Testing the IMAP Server
To test the IMAP server, reboot and perform the following steps (all of
these samples use "foobar" as the IMAP server name). A list of answers
to common installation problems is maintained in
http://cyrusimap.web.cmu.edu/twiki.
1. From your normal account, telnet to the IMAP port on the server
you're setting up:
telnet foobar imap
If your server is running, you'll get the following message:
Trying 128.2.232.95...
Connected to foobar.andrew.cmu.edu.
Escape character is '^]'.
* OK foobar.andrew.cmu.edu Cyrus IMAP4 v2.0.0 server ready
Any message other than one starting with "* OK" means there is a
problem. To terminate the connection, type ". logout".
Naturally the version number should match the version you just
installed.
2. Use "imtest" to test logging in with plaintext passwords:
/usr/local/bin/imtest -m login foobar
If you want to specify a different user, do:
/usr/local/bin/imtest -m login -a USER foobar
If your server is running, you'll get the following message:
% /usr/local/bin/imtest -m login foobar
S: * OK mail1.andrew.cmu.edu Cyrus IMAP4 v2.0.0 server ready
C: C01 CAPABILITY
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ NAMESPACE UIDPLUS
X-NON-HIERARCHICAL-RENAME NO_ATOMIC_RENAME AUTH=GSSAPI AUTH=ANONYMOUS
AUTH=KERBEROS_V4 UNSELECT
S: C01 OK Completed
Password:
+ go ahead
L01 OK User logged in
Authenticated.
Security strength factor: 0
Any message other than one starting with a "L01 OK" means there is
a problem. If the test fails, a more specific error message should
be written through syslog to the server log. To terminate the
connection, type ". logout".
3. You should now test the server with each of the various
authentication mechanisms you have installed. The supported
mechanisms are listed in the CAPABILITY line:
* CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ NAMESPACE UIDPLUS
X-NON-HIERARCHICAL-RENAME NO_ATOMIC_RENAME AUTH=ANONYMOUS
AUTH=KERBEROS_V4 AUTH=DIGEST-MD5 AUTH=CRAM-MD5 UNSELECT
. OK Completed
Each of the mechanism names is preceded by a 'AUTH='. For this
example the ANONYMOUS, KERBEROS_V4, DIGEST-MD5, and CRAM-MD5
mechanisms are available. If a mechanism does not appear that you
wish to use, examine the libsasl log messages. Generally, if a
mechanism does not appear, it means it failed to initialize. (For
example, if the server is unable to access the srvtab file the
KERBEROS_V4 mechanism will refuse to load.)
Plaintext login is a special case: the PLAIN SASL mechanism is only
advertised under an encrypted connection. However, plaintext logins
are available (as long as you haven't disabled plaintext) by using
-m login(as above).
To terminate the imtest connection, type ". logout".
Once you are satisfied with the authentication mechanism list you
should attempt to log in with each of those mechanisms. Run imtest
specifying which mechanism you would like to use.
/usr/local/bin/imtest -m KERBEROS_V4 foobar
C: C01 CAPABILITY
S: * OK foobar.andrew.cmu.edu Cyrus IMAP4 v2.0.0 server ready
S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ NAMESPACE
UIDPLUS X-NON-HIERARCHICAL-RENAME NO_ATOMIC_RENAME AUTH=ANONYMOUS
AUTH=GSSAPI AUTH=KERBEROS_V4 UNSELECT
S: C01 OK Completed
C: A01 AUTHENTICATE KERBEROS_V4
S: + wYcDAA==
C: BAYBQU5EUkVXLkNNVS5FRFUAOCAm7F/Y+HabCzJ
/UMtVcvWRjTohuq/USaCV6gYdkAU5DOcADAq
S: + 0aAsUGQZhgQ=
C: ADMe/cVivAYYzy1yd4Vojg==
S: A01 OK Success (privacy protection)
Authenticated.
Security strength factor: 56
Any message other than one starting with a "A01 OK" means there is
a problem. If the test fails, a more specific error message is
written through syslog to the server log. To terminate the
connection, type ". logout".
See the libsasl documentation for a full description of all the
mechanisms. It is also possible to support "security layers"
(privacy or integrity protected connections). By default, imtest
uses the strongest layer available with the selected mechanism; use
"-l" to choose an alternate layer.