[Dovecot] STARTTLS problem

Lucas -LandM- lucas at landm.net
Wed Feb 2 22:28:39 EET 2011


  Hi,

   We try to configure dovecot as usual (all our servers have 
dovecot+vpopmail+qmail or postfix).
We set up dovecot with the next outcome:
- imap ok
- imaps ok
- imap STARTTLS NOT OK

Debug:
root at s13:/home/lucas# gnutls-cli --starttls -p 143 ip
Resolving 'ip'...
Connecting to 'ip'...

- Simple Client Mode:

* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE 
IDLE STARTTLS AUTH=PLAIN AUTH=LOGIN AUTH=CRAM-MD5] Dovecot ready.
*** Starting TLS handshake

*** Non fatal error: Resource temporarily unavailable, try again.
*** Fatal error: A TLS packet with unexpected length was received.
*** Handshake has failed

  Same result with thunderbird and openssl.
Log:
Feb  2 20:26:58 s13 dovecot: imap-login: Warning: SSL: where=0x10, 
ret=1: before/accept initialization [83.61.13.57]
Feb  2 20:26:58 s13 dovecot: imap-login: Warning: SSL: where=0x2001, 
ret=1: before/accept initialization [83.61.13.57]
Feb  2 20:26:58 s13 dovecot: imap-login: Warning: SSL: where=0x2002, 
ret=-1: SSLv2/v3 read client hello A [83.61.13.57]
Feb  2 20:26:58 s13 dovecot: imap-login: Warning: SSL: where=0x2001, 
ret=1: SSLv3 read client hello A [83.61.13.57]
Feb  2 20:26:58 s13 dovecot: imap-login: Warning: SSL: where=0x2001, 
ret=1: SSLv3 write server hello A [83.61.13.57]
Feb  2 20:26:58 s13 dovecot: imap-login: Warning: SSL: where=0x2001, 
ret=1: SSLv3 write certificate A [83.61.13.57]
Feb  2 20:26:58 s13 dovecot: imap-login: Warning: SSL: where=0x2001, 
ret=1: SSLv3 write server done A [83.61.13.57]
Feb  2 20:26:58 s13 dovecot: imap-login: Warning: SSL: where=0x2001, 
ret=1: SSLv3 flush data [83.61.13.57]
Feb  2 20:26:58 s13 dovecot: imap-login: Warning: SSL: where=0x2002, 
ret=-1: SSLv3 read client certificate A [83.61.13.57]
Feb  2 20:26:58 s13 dovecot: imap-login: Warning: SSL: where=0x2002, 
ret=-1: SSLv3 read client certificate A [83.61.13.57]
Feb  2 20:27:34 s13 dovecot: imap-login: Warning: SSL failed: 
where=0x2002: SSLv3 read client certificate A [83.61.13.57]
Feb  2 20:27:34 s13 dovecot: imap-login: Disconnected (no auth 
attempts): rip=83.61.13.57, lip=109.200.5.221, TLS handshaking: Disconnected


My config:
# 2.0.9: /opt/dovecot/etc/dovecot/dovecot.conf
# OS: Linux 2.6.32-27-server x86_64 Ubuntu 8.04
auth_mechanisms = plain login cram-md5
default_login_user = vpopmail
disable_plaintext_auth = no
first_valid_gid = 89
first_valid_uid = 89
last_valid_gid = 89
last_valid_uid = 89
listen = ip
mail_debug = yes
mail_gid = 89
mail_uid = 89
passdb {
   driver = vpopmail
}
plugin {
   quota = maildir:User quota
   quota_warning = storage=95%% quota-warning 95 %u
   quota_warning2 = storage=80%% quota-warning 80 %u
   setting_name = quota, trash
}
protocols = imap pop3
service imap-login {
   inet_listener imap {
     port = 143
   }
   inet_listener imaps {
     port = 993
     ssl = yes
   }
}
service imap {
   process_limit = 1024
}
service pop3-login {
   inet_listener pop3 {
     port = 110
   }
   inet_listener pop3s {
     port = 995
     ssl = yes
   }
}
service pop3 {
   process_limit = 1024
}
ssl_cert = </etc/ssl/certs/dovecot.pem
ssl_key = </etc/ssl/private/dovecot.pem
userdb {
   driver = vpopmail
}
verbose_ssl = yes
protocol imap {
   imap_client_workarounds = delay-newmail tb-extra-mailbox-sep
}
protocol pop3 {
   mail_max_userip_connections = 3
   pop3_client_workarounds = outlook-no-nuls ,oe-ns-eoh
   pop3_uidl_format = %08Xu%08Xv
}

  Any clue?

   Thank you in advanced,
    Lucas



More information about the dovecot mailing list