[Dovecot] Dovecot SSL issues

Spyros Tsiolis stsiol at yahoo.co.uk
Fri Jan 29 13:12:10 EET 2010 

Hello all,

successfully managed to make dovecot work with horde (http://www.horde.org)
and another MTA (SMTP/POP3).

I have this nagging issue with dovecot though (I suspect - it's dovecot and
not the rest of the packages, please read on):

There is this special page one goes, that check if everything is ok with
all the relevant software running along Horde. It's a php file called
"test.php".

Now, this file shows almost everything that happens in the box. Here's a
transcript of what shows when it comes to dovecot and SSL :


---------------------------
    * Trying protocol imap/ssl, Port 993:

          ERROR - The server returned the following error message:

          SECURITY PROBLEM: insecure server advertised AUTH=PLAINCertificate failure for localhost: self signed certificate:
          /C=GR/ST=Kerkyra/L=Kerkyra/O=The Company Name/OU=IMAP
          server/CN=webmail.thecompanyname.gr/emailAddress=postmaster at webmail.thecompanyname.gr
---------------------------


From what I understand, it doesn't like the certificate.
However, I've followed a howto document step-by-step and did what
is documented.

Does anyone have any pointers on how to make secure imap for dovecot ?
E.G. on ThunderBird, the settings are the following :


Tools -> Account Settings -> Server Settings :
Server Name : (the server or its ip address)
Username : (the username)
Port : (I've manually entered "993", because by default goes to "143")
Security Settings ->
    Connection Security : SSL/TLS (again manually entered)
    CHECK_ON : Use secure authentication

Now, if I click on "Get Mail" button on top of the TB window, I get a 
pop-up window with the following message :

------
Server :
Location : <Servers' IP Address>:993
Certificate Status :
This site attempts to identify itself with invalid information.

Wrong Site :
Certificate belongs to a different site, which could indicate an
identity theft.

Unknown Identity :
Certificate is not trusted, because it hasn't been verified by a
recognized authority.
------

After that, the users accepts the above by pressing ok twice. However,
there's a third pop-up window with a message shown below :

------
You cannot log in to <servers' ip address> because you have enabled 
secure authentication and this serer does not support it.
To log in, turn off secure authentication for this account.
------


Any help would be appreciated..

Thank you all for your patience,


S. Tsiolis

More information about the dovecot mailing list