Community Forum

Ryan Ng
Ryan Ng
Offline
Resolved
0 votes
Hi,

I'm hoping someone can help me out with a problem with Cyrus-Imap. I can't seem to login using Thunderbird and Roundcube. By checking /var/log/mail, I'm getting this error:

Aug 7 02:55:00 mail imap[317]: accepted connection
Aug 7 02:55:00 mail master[320]: about to exec /usr/lib/cyrus-imapd/imapd
Aug 7 02:55:00 mail imap[320]: executed
Aug 7 02:55:00 mail imap[317]: imapd:Loading hard-coded DH parameters
Aug 7 02:55:00 mail imap[317]: SSL_accept() incomplete -> wait
Aug 7 02:55:00 mail imap[317]: sslv3 alert bad certificate in SSL_accept() -> fail

I have been searching for a fix for 3 days and I can't seem to find a solution. Sorry, I'm like super new to all of this. I'm still currently learning.

I'm trying to setup thunderbird and it just refuses to connect using TLS but when no SSL or authentication, it will connect fine. Is this safe? Also, in roundcube, it won't let me login, it just keeps saying Login Failed.

I have re-installed ClearOS so many times because I keep breaking it messing with configs. Today alone, I re-installed 5x. So, I'm hoping someone can help me with this problem or point me to the right direction.

Would Zarafa fix this problem regarding login in webmail?


Thanks!
In Mail
Tuesday, August 06 2013, 07:31 PM
Share this post:
Responses (8)
  • Accepted Answer

    Intelliant
    Intelliant
    Offline
    Wednesday, May 28 2014, 07:32 PM - #Permalink
    Resolved
    0 votes
    More information about why the default certificate may not being accepted - See section "Name on the certificate should match the name of the mail server" at http://www.msoutlook.info/question/613.
    The reply is currently minimized Show
  • Accepted Answer

    Intelliant
    Intelliant
    Offline
    Wednesday, May 28 2014, 07:12 PM - #Permalink
    Resolved
    0 votes
    Managed to solve this with help from post of Ian J.

    Looks like Thunderbird gets duped by a "bad certificate" the first time. But subsequent deletion and attempt to re-authenticate to the server, it doesn't recognise it as something legitimate akin to what Outlook responds as ''the target principal name is incorrect'' as given in Ian's post.

    http://www.clearfoundation.com/media/kunena/attachments/legacy/images/cyrus_imap_certificate.png

    However, it was solved by creating new certificates following the instructions under Configuring Cyrus with OpenSSL from http://cyrusimap.web.cmu.edu/docs/cyrus-imapd/2.4.6/install-configure.php . Have put the new key and certificate at /etc/pki/cyrus-imapd/cyrus-imapd.pem, made it readable for the group 'mail', essentially making it readable for cyrus and am hoping that it shall survive any subsequent upgrades.

    Now the certificate looks like this -

    http://www.clearfoundation.com/media/kunena/attachments/legacy/images/cyrus_imap_certificate_fixed.png

    This definitely begs an improvement in the cyrus app for 6.x.

    PS: Found that my tracker account is disabled as of now. Guess it is due to prolonged non-usage. Will put in a request to enable it and thereafter file a bug report.
    The reply is currently minimized Show
  • Accepted Answer

    Intelliant
    Intelliant
    Offline
    Tuesday, May 27 2014, 04:55 PM - #Permalink
    Resolved
    0 votes
    Have tried recreating the server certificates. Have re-checked the cyrus configuration.

    Telnet on 993 does not show the server capabilities

    # telnet mail.domain.net 993
    Trying 192.168.2.2...
    Connected to mail.domain.net.
    Escape character is '^]'.


    However, on 143 it shows this -

    # telnet mail.domain.net 143
    Trying 192.168.2.2...
    Connected to mail.domain.net.
    Escape character is '^]'.
    * OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID STARTTLS AUTH=PLAIN SASL-IR COMPRESS=DEFLATE] mail.domain.net Cyrus IMAP v2.3.16-Fedora-RPM-2.3.16-6.v6.4 server ready


    Is there any other information that I can furnish to help address this?
    The reply is currently minimized Show
  • Accepted Answer

    Intelliant
    Intelliant
    Offline
    Friday, May 23 2014, 09:41 AM - #Permalink
    Resolved
    0 votes
    Telnet to IMAPS port 993 also works fine. Have also attempted a complete restart after the porting just to be sure that everything came up as was desired.
    The reply is currently minimized Show
  • Accepted Answer

    Intelliant
    Intelliant
    Offline
    Friday, May 23 2014, 09:20 AM - #Permalink
    Resolved
    0 votes
    Ryan, I am facing the exact same problem. Did you manage to resolve this?

    I am using ClearOS 6.5 Professional. Have just ported it all from a TEST server to this one. It was all working fine on the TEST server.

    Without TLS/SSL all is fine with TB and Roundcube. But with it I get this error in the logs -

    May 23 14:36:16 mail master[6549]: process 12095 exited, status 75
    May 23 14:36:16 mail master[6549]: service imaps pid 12095 in BUSY state: terminated abnormally
    May 23 14:36:16 mail imaps[12104]: SSL_accept() incomplete -> wait
    May 23 14:36:16 mail imaps[12104]: sslv3 alert bad certificate in SSL_accept() -> fail
    May 23 14:36:16 mail imaps[12104]: imaps TLS negotiation failed: ltsp-appserve03.xxx.net [192.168.2.7]
    May 23 14:36:16 mail imaps[12104]: Fatal error: tls_start_servertls() failed
    May 23 14:36:16 mail master[6549]: process 12104 exited, status 75
    May 23 14:36:16 mail master[6549]: service imaps pid 12104 in BUSY state: terminated abnormally


    I have tried by recreating the server certificates as well.
    The reply is currently minimized Show
  • Accepted Answer

    Monday, August 12 2013, 11:08 AM - #Permalink
    Resolved
    0 votes
    I was able to switch TB to both STARTTLS and TLS. I had to accept the certificates manually even if I imported the ClearOS ca-cert into TB and I don't know why (but I am not good with certificates). The only other thing to note is that if you use TLS you have to enable Secure IMAP in the webconfig.
    The reply is currently minimized Show
  • Accepted Answer

    Ryan Ng
    Ryan Ng
    Offline
    Wednesday, August 07 2013, 12:46 PM - #Permalink
    Resolved
    0 votes
    just today i was able to successfully setup roundcube in ClearOS 6.4 and everything is working fine for 6hrs now with constant testing. i use all default settings during setup and everything worked okay after that. My only problem now is thunderbird.
    The reply is currently minimized Show
  • Accepted Answer

    Tuesday, August 06 2013, 08:36 PM - #Permalink
    Resolved
    0 votes
    I cannot check me set up until the weekend but I think with TB I don't use TLS for the same reason. How did you set up Roundcube? Have you tried to telnet into Cyrus? I had to restart Cyrus a few times before I could with 6.3 before Cyrus was released properly.
    The reply is currently minimized Show
Your Reply