Testing the IMAP Server To test the IMAP server, reboot and perform the following steps (all of these samples use "foobar" as the IMAP server name). A list of answers to common installation problems is maintained in http://cyrusimap.web.cmu.edu/twiki. 1. From your normal account, telnet to the IMAP port on the server you're setting up: telnet foobar imap If your server is running, you'll get the following message: Trying 128.2.232.95... Connected to foobar.andrew.cmu.edu. Escape character is '^]'. * OK foobar.andrew.cmu.edu Cyrus IMAP4 v2.0.0 server ready Any message other than one starting with "* OK" means there is a problem. To terminate the connection, type ". logout". Naturally the version number should match the version you just installed. 2. Use "imtest" to test logging in with plaintext passwords: /usr/local/bin/imtest -m login foobar If you want to specify a different user, do: /usr/local/bin/imtest -m login -a USER foobar If your server is running, you'll get the following message: % /usr/local/bin/imtest -m login foobar S: * OK mail1.andrew.cmu.edu Cyrus IMAP4 v2.0.0 server ready C: C01 CAPABILITY S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ NAMESPACE UIDPLUS X-NON-HIERARCHICAL-RENAME NO_ATOMIC_RENAME AUTH=GSSAPI AUTH=ANONYMOUS AUTH=KERBEROS_V4 UNSELECT S: C01 OK Completed Password: + go ahead L01 OK User logged in Authenticated. Security strength factor: 0 Any message other than one starting with a "L01 OK" means there is a problem. If the test fails, a more specific error message should be written through syslog to the server log. To terminate the connection, type ". logout". 3. You should now test the server with each of the various authentication mechanisms you have installed. The supported mechanisms are listed in the CAPABILITY line: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ NAMESPACE UIDPLUS X-NON-HIERARCHICAL-RENAME NO_ATOMIC_RENAME AUTH=ANONYMOUS AUTH=KERBEROS_V4 AUTH=DIGEST-MD5 AUTH=CRAM-MD5 UNSELECT . OK Completed Each of the mechanism names is preceded by a 'AUTH='. For this example the ANONYMOUS, KERBEROS_V4, DIGEST-MD5, and CRAM-MD5 mechanisms are available. If a mechanism does not appear that you wish to use, examine the libsasl log messages. Generally, if a mechanism does not appear, it means it failed to initialize. (For example, if the server is unable to access the srvtab file the KERBEROS_V4 mechanism will refuse to load.) Plaintext login is a special case: the PLAIN SASL mechanism is only advertised under an encrypted connection. However, plaintext logins are available (as long as you haven't disabled plaintext) by using -m login(as above). To terminate the imtest connection, type ". logout". Once you are satisfied with the authentication mechanism list you should attempt to log in with each of those mechanisms. Run imtest specifying which mechanism you would like to use. /usr/local/bin/imtest -m KERBEROS_V4 foobar C: C01 CAPABILITY S: * OK foobar.andrew.cmu.edu Cyrus IMAP4 v2.0.0 server ready S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ NAMESPACE UIDPLUS X-NON-HIERARCHICAL-RENAME NO_ATOMIC_RENAME AUTH=ANONYMOUS AUTH=GSSAPI AUTH=KERBEROS_V4 UNSELECT S: C01 OK Completed C: A01 AUTHENTICATE KERBEROS_V4 S: + wYcDAA== C: BAYBQU5EUkVXLkNNVS5FRFUAOCAm7F/Y+HabCzJ /UMtVcvWRjTohuq/USaCV6gYdkAU5DOcADAq S: + 0aAsUGQZhgQ= C: ADMe/cVivAYYzy1yd4Vojg== S: A01 OK Success (privacy protection) Authenticated. Security strength factor: 56 Any message other than one starting with a "A01 OK" means there is a problem. If the test fails, a more specific error message is written through syslog to the server log. To terminate the connection, type ". logout". See the libsasl documentation for a full description of all the mechanisms. It is also possible to support "security layers" (privacy or integrity protected connections). By default, imtest uses the strongest layer available with the selected mechanism; use "-l" to choose an alternate layer.