hey friends,<br>
<br>
I am trying to secure my mail server.I have enabled TLS support in
postfix(version postfix-2.1.5), now I am trying to configure squirrelmail(version 1.4.4-1 rpm) for tls/ssl
support.In config.php i have choosen use_imap_tls=true and
use_smpt_tls=true.<br>
<br>
Moreover If I send any mail from squirrelmail there are no entries for
ssl or tls in maillogs whereas If I send the mail through evolution I
can see tls/ssl entries in maillogs.<br>
<br>
starting TLS engine<br>
Dec 12 12:30:08 cluster1 postfix/smtpd[7965]: setting up TLS connection from [<a href="http://192.168.1.68/" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">192.168.1.68</a>]<br>
Dec 12 12:30:08 cluster1 postfix/smtpd[7965]: SSL_accept:before/accept initialization<br>
Dec 12 12:30:08 cluster1 postfix/smtpd[7965]: SSL_accept:error in SSLv2/v3 read client hello A<br>
Dec 12 12:30:08 cluster1 postfix/smtpd[7965]: SSL_accept:error in SSLv2/v3 read client hello B<br>
Dec 12 12:30:08 cluster1 postfix/smtpd[7965]: SSL_accept:SSLv3 read client hello A<br>
Dec 12 12:30:08 cluster1 postfix/smtpd[7965]: SSL_accept:SSLv3 write server hello A<br>
Dec 12 12:30:08 cluster1 postfix/smtpd[7965]: SSL_accept:SSLv3 write certificate A<br>
Dec 12 12:30:08 cluster1 postfix/smtpd[7965]: SSL_accept:SSLv3 write server done A<br>
Dec 12 12:30:08 cluster1 postfix/smtpd[7965]: SSL_accept:SSLv3 flush data<br>
Dec 12 12:30:08 cluster1 postfix/smtpd[7965]: SSL_accept:error in SSLv3 read client certificate A<br>
Dec 12 12:30:08 cluster1 last message repeated 2 times<br>
Dec 12 12:30:08 cluster1 postfix/smtpd[7965]: SSL_accept:SSLv3 read client key exchange A<br>
Dec 12 12:30:08 cluster1 postfix/smtpd[7965]: SSL_accept:error in SSLv3 read certificate verify A<br>
Dec 12 12:30:08 cluster1 last message repeated 3 times<br>
Dec 12 12:30:08 cluster1 postfix/smtpd[7965]: SSL_accept:SSLv3 read finished A<br>
Dec 12 12:30:08 cluster1 postfix/smtpd[7965]: SSL_accept:SSLv3 write change cipher spec A
<br>
Dec 12 12:30:08 cluster1 postfix/smtpd[7965]: SSL_accept:SSLv3 write finished A
<br>
Dec 12 12:30:08 cluster1 postfix/smtpd[7965]: SSL_accept:SSLv3 flush data<br>
Dec 12 12:30:08 cluster1 postfix/smtpd[7965]: TLS connection
established from [<a href="http://192.168.1.68/" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">192.168.1.68</a>]: SSLv3 with cipher RC4-MD5 (128/128
bits)<br>
<br>
But when I did the config.test for squirrelmail I got the below error<br>
<br>
Checking IMAP service....<br>
IMAP server ready (<tt><small>* OK dovecot ready.</small></tt>)<br>
Capabilities: <tt>* CAPABILITY IMAP4rev1 SORT THREAD=REFERENCES MULTIAPPEND UNSELECT IDLE CHILDREN LISTEXT LIST-SUBSCRIBED NAMESPACE AUTH=PLAIN
</tt><br>
<font color="red"><b>ERROR:</b></font> You have enabled TLS
encryption in the config, but the server does not report STARTTLS
capability. TLS is probably not supported.<br>
<br>
Lines of ssl in /etc/dovecot.conf<br>
protocols = imaps pop3s <br>
imaps_listen = * <br>
pop3s_listen = *<br>
ssl_disable = no<br>
ssl_cert_file = /usr/share/ssl/certs/dovecot.pem <br>
<div id="mb_0"><div>
ssl_key_file = /usr/share/ssl/private/dovecot.pem<br>
ssl_parameters_file = /var/run/dovecot/ssl-parameters.dat<br>
disable_plaintext_auth = yes <br>
<br>
If i do telnet localhost 993 or 995 I don't see any "Ok Dovecot Ready"
message.But If I enable pop3 and imap in dovecot.conf and then I telnet
localhost 110 or 143 I can see "Ok Dovecot Ready" message.<br>
<br>
How do I make squirrelmail to use tls/ssl for both imap & smtp.<br>
<br>
Thanks & Regards<br><span>
<br>
Ankush Grover</span></div></div>