how to use cyradm with imaps ?
Sébastien Rozier
sebastien.rozier at cybergaia.org
Sun Apr 13 09:41:39 EDT 2008
>> Hello,
>>
>> I want to desactivate completely imap service to keep only imaps.
>> But I can't manage to connect to my server with cyradm.
>> (Everything is working fine if I keep regulat imap service)
>>
>> I tried this (thanx to Simon Matter) but it doesn't work for me :
>> cyradm --auth login --tls -u cyrus at mydomain.com localhost
>> cyradm --auth login --tls --port 931 -u cyrus at mydomain.com localhost
>
> Port should be 993 I guess?
>
Of course, my mistake (but already tried with the good value)
-bash-3.1$ cyradm --auth login --port 993 -u cyrus at mydomain.com localhost
IMAP Password:
-bash-3.1$
-> Exits witthout doing anything (no core either)
-bash-3.1$ cyradm --tls --auth login --port 993 -u cyrus at mydomain.com
localhost
TLS disabled.
cyradm: cannot authenticate to server with login as cyrus at mydomain.com
-bash-3.1$
>>
>> same result each time :
>> cyradm: cannot connect to server
>
> 1) Does server listen on localhost? Check with netstat.
> 2) Any firewall rule, SELinux?
>
> Simon
>
1)
[root at atlantis ~]# netstat -a
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address
State
tcp 0 0 *:imaps *:*
LISTEN
[...]
2)
Selinux : no :
selinuxenabled(1) SELinux Command Line documentation
selinuxenabled(1)
NAME
selinuxenabled - tool to be used within shell scripts to determine if
selinux is enabled
SYNOPSIS
selinuxenabled
DESCRIPTION
selinuxenabled Indicates whether SELinux is enabled or disabled. It
exits with status 0 if SELinux is enabled and 1 if it is not enabled.
[root at atlantis ~]# selinuxenabled ; echo $?
1
-> Disabled
Iptables : should be OK (I can connect remotely through imaps to access my
mailboxes) :
[root at atlantis ~]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain RH-Firewall-1-INPUT (2 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp any
ACCEPT all -- anywhere anywhere state
RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere state NEW tcp
dpt:ssh
ACCEPT tcp -- anywhere anywhere state NEW tcp
dpt:imaps
ACCEPT tcp -- anywhere anywhere state NEW tcp
dpt:smtp
REJECT all -- anywhere anywhere reject-with
icmp-host-prohibited
>>
>> My configuration is (running Cyrus imapd 2.3.7) :
>> [root at atlantis ~]# more /etc/cyrus.conf
>> # standard standalone server implementation
>>
>> START {
>> # do not delete this entry!
>> recover cmd="ctl_cyrusdb -r"
>>
>> # this is only necessary if using idled for IMAP IDLE
>> idled cmd="idled"
>> }
>>
>> # UNIX sockets start with a slash and are put into /var/lib/imap/sockets
>> SERVICES {
>> # add or remove based on preferences
>> # imap cmd="imapd" listen="localhost:imap" prefork=0
>> imaps cmd="imapd -s" listen="imaps" prefork=5
>> # pop3 cmd="pop3d" listen="pop3" prefork=3
>> # pop3s cmd="pop3d -s" listen="pop3s" prefork=1
>> sieve cmd="timsieved" listen="sieve" prefork=0
>>
>> # these are only necessary if receiving/exporting usenet via NNTP
>> # nntp cmd="nntpd" listen="nntp" prefork=3
>> # nntps cmd="nntpd -s" listen="nntps" prefork=1
>>
>> # at least one LMTP is required for delivery
>> # lmtp cmd="lmtpd" listen="localhost:lmtp" prefork=0
>> lmtpunix cmd="lmtpd" listen="/var/lib/imap/socket/lmtp" prefork=1
>>
>> # this is only necessary if using notifications
>> # notify cmd="notifyd" listen="/var/lib/imap/socket/notify"
>> proto="udp" prefork=1
>> }
>>
>> EVENTS {
>> # this is required
>> checkpoint cmd="ctl_cyrusdb -c" period=30
>>
>> # this is only necessary if using duplicate delivery suppression,
>> # Sieve or NNTP
>> delprune cmd="cyr_expire -E 3" at=0400
>>
>> # this is only necessary if caching TLS sessions
>> tlsprune cmd="tls_prune" at=0400
>> }
>>
>> [root at atlantis ~]# more /etc/imapd.conf
>> configdirectory: /var/lib/imap
>> partition-default: /var/spool/imap
>> admins: cyrus at mydomain.com cyrus at mydomain.com
>> sievedir: /var/lib/imap/sieve
>> sendmail: /usr/sbin/sendmail
>> hashimapspool: true
>> sasl_pwcheck_method: auxprop
>> sasl_mech_list: PLAIN
>> tls_cert_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem
>> tls_key_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem
>> tls_ca_file: /etc/pki/tls/certs/ca-bundle.crt
>> virtdomains: yes
>>
>> Thanx for any help
>> ----
>> Cyrus Home Page: http://cyrusimap.web.cmu.edu/
>> Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
>> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
>
>
>
More information about the Info-cyrus
mailing list