[Dovecot] STARTTLS does not seem to work

Phil Howard ttiphil at gmail.com
Wed May 26 15:51:23 EEST 2010


On Tue, May 25, 2010 at 16:31, Jerrale Gayle
<jerralegayle at sheltoncomputers.com> wrote:

> The openssl client will connect you in plain text to your imap server where
> you can manually do login (AUTH LOGIN) and browse through your imap folders
> just like you use your SSH shell. This is a sufficient enough test. Refer
> here, after doing what Mike Abbott told you to do with openssl s_client:
> http://www.macgeekery.com/tips/troubleshooting/troubleshooting_imap

The test I want to do requires deleting the existing mail after
fetching it ... so that subsequent runs won't see that mail, again.
There will be timestamp coded info in that email, too (though it would
fit on the subject).  So it seems something like fetchmail could work.
 But I do need to do this test in a variety of different ways
specified by a script, so the ability to specify those things on the
command line or environment is preferred over doing it by means of a
config file.  Specifying them by means of running an interactive
program is out.  These things include what server to connect to (by
hostname or IP address), what certificate hostname to expect (may be
different than the connect host, since these tests may be running
through tunnels), what port to connect to, whether to operate in clear
vs. use STARTTLS vs. use SSL wrapper, what password authentication
scheme to use, the password itself, and the local directory for the
mail transfer (where to get mail to send/submit, or where to deposit
mail fetched ... maildir format preferred for that).

This is about operational testing, not implementation or deployment
testing.  It will be run on a regular basis and the scripts will log
the results in various places, including notifying operators and/or
administrators depending on the issues discovered.  Among the tests
will include tests that are expected to fail (for example connecting
to port 465, or logging in without enabling TLS) and will raise an
issue if they succeed.  Every test unit will have a unique
user at domain.  Some tests will even be specifically testing domains
(every domain, though not every hostname, will have a test unit).  I
expect a few hundred test units to be deployed for the mail system
(some offsite ... that's to be tested, too).


More information about the dovecot mailing list