Hmmm... that last message was silly... Sorry. I noticed that my client again
replied only to Peter, so I wanted to repost to the list.
Here is the intended message:
Thanks again! Comments inline.
> Check these:
>
> openssl x509 -in /var/qmail/control/bincimap.pem -noout -text
> openssl x509 -in /var/qmail/control/diy_ca.pem -noout -text
>
> You should get reasonable output from both those commands, with
> the subject of the latter certificate being the issuer of the former.
It *seems* to be ok. The only difference I can see is that the subject of
diy_ca.pem shows:
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (2048 bit)
Modulus (2048 bit):
some value
Exponent: 65537 (0x10001)
while the subject of the bincimap.pem shows:
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
some other value
Exponent: 65537 (0x10001)
I assume that "some value != some other value" because one is modulus 2048,
while the other is modulus 1024. However, I don't know if having different
values for the modulus is correct or not...
> Some questions:
>
> What does the run file for the service look like?
A copy-paste of what's on the wiki.
/service/bincimaps/run:
#!/bin/sh
# $Id: run-ssl.in,v 1.1.1.1 2003/08/18 18:06:05 andreaha Exp $
# daemontools supervise run-file for Binc IMAP Service.
exec 2>&1
exec tcpserver -c 100 \
-l $(hostname) -HDRP \
0 993 \
/var/qmail/bin/bincimap-up \
--logtype=multilog \
--conf=/var/qmail/control/bincimap.conf --ssl -- \
/bin/checkpassword \
/var/qmail/bin/bincimapd
> How do you want to set things up wrt SSL requirements?
> I run a private (only listening on localhost) Binc server that
> doesn't require SSL for the use of IlohaMail, a web mail client.
> And for external parties I run another Binc on a public interface
> that requires SSL. For this setup to work I need two different
> configuration files.
Well, to be honest, for me simple is better, so I was thinking of simply
disallowing imap over 143 and only allowing it over SSL. I don't expect to
be using IMAP on localhost.
OT question... but why did you choose IlohaMail, and not, say SquirrelMail?
I also need to choose a web client, so any suggestions would be very
appreciated.
> I've found that most clients don't seem to want to do imaps
> but rather they want to use STARTTLS, so both of my services
> run on port 143, just different interfaces and different configuration.
Ok, I see. I'm not sure how this should affect my configuration, though...
> > By the way, the above was an attempted connection with a
> > Thunderbird client. I tried with an Outlook client, but nothing
> > even showed up with the logs...
>
> I seem to recall that Outlook was one of the STARTTLS programs,
> so when you check the "secure connection" box (forgot what it's
> called) it still goes for port 143 but will STARTTLS before logging
> in there.
Ok, thanks!
Again, I very much appreciate all your great support! Use me as a reference
any time!
