Cannot LOGIN using openssl s_client

James B. Byrne byrnejb at
Fri Apr 27 09:56:31 EDT 2018

OS          : CentOS-6.9
Name        : cyrus-imapd
Arch        : x86_64
Version     : 2.3.16
Release     : 15.el6

We have a working Apache-2.2 /Squirrelmail-1.42 (SM) / Cyrus-IMAP-2.3
(CI) setup.  SM and CI reside on different hosts.  We use TLS over
port 993 to communicate.  The login mechanism is plaintext
authenticating against /etc/passwd.

We are in the process of transitioning from this setup to one hosted
on FreeBSD and I am having problems getting SM on the new host to
connect to the existing CI service.  To debug this I am using openssl
s_client as follows:

openssl s_client \
  -connect \
  -CApath /usr/local/etc/pki/tls/certs

Resulting in:
. . .
    Start Time: 1524836386
    Timeout   : 300 (sec)
    Verify return code: 19 (self signed certificate in certificate chain)
v2.3.16-Fedora-RPM-2.3.16-15.el6 server ready

LOGIN testusermb testuserpw
LOGIN BAD Please login first

According to the documentation the message LOGIN BAD means that the
arguments to the LOGIN command are not understood.  But, as far as I
can discover, the LOGIN command only takes two arguments: user name
and password.

I get the same results on both the new SM host and the old so the
issue is with my employment of s_client.  How does one connect to a
mailbox using s_client?

***          e-Mail is NOT a SECURE channel          ***
        Do NOT transmit sensitive data via e-Mail
 Do NOT open attachments nor follow links sent by e-Mail

James B. Byrne                mailto:ByrneJB at
Harte & Lyne Limited
9 Brockley Drive              vox: +1 905 561 1241
Hamilton, Ontario             fax: +1 905 561 0757
Canada  L8E 3C3

More information about the Info-cyrus mailing list