Roberto C. Sanchez wrote: [SNIP] > In summary, here are the things that I saw: > 1. Dependency resolution was spectacular (who would expect less from > Debian?) > 2. New config files went OK. > 3. Cyrus IMAP (going from cyrus v1.5 to cyrus21) broke very hard > 4. sslwrap upgrade completely choked over openssl [SNIP] > 3. I really have no idea what happened here. I carefully followed > the upgrade instructions, but my mailboxes.db ended up corrupted, which > caused the cyrus server to go crazy. Also, once I got saslauthd to > where it would work correctly, cyrus refused all imap and imaps > connections. I ended up having to go into /etc/hosts.allow and add > ALL:LOCAL for cyrus to finally accept only local imap connections. > I never figured out how to get it to accept imaps connections without > adding ALL:ALL, which is not an acceptable solution). About 4 hours > of Google searching yielded no useful information. I ended up setting > impas to go through sslwrap (as I had for cyrus v1.5), since it would > accept remote connections. I can't tell if this is a bug or a mis- > configuration on my part. [SNIP]
OK. I figured this out. The problem was misconfiguration on my part. However, I think the documentation was less than helpful. I had this in /etc/hosts.allow prior to upgrade: imapd: LOCAL Since cyrus in Woody was not ssl-enabled, I had sslwrap to proxy imaps. Here is the section from README.Debian in cyrus21-common: o The services are tcp-wrapped. Their hosts.allow/hosts.deny id is the service name in /etc/cyrus.conf. See hosts_access(5). I didn't quite understand and/or see this during the upgrade, but I ended up having to add LOCAL: ALL to /etc/hosts.allow (which I did not like). I finally figured this out after reading the README.Debian for about the fifth time yesterday. I don't think it is quite worthy of a bug report (maybe low priority, but then the change won't go into Sarge). However, I think that it should be more clearly stated that, e.g., if you HAD 'imapd' listed in hosts.allow, that it now becomes 'imap'. I consider myself an experienced user/admin and this little thing totally caught me off guard. Just my thoughts, -Roberto -- Roberto C. Sanchez http://familiasanchez.net/~sanchezr
signature.asc
Description: OpenPGP digital signature
