[Dovecot] SSL only for external connections

Simon Brereton simon.brereton at buongiorno.com
Fri Sep 30 20:34:56 EEST 2011


> -----Original Message-----
> From: dovecot-bounces at dovecot.org [mailto:dovecot-
> bounces at dovecot.org] On Behalf Of Terry Carmen

> 
> If SSL/TLS works from the outside, but not the inside, you should
> probably find out why and fix that instead.

You'd think so - but since I don't actually need TLS from the inside, and given my skill level - disabling it seems easier :)

> What is the actual error text?

2011-09-29T15:33:14-04:00 WARN: HORDE4 [imp] PHP ERROR: fwrite(): SSL:
Broken pipe [pid 23503 on line 3716 of
"/usr/share/php/Horde/Imap/Client/Socket.php"]
2011-09-29T15:33:14-04:00 WARN: HORDE4 [imp] PHP ERROR: fwrite() expects
parameter 1 to be resource, null given [pid 23503 on line 3714 of
"/usr/share/php/Horde/Imap/Client/Socket.php"]
2011-09-29T15:33:14-04:00 WARN: HORDE4 [imp] PHP ERROR: fwrite() expects
parameter 1 to be resource, null given [pid 23503 on line 3716 of
"/usr/share/php/Horde/Imap/Client/Socket.php"]
2011-09-29T15:33:14-04:00 WARN: HORDE4 [imp] PHP ERROR: feof() expects
parameter 1 to be resource, null given [pid 23503 on line 3909 of
"/usr/share/php/Horde/Imap/Client/Socket.php"]
2011-09-29T15:33:14-04:00 WARN: HORDE4 [imp] PHP ERROR: fgets() expects
parameter 1 to be resource, null given [pid 23503 on line 3925 of
"/usr/share/php/Horde/Imap/Client/Socket.php"]
2011-09-29T15:33:14-04:00 ERR: HORDE4 [imp] IMAP server denied
authentication. [pid 23503 on line 340 of
"/usr/share/horde4/imp/lib/Imap.php"]
2011-09-29T15:38:05-04:00 ERR: HORDE4 [imp] Server does not support TLS
connections. [pid 23596 on line 340 of "/usr/share/horde4/imp/lib/Imap.php"]

The mail log (to which Dovecot logs) shows nothing  for either of those time periods - and a single (successful) login with TLS at 15:33:15 - The consensus from the excellent Horde mailing list is that it's either an IMAP issue or a PHP one.  Since the dovecot log isn't showing any errors I'm inclined to believe it's PHP.  And since I have neither the skills nor the time to engage with those folks on the intricacies of fwrite, fget and feof, I'd rather just not have the TLS overhead on localhost connections (which probably makes sense even if I did have the inclination).

So, would setting ssl_listen to the external IP remove the TLS offer from localhost connections?



Simon





More information about the dovecot mailing list