how to use cyradm with imaps ?
Simon Matter
simon.matter at invoca.ch
Sun Apr 13 10:02:11 EDT 2008
>>> Hello,
>>>
>>> I want to desactivate completely imap service to keep only imaps.
>>> But I can't manage to connect to my server with cyradm.
>>> (Everything is working fine if I keep regulat imap service)
>>>
>>> I tried this (thanx to Simon Matter) but it doesn't work for me :
>>> cyradm --auth login --tls -u cyrus at mydomain.com localhost
>>> cyradm --auth login --tls --port 931 -u cyrus at mydomain.com localhost
>>
>> Port should be 993 I guess?
>>
>
> Of course, my mistake (but already tried with the good value)
> -bash-3.1$ cyradm --auth login --port 993 -u cyrus at mydomain.com localhost
> IMAP Password:
> -bash-3.1$
> -> Exits witthout doing anything (no core either)
And what shows up in /var/log/maillog ?
Simon
>
> -bash-3.1$ cyradm --tls --auth login --port 993 -u cyrus at mydomain.com
> localhost
> TLS disabled.
> cyradm: cannot authenticate to server with login as cyrus at mydomain.com
> -bash-3.1$
>
>
>>>
>>> same result each time :
>>> cyradm: cannot connect to server
>>
>> 1) Does server listen on localhost? Check with netstat.
>> 2) Any firewall rule, SELinux?
>>
>> Simon
>>
> 1)
> [root at atlantis ~]# netstat -a
> Active Internet connections (servers and established)
> Proto Recv-Q Send-Q Local Address Foreign Address
> State
> tcp 0 0 *:imaps *:*
> LISTEN
> [...]
>
> 2)
> Selinux : no :
>
> selinuxenabled(1) SELinux Command Line documentation
> selinuxenabled(1)
>
> NAME
> selinuxenabled - tool to be used within shell scripts to determine
> if
> selinux is enabled
>
> SYNOPSIS
> selinuxenabled
>
> DESCRIPTION
> selinuxenabled Indicates whether SELinux is enabled or disabled. It
> exits with status 0 if SELinux is enabled and 1 if it is not enabled.
>
> [root at atlantis ~]# selinuxenabled ; echo $?
> 1
> -> Disabled
>
> Iptables : should be OK (I can connect remotely through imaps to access my
> mailboxes) :
> [root at atlantis ~]# iptables -L
> Chain INPUT (policy ACCEPT)
> target prot opt source destination
> RH-Firewall-1-INPUT all -- anywhere anywhere
>
> Chain FORWARD (policy ACCEPT)
> target prot opt source destination
> RH-Firewall-1-INPUT all -- anywhere anywhere
>
> Chain OUTPUT (policy ACCEPT)
> target prot opt source destination
>
> Chain RH-Firewall-1-INPUT (2 references)
> target prot opt source destination
> ACCEPT all -- anywhere anywhere
> ACCEPT icmp -- anywhere anywhere icmp any
> ACCEPT all -- anywhere anywhere state
> RELATED,ESTABLISHED
> ACCEPT tcp -- anywhere anywhere state NEW tcp
> dpt:ssh
> ACCEPT tcp -- anywhere anywhere state NEW tcp
> dpt:imaps
> ACCEPT tcp -- anywhere anywhere state NEW tcp
> dpt:smtp
> REJECT all -- anywhere anywhere reject-with
> icmp-host-prohibited
>
>
>>>
>>> My configuration is (running Cyrus imapd 2.3.7) :
>>> [root at atlantis ~]# more /etc/cyrus.conf
>>> # standard standalone server implementation
>>>
>>> START {
>>> # do not delete this entry!
>>> recover cmd="ctl_cyrusdb -r"
>>>
>>> # this is only necessary if using idled for IMAP IDLE
>>> idled cmd="idled"
>>> }
>>>
>>> # UNIX sockets start with a slash and are put into
>>> /var/lib/imap/sockets
>>> SERVICES {
>>> # add or remove based on preferences
>>> # imap cmd="imapd" listen="localhost:imap" prefork=0
>>> imaps cmd="imapd -s" listen="imaps" prefork=5
>>> # pop3 cmd="pop3d" listen="pop3" prefork=3
>>> # pop3s cmd="pop3d -s" listen="pop3s" prefork=1
>>> sieve cmd="timsieved" listen="sieve" prefork=0
>>>
>>> # these are only necessary if receiving/exporting usenet via NNTP
>>> # nntp cmd="nntpd" listen="nntp" prefork=3
>>> # nntps cmd="nntpd -s" listen="nntps" prefork=1
>>>
>>> # at least one LMTP is required for delivery
>>> # lmtp cmd="lmtpd" listen="localhost:lmtp" prefork=0
>>> lmtpunix cmd="lmtpd" listen="/var/lib/imap/socket/lmtp"
>>> prefork=1
>>>
>>> # this is only necessary if using notifications
>>> # notify cmd="notifyd" listen="/var/lib/imap/socket/notify"
>>> proto="udp" prefork=1
>>> }
>>>
>>> EVENTS {
>>> # this is required
>>> checkpoint cmd="ctl_cyrusdb -c" period=30
>>>
>>> # this is only necessary if using duplicate delivery suppression,
>>> # Sieve or NNTP
>>> delprune cmd="cyr_expire -E 3" at=0400
>>>
>>> # this is only necessary if caching TLS sessions
>>> tlsprune cmd="tls_prune" at=0400
>>> }
>>>
>>> [root at atlantis ~]# more /etc/imapd.conf
>>> configdirectory: /var/lib/imap
>>> partition-default: /var/spool/imap
>>> admins: cyrus at mydomain.com cyrus at mydomain.com
>>> sievedir: /var/lib/imap/sieve
>>> sendmail: /usr/sbin/sendmail
>>> hashimapspool: true
>>> sasl_pwcheck_method: auxprop
>>> sasl_mech_list: PLAIN
>>> tls_cert_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem
>>> tls_key_file: /etc/pki/cyrus-imapd/cyrus-imapd.pem
>>> tls_ca_file: /etc/pki/tls/certs/ca-bundle.crt
>>> virtdomains: yes
>>>
>>> Thanx for any help
>>> ----
>>> Cyrus Home Page: http://cyrusimap.web.cmu.edu/
>>> Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki
>>> List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
>>
>>
>>
>
More information about the Info-cyrus
mailing list