Testing the IMAP Server

To test the IMAP server, reboot and perform the following steps (all of these samples use "foobar" as the IMAP server name). A list of answers to common installation problems is maintained in http://cyrusimap.web.cmu.edu/twiki.
  1. From your normal account, telnet to the IMAP port on the server you're setting up:
       telnet foobar imap
    
    If your server is running, you'll get the following message:
       Trying 128.2.232.95...
       Connected to foobar.andrew.cmu.edu.
       Escape character is '^]'.
       * OK foobar.andrew.cmu.edu Cyrus IMAP4 v2.0.0 server ready
    

    Any message other than one starting with "* OK" means there is a problem. To terminate the connection, type ". logout".

    Naturally the version number should match the version you just installed.

  2. Use "imtest" to test logging in with plaintext passwords:
       /usr/local/bin/imtest -m login foobar
    

    If you want to specify a different user, do:

       /usr/local/bin/imtest -m login -a USER foobar
    
    If your server is running, you'll get the following message:
       % /usr/local/bin/imtest -m login foobar
       S: * OK mail1.andrew.cmu.edu Cyrus IMAP4 v2.0.0 server ready
       C: C01 CAPABILITY
       S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ NAMESPACE UIDPLUS 
       X-NON-HIERARCHICAL-RENAME NO_ATOMIC_RENAME AUTH=GSSAPI AUTH=ANONYMOUS 
       AUTH=KERBEROS_V4 UNSELECT
       S: C01 OK Completed
       Password: 
       + go ahead
       L01 OK User logged in
       Authenticated.
       Security strength factor: 0
    

    Any message other than one starting with a "L01 OK" means there is a problem. If the test fails, a more specific error message should be written through syslog to the server log. To terminate the connection, type ". logout".

  3. You should now test the server with each of the various authentication mechanisms you have installed. The supported mechanisms are listed in the CAPABILITY line:
      * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ NAMESPACE UIDPLUS 
      X-NON-HIERARCHICAL-RENAME NO_ATOMIC_RENAME AUTH=ANONYMOUS
      AUTH=KERBEROS_V4 AUTH=DIGEST-MD5 AUTH=CRAM-MD5 UNSELECT
      . OK Completed
    
    Each of the mechanism names is preceded by a 'AUTH='. For this example the ANONYMOUS, KERBEROS_V4, DIGEST-MD5, and CRAM-MD5 mechanisms are available. If a mechanism does not appear that you wish to use, examine the libsasl log messages. Generally, if a mechanism does not appear, it means it failed to initialize. (For example, if the server is unable to access the srvtab file the KERBEROS_V4 mechanism will refuse to load.)

    Plaintext login is a special case: the PLAIN SASL mechanism is only advertised under an encrypted connection. However, plaintext logins are available (as long as you haven't disabled plaintext) by using -m login(as above).

    To terminate the imtest connection, type ". logout".

    Once you are satisfied with the authentication mechanism list you should attempt to log in with each of those mechanisms. Run imtest specifying which mechanism you would like to use.

       /usr/local/bin/imtest -m KERBEROS_V4 foobar
       C: C01 CAPABILITY
       S: * OK foobar.andrew.cmu.edu Cyrus IMAP4 v2.0.0 server ready
       S: * CAPABILITY IMAP4 IMAP4rev1 ACL QUOTA LITERAL+ NAMESPACE
       UIDPLUS X-NON-HIERARCHICAL-RENAME NO_ATOMIC_RENAME AUTH=ANONYMOUS
       AUTH=GSSAPI AUTH=KERBEROS_V4 UNSELECT
       S: C01 OK Completed
       C: A01 AUTHENTICATE KERBEROS_V4
       S: + wYcDAA==
       C: BAYBQU5EUkVXLkNNVS5FRFUAOCAm7F/Y+HabCzJ
          /UMtVcvWRjTohuq/USaCV6gYdkAU5DOcADAq
       S: + 0aAsUGQZhgQ=
       C: ADMe/cVivAYYzy1yd4Vojg==
       S: A01 OK Success (privacy protection)
       Authenticated.
       Security strength factor: 56
    

    Any message other than one starting with a "A01 OK" means there is a problem. If the test fails, a more specific error message is written through syslog to the server log. To terminate the connection, type ". logout".

    See the libsasl documentation for a full description of all the mechanisms. It is also possible to support "security layers" (privacy or integrity protected connections). By default, imtest uses the strongest layer available with the selected mechanism; use "-l" to choose an alternate layer.


last modified: $Date: 2007/02/07 18:58:07 $