1.

Solve : Solaris CSWimap not using SSL on port 993 when using IPv6?

Answer»

Hi,

I've just got a free IPv6 tunnel from Hurricane Electric and a Mikrotik RB to do all the firewall and tunnelling for my network, and I've been going round my systems converting them to IPv6. Finding out that Solaris containers need their own link local devices to be ABLE to use neighbour discovery was interesting. Configuring hairpin NAT on the router was another interesting one. Adding IPv6 support to sendmail was easy enough. Now I'm stuck on imaps and pops ...

I editted /etc/services to include imaps and pops ages ago when I setup IPv4, so this time all I did was change tcp to tcp6 in the inetd.conf and ran
Code: [Select]# inetconv -fthis built a whole load of new FMRI services for IPv6 as follows
Code: [Select]online         22:05:23 svc:/network/imap/tcp6:default
online         22:05:39 svc:/network/pop3/tcp6:default
online         22:05:50 svc:/network/pop3s/tcp6:default
online         22:05:59 svc:/network/imaps/tcp6:default
When I telnet to the ports 110,143,993 and 995 I find that using the IPv4 address you get the expected pop and imap prompts and 993 995 dont give any prompt as you'd expect from an encryted port.

However, when I telnet to the same ports using the IPv6 address I get unencrypted pop and imap prompts on all 4 ports. Has anyone any clue what to do from here?

BTW, as a wild stab in the dark I also tried adding lines with tcp6 in /etc/services but that makes no difference.

Finally, for detail I'm using
Solaris 10 HW 3/05 for SPARC on an Ultra-5 and the pop and imap service is provided by the CSWimap package, and its all running in a Solaris zone (aka container)
Code: [Select]# pkginfo -l CSWimap
   PKGINST:  CSWimap
      NAME:  imap - mail server daemon (UW)
  CATEGORY:  system
      ARCH:  sparc
   VERSION:  2002,REV=2003.08.3_rev=d
    VENDOR:  http://www.washington.edu/imap/  packaged for CSW by Sascha Ferley
    PSTAMP:  apollo20030803013117
  INSTDATE:  Mar 29 2006 01:48
   HOTLINE:  http://www.blastwave.org/bugtrack/
     EMAIL:  [email protected]
    STATUS:  completely installed
     FILES:       51 installed pathnames
                   7 shared pathnames
                   8 directories
                  14 executables
               19565 blocks used (approx)

# CAT /etc/release
                         Solaris 10 3/05 s10_74L2a SPARC
           Copyright 2005 Sun Microsystems, Inc.  All Rights Reserved.
                        Use is subject to license terms.
                            Assembled 22 January 2005
Thx,
Banjo.
I eventually found some information on the University of Washington's website (the author of CSWimap) that said you need to RECOMPILE with:
# make IP=6

So I downloaded and compiled that.

For some reason its not linking with /usr/local/ssl/lib so I symbollically LINKED libssl and libcrypto to /usr/lib and finally I just needed to copy the ssl keys from /opt/csw to /usr/local/ssl

Now everything works fine with IPv6


Discussion

No Comment Found

Related InterviewSolutions