how to use cyradm with imaps ?

Sébastien Rozier sebastien.rozier at cybergaia.org
Sun Apr 13 09:41:39 EDT 2008 

>> Hello,
>>
>> I want to desactivate completely imap service to keep only imaps.
>> But I can't manage to connect to my server with cyradm.
>> (Everything is working fine if I keep regulat imap service)
>>
>> I tried this (thanx to Simon Matter) but it doesn't work for me :
>> cyradm --auth login --tls -u cyrus at mydomain.com localhost
>> cyradm --auth login --tls --port 931 -u cyrus at mydomain.com localhost
>
> Port should be 993 I guess?
>

Of course, my mistake (but already tried with the good value)
-bash-3.1$ cyradm --auth login --port 993 -u cyrus at mydomain.com localhost
IMAP Password:
              -bash-3.1$
-> Exits witthout doing anything (no core either)

-bash-3.1$ cyradm --tls --auth login --port 993 -u cyrus at mydomain.com 
localhost
TLS disabled.
cyradm: cannot authenticate to server with login as cyrus at mydomain.com
-bash-3.1$


>>
>> same result each time :
>> cyradm: cannot connect to server
>
> 1) Does server listen on localhost? Check with netstat.
> 2) Any firewall rule, SELinux?
>
> Simon
>
1)
[root at atlantis ~]# netstat -a
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address               Foreign Address 
State
tcp        0      0 *:imaps                     *:* 
LISTEN
[...]

2)
Selinux : no :

selinuxenabled(1)     SELinux Command Line documentation 
selinuxenabled(1)

NAME
       selinuxenabled - tool to be used within shell scripts to determine if 
selinux is enabled

SYNOPSIS
       selinuxenabled

DESCRIPTION
       selinuxenabled Indicates whether SELinux is enabled or disabled. It 
exits with status 0 if SELinux is enabled and 1 if it is not enabled.

[root at atlantis ~]# selinuxenabled ; echo $?
1
-> Disabled

Iptables : should be OK (I can connect remotely through imaps to access my 
mailboxes) :
[root at atlantis ~]# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
RH-Firewall-1-INPUT  all  --  anywhere             anywhere

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
RH-Firewall-1-INPUT  all  --  anywhere             anywhere

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain RH-Firewall-1-INPUT (2 references)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
ACCEPT     icmp --  anywhere             anywhere            icmp any
ACCEPT     all  --  anywhere             anywhere            state 
RELATED,ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp 
dpt:ssh
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp 
dpt:imaps
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp 
dpt:smtp
REJECT     all  --  anywhere             anywhere            reject-with 
icmp-host-prohibited


>>
>> My configuration is (running Cyrus imapd 2.3.7) :
>> [root at atlantis ~]# more /etc/cyrus.conf
>> # standard standalone server implementation
>>
>> START {
>>   # do not delete this entry!
>>   recover       cmd="ctl_cyrusdb -r"
>>
>>   # this is only necessary if using idled for IMAP IDLE
>>   idled         cmd="idled"
>> }
>>
>> # UNIX sockets start with a slash and are put into /var/lib/imap/sockets
>> SERVICES {
>>   # add or remove based on preferences
>> #  imap         cmd="imapd" listen="localhost:imap" prefork=0
>>   imaps         cmd="imapd -s" listen="imaps" prefork=5
>> #  pop3         cmd="pop3d" listen="pop3" prefork=3
>> #  pop3s                cmd="pop3d -s" listen="pop3s" prefork=1
>>   sieve         cmd="timsieved" listen="sieve" prefork=0
>>
>>   # these are only necessary if receiving/exporting usenet via NNTP
>> #  nntp         cmd="nntpd" listen="nntp" prefork=3
>> #  nntps                cmd="nntpd -s" listen="nntps" prefork=1
>>
>>   # at least one LMTP is required for delivery
>> #  lmtp         cmd="lmtpd" listen="localhost:lmtp" prefork=0
>>   lmtpunix      cmd="lmtpd" listen="/var/lib/imap/socket/lmtp" prefork=1
>>
>>   # this is only necessary if using notifications
>> #  notify       cmd="notifyd" listen="/var/lib/imap/socket/notify"
>> proto="udp" prefork=1
>> }
>>
>> EVENTS {
>>   # this is required
>>   checkpoint    cmd="ctl_cyrusdb -c" period=30
>>
>>   # this is only necessary if using duplicate delivery suppression,
>>   # Sieve or NNTP
>>   delprune      cmd="cyr_expire -E 3" at=0400
>>
>>   # this is only necessary if caching TLS sessions
>>   tlsprune      cmd="tls_prune" at=0400
>> }
>>
>> [root at atlantis ~]# more /etc/imapd.conf
>> configdirectory: /var/lib/imap
>> partition-default: /var/spool/imap
>> admins: cyrus at mydomain.com cyrus at mydomain.com
>> sievedir: /var/lib/imap/sieve
>> sendmail: /usr/sbin/sendmail
>> hashimapspool: true
>> sasl_pwcheck_method: auxprop
>> sasl_mech_list: PLAIN
>> tls_cert_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem
>> tls_key_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem
>> tls_ca_file: /etc/pki/tls/certs/ca-bundle.crt
>> virtdomains: yes
>>
>> Thanx for any help
>> ----
>> Cyrus Home Page: http://cyrusimap.web.cmu.edu/
>> Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
>> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
>
>
>

More information about the Info-cyrus mailing list