ralf.Hildebrandt at charite.de Charite - Universit?tsmedizin Berlin Tel. +49 (0)30-450 570-155 Gemeinsame Einrichtung von FU- und HU-Berlin Fax. +49 (0)30-450 570-962 IT-Zentrum Standort CBF send no mail to snickebo at charite.de From dave64 at andrew.cmu.edu Fri Feb 15 07:17:12 2008 From: dave64 at andrew.cmu.edu (Dave McMurtrie) Date: Fri, 15 Feb 2008 07:17:12 -0500 Subject: [imapproxy-info] imapproxy.org site unavailable? In-Reply-To: <20080215082154.GK16939@sun3.oulu.fi> References: <20080215082154.GK16939@sun3.oulu.fi> Message-ID: <47B582C8.6010008@andrew.cmu.edu> Tomi Leppikangas wrote: > http://www.imapproxy.org/ gives me "404 Not Found", > is it just me, or is site unavailable for others too? > > Is there mirror for downloading up-imapproxy-1.2.6 sources? > > Sorry for this inconvenience. I have notified Ray about the imapproxy.org site, so it will hopefully be back up soon. I currently do not have any mirror set up for downloads, but it's something to consider. Thanks, Dave From jimmi at libero.it Sun Feb 17 10:14:35 2008 From: jimmi at libero.it (Jimmi) Date: Sun, 17 Feb 2008 16:14:35 +0100 (CET) Subject: [imapproxy-info] Cannot login through imapproxy Message-ID: <62909.88.149.224.180.1203261275.squirrel@posta.7girello.net> Hi, on my home server, running with Debian Etch, I have uw-imapd serving my mail boxes through squirrelmail using an SSL connection. I wanted to follow the recommendation of squirrelmail documentation, therefore I installed imapproxy from Debian repositories and set it to use the port 143 to connect to the server and port 144 for squirrelmail connections, and I also followed the README.ssl to generate the keys. When I try to authenticate I receive an error and in the log I find the following: IMAP_Line_Read(): Protocol error. Line terminated by LF, not CRLF Is it a bug or what? Searching in Google doesn't give much results: one post in this ML without replies and a little more, therefore I really don't know where to look for start debugging. Thanks in advance -- Jimmi From dave64 at andrew.cmu.edu Sun Feb 17 19:25:01 2008 From: dave64 at andrew.cmu.edu (Dave McMurtrie) Date: Sun, 17 Feb 2008 19:25:01 -0500 Subject: [imapproxy-info] Cannot login through imapproxy In-Reply-To: <62909.88.149.224.180.1203261275.squirrel@posta.7girello.net> References: <62909.88.149.224.180.1203261275.squirrel@posta.7girello.net> Message-ID: <47B8D05D.2030202@andrew.cmu.edu> Jimmi wrote: > Hi, > > on my home server, running with Debian Etch, I have uw-imapd serving my > mail boxes through squirrelmail using an SSL connection. I wanted to > follow the recommendation of squirrelmail documentation, therefore I > installed imapproxy from Debian repositories and set it to use the port > 143 to connect to the server and port 144 for squirrelmail connections, > and I also followed the README.ssl to generate the keys. > > When I try to authenticate I receive an error and in the log I find the > following: > IMAP_Line_Read(): Protocol error. Line terminated by LF, not CRLF > > Is it a bug or what? Searching in Google doesn't give much results: one > post in this ML without replies and a little more, therefore I really > don't know where to look for start debugging. > It sounds like it must be a bug. Does authentication work for any accounts? Can you use ethereal to grab exactly what squirrelmail is sending to imapproxy? I'd guess that either squirrelmail, in some circumstance, is sending a command that's terminated by a linefeed, not a carriage-return and linefeed, or there could be a bug in imapproxy's buffer shifting code that's leaving a rogue linefeed in its read buffer. Ethereal should allow you to prove or rule out whether it's the former. Thanks, Dave From jimmi at libero.it Mon Feb 18 07:20:16 2008 From: jimmi at libero.it (Jimmi) Date: Mon, 18 Feb 2008 13:20:16 +0100 (CET) Subject: [imapproxy-info] Cannot login through imapproxy In-Reply-To: <62909.88.149.224.180.1203261276.squirrel@posta.7girello.net> References: <62909.88.149.224.180.1203261276.squirrel@posta.7girello.net> Message-ID: <43079.82.115.163.144.1203337216.squirrel@posta.7girello.net> Dave, I don't have a graphic interface on my server, I only access it via ssh, therefore I wanted to use tcpdump but after several attempts I still cannot get a useful output. The better I could achieve is 'tcpdump -i lo -t -q -A' but still the output looks unreadable for me. Do you have any clue how to use it? Thanks -- Jimmi From jimmi at libero.it Tue Feb 19 00:45:02 2008 From: jimmi at libero.it (Jimmi) Date: Tue, 19 Feb 2008 06:45:02 +0100 (CET) Subject: [imapproxy-info] Cannot login through imapproxy In-Reply-To: <43079.82.115.163.144.1203337216.squirrel@posta.7girello.net> References: <62909.88.149.224.180.1203261276.squirrel@posta.7girello.net> <43079.82.115.163.144.1203337216.squirrel@posta.7girello.net> Message-ID: <63339.88.149.224.180.1203399902.squirrel@posta.7girello.net> Tshark did the job :) Now when I login without imapproxy on the local interface I get: TCP 46390 > imaps [SYN] Seq=0 Len=0 MSS=16396 TSV=115538782 TSER=0 WS=6 TCP imaps > 46390 [SYN, ACK] Seq=0 Ack=1 Win=32768 Len=0 MSS=16396 TSV=115538782 TSER=115538782 WS=6 TCP 46390 > imaps [ACK] Seq=1 Ack=1 Win=32832 Len=0 TSV=115538782 TSER=115538782 SSL Client Hello TCP imaps > 46390 [ACK] Seq=1 Ack=88 Win=32768 Len=0 TSV=115538784 TSER=115538784 TLSv1 Server Hello, Certificate, Server Hello Done ... If I put on imapproxy the traffic is like this: TCP 40654 > 144 [SYN] Seq=0 Len=0 MSS=16396 TSV=115672251 TSER=0 WS=6 TCP 144 > 40654 [SYN, ACK] Seq=0 Ack=1 Win=32768 Len=0 MSS=16396 TSV=115672251 TSER=115672251 WS=6 TCP 40654 > 144 [ACK] Seq=1 Ack=1 Win=32832 Len=0 TSV=115672251 TSER=115672251 TCP 40654 > 144 [PSH, ACK] Seq=1 Ack=1 Win=32832 [TCP CHECKSUM INCORRECT] Len=87 TSV=115672251 TSER=115672251 TCP 144 > 40654 [ACK] Seq=1 Ack=88 Win=32768 Len=0 TSV=115672251 TSER=115672251 TCP 144 > 40654 [PSH, ACK] Seq=1 Ack=88 Win=32768 [TCP CHECKSUM INCORRECT] Len=111 TSV=115672251 TSER=115672251 TCP 40654 > 144 [ACK] Seq=88 Ack=112 Win=32832 Len=0 TSV=115672252 TSER=115672251 TCP 40654 > 144 [PSH, ACK] Seq=88 Ack=112 Win=32832 [TCP CHECKSUM INCORRECT] Len=7 TSV=115672252 TSER=115672251 TCP 40654 > 144 [RST, ACK] Seq=95 Ack=112 Win=32832 Len=0 TSV=115672252 TSER=115672251 May anybody suggest me how to go any further? -- Jimmi From dave64 at andrew.cmu.edu Tue Feb 19 08:17:55 2008 From: dave64 at andrew.cmu.edu (Dave McMurtrie) Date: Tue, 19 Feb 2008 08:17:55 -0500 Subject: [imapproxy-info] Cannot login through imapproxy In-Reply-To: <63339.88.149.224.180.1203399902.squirrel@posta.7girello.net> References: <62909.88.149.224.180.1203261276.squirrel@posta.7girello.net> <43079.82.115.163.144.1203337216.squirrel@posta.7girello.net> <63339.88.149.224.180.1203399902.squirrel@posta.7girello.net> Message-ID: <47BAD703.9020801@andrew.cmu.edu> Jimmi wrote: > May anybody suggest me how to go any further? > Can you get the exact data payload that squirrelmail is sending to imapproxy when the failure occurs? Really, I'd just like to find out if Squirrelmail is sending a command that is LF terminated, not CRLF terminated. If it is, that will need to be addressed in Squirrelmail. If it isn't, there's something wrong with imapproxy. Thanks, Dave From jimmi at libero.it Tue Feb 19 13:24:39 2008 From: jimmi at libero.it (Jimmi) Date: Tue, 19 Feb 2008 19:24:39 +0100 (CET) Subject: [imapproxy-info] Cannot login through imapproxy In-Reply-To: <43079.82.115.163.144.1203337216.squirrel@posta.7girello.net> References: <62909.88.149.224.180.1203261276.squirrel@posta.7girello.net> <43079.82.115.163.144.1203337216.squirrel@posta.7girello.net> Message-ID: <64780.88.149.224.180.1203445479.squirrel@posta.7girello.net> Dave, sorry for breaking the threads but for some reason I do not receive your replies from the ML (I'm reading them from the web archives) I attach here the packets captured by tcpdump on the port 144, used by squirrelmail to connect to imapproxy, when the login fails. I hope this is what you mean by 'payload' (my english does not help here) Thanks again -- Jimmi -------------- next part -------------- A non-text attachment was scrubbed... Name: scanim.tar.bz2 Type: application/octet-stream Size: 712 bytes Desc: not available Url : http://lists.andrew.cmu.edu/pipermail/imapproxy-info/attachments/20080219/b6061189/attachment.obj From noelb at users.sourceforge.net Tue Feb 19 18:12:24 2008 From: noelb at users.sourceforge.net (Noel (Sourceforge)) Date: Wed, 20 Feb 2008 09:12:24 +1000 Subject: [imapproxy-info] Cannot login through imapproxy In-Reply-To: <64780.88.149.224.180.1203445479.squirrel@posta.7girello.net> References: <62909.88.149.224.180.1203261276.squirrel@posta.7girello.net> <43079.82.115.163.144.1203337216.squirrel@posta.7girello.net> <64780.88.149.224.180.1203445479.squirrel@posta.7girello.net> Message-ID: <1203462744.7845.15.camel@roswell.ausics.net> A Question, have you tried the latest source from imapproxy web site and NOT the debian version? 1/ Debian are well known for using age-old versions. 2/ Who knows what debian hacks in their releases, they and RH are well known for breaking stuff. On Wed, 2008-02-20 at 04:24, Jimmi wrote: > Dave, > > sorry for breaking the threads but for some reason I do not receive your > replies from the ML (I'm reading them from the web archives) > > I attach here the packets captured by tcpdump on the port 144, used by > squirrelmail to connect to imapproxy, when the login fails. > > I hope this is what you mean by 'payload' (my english does not help here) > > Thanks again -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.andrew.cmu.edu/pipermail/imapproxy-info/attachments/20080220/04f022a6/attachment.html From jimmi at libero.it Wed Feb 20 01:20:45 2008 From: jimmi at libero.it (Jimmi) Date: Wed, 20 Feb 2008 07:20:45 +0100 (CET) Subject: [imapproxy-info] Cannot login through imapproxy In-Reply-To: <1203462744.7845.15.camel@roswell.ausics.net> References: <62909.88.149.224.180.1203261276.squirrel@posta.7girello.net> <43079.82.115.163.144.1203337216.squirrel@posta.7girello.net> <64780.88.149.224.180.1203445479.squirrel@posta.7girello.net> <1203462744.7845.15.camel@roswell.ausics.net> Message-ID: <63555.88.149.224.180.1203488445.squirrel@posta.7girello.net> > A Question, have you tried the latest source from imapproxy web site and > NOT the debian version? No, it's not the debian version. I've just build a new package against 1.2.6rc2 source and got the same error. I will try the same with squirrelmail ;) -- Jimmi From Ralf.Hildebrandt at charite.de Wed Feb 20 03:28:15 2008 From: Ralf.Hildebrandt at charite.de (Ralf Hildebrandt) Date: Wed, 20 Feb 2008 09:28:15 +0100 Subject: [imapproxy-info] Cannot login through imapproxy In-Reply-To: <1203462744.7845.15.camel@roswell.ausics.net> References: <62909.88.149.224.180.1203261276.squirrel@posta.7girello.net> <43079.82.115.163.144.1203337216.squirrel@posta.7girello.net> <64780.88.149.224.180.1203445479.squirrel@posta.7girello.net> <1203462744.7845.15.camel@roswell.ausics.net> Message-ID: <20080220082815.GE32645@charite.de> * Noel (Sourceforge) : > A Question, have you tried the latest source from imapproxy web site and > NOT the debian version? > > 1/ Debian are well known for using age-old versions. Well, ok > 2/ Who knows what debian hacks in their releases, they and RH are well > known for breaking stuff. One can look at the diff.gz file: http://packages.debian.org/sid/imapproxy [up-imapproxy_1.2.4-10.2.diff.gz] -- Ralf Hildebrandt (i.A. des IT-Zentrums) Ralf.Hildebrandt at charite.de Charite - Universit?tsmedizin Berlin Tel. +49 (0)30-450 570-155 Gemeinsame Einrichtung von FU- und HU-Berlin Fax. +49 (0)30-450 570-962 IT-Zentrum Standort CBF send no mail to snickebo at charite.de From jani+imapproxy-info at ifi.uio.no Wed Feb 20 04:28:51 2008 From: jani+imapproxy-info at ifi.uio.no (Jan Ingvoldstad) Date: Wed, 20 Feb 2008 10:28:51 +0100 Subject: [imapproxy-info] Cannot login through imapproxy In-Reply-To: <20080220082815.GE32645@charite.de> (Ralf Hildebrandt's message of "Wed, 20 Feb 2008 09:28:15 +0100") References: <62909.88.149.224.180.1203261276.squirrel@posta.7girello.net> <43079.82.115.163.144.1203337216.squirrel@posta.7girello.net> <64780.88.149.224.180.1203445479.squirrel@posta.7girello.net> <1203462744.7845.15.camel@roswell.ausics.net> <20080220082815.GE32645@charite.de> Message-ID: On Wed, 20 Feb 2008 09:28:15 +0100, Ralf Hildebrandt said: > * Noel (Sourceforge) : >> A Question, have you tried the latest source from imapproxy web site and >> NOT the debian version? >> >> 1/ Debian are well known for using age-old versions. > Well, ok That goes for ANY distribution which attempts to have a feature frozen, stable version, and is hardly unique to Debian. What has been unique to Debian, however, is that it's been like this for well over a decade. But there is nothing that prevents you from using more recent software versions in this or other distributions. >> 2/ Who knows what debian hacks in their releases, they and RH are well >> known for breaking stuff. Debian are hardly known for breaking stuff, but they _are_ known for backporting security fixes into old, stable versions, to avoid feature creep, as well as fixing bugs in the original maintainer's code and submit them. I can't speak for what RH does, though I know they at least share some of this practice for Linux kernels. Sure, Debian maintainers break stuff from time to time, but that's how it goes when the maintainers don't equal the original software authors. And in some cases, original software authors break their own stuff, too. You don't need to look far, e.g. PHP. > One can look at the diff.gz file: > http://packages.debian.org/sid/imapproxy > [up-imapproxy_1.2.4-10.2.diff.gz] Yep. Here, for instance, there are patches for IPv6 support - support which didn't make it into the main imapproxy tree until over half a year later. Patching this is fairly easy to understand from the POV of a Debian user; Debian has been a popular distribution for those who want to use IPv6. See also: http://packages.debian.org/changelogs/pool/main/u/up-imapproxy/up-imapproxy_1.2.4-10.2/changelog That being said, I'm running two servers with imapproxy 1.2.3-1sarge1, and I don't see any particular problems that make me want to upgrade. Perhaps Jimmi might want to try downgrading? -- In the beginning was the Bit, and the Bit was Zero. Then Someone said, Let there be One, and there was One. And Someone blessed them, and Someone said unto them, Be fruitful, and multiply, and replenish the Word and subdue it: and have dominion over every thing that is. From jimmi at libero.it Wed Feb 20 06:01:32 2008 From: jimmi at libero.it (Jimmi) Date: Wed, 20 Feb 2008 12:01:32 +0100 (CET) Subject: [imapproxy-info] Cannot login through imapproxy In-Reply-To: References: <62909.88.149.224.180.1203261276.squirrel@posta.7girello.net> <43079.82.115.163.144.1203337216.squirrel@posta.7girello.net> <64780.88.149.224.180.1203445479.squirrel@posta.7girello.net> <1203462744.7845.15.camel@roswell.ausics.net> <20080220082815.GE32645@charite.de> Message-ID: <44709.82.115.163.144.1203505292.squirrel@posta.7girello.net> > Jan Ingvoldstad ha scritto: > Perhaps Jimmi might want to try downgrading? Yep, test done right away removing both imapproxy and squirrelmail and installing the packages from the oldstable repo: imapproxy_1.2.3-1 and squirrelmail_1.4.4-11 (Jan may you confirm me that this is the same you have?) At this point looks very likely it is something wrong I'm doing with the configuration, but were? As I wrote squirrelmail is working perfectly connecting to uw-imap through the port 993. I followed the instructions of README.ssl file to generate the .pem files, configurate imapproxy to connect to uw-imapd trough the port 143 and to squirrelmail through 144, and change the squirrelmail connection port. Should I change anything in the uw-imapd configuration? -- Jimmi From jimmi at libero.it Wed Feb 20 06:17:32 2008 From: jimmi at libero.it (Jimmi) Date: Wed, 20 Feb 2008 12:17:32 +0100 (CET) Subject: [imapproxy-info] Cannot login through imapproxy In-Reply-To: References: <62909.88.149.224.180.1203261276.squirrel@posta.7girello.net> <43079.82.115.163.144.1203337216.squirrel@posta.7girello.net> <64780.88.149.224.180.1203445479.squirrel@posta.7girello.net> <1203462744.7845.15.camel@roswell.ausics.net> <20080220082815.GE32645@charite.de> Message-ID: <50637.82.115.163.144.1203506252.squirrel@posta.7girello.net> > Jimmi ha scritto: > Yep, test done right away removing both imapproxy and squirrelmail and Ops, of course the test was unsuccessful :) -- Jimmi From jani+imapproxy-info at ifi.uio.no Wed Feb 20 08:13:02 2008 From: jani+imapproxy-info at ifi.uio.no (Jan Ingvoldstad) Date: Wed, 20 Feb 2008 14:13:02 +0100 Subject: [imapproxy-info] Cannot login through imapproxy In-Reply-To: <44709.82.115.163.144.1203505292.squirrel@posta.7girello.net> (jimmi@libero.it's message of "Wed, 20 Feb 2008 12:01:32 +0100 (CET)") References: <62909.88.149.224.180.1203261276.squirrel@posta.7girello.net> <43079.82.115.163.144.1203337216.squirrel@posta.7girello.net> <64780.88.149.224.180.1203445479.squirrel@posta.7girello.net> <1203462744.7845.15.camel@roswell.ausics.net> <20080220082815.GE32645@charite.de> <44709.82.115.163.144.1203505292.squirrel@posta.7girello.net> Message-ID: On Wed, 20 Feb 2008 12:01:32 +0100 (CET), "Jimmi" said: > Yep, test done right away removing both imapproxy and squirrelmail and > installing the packages from the oldstable repo: imapproxy_1.2.3-1 and > squirrelmail_1.4.4-11 (Jan may you confirm me that this is the same you > have?) I'm not using squirrelmail, but the version of imapproxy running is 1.2.3-1sarge1. I didn't mean to imply that I'm running SSL proxying successfully; I'm not using SSL proxying at all. In the setup I'm administering, I'm running a local IMAP server (Courier-IMAP) on the same physical server as imapproxy and a custom-built webmail service. The webmail service runs via HTTPS, everything else is based on local connections (to/from 127.0.0.1). > At this point looks very likely it is something wrong I'm doing with the > configuration, but were? > As I wrote squirrelmail is working perfectly connecting to uw-imap through > the port 993. I followed the instructions of README.ssl file to generate > the .pem > files, configurate imapproxy to connect to uw-imapd trough the port 143 > and to squirrelmail through 144, and change the squirrelmail connection > port. You could test your configuration with openssl s_client. Let's assume that you've configurd squirrelmail to use SSLv3 to connect. We simulate the connection like this (assumption: imapproxy.conf has listen_address 127.0.0.1, change the following accordingly if you don't use 127.0.0.1): openssl s_client -ssl3 -connect 127.0.0.1:144 If you get the following output, imapproxy isn't listening with SSL enabled: # openssl s_client -ssl3 -connect 127.0.0.1:144 CONNECTED(00000003) 5925:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number:s3_pkt.c:286: Now, if I've understood you correctly, you are running the IMAP server also on the same server as squirrelmail. Using SSL from squirrelmail to imapproxy to the IMAP server is then unnecessary. Try a straight, non-SSL proxying method instead. -- In the beginning was the Bit, and the Bit was Zero. Then Someone said, Let there be One, and there was One. And Someone blessed them, and Someone said unto them, Be fruitful, and multiply, and replenish the Word and subdue it: and have dominion over every thing that is. From dave64 at andrew.cmu.edu Wed Feb 20 09:38:13 2008 From: dave64 at andrew.cmu.edu (Dave McMurtrie) Date: Wed, 20 Feb 2008 09:38:13 -0500 Subject: [imapproxy-info] Cannot login through imapproxy In-Reply-To: References: <62909.88.149.224.180.1203261276.squirrel@posta.7girello.net> <43079.82.115.163.144.1203337216.squirrel@posta.7girello.net> <64780.88.149.224.180.1203445479.squirrel@posta.7girello.net> <1203462744.7845.15.camel@roswell.ausics.net> <20080220082815.GE32645@charite.de> Message-ID: <47BC3B55.2060508@andrew.cmu.edu> Jan Ingvoldstad wrote: >>> 2/ Who knows what debian hacks in their releases, they and RH are well >>> known for breaking stuff. >>> > > Debian are hardly known for breaking stuff, but they _are_ known for > backporting security fixes into old, stable versions, to avoid feature > creep, as well as fixing bugs in the original maintainer's code and > submit them. I can't speak for what RH does, though I know they at > least share some of this practice for Linux kernels. > > Sure, Debian maintainers break stuff from time to time, but that's how > it goes when the maintainers don't equal the original software > authors. And in some cases, original software authors break their own > stuff, too. You don't need to look far, e.g. PHP. > > fwiw, the Debian maintainer of imapproxy does a fine job. I'm usually well behind their curve in applying patches to imapproxy. As of the latest release, the source download should be much the same as the Debian package. Thanks, Dave From fhimpe at telenet.be Thu Feb 21 11:44:35 2008 From: fhimpe at telenet.be (Frederik Himpe) Date: Thu, 21 Feb 2008 17:44:35 +0100 Subject: [imapproxy-info] Buffer overflow Message-ID: <1203612275.7496.17.camel@Anastacia> Hi, On Mandriva's bugzilla we received this imapproxy bug: http://qa.mandriva.com/show_bug.cgi?id=37974 Mandriva compiles imapproxy is compiled with buffer overflow protection, a feature which is also enabled in Fedora. Apparently this feature detects a buffer overflow in imapproxy. Any help in debugging this problem is appreciated. -- Frederik Himpe From jimmi at libero.it Fri Feb 22 15:07:59 2008 From: jimmi at libero.it (Jimmi) Date: Fri, 22 Feb 2008 21:07:59 +0100 (CET) Subject: [imapproxy-info] Cannot login through imapproxy In-Reply-To: <44709.82.115.163.144.1203505292.squirrel@posta.7girello.net> References: <62909.88.149.224.180.1203261276.squirrel@posta.7girello.net> <43079.82.115.163.144.1203337216.squirrel@posta.7girello.net> <64780.88.149.224.180.1203445479.squirrel@posta.7girello.net> <1203462744.7845.15.camel@roswell.ausics.net> <20080220082815.GE32645@charite.de> <44709.82.115.163.144.1203505292.squirrel@posta.7girello.net> Message-ID: <62206.88.149.224.180.1203710879.squirrel@posta.7girello.net> Imapproxy is up and running now, thanks to the patience and the support of Dave and the suggestions of the others ;) Noel was partially right, is something specific of Debian but has nothing to do with hacks or aged revision. The matter is that in order to comply with IESG security requirements the uw-imapd server cooked for Debian does not allow plaintext authentication on unencripted connections and has two possible methods: cram-md5 encriped authentication without TLS on port 143 or plaintext authentication with TLS on port 993. On the other hand imapproxy does not support either cram-md5 or imaps over 993, therefore cannot work with the repository binary package of uw-imapd. As Jan pointed out, since I run everything on the same server I don't need encryption between uw-imapd -> imapproxy -> squirrelmail, therefore I rebuild uw-imapd with 'SSLTYPE=none' and everything now works like a charm :) I'm not much skilled, therefore I'd like to ask if in your opinion allowing only encripted connections (https) to squirrelmail gives me now enough safety for my home server or I may do something else to avoid unwanted visits. Of course I consider the local subnet safe since the only users are myself and my daughter. Thanks again -- Jimmi