You are not logged in.

#1 2004-05-24 18:09:33

Takaitra
Member
From: Minnesota
Registered: 2004-05-24
Posts: 10

Binc IMAP via xinetd

First of all, I'd like to mention I'm a new convert. I installed AL for the first time last weekend on my server and I love it. I was formerly running RH9 on the server and as there's just no comparison. Some packages, such as the kernel, are even more up to date than on my Gentoo box and it's perfect for a server environment, installing only what you need. So thank you for an awesome distro and now my problem:

My box is both a mail server and a web server. I've got postfix running fairly well now and need to get an IMAP server installed to access its mail. I noticed squirrelmail installed bincimap as a dependency so I decided to use Binc IMAP. After reading as much documentation as I could and configuring everything, however, xinetd / binc is still out to lunch:

$ telnet archserver 143
Trying 192.168.0.15...
telnet: Unable to connect to remote host: Connection refused

here's xinetd.d:

$ ls
bincimap  bincimaps  servers  services  swat

bincimap:

$ cat bincimap
# $Id: xinetd-bincimap.in,v 1.1.1.1 2003/08/18 18:06:05 andreaha Exp $
# default: on
# description: Binc IMAP
service imap
{
        disable         = no
        flags           = REUSE
        socket_type     = stream
        wait            = no
        user            = root
        group           = root
        instances       = UNLIMITED
        server          = /usr/bin/bincimap-up
        server_args     = --conf=/etc/bincimap/bincimap.conf --logtype=syslog -- /bin/checkpassword /usr/bin/bincimapd
        log_type        = SYSLOG daemon info
}

bincimap.conf:

$ cat /etc/bincimap/bincimap.conf
/* -*- mode:java -*- */

// Global configuration file for Binc IMAP. Some settings in this file
// can be overrun with command line arguments.

//----------------------------------------------------------------------------
Authentication {
    allow plain auth in non ssl = "yes",            /* allow login or
                                                      authenticate
                                                      when not in
                                                      SSL/TLS mode */

    auth penalty = 4,                              /* on auth failure,
                                                    * server sleeps so
                                                    * many seconds
                                                    * before allowing
                                                    * client to
                                                    * authenticate
                                                    * again.
                                                    */
    disable starttls = "no"
}

//----------------------------------------------------------------------------
Security {
    jail path = "/usr/bin",
    jail user = "nobody",
    jail group = "nobody"
}

//----------------------------------------------------------------------------
Log {
    type = "syslog",                             /* supports
                                                    * multilog or
                                                    * syslog or
                                                    * stderr (for testing).
                                                    */
    environment ip variable = "TCPREMOTEIP"
}

//----------------------------------------------------------------------------
Mailbox {
    depot = "Maildir++",                           /* Use Maildir++ style
                                                    * depot. */

    type = "Maildir",                              /* only Maildir
                                                    * support */

    path = "Maildir",                              /* default path */

    auto create inbox = "yes",                     /* create INBOX in
                                                    * given format if
                                                    * it doesn't
                                                    * exist.
                                                    */

    auto subscribe mailboxes = "INBOX",            /* list mailboxes
                                                    * in one string,
                                                    * seperated by
                                                    * commas
                                                    */

    umask = "077"                                  /* use this umask
                                                    * when creating
                                                    * mailboxes, or
                                                    * when copying and
                                                    * appending
                                                    * messages.
                                                    */
}

//----------------------------------------------------------------------------
Session {
    idle timeout = 1860,                           /* idle timeout in
                                                      seconds */

    auth timeout = 60,                             /* timeout before
                                                      auth in
                                                      seconds */

    transfer timeout = 1200,                       /* timeout per
                                                      transferred com
                                                      unit (I/O) */

    transfer buffer size = 1024                    /* number of bytes
                                                      to buffer before
                                                      passing on to
                                                      client. */
}

//----------------------------------------------------------------------------
SSL {
    pem file = "/etc/bincimap/bincimap.pem",        /* private key and
                                                      certificate
                                                      chain PEM file
                                                      name */

    ca file = "",                                  /* file to use as
                                                      certificate
                                                      authority */
    ca path = "",                                  /* path to search
                                                      for more certificate
                                                      authorities */

    cipher list = "!ADH:RC4+RSA:HIGH:MEDIUM:LOW:EXP:+SSLv2:+EXP",

    verify peer = "no"
}

//----------------------------------------------------------------------------
      /* $Id: bincimap.conf.in,v 1.2 2003/08/23 12:53:25 andreaha Exp $ */

/etc/services:

$ cat /etc/services |grep imap
imap2           143/tcp                         # Interim Mail Access Proto v2
imap2           143/udp
bincimap        143/tcp
bincimap        143/udp

imap3           220/tcp                         # Interactive Mail Access
imap3           220/udp                         # Protocol v3
bincimaps       993/tcp
bincimaps       993/udp

log:

May 23 16:59:40 archserver xinetd[1823]: xinetd Version 2.3.13 started with no options compiled in.
May 23 16:59:40 archserver xinetd[1823]: Started working: 0 available services

I think maybe the problem is xinetd not recognizing bincimap as a service? Apache and proftpd are working great so I don't think it's a problem with blocked ports. I'm also starting portmap before starting xinetd. Any ideas on how to get this working will be greatly appreciated.

Offline

#2 2004-05-25 15:22:23

Takaitra
Member
From: Minnesota
Registered: 2004-05-24
Posts: 10

Re: Binc IMAP via xinetd

I guess I'll give courier IMAP a try.

Offline

#3 2004-05-25 20:19:12

kpiche
Forum Fellow
From: Ottawa, ON, Canada
Registered: 2004-03-30
Posts: 246
Website

Re: Binc IMAP via xinetd

Apache and proftpd don't usually use xinetd to provide their services.  /etc/services is a name to port number mapping and doesn't control what services are running and shouldn't normally be modified.  Not that that helps.

However I tried it and my /var/log/errors file contains:

May 25 16:25:10 kpiche xinetd[822]: Port not specified and can't find service: imap with getservbyname
May 25 16:25:10 kpiche xinetd[822]: Port not specified and can't find service: imaps with getservbyname

In this case you do need to modify /etc/services.  Xinetd is looking for a service called "imap" because the /etc/xinetd.d/bincimap contains "service imap".  Since this is not in /etc/services it fails.  Modify /etc/services to add an alias "imap" to port 143:

imap2           143/tcp         imap            # Interim Mail Access Proto v2
imap2           143/udp         imap

Or you can modify the bincimap file to say "service imap2".

This should be raised as a bug report stating that the imap service is not defined in /etc/services.

Offline

#4 2004-05-27 03:31:28

Takaitra
Member
From: Minnesota
Registered: 2004-05-24
Posts: 10

Re: Binc IMAP via xinetd

Thank you very much for your reply kpiche. I run apache and proftpd standalone, I chose the xinetd route for IMAP because it won't be used as heavily. This certainly put me on the right track, I get a problem connecting

bincimap-up: error while loading shared libraries: libssl.so.0.9.6: cannot open shared object file: No such file or directory
Connection closed by foreign host.

but I can probably figure this out. I removed the bincimap entries from my services file and added the imap alias. I guess I was a little confused as to how service names were defined in xinetd.

Yes this should definitely be filed as a bug report. I'll do it first thing tomorrow.

Offline

#5 2004-05-28 02:36:17

kpiche
Forum Fellow
From: Ottawa, ON, Canada
Registered: 2004-03-30
Posts: 246
Website

Re: Binc IMAP via xinetd

Ah.  The current version of OpenSSL is 0.9.7d.  So bincimap was missed in the big OpenSSL upgrade a month or so ago.  You can recompile bincimap using abs or file a bug report (or add it to your other bug rep) stating that it needs to be recompiled against the latest OpenSSL.

# ldd /usr/bin/bincimap-up
        libssl.so.0.9.6 => not found
        libcrypto.so.0.9.6 => not found
        libdl.so.2 => /lib/libdl.so.2 (0x40020000)
        libstdc++.so.5 => /usr/lib/libstdc++.so.5 (0x40023000)
        libm.so.6 => /lib/libm.so.6 (0x400dd000)
        libgcc_s.so.1 => /usr/lib/libgcc_s.so.1 (0x400ff000)
        libc.so.6 => /lib/libc.so.6 (0x40108000)
        /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000)

Offline

#6 2004-05-28 16:34:06

Takaitra
Member
From: Minnesota
Registered: 2004-05-24
Posts: 10

Re: Binc IMAP via xinetd

Here is the bug report I filed but tt looks like you already found it.

Thank you for your help again kpiche. Since it works without recompiling and includes POP3 support, I'm using courier-imap for now.

Offline

Board footer

Powered by FluxBB