# can't authenticate imapd-ssl

## schism39401

I recently redid my qmail setup to include vpopmail,spamassassin, clamav, and qmail-scanner. Everything seems to be working fine except I can't login to check my mail.  

I can't login thru evolution, imp, or squirrelmail. I am rather stuck as to what to do next. I followed the gentoo qmail guide http://www.gentoo.org/doc/en/qmail-howto.xml and still can't login in. 

It looks as tho everything is working and emails are coming in. 

```
spamd[13734]: [checking message <5.2.1.1.0.20040317142119.00b140a8@mail.c0rec0rruption.org> for qmailq] 204.

spamd[13734]: [clean message (2.5/6.0) for qmailq] 204 in 0.7 seconds, 2627 bytes.

spamd[13748]: [info] setuid to qmailq succeeded

spamd[13748]: [checking message <1079555613.4058b61d67a0d@mail.umich.edu> for qmailq] 204.

spamd[13748]: [clean message (0.0/6.0) for qmailq] 204 in 1.2 seconds, 2993 bytes.

spamd[13763]: [info] setuid to qmailq succeeded

spamd[13763]: [checking message <00df01c40c5f$6c8553c0$ca000001@treina1> for qmailq] 204.

spamd[13763]: [clean message (0.5/6.0) for qmailq] 204 in 1.4 seconds, 8681 bytes.

spamd[14141]: [info] setuid to qmailq succeeded

```

as far as errors for when I try to login they are fairly generic 

```

Mar 17 16:24:05 [imapd-ssl] LOGIN FAILED, ip=[68.63.230.103]

Mar 17 16:24:10 [pop3d-ssl] couriertls: accept: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol

Mar 17 16:24:10 [imapd-ssl] LOGIN FAILED, ip=[68.63.230.103]

Mar 17 16:24:15 [imapd-ssl] LOGIN FAILED, ip=[68.63.230.103]

Mar 17 16:24:15 [imapd-ssl] LOGOUT, ip=[68.63.230.103]

Mar 17 16:26:37 [imapd-ssl] Connection, ip=[68.63.230.103]

Mar 17 16:26:42 [imapd-ssl] LOGIN FAILED, ip=[68.63.230.103]

Mar 17 16:26:47 [imapd-ssl] LOGIN FAILED, ip=[68.63.230.103]

Mar 17 16:26:52 [imapd-ssl] LOGIN FAILED, ip=[68.63.230.103]

Mar 17 16:26:52 [imapd-ssl] LOGOUT, ip=[68.63.230.103]

Mar 17 16:27:06 [imapd-ssl] Connection, ip=[68.63.230.103]

Mar 17 16:27:06 [imapd-ssl] LOGIN, user=jake@jwalters.homelinux.org, ip=[68.63.230.103], protocol=IMAP

Mar 17 16:27:06 [imapd-ssl] LOGOUT, user=jake@jwalters.homelinux.org, ip=[68.63.230.103], headers=0, body=0

Mar 17 16:27:07 [imapd-ssl] Connection, ip=[68.63.230.103]

Mar 17 16:27:07 [imapd-ssl] LOGIN, user=jake@jwalters.homelinux.org, ip=[68.63.230.103], protocol=IMAP

```

This is the first time I have seen this error  

```
Mar 17 16:24:10 [pop3d-ssl] couriertls: accept: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
```

And I can't find anywhere that has SSL23

I really don't know what else to check...Any suggestions would be apprieciated....

----------

## Ijon Tichy

Just curious, can you get your mail using non-SSL imap or pop? 

It might be helpful to see if it's a generic imap/pop connectivity problem or just an issue with the SSL enabled services.

----------

## schism39401

Thanks for the response. I have tried with just the regular imap and pop and still  notthing...

----------

## Ijon Tichy

One thing that tripped me up a bit was xinetd's default configuration. Check /etc/xinetd.conf and see if you've got this line:

```

defaults

{

        only_from      = localhost

        ...

}

```

If you do, and you're trying to get your mail from somewhere other than localhost (e.g., 68.63.230.103  :Smile:  ), you may be getting stopped by xinetd.

Go into your /etc/xinetd.d/imap (or whatever service you prefer) file and add a line like: 

```
only_from               =  68.63.230.103 127.0.0.1
```

It'll also accept CIDR notation if you want to add the whole network (68.63.230.0/24) or something.

Just another place to check. I hope this helps.

----------

## Ijon Tichy

Whoops.  :Embarassed: 

I just caught on that you're using a different imap/pop than I am. It doesn't look like yours run out of xinetd. 

At least, not if you had to run a command like 

/etc/init.d/courier-pop3d-ssl start

Heh. Sorry.     :Confused: 

----------

## schism39401

Thanks for the responces. I am using courier-imap-ssl and courier-pop3d-ssl. I am still not able to connect thru evouluton or any webmail however....my logs look like it is making a connection

```
Mar 17 20:48:59 [imapd-ssl] Connection, ip=[68.63.230.103]

Mar 17 20:48:59 [imapd-ssl] LOGIN, user=jake@year26.org, ip=[68.63.230.103], protocol=IMAP

Mar 17 20:49:12 [imapd-ssl] Connection, ip=[68.63.230.103]

Mar 17 20:49:12 [imapd-ssl] LOGIN, user=jake@year26.org, ip=[68.63.230.103], protocol=IMAP

Mar 17 20:49:12 [imapd-ssl] LOGOUT, user=jake@year26.org, ip=[68.63.230.103], headers=0, body=0

Mar 17 20:49:12 [imapd-ssl] Connection, ip=[68.63.230.103]

Mar 17 20:49:12 [imapd-ssl] LOGIN, user=jake@year26.org, ip=[68.63.230.103], protocol=IMAP

Mar 17 20:49:58 [imapd-ssl] Connection, ip=[68.63.230.103]

Mar 17 20:49:58 [imapd-ssl] LOGIN, user=jake@year26.org, ip=[68.63.230.103], protocol=IMAP

Mar 17 20:49:59 [imapd-ssl] LOGOUT, user=jake@year26.org, ip=[68.63.230.103], headers=0, body=0

Mar 17 20:49:59 [imapd-ssl] Connection, ip=[68.63.230.103]

Mar 17 20:49:59 [imapd-ssl] LOGIN, user=jake@year26.org, ip=[68.63.230.103], protocol=IMAP

Mar 17 20:50:09 [imapd-ssl] Connection, ip=[68.63.230.103]

Mar 17 20:50:09 [imapd-ssl] LOGIN, user=jake@jwalters.homelinux.org, ip=[68.63.230.103], protocol=IMAP

Mar 17 20:50:09 [imapd-ssl] LOGOUT, user=jake@jwalters.homelinux.org, ip=[68.63.230.103], headers=0, body=0

Mar 17 20:50:09 [imapd-ssl] Connection, ip=[68.63.230.103]

Mar 17 20:50:09 [imapd-ssl] LOGIN, user=jake@jwalters.homelinux.org, ip=[68.63.230.103], protocol=IMAP
```

That is what i usually saw when everything was working...I also got a new error  :Smile: 

```
Mar 17 20:50:39 [pop3d-ssl] couriertls: connect: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number

Mar 17 20:51:11 [pop3d-ssl] couriertls: connect: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number

Mar 17 20:51:47 [pop3d-ssl] couriertls: connect: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number

Mar 17 20:51:53 [pop3d-ssl] couriertls: connect: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number

Mar 17 20:58:35 [pop3d-ssl] couriertls: connect: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number

```

i did a search on the forums and google and one person said it was because evolution was running a different version of ssl....I am recompiling openssl right now and I have evolution 1.5.

----------

## schism39401

ok....so i got rid of that version error by updating openssl...but i still can't login from anything....

```
Mar 18 01:30:15 [imapd-ssl] LOGIN FAILED, ip=[68.63.230.103]

Mar 18 01:30:20 [imapd-ssl] LOGIN FAILED, ip=[68.63.230.103]

Mar 18 01:30:20 [imapd-ssl] LOGOUT, ip=[68.63.230.103]

Mar 18 01:30:49 [imapd-ssl] Connection, ip=[68.63.230.103]

Mar 18 01:30:49 [imapd-ssl] LOGIN, user=jake@year26.org, ip=[68.63.230.103], protocol=IMAP

Mar 18 01:30:49 [imapd-ssl] LOGOUT, user=jake@year26.org, ip=[68.63.230.103], headers=0, body=0

Mar 18 01:30:49 [imapd-ssl] Connection, ip=[68.63.230.103]

```

I think i have almost got this....but i am in rut and don't know where to go from here.....

```

Mar 18 01:51:27 [pop3d-ssl] LOGIN FAILED, ip=[192.168.0.71]

Mar 18 01:51:40 [pop3d-ssl] LOGIN FAILED, ip=[192.168.0.71]

Mar 18 01:52:03 [pop3d-ssl] Connection, ip=[192.168.0.71]

Mar 18 01:52:03 [pop3d-ssl] Disconnected, ip=[192.168.0.71]

Mar 18 01:52:06 [pop3d-ssl] Connection, ip=[192.168.0.71]

Mar 18 01:52:06 [pop3d-ssl] Disconnected, ip=[192.168.0.71]

Mar 18 01:52:07 [pop3d-ssl] Connection, ip=[192.168.0.71]

Mar 18 01:52:07 [pop3d-ssl] Disconnected, ip=[192.168.0.71]

Mar 18 01:52:08 [pop3d-ssl] Connection, ip=[192.168.0.71]

Mar 18 01:52:08 [pop3d-ssl] Disconnected, ip=[192.168.0.71]

Mar 18 01:52:09 [pop3d-ssl] Connection, ip=[192.168.0.71]

Mar 18 01:52:09 [pop3d-ssl] Disconnected, ip=[192.168.0.71]

Mar 18 01:52:26 [pop3d-ssl] Connection, ip=[192.168.0.71]

Mar 18 01:52:26 [pop3d-ssl] Disconnected, ip=[192.168.0.71]

```

even pop is working ....i just can't get in from anywhere....

----------

## schism39401

Well still no headway....I have recompiled openssl, evolution, horde, horde-im p and I still can't login. I am trying to login from work right now thru horde and this is the message I get....

```
Mar 18 16:12:34 [imapd-ssl] Connection, ip=[68.63.230.103]

Mar 18 16:12:39 [imapd-ssl] LOGIN FAILED, ip=[68.63.230.103]

Mar 18 16:12:44 [imapd-ssl] LOGIN FAILED, ip=[68.63.230.103]

Mar 18 16:12:49 [imapd-ssl] LOGIN FAILED, ip=[68.63.230.103]

Mar 18 16:12:49 [imapd-ssl] LOGOUT, ip=[68.63.230.103]

```

The ip address is showing my server address....when everything worked this is what it looked like 

```

Mar 13 15:44:31 [imapd] DISCONNECTED, user=jake, ip=[192.168.0.100], headers=323

96, body=49559

Mar 13 18:59:05 [imapd] Connection, ip=[192.168.0.100]

Mar 13 18:59:05 [imapd] LOGIN, user=jake, ip=[192.168.0.100], protocol=IMAP

Mar 14 00:04:18 [imapd] DISCONNECTED, user=jake, ip=[192.168.0.100], headers=386

59, body=50142

```

Now everytime it wants to connect to my outside ip address....I really, really need some advice on what else to look at....

----------

## schism39401

Well still no headway....I have recompiled openssl, evolution, horde, horde-im p and I still can't login. I am trying to login from work right now thru horde and this is the message I get....

```
Mar 18 16:12:34 [imapd-ssl] Connection, ip=[68.63.230.103]

Mar 18 16:12:39 [imapd-ssl] LOGIN FAILED, ip=[68.63.230.103]

Mar 18 16:12:44 [imapd-ssl] LOGIN FAILED, ip=[68.63.230.103]

Mar 18 16:12:49 [imapd-ssl] LOGIN FAILED, ip=[68.63.230.103]

Mar 18 16:12:49 [imapd-ssl] LOGOUT, ip=[68.63.230.103]

```

The ip address is showing my server address....when everything worked this is what it looked like 

```

Mar 13 15:44:31 [imapd] DISCONNECTED, user=jake, ip=[192.168.0.100], headers=323

96, body=49559

Mar 13 18:59:05 [imapd] Connection, ip=[192.168.0.100]

Mar 13 18:59:05 [imapd] LOGIN, user=jake, ip=[192.168.0.100], protocol=IMAP

Mar 14 00:04:18 [imapd] DISCONNECTED, user=jake, ip=[192.168.0.100], headers=386

59, body=50142

```

Now everytime it wants to connect to my outside ip address....I really, really need some advice on what else to look at....

----------

## schism39401

I couldn't get anything to work no matter what I tried so I decided to do a fresh install....After following the directions verbatim here I am back with the same damn problem....everything seems to work only I can't login from evolution or horde or anything else for that matter....

I unmerged qmail, vpopmail, courier, clamav, qmail-scanner, spamassassin and deleted the leftover config files. And then re-emerged qmail, vpopmail, courier-imap....

----------

## Ijon Tichy

Here's an older thread about 'login failed' problems I found from a Google search. Maybe it'll help. From the sounds of these guys, their courier-imap was trying to only use MySQL authentication when the MySQL libs were available. 

Dunno if that's what you're experiencing, but it might be worth a look:

http://www.copilotconsulting.com/mail-archives/courier.2001/1485.html

Maybe adding USE flags for -mysql and others would help.

Another shot in the dark for ya.  :Smile: 

----------

## Ijon Tichy

Here's another URL that would seem to indicate the same thing: 

http://www.flatmtn.com/computer/Linux-Imap-Courier.html

He used these compile time options:

```

./configure --without-authuserdb --without-authcram \

--without-authvchkpw --without-authldap --without-authmysql \

--without-authpgsql --without-authdaemon --without-ipv6 \

--with-piddir=/var/run

```

Presumably to get around courier-imap using any unwanted method of authentication.

Hope this helps.

----------

## Shrekkie

Just in case somebody has the same problem.

I couldn't authenticate with courier-imap-ssl, courier-pop3d-ssl, squirrelmail, nor qmail, and this all after an system upgrade.

If you think good, it couldn't be much (after checking 100 times the conf files of course )

IMO it had to or vpopmail or mysql or a borked athvchkpw-module . So I rebuild both and afterwards rebuild courier to be sure that module was built right again.

For me this did the trick, Hope this helps someone.

----------

## jhboricua

You need to post the content of your imap and imapd-ssl configuration files.

----------

