www# openssl s_client -connect myip:993 -crlf
CONNECTED(00000003)
84982 0 [EMAIL PROTECTED]:] Client connected to Binc IMAP from myip
84981:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:/usr/src/secure/lib/libssl/../../../crypto/openssl/ssl/s23_clnt.c:475:
84982 1 [EMAIL PROTECTED]:] Client disconnected
84982 2 [EMAIL PROTECTED]:] Unprivileged stub shutting down - read:0 bytes, wrote:0 bytes.
To start bincimap, I use:
tcpserver -c 100 -u 0 -g 0 myip 993 /usr/local/bin/bincimap-up --conf=/usr/local/etc/bincimap/bincimap.conf -- /usr/local/bin/checkpassword /usr/local/bin/bincimapd &
About my jailpath, jail path = "/usr/local/bin/bincimap",
I just did :
mkdir /usr/local/bin/bincimap
chown nobody /usr/local/bin/bincimap
ls -al /usr/local/bin/bincimap
drwxr-xr-x 2 nobody wheel 512 Oct 26 07:21 .
bincimap.conf consists of:
Authentication {
allow plain auth in non ssl = "no", /* allow login or
authenticate
when not in
SSL/TLS mode */
auth penalty = 4, /* on auth failure,
* server sleeps so
* many seconds
* before allowing
* client to
* authenticate
* again.
*/
disable starttls = "no"
}
//----------------------------------------------------------------------------
Security {
jail path = "/usr/local/bin/bincimap",
jail user = "nobody",
jail group = "nobody"
}
//----------------------------------------------------------------------------
Log {
// type = "syslog", /* supports
type = "stderr", /* supports
* multilog or
* syslog or
* stderr (for testing).
*/
environment ip variable = "TCPREMOTEIP"
}
//----------------------------------------------------------------------------
Mailbox {
depot = "IMAPdir", /* Use Maildir++ style
* depot. */
type = "Maildir", /* only Maildir
* support */
path = "Maildir", /* default path */
auto create inbox = "yes", /* create INBOX in
* given format if
* it doesn't
* exist.
*/
auto subscribe mailboxes = "INBOX", /* list mailboxes
* in one string,
* seperated by
* commas
*/
umask = "077" /* use this umask
* when creating
* mailboxes, or
* when copying and
* appending
* messages.
*/
}
//----------------------------------------------------------------------------
Session {
idle timeout = 1860, /* idle timeout in
seconds */
auth timeout = 60, /* timeout before
auth in
seconds */
transfer timeout = 1200, /* timeout per
transferred com
unit (I/O) */
transfer buffer size = 1024 /* number of bytes
to buffer before
passing on to
client. */
}
//----------------------------------------------------------------------------
SSL {
pem file = "/usr/local/etc/bincimap/bincimap.pem", /* private key and
certificate
chain PEM file
name */
ca file = "", /* file to use as
certificate
authority */
cipher list = "!ADH:RC4+RSA:HIGH:MEDIUM:LOW:EXP:+SSLv2:+EXP",
verify peer = "no"
}
On Sat, Nov 15, 2003 at 12:24:18PM +0100, Joel Aufrecht wrote:
passphrase-protected rsa key and a certificate. I then use
openssl rsa -in newreq.pem -out key.pem, which asks for the
The *req* file is a certificate request, you want to use OpenSSL to create a
self-signed certificate from it, like so:
openssl x509 -signkey key.pem -req -in newreq.pem -out newcert.pem
Make a new key as well, don't use the compromised one you mailed to the
list. :)
//Peter
