[Dovecot] IPv6 & SSL

Luigi Rosa lists at luigirosa.com
Sat Oct 6 08:20:20 EEST 2012


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Nick Rosier said the following on 05/10/12 22:47:

>> How do you enable this in Thunderbird? If by "enabling IPv6" you mean you
>> put in the IPv6 address in stead of the hostname, that's probably where
>> you're wrong. The certificate contains your hostname, not the IP-address
>> so the hostname verification check fails if you insert the IPv6 address
>> (i.e. hostname.tld != 2001:470:1f09:203:fdbf:508e:4a29:56c5so your
>> connection fails).

Good point. But does not explain why it works if I put the IPv4 address of the
server (the local LAN IPv4, not the public IPv4).

>> I've verified this by changing the hostname to IPv6 in Thunderbird and
>> got the same error as you do. You would get the same error if you
>> configure the IPv4 address in TB.

The server I am referring to has 2 NICs one with a public IP and the other
with a local IP address (10.0.0.254)

If I put 10.0.0.254 instead of the IPv6 address I can successfully connect
using TLS:

Oct  6 07:13:44 mail dovecot: imap-login: Login: user=<lrosa at hypertrek.info>,
method=CRAM-MD5, rip=10.0.0.155, lip=10.0.0.254, mpid=17812, TLS,
session=<LZhzDV3LMQAKE0Ob>


>> Configure your DNS so your hostname points to both the IPv6 and IPv4
>> address. Your client will take take whichever protocol is preferred (IPv4
>> or IPv6).

Thunderbird uses IPv4 as mail protocol, I wanted to test IPv6...


Thank you for your help


Ciao,
luigi

- -- 
/
+--[Luigi Rosa]--
\

Success is 99% failure.
    --Soichiro Honda
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iEYEARECAAYFAlBvv4kACgkQ3kWu7Tfl6ZQp2wCgvXPgRGANlAIaVkMvXZHIThYE
OiwAoIOqIMD+3mT1znMl6lCCbHanwBta
=B/r2
-----END PGP SIGNATURE-----


More information about the dovecot mailing list