Newbie errors

Dominique Couot dcouot at
Mon Dec 12 12:30:56 EST 2011


If by acces you mean the path is right, It does have access (see 
imapd.conf extract):

# SSL/TLS Options

# File containing the global certificate used for ALL services (imap, pop3,
# lmtp, sieve)
# tls_cert_file: /etc/ssl/certs/ssl-cert-snakeoil.pem
tls_cert_file: /etc/ssl/certs/server_mail_solipym_com.pem

# File containing the private key belonging to the global server 
# tls_key_file: /etc/ssl/private/ssl-cert-snakeoil.key
tls_key_file: /etc/ssl/private/server.key

# File containing one or more Certificate Authority (CA) certificates.
# tls_ca_file: /etc/ssl/certs/ca-certificates.crt
tls_ca_file: /etc/ssl/CA/root.crt

If you mean right to access, all files are read only except for root.

Not sure if the cert_file should be pem or crt format though.

The weirdest thing, is that it worked till mid day, then nothing.


On 12/12/2011 18:23, Stephen Ingram wrote:
> On Mon, Dec 12, 2011 at 8:47 AM, Dominique Couot<dcouot at>  wrote:
>> Hi,
>> I've playing with Cyrus (+Postfix + SASL) for a while without any problem -
>> and without any security (port143). I finally got around to get a
>> certificate and installed it, modified the imap.conf file, and I can no
>> longer receive any mail on port 993. Sending does work however on port 465.
>> It worked for a while this morning until I screwed up. Can someone tell me
>> what's where I might I have gone wrong... Promise, next time I'll take
>> better notes of the changes I make....
>> The port 993 is forwarded to the server and the server seems to be listening
>> to it (nmap results).
>> However nothing in the mail.log as far as connection are concerned, only
>> errors:
>> Dec 12 17:06:23 www cyrus/imaps[19071]: imaps TLS negotiation failed:
>> []
>> Dec 12 17:06:23 www cyrus/imaps[19071]: Fatal error: tls_start_servertls()
>> failed
>> Dec 12 17:06:23 www cyrus/master[18687]: process 19071 exited, status 75
>> Dec 12 17:06:23 www cyrus/master[18687]: service imaps pid 19071 in BUSY
>> state: terminated abnormally
>> Any help more than welcome.
> Make sure that cyrus-imapd has access to your SSL certificate and key.
> It sounds like only your MTA has proper access.
> Steve

More information about the Info-cyrus mailing list