Cyrus + TLS problem

Roland Felnhofer roland.felnhofer at chello.at
Sun Aug 19 18:27:01 EDT 2007 

Hi Jools,

hmmm...
> tls_ca_file:  /var/lib/imap/server.pem
> tls_cert_file:  /var/lib/imap/server.pem
> tls_key_file:  /var/lib/imap/server.pem
>   
you have everything (CA-cert, server cert and server key) in one file. 
It could easily be that that is fine for cyrus but it might be an easy 
test to split its content up into 3 individual files an check if your 
problems are gone.

Best regards
Roland


Julian Pilfold-Bagwell wrote:
> Hi All,
>
> I'm configuring a mail server using Postfix and Cyrus-Imap on Mandriva 
> 2007 spring and am having a hell of a time getting it to run in imaps 
> secure mode although it works fine in unsecure imap mode.
>
> I've generated certificates for the Cyrus imap installation and have 
> copied them into a folder in /var. su'ing to user Cyrus allows me to cat 
> the certificates in their directory so I know it's not  permissions 
> thing but whenever I try to log in from a remote machine I get the 
> following in /var/log/mail/info :
>
> Aug 19 10:45:18 webhost cyrus-master[11589]: process 11596 exited, status 0
> Aug 19 10:45:18 webhost cyrus-master[11606]: about to exec 
> /usr/lib/cyrus-imapd/imapd
> Aug 19 10:45:18 webhost imap[11606]: executed
> Aug 19 10:45:18 webhost cyrus-master[11607]: about to exec 
> /usr/lib/cyrus-imapd/pop3d
> Aug 19 10:45:18 webhost pop3[11607]: executed
> Aug 19 10:45:18 webhost cyrus-master[11608]: about to exec 
> /usr/lib/cyrus-imapd/imapd
> Aug 19 10:45:18 webhost cyrus-master[11609]: about to exec 
> /usr/lib/cyrus-imapd/pop3d
> Aug 19 10:45:18 webhost imap[11608]: executed
> Aug 19 10:45:18 webhost pop3[11609]: executed
> Aug 19 10:45:20 webhost cyrus-master[11610]: about to exec 
> /usr/lib/cyrus-imapd/imapd
> Aug 19 10:45:20 webhost imap[11610]: executed
> Aug 19 10:45:20 webhost cyrus-master[11611]: about to exec 
> /usr/lib/cyrus-imapd/imapd
> Aug 19 10:45:20 webhost cyrus-master[11612]: about to exec 
> /usr/lib/cyrus-imapd/imapd
> Aug 19 10:45:20 webhost imap[11611]: executed
> Aug 19 10:45:20 webhost imap[11612]: executed
> Aug 19 10:45:20 webhost cyrus-master[11613]: about to exec 
> /usr/lib/cyrus-imapd/pop3d
> Aug 19 10:45:20 webhost pop3[11613]: executed
> Aug 19 10:45:20 webhost cyrus-master[11614]: about to exec 
> /usr/lib/cyrus-imapd/imapd
> Aug 19 10:45:20 webhost imap[11614]: executed
> Aug 19 10:45:20 webhost cyrus-master[11615]: about to exec 
> /usr/lib/cyrus-imapd/imapd
> Aug 19 10:45:20 webhost cyrus-master[11616]: about to exec 
> /usr/lib/cyrus-imapd/imapd
> Aug 19 10:45:20 webhost imap[11616]: executed
> Aug 19 10:45:20 webhost cyrus-master[11617]: about to exec 
> /usr/lib/cyrus-imapd/pop3d
> Aug 19 10:45:20 webhost pop3[11617]: executed
> Aug 19 10:45:20 webhost imap[11615]: executed
> Aug 19 10:45:46 webhost imap[11602]: accepted connection
> Aug 19 10:45:46 webhost cyrus-master[11618]: about to exec 
> /usr/lib/cyrus-imapd/imapd
> Aug 19 10:45:46 webhost imap[11618]: executed
> Aug 19 10:46:06 webhost imaps[11603]: accepted connection
> Aug 19 10:46:06 webhost cyrus-master[11628]: about to exec 
> /usr/lib/cyrus-imapd/imapd
> Aug 19 10:46:06 webhost imaps[11628]: executed
> Aug 19 10:47:03 webhost cyrus-master[11589]: process 11602 exited, status 0
> Aug 19 10:47:46 webhost imaps[11603]: imaps TLS negotiation failed: 
> [172.20.0.212]
> Aug 19 10:47:46 webhost cyrus-master[11589]: process 11603 exited, status 75
> Aug 19 10:47:46 webhost cyrus-master[11589]: service imaps pid 11603 in 
> BUSY state: terminated abnormally
>
> It sounds like it's hanging on trying to load the SSL cert but I can't 
> see any reason why it wouldn't be able to if I can cat the cert file as 
> user cyrus.
>
> imap conf file as follows:
>
> configdirectory: /var/lib/imap
> partition-default: /var/spool/imap
> admins: cyrus
> allowanonymouslogin: no
> sieveusehomedir: no
> sievedir: /var/lib/imap/sieve
> sendmail: /usr/sbin/sendmail
> hashimapspool: true
> sasl_pwcheck_method: saslauthd
> sasl_mech_list: PLAIN
> tls_ca_file:  /var/lib/imap/server.pem
> tls_cert_file:  /var/lib/imap/server.pem
> tls_key_file:  /var/lib/imap/server.pem
>
>
>
> Any help gratefully appreciated.
>
> Cheers,
>
> Jools
>
> ----
> Cyrus Home Page: http://cyrusimap.web.cmu.edu/
> Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
>   
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3673 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20070820/65a87136/attachment.bin

More information about the Info-cyrus mailing list