From owner-freebsd-questions@FreeBSD.ORG Mon Feb 23 18:28:19 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 17B3116A4CE for ; Mon, 23 Feb 2004 18:28:19 -0800 (PST) Received: from out002.verizon.net (out002pub.verizon.net [206.46.170.141]) by mx1.FreeBSD.org (Postfix) with ESMTP id BDDD243D1D for ; Mon, 23 Feb 2004 18:28:18 -0800 (PST) (envelope-from leblanc@keyslapper.org) Received: from keyslapper.org ([151.203.33.188]) by out002.verizon.net (InterMail vM.5.01.06.06 201-253-122-130-106-20030910) with ESMTP id <20040224022816.JNDZ23576.out002.verizon.net@keyslapper.org> for ; Mon, 23 Feb 2004 20:28:16 -0600 Received: from keyslapper.org (localhost [127.0.0.1]) by keyslapper.org (8.12.8p1/8.12.8) with ESMTP id i1O2SBHX071453 for ; Mon, 23 Feb 2004 21:28:12 -0500 (EST) (envelope-from leblanc@keyslapper.org) Received: (from leblanc@localhost) by keyslapper.org (8.12.8p1/8.12.8/Submit) id i1O2S99I071452 for freebsd-questions@freebsd.org; Mon, 23 Feb 2004 21:28:09 -0500 (EST) Date: Mon, 23 Feb 2004 21:28:09 -0500 From: Louis LeBlanc To: Free BSD Questions list Message-ID: <20040224022809.GB70587@keyslapper.org> Mail-Followup-To: Free BSD Questions list References: <20040224003846.GB25902@teddy.fas.com> <20040224010221.GA70587@keyslapper.org> <20040224012915.GA27408@teddy.fas.com> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <20040224012915.GA27408@teddy.fas.com> User-Agent: Mutt/1.5.6i X-Authentication-Info: Submitted using SMTP AUTH at out002.verizon.net from [151.203.33.188] at Mon, 23 Feb 2004 20:28:14 -0600 Subject: Re: imap question X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: freebsd-questions@freebsd.org List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Feb 2004 02:28:19 -0000 On 02/23/04 08:29 PM, stan sat at the `puter and typed: > On Mon, Feb 23, 2004 at 08:02:22PM -0500, Louis LeBlanc wrote: > > On 02/23/04 07:38 PM, stan sat at the `puter and typed: > > > I'm trying to help a firend of mine get an imap server running on one of > > > his FreeBSD 4.9 STABLE machines. > > > > > > We have built the UW imapd port, and installed it. However we seem to be > > > habing a bit of a problem making it work. > > > > > > Tha man page, and the docs (which I only found in the ports work directory > > > for some reason, don't they get installed somewhere?) All seem to agree, > > > that it shoud "juts work" However in our case it does not :-( > > > > > > Cruently we are gettin error messages like this in /var/log/mailog: > > > > > > maillog.0:Feb 22 19:40:26 ops2 imapd[59881]: Unable to load certificate > > > from /usr/local/certs/imapd.pem, host=router.XXX.net [192.168.2.1] > > > > > > As you can see, this box is located on a DMZ, behin an OpenBSD firweall > > > (running pf). WE have that box redirecting port 993 to teh FreeBSD box > > > running imap. > > > > > > What am I missing here? > > > > You can't really accept secure connections without an SSL certificate. > > Check the docs to find the details, but you probably want the OpenSSL > > docs as well to tell you how to create an SSL key and PEM cert. The > > path provided in the error message tells you where the cert is > > expected to be. Chances are that if you check the imapd.conf you'll > > also see where the key should be placed. > > Sorry I wasn't clear here. > > The _is_ a certificate there. Created (I assume by the port build process). > However it seesm that since the packes are being redirected _from_ th > router (OpenBSD) box, imapd wan'ts the certificate to be _for_ the router > box. > > Any ideas how to fix this? Ah. Well, if imapd wants the cert to be for the router, remake it for the router. Check the OpenSSL docs. It's not as complicated as it will seem at first. Cyrus doesn't really care what the cert is for, but I guess if UW does, you might want to check the configs to make sure the hostname doesn't need reconfiguring. > > Unless you have it configured to block or simply not accept regular > > IMAP connections, you might be able to connect on port 143, if you > > just redirect that port. Only problem is your connection won't be > > secure. > > And the passwords will be passed in the clear, right? Yup. > Might as well use POP, correct? Yes and no. POP is fine if you only ever check mail from one system. Otherwise, imap is more appropriate. Security is a separate issue altogether when you look at it this way. Good luck. Lou -- Louis LeBlanc leblanc@keyslapper.org Fully Funded Hobbyist, KeySlapper Extrordinaire :) http://www.keyslapper.org ԿԬ Rudin's Second Law: In a crisis that forces a choice to be made among alternative courses of action, people tend to choose the worst possible course.