how to use cyradm with imaps ?

Simon Matter simon.matter at invoca.ch
Sun Apr 13 10:02:11 EDT 2008 

>>> Hello,
>>>
>>> I want to desactivate completely imap service to keep only imaps.
>>> But I can't manage to connect to my server with cyradm.
>>> (Everything is working fine if I keep regulat imap service)
>>>
>>> I tried this (thanx to Simon Matter) but it doesn't work for me :
>>> cyradm --auth login --tls -u cyrus at mydomain.com localhost
>>> cyradm --auth login --tls --port 931 -u cyrus at mydomain.com localhost
>>
>> Port should be 993 I guess?
>>
>
> Of course, my mistake (but already tried with the good value)
> -bash-3.1$ cyradm --auth login --port 993 -u cyrus at mydomain.com localhost
> IMAP Password:
>               -bash-3.1$
> -> Exits witthout doing anything (no core either)

And what shows up in /var/log/maillog ?

Simon

>
> -bash-3.1$ cyradm --tls --auth login --port 993 -u cyrus at mydomain.com
> localhost
> TLS disabled.
> cyradm: cannot authenticate to server with login as cyrus at mydomain.com
> -bash-3.1$
>
>
>>>
>>> same result each time :
>>> cyradm: cannot connect to server
>>
>> 1) Does server listen on localhost? Check with netstat.
>> 2) Any firewall rule, SELinux?
>>
>> Simon
>>
> 1)
> [root at atlantis ~]# netstat -a
> Active Internet connections (servers and established)
> Proto Recv-Q Send-Q Local Address               Foreign Address
> State
> tcp        0      0 *:imaps                     *:*
> LISTEN
> [...]
>
> 2)
> Selinux : no :
>
> selinuxenabled(1)     SELinux Command Line documentation
> selinuxenabled(1)
>
> NAME
>        selinuxenabled - tool to be used within shell scripts to determine
> if
> selinux is enabled
>
> SYNOPSIS
>        selinuxenabled
>
> DESCRIPTION
>        selinuxenabled Indicates whether SELinux is enabled or disabled. It
> exits with status 0 if SELinux is enabled and 1 if it is not enabled.
>
> [root at atlantis ~]# selinuxenabled ; echo $?
> 1
> -> Disabled
>
> Iptables : should be OK (I can connect remotely through imaps to access my
> mailboxes) :
> [root at atlantis ~]# iptables -L
> Chain INPUT (policy ACCEPT)
> target     prot opt source               destination
> RH-Firewall-1-INPUT  all  --  anywhere             anywhere
>
> Chain FORWARD (policy ACCEPT)
> target     prot opt source               destination
> RH-Firewall-1-INPUT  all  --  anywhere             anywhere
>
> Chain OUTPUT (policy ACCEPT)
> target     prot opt source               destination
>
> Chain RH-Firewall-1-INPUT (2 references)
> target     prot opt source               destination
> ACCEPT     all  --  anywhere             anywhere
> ACCEPT     icmp --  anywhere             anywhere            icmp any
> ACCEPT     all  --  anywhere             anywhere            state
> RELATED,ESTABLISHED
> ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp
> dpt:ssh
> ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp
> dpt:imaps
> ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp
> dpt:smtp
> REJECT     all  --  anywhere             anywhere            reject-with
> icmp-host-prohibited
>
>
>>>
>>> My configuration is (running Cyrus imapd 2.3.7) :
>>> [root at atlantis ~]# more /etc/cyrus.conf
>>> # standard standalone server implementation
>>>
>>> START {
>>>   # do not delete this entry!
>>>   recover       cmd="ctl_cyrusdb -r"
>>>
>>>   # this is only necessary if using idled for IMAP IDLE
>>>   idled         cmd="idled"
>>> }
>>>
>>> # UNIX sockets start with a slash and are put into
>>> /var/lib/imap/sockets
>>> SERVICES {
>>>   # add or remove based on preferences
>>> #  imap         cmd="imapd" listen="localhost:imap" prefork=0
>>>   imaps         cmd="imapd -s" listen="imaps" prefork=5
>>> #  pop3         cmd="pop3d" listen="pop3" prefork=3
>>> #  pop3s                cmd="pop3d -s" listen="pop3s" prefork=1
>>>   sieve         cmd="timsieved" listen="sieve" prefork=0
>>>
>>>   # these are only necessary if receiving/exporting usenet via NNTP
>>> #  nntp         cmd="nntpd" listen="nntp" prefork=3
>>> #  nntps                cmd="nntpd -s" listen="nntps" prefork=1
>>>
>>>   # at least one LMTP is required for delivery
>>> #  lmtp         cmd="lmtpd" listen="localhost:lmtp" prefork=0
>>>   lmtpunix      cmd="lmtpd" listen="/var/lib/imap/socket/lmtp"
>>> prefork=1
>>>
>>>   # this is only necessary if using notifications
>>> #  notify       cmd="notifyd" listen="/var/lib/imap/socket/notify"
>>> proto="udp" prefork=1
>>> }
>>>
>>> EVENTS {
>>>   # this is required
>>>   checkpoint    cmd="ctl_cyrusdb -c" period=30
>>>
>>>   # this is only necessary if using duplicate delivery suppression,
>>>   # Sieve or NNTP
>>>   delprune      cmd="cyr_expire -E 3" at=0400
>>>
>>>   # this is only necessary if caching TLS sessions
>>>   tlsprune      cmd="tls_prune" at=0400
>>> }
>>>
>>> [root at atlantis ~]# more /etc/imapd.conf
>>> configdirectory: /var/lib/imap
>>> partition-default: /var/spool/imap
>>> admins: cyrus at mydomain.com cyrus at mydomain.com
>>> sievedir: /var/lib/imap/sieve
>>> sendmail: /usr/sbin/sendmail
>>> hashimapspool: true
>>> sasl_pwcheck_method: auxprop
>>> sasl_mech_list: PLAIN
>>> tls_cert_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem
>>> tls_key_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem
>>> tls_ca_file: /etc/pki/tls/certs/ca-bundle.crt
>>> virtdomains: yes
>>>
>>> Thanx for any help
>>> ----
>>> Cyrus Home Page: http://cyrusimap.web.cmu.edu/
>>> Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
>>> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
>>
>>
>>
>

More information about the Info-cyrus mailing list