Using courier-imap-2.1.2-r1, there are settings in the imapd-ssl configuration file to enable the STARTTLS extension to the normal IMAP protocol. These settings don't work, and I can't get STARTTLS to enable. (the TLS_REQUIRED setting doesn't work either, users can still login in the clear) The older style imapd-ssl on port 993 does work, as does STARTTLS in the pop3d server from the same package. Reproducible: Always Steps to Reproduce: 1. Install courier-imap using the method in the Virtual Mailhost guide. (this includes creating a certificate) (http://www.gentoo.org/doc/en/virt-mail-howto.xml) 2. Change imapd-ssl to enable STARTTLS Actual Results: Nothing. Expected Results: STARTTLS should appear in the list of valid commands to the server, and should actually work. Another Gentoo user reports that it does work properly using the older 1.7 ebuild of courier-imap. Several other people in the Networking and Security forums have reported the same problem with 2.1.2, there doesn't seem to be any solution except attempting to downgrade to 1.7. emerge info: Portage 2.0.49-r21 (default-x86-1.4, gcc-3.2.3, glibc-2.3.2-r9, 2.4. 20-gentoo-r9) ================================================================= System uname: 2.4.20-gentoo-r9 i686 Pentium III (Katmai) Gentoo Base System version 1.4.3.10p1 ACCEPT_KEYWORDS="x86" AUTOCLEAN="yes" CFLAGS="-march=pentium3 -O3 -fomit-frame-pointer -pipe" CHOST="i686-pc-linux-gnu" COMPILER="gcc3" CONFIG_PROTECT="/etc /usr/X11R6/lib/X11/xkb /usr/kde/2/share/config /usr/kde/3/share/config /usr/share/config /var/qmail/control" CONFIG_PROTECT_MASK="/etc/gconf /etc/env.d" CXXFLAGS="-march=pentium3 -O3 -fomit-frame-pointer -pipe" DISTDIR="/usr/portage/distfiles" FEATURES="autoaddcvs ccache sandbox" GENTOO_MIRRORS="http://gentoo.noved.org/ http://mirrors.tds.net/gentoo ftp: //gentoo.noved.org/ ftp://ftp.gtlib.cc.gatech.edu/pub/gentoo" MAKEOPTS="-j2" PKGDIR="/usr/portage/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="X apache2 apm arts avi berkdb crypt encode foomaticdb gdbm gif gnome gpm gtk gtk2 imap imlib java jpeg kde libg++ libwww mad maildir mikmod motif mpeg mysql ncurses nls oggvorbis opengl oss pam pdflib perl png python qt quicktime readline sasl sdl slang spell ssl svga tcltk tcpd truetype x86 xml xml2 xmms xv zlib"
This is because in order for STARTTLS to work on the imap protocol, the binary couriertls needs to be run, rather then couiertcpd. However the port only choices to install the couriertcpd binary, rather then both. Worse the files/gentoo-imapd.rc script is hardcoded to use couriertcpd regardless of whether or not starttls has been set.
this is the same bug as described in bug # 39762 bug # 39762 describes the problem a little more accuratly
*** Bug 39762 has been marked as a duplicate of this bug. ***
I've been banging my head against this for a while as well, but I've finally got it working. There's a bug in gentoo-imapd.rc: --- gentoo-imapd.rc.org Wed Mar 10 11:32:38 2004 +++ gentoo-imapd.rc Wed Mar 10 11:36:09 2004 @@ -19,7 +19,8 @@ done ulimit -d $IMAP_ULIMITD -export IMAPDSTARTTLS +IMAP_STARTTLS=$IMAPDSTARTTLS +export IMAP_STARTTLS TLS_PROTOCOL=$TLS_STARTTLS_PROTOCOL eval `sed -n '/^#/d;/=/p' </etc/courier-imap/imapd | \ sed 's/=.*//;s/^/export /;s/$/;/'` With this change, STARTTLS is enabled on the unencrypted port. Tim
That worked for me, thanks! I don't suppose we could get an update to the package with this change?
In fact a new version of courier-imap would be nice. According to http://sourceforge.net/project/showfiles.php?group_id=5404 there have been 5 releases since v2.1.2.
Thank you for the new version of courier-imap (courier-imap-3.0.2), the update is appreciated. However, the bug in gentoo-imapd.rc is still present, and without it STARTTLS support is BROKEN. Can you please include the patch in the ebuild?
fixed in cvs for 3.0.5