Chuck Davis wrote:
Hey John:
Is this message in response to a Imap session or a smtp connection.
This is Kmail trying to connect to Cyrus imap. I've never had a problem with Postfix getting the mail and delivering to the server. But getting Kmail to connect to the server is torture!! I haven't even opened port 25 yet for Postfix testing -- not until I can gather what comes through.
Kmail has that niffty button that says "Check what the server provides," It will let you know if something is wrong, because it won't offer methods you think it should.
I can't count the number of times I have pressed that nifty little button. The server responds no encrypting and 3 auth methods -- none of which works. As I recall (the machine is at home right now where I can to R & D in my evenings!) the 3 are plain, cram-md5 and digest-md5.
Digest will not work. Never has as far as I can tell. Use plain. You are already in an SSL tunnel, there is no reason to further complicate the issue. I don't even allow access to our Cyrus via un-encrypted channels. Cyrus is accessed via Imap 993 with ssl.
One would be inclined to think that when the server responds with those options they would work when chosen for configuration!
No, the server responds with options you tell it to respond with. Go remove those that don't work from the config, and it won't offer them any more.
I have no problem connecting with telnet to port 143 -- get all the right words. Says all the right things but not to Kmail apparently.
Don't allow access via 143. Its a crutch. It prevents you from solving the real problem with certificates.
There are uaually two sets of certs (or copies in two places) (shouldn't need to be but it seems to work better that way).
Where are the two sets of certs? I only have on set in the /ect/postfix/ssl directory.
Cyrus has its own set. You can contrive to make them the same, but its usually more trouble than its worth. Mine are in /var/lib/imap/ because cyrus runs in a chroot and can't access the ones in /etc/postfix/ssl/certs/ These certs for cyrus include these: and they are not the same as the ones for postfix, (but they could be if you wanted them to be). /var/lib/imap/key.pem /var/lib/imap/req.pem /var/lib/imap/server.pem The whole saslauthd thing is a big mystery, but it is key. Get that running and the rest falls into place. I found several good howto's on the web about this and I thought I had them book marked, but can't find them. I will mail you privately my notes, Chuck, to see if they can be of some help. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org