[Dovecot] SSL_accept failed

Timothy Martin instanttim at mac.com
Fri Sep 15 19:01:50 EEST 2006 

On Sep 15, 2006, at 6:43am, OpenMacNews wrote:

>
> hmm ... are you specifically attempting to comm via imapS, init'g  
> comms
> @ port 993? or via TLS, init' the transaction over port 143?
>

I'm using "imaps" with "ssl_listen =  *:10993" because i'm running a  
my production mail server at the same time as i evaluate and test  
dovecot. To clear up any questions i've enclosed my configuration  
file (with most of the comments and used stuff removed) below.


>> but
>> that seems like it must be a bug that hopefully would be fixed (if it
>> hasn't been already).
>
> are you still seeing these errors you'd reported?
>
> 	design1st:/usr/local/openssl/certs root# openssl s_client -connect
> 	...
> 	verify error:num=27:certificate not trusted
> 	...
> 	verify error:num=21:unable to verify the first certificate
>
> if you are, then, again, have you IMPORTED the cert into mail.app?
>

I have made certs in a couple different ways, plus gotten a signed  
cert from CAcerts.org. The errors above (27/21) was from the  
cacerts.org signed cert. The error:num=18's are from the self-signed  
certs. I can successfully use those same certs with my other IMAP  
server, so if it's a cert problem it's something that is explicitly  
acting differently with dovecot. I wish i could get some better  
debugging or logging info out of dovecot.


.tim


-----------------
## Dovecot configuration file

base_dir = /var/run/dovecot/

protocols = imap imaps

disable_plaintext_auth = no

log_path = /var/log/dovecot

##
## SSL settings
##

ssl_disable = no

ssl_cert_file = /usr/local/openssl/certs/test.cert
ssl_key_file  = /usr/local/openssl/private/test.key

#ssl_key_password =
#ssl_ca_file =
#ssl_verify_client_cert = no
#ssl_parameters_regenerate = 168
#ssl_cipher_list = ALL:!LOW

verbose_ssl = yes

##
## Login processes
##

login_process_size = 64

##
## Mailbox locations and namespaces
##

default_mail_env = maildir:/email/test/%u

mail_extra_groups = mail


##
## Mail processes
##

verbose_proctitle = yes

first_valid_uid = 90
last_valid_uid = 90

first_valid_gid = 0

##
## IMAP specific settings
##

protocol imap {

   listen = *:10143
   ssl_listen = *:10993

   mail_plugins = quota imap_quota
   mail_plugin_dir = /usr/local/lib/dovecot/imap

   imap_client_workarounds = delay-newmail outlook-idle
}

##
## LDA specific settings
##

protocol lda {

   postmaster_address = postmaster at example.com

   sendmail_path = /usr/sbin/sendmail
}

##
## Authentication processes
##

auth_verbose = yes
auth_debug = no
auth_debug_passwords = no

auth default {

   mechanisms = plain

   passdb sql {
     args = /usr/local/etc/dovecot-sql.conf
   }

   userdb sql {
     args = /usr/local/etc/dovecot-sql.conf
   }

   user = vexim
}


dict {

}

##
## Plugin settings
##

plugin {

   quota = maildir:storage=10240
}

More information about the dovecot mailing list