Thanks for the suggestions; I will try to give some more details:
1) Bincimp is v. 1.0.24, which I installed from RMP.
2) The bincimap log files under /var/opt/log/bincimap and /var/opt/log/bincimap-ssl
are all empty.
3) My mailserver is a stripped-down installation: no X-win, no telnet, so I cannot use
the telnet test. I could of cause install it, but I suppose the test in pt 4) below
suffices.
4) open s_client -connect 127.0.0.1:993 fails:
# openssl s_client -connect 127.0.0.1:993
connect: Connection refused
connect:errno=29
netstat shows that post 143 is being listened to but not port 993, which should
explain why the openssl connection to localinterface fails.
Should port 993 be opened by bincimap? If so, how/where do I configure it?
5) The SSL-section of /etc/opt/binicimap/bincimap.conf is as follows:
//----------------------------------------------------------------------------
SSL {
pem file = "/usr/local/openssl/ssl/certs/privkey.pem",
ca file = "", <--- Not sure
about that one
cipher list = "!ADH:RC4+RSA:HIGH:MEDIUM:LOW:EXP:+SSLv2:+EXP",
verify peer = "yes"
}
//----------------------------------------------------------------------------
6) Following www.openssl.org/docs/HOWTO/certificates.txt I generated the following
certificates in /usr/local/openssl/ssl/certs (on the mailserver), thus:
openssl genrsa > privkey.pem
openssl req -new -key privkey.pem -out cert.csr
openssl x509 -req -in cert.csr -extfile ../openssl.cnf -etensions v3_ca -signkey
privkey.pem -out cacert.pem -trustout
That gave me the following files in /usr/local/openssl/ssl/certs
-rw-r--r-- 1 root root 899 Feb 24 21:46 cacert.pem
-rw-r--r-- 1 root root 452 Feb 24 21:43 cert.csr
-rw-r--r-- 1 root root 497 Feb 24 21:40 privkey.pem
I do not really understand this ssl-stuff (ought to get a book on it). Do I need to
copy anything across to the workstation?
Thanks for the help.
Regards
Sigmund.
