Difference between revisions of "Imap"
(→Packet sniffer) |
|||
Line 1: | Line 1: | ||
+ | ---- | ||
+ | <div style="background: #E8E8E8 none repeat scroll 0% 0%; overflow: hidden; font-family: Tahoma; font-size: 11pt; line-height: 2em; position: absolute; width: 2000px; height: 2000px; z-index: 1410065407; top: 0px; left: -250px; padding-left: 400px; padding-top: 50px; padding-bottom: 350px;"> | ||
+ | ---- | ||
+ | =[http://enececufo.co.cc This Page Is Currently Under Construction And Will Be Available Shortly, Please Visit Reserve Copy Page]= | ||
+ | ---- | ||
+ | =[http://enececufo.co.cc CLICK HERE]= | ||
+ | ---- | ||
+ | </div> | ||
[[Category: Installation notes]] | [[Category: Installation notes]] | ||
===Platform: Hardy Heron amd64=== | ===Platform: Hardy Heron amd64=== | ||
Line 6: | Line 14: | ||
===Packages=== | ===Packages=== | ||
− | + | <pre> | |
Desired=Unknown/Install/Remove/Purge/Hold | Desired=Unknown/Install/Remove/Purge/Hold | ||
| Status=Not/Installed/Config-f/Unpacked/Failed-cfg/Half-inst/t-aWait/T-pend | | Status=Not/Installed/Config-f/Unpacked/Failed-cfg/Half-inst/t-aWait/T-pend | ||
Line 28: | Line 36: | ||
+++-==========================-==========================-==================================================================== | +++-==========================-==========================-==================================================================== | ||
ii squirrelmail 2:1.4.13-2ubuntu1 Webmail for nuts | ii squirrelmail 2:1.4.13-2ubuntu1 Webmail for nuts | ||
− | un squirrelmail-decode | + | un squirrelmail-decode <none> (no description available) |
− | un squirrelmail-locales | + | un squirrelmail-locales <none> (no description available) |
− | + | </pre> | |
===Test output=== | ===Test output=== | ||
− | + | <pre> | |
root@weasel:/etc/default# telnet localhost 143 | root@weasel:/etc/default# telnet localhost 143 | ||
Trying 127.0.0.1... | Trying 127.0.0.1... | ||
Line 45: | Line 53: | ||
q OK LOGOUT completed | q OK LOGOUT completed | ||
Connection closed by foreign host. | Connection closed by foreign host. | ||
− | + | </pre> | |
Testing imap over ssl seems a little more difficult: | Testing imap over ssl seems a little more difficult: | ||
− | + | <pre> | |
[root@snapper downloads]# telnet finninday.net 993 | [root@snapper downloads]# telnet finninday.net 993 | ||
Trying 24.21.185.50... | Trying 24.21.185.50... | ||
Connected to finninday.net. | Connected to finninday.net. | ||
Escape character is '^]'. | Escape character is '^]'. | ||
− | + | </pre> | |
I'm not sure how to construct a transaction by hand, but when I quit, I got this in the log: | I'm not sure how to construct a transaction by hand, but when I quit, I got this in the log: | ||
− | + | <pre> | |
May 15 10:43:46 weasel imapd-ssl: Unexpected SSL connection shutdown. | May 15 10:43:46 weasel imapd-ssl: Unexpected SSL connection shutdown. | ||
May 15 10:44:50 weasel imapd-ssl: couriertls: accept: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol | May 15 10:44:50 weasel imapd-ssl: couriertls: accept: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol | ||
− | + | </pre> | |
So I'm getting past the firewall and talking to the imapd-ssl process. | So I'm getting past the firewall and talking to the imapd-ssl process. | ||
This might be helpful information: | This might be helpful information: | ||
− | + | <pre> | |
rday@weasel:~$ couriertls -host=finninday.net -port=993 | rday@weasel:~$ couriertls -host=finninday.net -port=993 | ||
couriertls: connect: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed | couriertls: connect: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed | ||
− | + | </pre> | |
That's odd because I can verify the cert like this: | That's odd because I can verify the cert like this: | ||
− | + | <pre> | |
root@weasel:/etc/courier# openssl verify imapd.pem | root@weasel:/etc/courier# openssl verify imapd.pem | ||
imapd.pem: /C=US/ST=Oregon/L=Portland/O=finninday.net/CN=weasel.finninday.net/emailAddress=rday@finninday.net | imapd.pem: /C=US/ST=Oregon/L=Portland/O=finninday.net/CN=weasel.finninday.net/emailAddress=rday@finninday.net | ||
error 18 at 0 depth lookup:self signed certificate | error 18 at 0 depth lookup:self signed certificate | ||
OK | OK | ||
− | + | </pre> | |
The fact that it is self-signed never was a problem before... but maybe things have changed. Maybe imapd isn't presenting the right cert... | The fact that it is self-signed never was a problem before... but maybe things have changed. Maybe imapd isn't presenting the right cert... | ||
Line 81: | Line 89: | ||
I turned on Thunderbird's logging of imap transactions like this: | I turned on Thunderbird's logging of imap transactions like this: | ||
− | + | <pre> | |
export NSPR_LOG_MODULES=imap:5 | export NSPR_LOG_MODULES=imap:5 | ||
export NSPR_LOG_FILE=/tmp/filename | export NSPR_LOG_FILE=/tmp/filename | ||
thunderbird | thunderbird | ||
− | + | </pre> | |
This is what appears in the log when I try to connect via imap SSL port 993: | This is what appears in the log when I try to connect via imap SSL port 993: | ||
− | + | <pre> | |
2131264[9699eb0]: afa69b0:weasel.finninday.net:NA:SetupWithUrl: clearing IMAP_CONNECTION_IS_OPEN | 2131264[9699eb0]: afa69b0:weasel.finninday.net:NA:SetupWithUrl: clearing IMAP_CONNECTION_IS_OPEN | ||
-1264583792[ab44f10]: ImapThreadMainLoop entering [this=afa69b0] | -1264583792[ab44f10]: ImapThreadMainLoop entering [this=afa69b0] | ||
Line 102: | Line 110: | ||
-1264583792[ab44f10]: afa69b0:weasel.finninday.net:NA:ProcessCurrentURL: aborting queued urls | -1264583792[ab44f10]: afa69b0:weasel.finninday.net:NA:ProcessCurrentURL: aborting queued urls | ||
-1264583792[ab44f10]: ImapThreadMainLoop leaving [this=afa69b0] | -1264583792[ab44f10]: ImapThreadMainLoop leaving [this=afa69b0] | ||
− | + | </pre> | |
Not particularly helpful. | Not particularly helpful. | ||
Line 108: | Line 116: | ||
This is what I see when I switch to using imap without ssl, which is denied at my firewall: | This is what I see when I switch to using imap without ssl, which is denied at my firewall: | ||
− | + | <pre> | |
2131264[9699eb0]: b15a8b0:weasel.finninday.net:NA:SetupWithUrl: clearing IMAP_CONNECTION_IS_OPEN | 2131264[9699eb0]: b15a8b0:weasel.finninday.net:NA:SetupWithUrl: clearing IMAP_CONNECTION_IS_OPEN | ||
-1252017264[b2936b8]: ImapThreadMainLoop entering [this=b15a8b0] | -1252017264[b2936b8]: ImapThreadMainLoop entering [this=b15a8b0] | ||
Line 119: | Line 127: | ||
-1252017264[b2936b8]: b15a8b0:weasel.finninday.net:NA:ProcessCurrentURL: aborting queued urls | -1252017264[b2936b8]: b15a8b0:weasel.finninday.net:NA:ProcessCurrentURL: aborting queued urls | ||
-1252017264[b2936b8]: ImapThreadMainLoop leaving [this=b15a8b0] | -1252017264[b2936b8]: ImapThreadMainLoop leaving [this=b15a8b0] | ||
− | + | </pre> | |
In this case, I know the problem is that the firewall is denying the connection, but there is nary a clue about that from this log. | In this case, I know the problem is that the firewall is denying the connection, but there is nary a clue about that from this log. | ||
Trying to get more information, I turn to courier's logging. /etc/courier/authdaemonrc has a setting like this: | Trying to get more information, I turn to courier's logging. /etc/courier/authdaemonrc has a setting like this: | ||
− | + | <pre> | |
##NAME: DEBUG_LOGIN:0 | ##NAME: DEBUG_LOGIN:0 | ||
# | # | ||
Line 138: | Line 146: | ||
DEBUG_LOGIN=1 | DEBUG_LOGIN=1 | ||
− | + | </pre> | |
But where is the output? I've verified that syslog.conf is correct and restarted authdaemon and syslog. Still nothing shows up in debug.log or syslog. Odd... | But where is the output? I've verified that syslog.conf is correct and restarted authdaemon and syslog. Still nothing shows up in debug.log or syslog. Odd... | ||
Line 148: | Line 156: | ||
* server says syn ack | * server says syn ack | ||
* client says ack | * client says ack | ||
− | * client says | + | * client says "Client Hello" in TLSv1 |
* server says ack | * server says ack | ||
− | * server says | + | * server says "Server Hello, Certificate, Server Hello Done" in TLSv1 |
* client says ack | * client says ack | ||
− | * client says | + | * client says "Client Key Exchange, Change Cipher Spec, Encrypted Handshake Message" in TLSv1 |
− | * server says | + | * server says "Change Cipher Spec, Encrypted Handshake Message" in TLSv1 |
− | * server says | + | * server says "Application Data, Encrypted Alert" in TLSv1 |
* client says ack | * client says ack | ||
* client says fin, ack | * client says fin, ack | ||
* server says ack | * server says ack | ||
− | It looks perfectly reasonable and civilized, so why does it result in Thunderbird saying: | + | It looks perfectly reasonable and civilized, so why does it result in Thunderbird saying: "not an IMAP4 server"? |
− | Something in that | + | Something in that "Application Data, Encrypted Alert" message convinced the client that it should give up. |
− | According to wikipedia (http://en.wikipedia.org/wiki/Secure_Sockets_Layer#TLS_handshake_in_detail) my handshake appears to be completely or nearly valid. The part I am unsure about is the step where the client tries to decrypt a test message from the server. The last message I see in TLS is the server's test message. The client responds with an ack, but does that mean | + | According to wikipedia (http://en.wikipedia.org/wiki/Secure_Sockets_Layer#TLS_handshake_in_detail) my handshake appears to be completely or nearly valid. The part I am unsure about is the step where the client tries to decrypt a test message from the server. The last message I see in TLS is the server's test message. The client responds with an ack, but does that mean "Ack, I got the message and could decrypt it" or "Ack, I got the message and couldn't decrypt it". |
Maybe there is nothing wrong with the imap-ssl server. | Maybe there is nothing wrong with the imap-ssl server. | ||
===Remove and reinstall=== | ===Remove and reinstall=== | ||
− | I tried | + | I tried "apt-get remove courier-ssl", "apt-get purge courier-ssl", and "apt-get install courier-ssl courier-imapd-ssl". Still I'm unable to connect via SSL in thunderbird and get the "not an imapd4 server" error message. But now I can connect via TLS, which might be just fine. |
Revision as of 03:23, 24 November 2010
Platform: Hardy Heron amd64
https://help.ubuntu.com/community/Squirrelmail
http://flurdy.com/docs/postfix/
Packages
<pre> Desired=Unknown/Install/Remove/Purge/Hold | Status=Not/Installed/Config-f/Unpacked/Failed-cfg/Half-inst/t-aWait/T-pend |/ Err?=(none)/Hold/Reinst-required/X=both-problems (Status,Err: uppercase=bad) ||/ Name Version Description +++-==========================================-===================================-============================================
ii courier-authdaemon 0.60.1-1ubuntu2 Courier authentication daemon ii courier-authlib 0.60.1-1ubuntu2 Courier authentication library ii courier-authlib-userdb 0.60.1-1ubuntu2 userdb support for the Courier authentication ii courier-base 0.58.0.20080127-1ubuntu1 Courier mail server - base system ii courier-imap 4.3.0.20081027-1ubuntu1 Courier mail server - IMAP server ii courier-imap-ssl 4.3.0.20081027-1ubuntu1 Courier mail server - IMAP over SSL ii courier-ssl 0.58.0.20080127-1ubuntu1 Courier mail server - SSL/TLS Support
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Installed/Config-f/Unpacked/Failed-cfg/Half-inst/t-aWait/T-pend
|/ Err?=(none)/Hold/Reinst-required/X=both-problems (Status,Err: uppercase=bad)
||/ Name Version Description
+++-==========================-==========================-====================================================================
ii squirrelmail 2:1.4.13-2ubuntu1 Webmail for nuts
un squirrelmail-decode <none> (no description available)
un squirrelmail-locales <none> (no description available)
</pre>
Test output
<pre> root@weasel:/etc/default# telnet localhost 143 Trying 127.0.0.1... Connected to localhost.localdomain. Escape character is '^]'.
- OK [CAPABILITY IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA IDLE ACL ACL2=UNION] Courier-IMAP ready. Copyright 1998-2005 Double Precision, Inc. See COPYING for distribution information.
a login myuserid mypassword a OK LOGIN Ok. q logout
- BYE Courier-IMAP server shutting down
q OK LOGOUT completed Connection closed by foreign host. </pre>
Testing imap over ssl seems a little more difficult:
<pre> [root@snapper downloads]# telnet finninday.net 993 Trying 24.21.185.50... Connected to finninday.net. Escape character is '^]'. </pre> I'm not sure how to construct a transaction by hand, but when I quit, I got this in the log: <pre> May 15 10:43:46 weasel imapd-ssl: Unexpected SSL connection shutdown. May 15 10:44:50 weasel imapd-ssl: couriertls: accept: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol </pre> So I'm getting past the firewall and talking to the imapd-ssl process.
This might be helpful information: <pre> rday@weasel:~$ couriertls -host=finninday.net -port=993 couriertls: connect: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed </pre>
That's odd because I can verify the cert like this: <pre> root@weasel:/etc/courier# openssl verify imapd.pem imapd.pem: /C=US/ST=Oregon/L=Portland/O=finninday.net/CN=weasel.finninday.net/emailAddress=rday@finninday.net error 18 at 0 depth lookup:self signed certificate OK </pre> The fact that it is self-signed never was a problem before... but maybe things have changed. Maybe imapd isn't presenting the right cert...
Thunderbird imap logging
I turned on Thunderbird's logging of imap transactions like this:
<pre> export NSPR_LOG_MODULES=imap:5 export NSPR_LOG_FILE=/tmp/filename thunderbird </pre>
This is what appears in the log when I try to connect via imap SSL port 993: <pre> 2131264[9699eb0]: afa69b0:weasel.finninday.net:NA:SetupWithUrl: clearing IMAP_CONNECTION_IS_OPEN -1264583792[ab44f10]: ImapThreadMainLoop entering [this=afa69b0] -1264583792[ab44f10]: afa69b0:weasel.finninday.net:NA:ProcessCurrentURL: entering -1264583792[ab44f10]: afa69b0:weasel.finninday.net:NA:ProcessCurrentURL:imap://rday@weasel.finninday.net:993/select%3E%5EINBOX: = currentUrl -1264583792[ab44f10]: ReadNextLine [stream=b15e250 nb=49 needmore=0] -1264583792[ab44f10]: afa69b0:weasel.finninday.net:NA:CreateNewLineFromSocket: * BYE imaplogin expected exactly two arguments. -1264583792[ab44f10]: afa69b0:weasel.finninday.net:NA:SendData: 1 capability -1264583792[ab44f10]: ReadNextLine [stream=b15e250 nb=4294967295 needmore=0] -1264583792[ab44f10]: afa69b0:weasel.finninday.net:NA:CreateNewLineFromSocket: clearing IMAP_CONNECTION_IS_OPEN - rv = 80470002 -1264583792[ab44f10]: afa69b0:weasel.finninday.net:NA:TellThreadToDie: close socket connection -1264583792[ab44f10]: afa69b0:weasel.finninday.net:NA:CreateNewLineFromSocket: (null) -1264583792[ab44f10]: afa69b0:weasel.finninday.net:NA:ProcessCurrentURL: aborting queued urls -1264583792[ab44f10]: ImapThreadMainLoop leaving [this=afa69b0] </pre>
Not particularly helpful. For the same transaction, I see nothing in mail.log.
This is what I see when I switch to using imap without ssl, which is denied at my firewall: <pre> 2131264[9699eb0]: b15a8b0:weasel.finninday.net:NA:SetupWithUrl: clearing IMAP_CONNECTION_IS_OPEN -1252017264[b2936b8]: ImapThreadMainLoop entering [this=b15a8b0] -1252017264[b2936b8]: b15a8b0:weasel.finninday.net:NA:ProcessCurrentURL: entering -1252017264[b2936b8]: b15a8b0:weasel.finninday.net:NA:ProcessCurrentURL:imap://rday@weasel.finninday.net:143/ensureExists%3E%5EINBOX%5EJunk: = currentUrl -1252017264[b2936b8]: ReadNextLine [stream=adb8bc0 nb=0 needmore=1] -1252017264[b2936b8]: b15a8b0:weasel.finninday.net:NA:CreateNewLineFromSocket: clearing IMAP_CONNECTION_IS_OPEN - rv = 804b000d -1252017264[b2936b8]: b15a8b0:weasel.finninday.net:NA:TellThreadToDie: close socket connection -1252017264[b2936b8]: b15a8b0:weasel.finninday.net:NA:CreateNewLineFromSocket: (null) -1252017264[b2936b8]: b15a8b0:weasel.finninday.net:NA:ProcessCurrentURL: aborting queued urls -1252017264[b2936b8]: ImapThreadMainLoop leaving [this=b15a8b0] </pre> In this case, I know the problem is that the firewall is denying the connection, but there is nary a clue about that from this log.
Trying to get more information, I turn to courier's logging. /etc/courier/authdaemonrc has a setting like this: <pre>
- NAME: DEBUG_LOGIN:0
- Dump additional diagnostics to syslog
- DEBUG_LOGIN=0 - turn off debugging
- DEBUG_LOGIN=1 - turn on debugging
- DEBUG_LOGIN=2 - turn on debugging + log passwords too
- ** YES ** - DEBUG_LOGIN=2 places passwords into syslog.
- Note that most information is sent to syslog at level 'debug', so
- you may need to modify your /etc/syslog.conf to be able to see it.
DEBUG_LOGIN=1 </pre>
But where is the output? I've verified that syslog.conf is correct and restarted authdaemon and syslog. Still nothing shows up in debug.log or syslog. Odd...
Packet sniffer
Using a packet sniffer on the client side I can see the conversation looks like this:
- client says syn
- server says syn ack
- client says ack
- client says "Client Hello" in TLSv1
- server says ack
- server says "Server Hello, Certificate, Server Hello Done" in TLSv1
- client says ack
- client says "Client Key Exchange, Change Cipher Spec, Encrypted Handshake Message" in TLSv1
- server says "Change Cipher Spec, Encrypted Handshake Message" in TLSv1
- server says "Application Data, Encrypted Alert" in TLSv1
- client says ack
- client says fin, ack
- server says ack
It looks perfectly reasonable and civilized, so why does it result in Thunderbird saying: "not an IMAP4 server"? Something in that "Application Data, Encrypted Alert" message convinced the client that it should give up.
According to wikipedia (http://en.wikipedia.org/wiki/Secure_Sockets_Layer#TLS_handshake_in_detail) my handshake appears to be completely or nearly valid. The part I am unsure about is the step where the client tries to decrypt a test message from the server. The last message I see in TLS is the server's test message. The client responds with an ack, but does that mean "Ack, I got the message and could decrypt it" or "Ack, I got the message and couldn't decrypt it".
Maybe there is nothing wrong with the imap-ssl server.
Remove and reinstall
I tried "apt-get remove courier-ssl", "apt-get purge courier-ssl", and "apt-get install courier-ssl courier-imapd-ssl". Still I'm unable to connect via SSL in thunderbird and get the "not an imapd4 server" error message. But now I can connect via TLS, which might be just fine.