> Date: Wednesday, August 12, 2015 11:14:29 +0100 > From: Dr J Austin <ja at maui.jaa.org.uk> > > > On Tue, 11 Aug 2015, Dr J Austin wrote: > >> >> >> On Tue, 11 Aug 2015, Alexander Dalloz wrote: >> >>> Am 11.08.2015 um 22:28 schrieb Dr J Austin: >>>> >>>> Hi Alexander >>>> >>>> [root at maui:/var/log]$ watch 'tail -n40 maillog >>>> >>>> does not quiver when I try to connect >>> >>> That's suspicious. >>> >>> Let's exclude it is the client which causes the problem: Connect >>> directly to the IMAPS server on CLI. >>> >>> openssl s_client -connect <server ip>:993 >>> >>> You hopefully see a greeting message from the IMAP server. Then >>> issue >>> >>> a1 LOGIN username password >>> >>> If you see a success message that you logged in, then everything >>> is fine with your cyrus-imapd. >>> >>> Logout by entering >>> >>> a2 LOGOUT >>> >>> If you got that far, the troublemaker is Evolution. Can't help >>> you with that one as I am not using it. Validate all the >>> account settings to be valid. >>> >>>> In coming mail can be seen but nothing about evo connections as >>>> far as I can see >>>> >>>> There do seem to be some warnings/errors - they don't look >>>> relavant?? >>> >>> Right, irrelevant for your isse. >>> >>>> Many thanks for your help >>>> >>>> John >>>> >>>> >>> You really should see your user login in this log file. >>> >>> Alexander >>> >> >> Hmmm >> >> Summary >> On the server maui itself >> Failure when using IP address but works with name maui for root >> and fred >> >> On a separate machine paxos >> Failure for both IP address and name maui and maui.jaa.org.uk >> for both root and ja >> >> However the error messages are different between maui and paxos >> >> John >> >> ----------------------------------------------------------------- >> -------- As user fred on the server maui itself >> [fred at maui ~]$ openssl s_client -connect 148.197.29.5:993 >> socket: Connection refused >> connect:errno=111 >> >> As root on the server maui itself >> [root at maui:/var/log]$ openssl s_client -connect 148.197.29.5:993 >> socket: Connection refused >> connect:errno=111 >> ----------------------------------------------------------------- >> ------- As root on maui using "name" >> [root at maui:/var/log]$ openssl s_client -connect maui:993 >> CONNECTED(00000003) >> depth=0 C = UK, ST = Hampshire, L = Fareham, CN = >> maui.jaa.org.uk, emailAddress = ja at jaa.org.uk >> verify error:num=18:self signed certificate >> verify return:1 >> depth=0 C = UK, ST = Hampshire, L = Fareham, CN = >> maui.jaa.org.uk, emailAddress = ja at jaa.org.uk >> verify return:1 >> --- >> Certificate chain >> 0 >> s:/C=UK/ST=Hampshire/L=Fareham/CN=maui.jaa.org.uk/emailAddress=ja >> @jaa.org.uk >> >> i:/C=UK/ST=Hampshire/L=Fareham/CN=maui.jaa.org.uk/emailAddress=ja >> @jaa.org.uk --- >> Server certificate >> ... >> * OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID AUTH=PLAIN SASL-IR >> COMPRESS=DEFLATE] maui.jaa.org.uk Cyrus IMAP >> v2.3.16-Fedora-RPM-2.3.16-13.el6_6 server ready >> a1 LOGIN username password >> al OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID LOGINDISABLED >> AUTH=PLAIN COMPRESS=DEFLATE ACL RIGHTS=kxte QUOTA >> MAILBOX-REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT >> CHILDREN MULTIAPPEND BINARY SORT SORT=MODSEQ >> THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE CATENATE >> CONDSTORE SCAN IDLE LISTEXT LIST-SUBSCRIBED X-NETSCAPE URLAUTH] >> User logged in a2 LOGOUT >> * BYE LOGOUT received >> a2 OK Completed >> read:errno=0 >> >> >> These also work OK >> [ja at maui ~]$ openssl s_client -connect maui:993 >> ja at maui ~ 4$ openssl s_client -connect maui.jaa.org.uk:9 >> ----------------------------------------------------------------- >> ---- On a separate machine paxos - always fails >> >> As user ja on a separate machine paxos >> ja at paxos ~ 1$ openssl s_client -connect 148.197.29.5:993 >> socket: Bad file descriptor >> connect:errno=9 >> >> As root on a separate machine paxos >> [root at paxos:~]$ openssl s_client -connect 148.197.29.5:993 >> socket: Bad file descriptor >> connect:errno=9 >> >> [root at paxos:~]$ openssl s_client -connect maui:993 >> socket: Bad file descriptor >> connect:errno=9 >> >> [root at paxos:~]$ openssl s_client -connect maui.jaa.org.uk:993 >> socket: Bad file descriptor >> connect:errno=9 >> >> [root at paxos:~]$ exit >> logout >> ja at paxos ~ 3$ openssl s_client -connect maui:993 >> socket: Bad file descriptor >> connect:errno=9 >> >> ja at paxos ~ 4$ openssl s_client -connect maui.jaa.org.uk:993 >> socket: Bad file descriptor >> connect:errno=9 >> >> >> >> _______________________________________________ >> CentOS mailing list >> CentOS at centos.org >> http://lists.centos.org/mailman/listinfo/centos >> > > A little more info about using s_client on paxos to connect to > maui > > openssl s_client -connect maui.jaa.org.uk:993 > > Wireshark shows just one packet each way (to/from port 993) > A request for connection from paxos to maui and a reset from maui > to paxos I don't think that wireshark adds much to this. Unless you had a proxy in the middle, the "connection refused" responses already indicated that your connections were getting to the/a server, it's just refusing the connections. Connections by name, especially short forms, are suspect unless you can be very certain of how they are being resolved (i.e., what IPnumber you end up trying to connect to). There is no reason that using root to connect to port 993 would work when a normal user doesn't. An IMAP server either accepts the initial connection from a machine or not - it doesn't know or care what type of user is originating the connection. You may want to look into what you were able to connect to via: openssl s_client -connect maui:993 I'd start by looking up what "maui" resolves to. I just looked up maui.jaa.org.uk. It (currently) resolves to 213.152.52.233, not the 148.197 you seemed to be using above. I realize you may have some form of dynamic dns going here, but thought I'd mention it. Could you try (as root) two slightly different version of my earlier netstat commands: netstat -pnlA inet | egrep ':993|:143' netstat -pnlA inet6 | egrep ':993|:143' the addition of "A inet/inet6" will show whether it is listening via ipv4 (inet) or ipv6 (inet6) on the imap ports.