cyrus imapd ssl against mac osx mail.app

Ken Murchison murch at andrew.cmu.edu
Thu Dec 1 08:48:07 EST 2005 

Joseph Silverman wrote:
> We are trying to migrate from uw-imap to cyrus-imap.
> 
> In the process, in order to test things, I have started cyrus-imap with 
> services for imap on port 1431, for imaps on port 9931.
> 
> I can create an account on mail.app that talks to port 1431 just fine - 
> no problems, it just works.
> 
> When I create an account on mail.app with ssl set and port 9931, it 
> fails to connect.
> 
> Connecting to uw-imap on the same server (at port 993 of course) works 
> without a hitch.
> 
> Of note:
> 
> 1) I have "real" certificates (thawte) - I configured /etc/imapd.conf 
> with the key and crt file, no ca file.
> 
> 2) I get a note in my log from cyrus imap saying that it couldn't load 
> the ca file, I guess this is ok, no idea.
> 
> 3) One interesting note is that:
> 
>     telnet MAILHOST 993
>     enter a few times
> 
> disconnects me with no message, Whereas
> 
>     telnet MAILHOST 9931
>     enter a few times
> 
> disconnects me with * BYE Fatal error: tls_start_servertls() failed
> 
> 4) imtest connects correctly, with some odd messages:
> 
> imtest -p 9931 -s MAILHOST
> verify error:num=20:unable to get local issuer certificate
> verify error:num=27:certificate not trusted
> verify error:num=21:unable to verify the first certificate
> TLS connection established: TLSv1 with cipher AES256-SHA (256/256 bits)
> S: * OK MAILHOST Cyrus IMAP4 v2.2.12-Invoca-RPM-2.2.12-1.1.fc3 server ready
> C: C01 CAPABILITY
> S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ MAILBOX-REFERRALS 
> NAMESPACE UIDPLUS ID NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND 
> BINARY SORT THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE IDLE 
> AUTH=LOGIN AUTH=PLAIN SASL-IR LISTEXT LIST-SUBSCRIBED X-NETSCAPE
> S: C01 OK Completed
> C: A01 AUTHENTICATE LOGIN
> S: + VXNlcm5hbWU6
> Please enter your password:
> 
> Any idea how to fix this?


If imtest works, then the problem is most likely with mail.app not 
liking the non-standard port.  Have you tried a different client, e.g. 
Mozilla?


-- 
Kenneth Murchison
Systems Programmer
Carnegie Mellon University

More information about the Info-cyrus mailing list