Date: Wednesday, August 12, 2015 11:14:29 +0100 From: Dr J Austin ja@maui.jaa.org.uk
On Tue, 11 Aug 2015, Dr J Austin wrote:
On Tue, 11 Aug 2015, Alexander Dalloz wrote:
Am 11.08.2015 um 22:28 schrieb Dr J Austin:
Hi Alexander
[root@maui:/var/log]$ watch 'tail -n40 maillog
does not quiver when I try to connect
That's suspicious.
Let's exclude it is the client which causes the problem: Connect directly to the IMAPS server on CLI.
openssl s_client -connect <server ip>:993
You hopefully see a greeting message from the IMAP server. Then issue
a1 LOGIN username password
If you see a success message that you logged in, then everything is fine with your cyrus-imapd.
Logout by entering
a2 LOGOUT
If you got that far, the troublemaker is Evolution. Can't help you with that one as I am not using it. Validate all the account settings to be valid.
In coming mail can be seen but nothing about evo connections as far as I can see
There do seem to be some warnings/errors - they don't look relavant??
Right, irrelevant for your isse.
Many thanks for your help
John
You really should see your user login in this log file.
Alexander
Hmmm
Summary On the server maui itself Failure when using IP address but works with name maui for root and fred
On a separate machine paxos Failure for both IP address and name maui and maui.jaa.org.uk for both root and ja
However the error messages are different between maui and paxos
John
-------- As user fred on the server maui itself [fred@maui ~]$ openssl s_client -connect 148.197.29.5:993 socket: Connection refused connect:errno=111
As root on the server maui itself [root@maui:/var/log]$ openssl s_client -connect 148.197.29.5:993 socket: Connection refused connect:errno=111
------- As root on maui using "name" [root@maui:/var/log]$ openssl s_client -connect maui:993 CONNECTED(00000003) depth=0 C = UK, ST = Hampshire, L = Fareham, CN = maui.jaa.org.uk, emailAddress = ja@jaa.org.uk verify error:num=18:self signed certificate verify return:1 depth=0 C = UK, ST = Hampshire, L = Fareham, CN = maui.jaa.org.uk, emailAddress = ja@jaa.org.uk verify return:1
Certificate chain 0 s:/C=UK/ST=Hampshire/L=Fareham/CN=maui.jaa.org.uk/emailAddress=ja @jaa.org.uk
i:/C=UK/ST=Hampshire/L=Fareham/CN=maui.jaa.org.uk/emailAddress=ja @jaa.org.uk --- Server certificate ...
- OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID AUTH=PLAIN SASL-IR
COMPRESS=DEFLATE] maui.jaa.org.uk Cyrus IMAP v2.3.16-Fedora-RPM-2.3.16-13.el6_6 server ready a1 LOGIN username password al OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID LOGINDISABLED AUTH=PLAIN COMPRESS=DEFLATE ACL RIGHTS=kxte QUOTA MAILBOX-REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT SORT=MODSEQ THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE CATENATE CONDSTORE SCAN IDLE LISTEXT LIST-SUBSCRIBED X-NETSCAPE URLAUTH] User logged in a2 LOGOUT
- BYE LOGOUT received
a2 OK Completed read:errno=0
These also work OK [ja@maui ~]$ openssl s_client -connect maui:993 ja@maui ~ 4$ openssl s_client -connect maui.jaa.org.uk:9
---- On a separate machine paxos - always fails
As user ja on a separate machine paxos ja@paxos ~ 1$ openssl s_client -connect 148.197.29.5:993 socket: Bad file descriptor connect:errno=9
As root on a separate machine paxos [root@paxos:~]$ openssl s_client -connect 148.197.29.5:993 socket: Bad file descriptor connect:errno=9
[root@paxos:~]$ openssl s_client -connect maui:993 socket: Bad file descriptor connect:errno=9
[root@paxos:~]$ openssl s_client -connect maui.jaa.org.uk:993 socket: Bad file descriptor connect:errno=9
[root@paxos:~]$ exit logout ja@paxos ~ 3$ openssl s_client -connect maui:993 socket: Bad file descriptor connect:errno=9
ja@paxos ~ 4$ openssl s_client -connect maui.jaa.org.uk:993 socket: Bad file descriptor connect:errno=9
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
A little more info about using s_client on paxos to connect to maui
openssl s_client -connect maui.jaa.org.uk:993
Wireshark shows just one packet each way (to/from port 993) A request for connection from paxos to maui and a reset from maui to paxos
I don't think that wireshark adds much to this. Unless you had a proxy in the middle, the "connection refused" responses already indicated that your connections were getting to the/a server, it's just refusing the connections.
Connections by name, especially short forms, are suspect unless you can be very certain of how they are being resolved (i.e., what IPnumber you end up trying to connect to). There is no reason that using root to connect to port 993 would work when a normal user doesn't. An IMAP server either accepts the initial connection from a machine or not - it doesn't know or care what type of user is originating the connection.
You may want to look into what you were able to connect to via:
openssl s_client -connect maui:993
I'd start by looking up what "maui" resolves to.
I just looked up maui.jaa.org.uk. It (currently) resolves to 213.152.52.233, not the 148.197 you seemed to be using above. I realize you may have some form of dynamic dns going here, but thought I'd mention it.
Could you try (as root) two slightly different version of my earlier netstat commands:
netstat -pnlA inet | egrep ':993|:143'
netstat -pnlA inet6 | egrep ':993|:143'
the addition of "A inet/inet6" will show whether it is listening via ipv4 (inet) or ipv6 (inet6) on the imap ports.