[SOLVED] Re: Cannot LOGIN using openssl s_client
On Fri, April 27, 2018 09:56, James B. Byrne wrote: > > openssl s_client \ > -connect imap.hamilton.harte-lyne.ca:993 \ > -CApath /usr/local/etc/pki/tls/certs > > Resulting in: > . . . > Start Time: 1524836386 > Timeout : 300 (sec) > Verify return code: 19 (self signed certificate in certificate > chain) > --- > * OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID AUTH=PLAIN SASL-IR > COMPRESS=DEFLATE] inet07.hamilton.harte-lyne.ca Cyrus IMAP > v2.3.16-Fedora-RPM-2.3.16-15.el6 server ready > > LOGIN testusermb testuserpw > LOGIN BAD Please login first > > According to the documentation the message LOGIN BAD means that the > arguments to the LOGIN command are not understood. But, as far as I > can discover, the LOGIN command only takes two arguments: user name > and password. > > I get the same results on both the new SM host and the old so the > issue is with my employment of s_client. How does one connect to a > mailbox using s_client? > > I discovered that one must first preface IMAP commands with an arbitrary string. So this works: str LOGIN testusermb testuserpw str OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID LOGINDISABLED AUTH=PLAIN COMPRESS=DEFLATE ACL RIGHTS=kxte QUOTA MAILBOX-REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT SORT=MODSEQ THREAD=ORDEREDSUBJECT THREAD=REFERENCES ANNOTATEMORE CATENATE CONDSTORE SCAN IDLE LISTEXT LIST-SUBSCRIBED X-NETSCAPE URLAUTH] User logged in -- *** e-Mail is NOT a SECURE channel *** Do NOT transmit sensitive data via e-Mail Do NOT open attachments nor follow links sent by e-Mail James B. Byrnemailto:byrn...@harte-lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3 Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Cannot LOGIN using openssl s_client
On 04/27/2018 10:56 AM, James B. Byrne via Info-cyrus wrote: OS : CentOS-6.9 Name: cyrus-imapd Arch: x86_64 Version : 2.3.16 Release : 15.el6 We have a working Apache-2.2 /Squirrelmail-1.42 (SM) / Cyrus-IMAP-2.3 (CI) setup. SM and CI reside on different hosts. We use TLS over port 993 to communicate. The login mechanism is plaintext authenticating against /etc/passwd. We are in the process of transitioning from this setup to one hosted on FreeBSD and I am having problems getting SM on the new host to connect to the existing CI service. To debug this I am using openssl s_client as follows: openssl s_client \ -connect imap.hamilton.harte-lyne.ca:993 \ -CApath /usr/local/etc/pki/tls/certs Resulting in: . . . Start Time: 1524836386 Timeout : 300 (sec) Verify return code: 19 (self signed certificate in certificate chain) --- * OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID AUTH=PLAIN SASL-IR COMPRESS=DEFLATE] inet07.hamilton.harte-lyne.ca Cyrus IMAP v2.3.16-Fedora-RPM-2.3.16-15.el6 server ready LOGIN testusermb testuserpw LOGIN BAD Please login first According to the documentation the message LOGIN BAD means that the arguments to the LOGIN command are not understood. But, as far as I can discover, the LOGIN command only takes two arguments: user name and password. I get the same results on both the new SM host and the old so the issue is with my employment of s_client. How does one connect to a mailbox using s_client? You need something at the start like a period . LOGIN testusermb testuserpw <> Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Cannot LOGIN using openssl s_client
OS : CentOS-6.9 Name: cyrus-imapd Arch: x86_64 Version : 2.3.16 Release : 15.el6 We have a working Apache-2.2 /Squirrelmail-1.42 (SM) / Cyrus-IMAP-2.3 (CI) setup. SM and CI reside on different hosts. We use TLS over port 993 to communicate. The login mechanism is plaintext authenticating against /etc/passwd. We are in the process of transitioning from this setup to one hosted on FreeBSD and I am having problems getting SM on the new host to connect to the existing CI service. To debug this I am using openssl s_client as follows: openssl s_client \ -connect imap.hamilton.harte-lyne.ca:993 \ -CApath /usr/local/etc/pki/tls/certs Resulting in: . . . Start Time: 1524836386 Timeout : 300 (sec) Verify return code: 19 (self signed certificate in certificate chain) --- * OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID AUTH=PLAIN SASL-IR COMPRESS=DEFLATE] inet07.hamilton.harte-lyne.ca Cyrus IMAP v2.3.16-Fedora-RPM-2.3.16-15.el6 server ready LOGIN testusermb testuserpw LOGIN BAD Please login first According to the documentation the message LOGIN BAD means that the arguments to the LOGIN command are not understood. But, as far as I can discover, the LOGIN command only takes two arguments: user name and password. I get the same results on both the new SM host and the old so the issue is with my employment of s_client. How does one connect to a mailbox using s_client? -- *** e-Mail is NOT a SECURE channel *** Do NOT transmit sensitive data via e-Mail Do NOT open attachments nor follow links sent by e-Mail James B. Byrnemailto:byrn...@harte-lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3 Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
