[Bug 420972] New: courier-imap and courier-pop startup script
https://bugzilla.novell.com/show_bug.cgi?id=420972 Summary: courier-imap and courier-pop startup script Product: openSUSE 11.0 Version: Final Platform: PC OS/Version: openSUSE 11.0 Status: NEW Severity: Normal Priority: P5 - None Component: Installation AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: markus.bartl@noack-ingenieure.com QAContact: jsrain@novell.com Found By: Community User Both mentioned startup scripts are using not only the config files /etc/courier/imapd and /etc/courier/pop3d but also the files /etc/courier/imapd-ssl and /etc/courier/pop3d-ssl. This leads to the case, that tls and ssl have to be set up to get pop3 and imap running even if you dont want to use them. My solutions: /etc/init.d/courier-pop: Deleting following lines: . /etc/courier/pop3d-ssl ; \ TLS_PROTOCOL=$TLS_STARTTLS_PROTOCOL ; \ /etc/init.d/courier-imap: Deleting following lines: . /etc/courier/imapd-ssl ; \ IMAP_STARTTLS=$IMAPDSTARTTLS ; \ TLS_PROTOCOL=$TLS_STARTTLS_PROTOCOL ; \ Regards, Markus -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=420972 Robert Vojcik <rvojcik@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|bnc-team-screening@forge.provo.novell.com |hvogel@novell.com -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=420972 User hvogel@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=420972#c1 Hendrik Vogelsang <hvogel@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |FIXED --- Comment #1 from Hendrik Vogelsang <hvogel@novell.com> 2008-09-16 07:49:13 MDT --- fixed and submitted for 11.1 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=420972 User suse-beta@cboltz.de added comment https://bugzilla.novell.com/show_bug.cgi?id=420972#c2 Christian Boltz <suse-beta@cboltz.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED CC| |suse-beta@cboltz.de Resolution|FIXED | --- Comment #2 from Christian Boltz <suse-beta@cboltz.de> 2009-03-08 10:55:00 MST --- This change breaks TLS (POP3 command "STLS") :-( I see two ways how this can be solved: a) easy: revert the changes in the initscript b) perfect: add a variable like "ENABLE_TLS" to /etc/courier/pop3 and read /etc/courier/pop3-ssl only if it is set to YES. (Default should be YES) IMHO fetching mails (and sending the password) over a non-encrypted connection is not a good idea, so solution a) might be enough. (The original bugreporter might disagree ;-) In case other affected users find this bug: as workaround, take the /etc/init.d/pop and /etc/init.d/imap initscripts from openSUSE 11.0. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=420972 Christian Boltz <suse-beta@cboltz.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Component|Installation |Installation AssignedTo|hvogel@novell.com |bnc-team-screening@forge.pr | |ovo.novell.com Product|openSUSE 11.0 |openSUSE 11.1 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=420972 Christian Boltz <suse-beta@cboltz.de> changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|bnc-team-screening@forge.pr |hvogel@novell.com |ovo.novell.com | -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=420972 User hvogel@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=420972#c3 Hendrik Vogelsang <hvogel@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|REOPENED |NEEDINFO Info Provider| |suse-beta@cboltz.de --- Comment #3 from Hendrik Vogelsang <hvogel@novell.com> 2009-03-09 08:04:05 MST --- Christian how does that break TLS? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=420972 User suse-beta@cboltz.de added comment https://bugzilla.novell.com/show_bug.cgi?id=420972#c4 Christian Boltz <suse-beta@cboltz.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |REOPENED Info Provider|suse-beta@cboltz.de | --- Comment #4 from Christian Boltz <suse-beta@cboltz.de> 2009-03-09 11:12:39 MST --- As you probably know, TLS means to start encrypted communication on the "non-encrypted" pop3 port (110). It's impossible to know which certificate to use (TLS_CERTFILE) etc. without reading the pop3d-ssl config file which contains these settings. Short story: Courier simply does not offer the "STLS" command on port 110, which means using TLS is impossible. Long story: http://listi.jpberlin.de/pipermail/postfixbuch-users/2009-March/048641.html (Note: I did not test with IMAP, but I expect it shares this problem.) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=420972 User hvogel@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=420972#c5 Hendrik Vogelsang <hvogel@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|REOPENED |RESOLVED Resolution| |INVALID --- Comment #5 from Hendrik Vogelsang <hvogel@novell.com> 2009-03-10 04:13:45 MST --- There are -ssl variants of the init scripts. rpm -ql courier-imap-4.4.1-1.19 | grep "imap-ssl\|pop-ssl" /etc/init.d/courier-imap-ssl /etc/init.d/courier-pop-ssl /etc/sysconfig/SuSEfirewall2.d/services/courier-imap-ssl /usr/sbin/rccourier-imap-ssl /usr/sbin/rccourier-pop-ssl -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=420972 User suse-beta@cboltz.de added comment https://bugzilla.novell.com/show_bug.cgi?id=420972#c6 Christian Boltz <suse-beta@cboltz.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED Resolution|INVALID | --- Comment #6 from Christian Boltz <suse-beta@cboltz.de> 2009-03-10 08:34:44 MST --- Henne, did you actually test this before closing the bug as invalid? (I could also point you to bug 168595#c5 with s/Olaf/Christian/ ;-) To make it short: - /etc/init.d/courier-pop starts a daemon that listens on the pop3 port (110) - /etc/init.d/courier-pop-ssl starts a daemon that listens on the pop3s port (995) [NOT on port 110] - this means: the courier-pop and courier-pop-ssl _start_different_things_ - but: even the pop3 daemon on port 110 needs the SSL configuration to be able to offer TLS. If you don't trust me, please test yourself against a 11.0 and a 11.1 server with courier running. The easiest method is to test the server capabilities with KMail - you'll notice that TLS encryption is not available on the 11.1 server. If you prefer manual testing, telnet on port 110 and try "STLS" or "CAPA". -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=420972 User hvogel@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=420972#c7 --- Comment #7 from Hendrik Vogelsang <hvogel@novell.com> 2009-03-10 08:52:25 MST --- of course i did not test it. do you think i'm bored? :) But now i understand what you want. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com