[Dovecot] IPv6 & SSL

Sean Kamath kamath at moltingpenguin.com
Sat Oct 6 08:44:56 EEST 2012


On Oct 5, 2012, at 10:20 PM, Luigi Rosa <lists at luigirosa.com> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Nick Rosier said the following on 05/10/12 22:47:
> 
>>> How do you enable this in Thunderbird? If by "enabling IPv6" you mean you
>>> put in the IPv6 address in stead of the hostname, that's probably where
>>> you're wrong. The certificate contains your hostname, not the IP-address
>>> so the hostname verification check fails if you insert the IPv6 address
>>> (i.e. hostname.tld != 2001:470:1f09:203:fdbf:508e:4a29:56c5so your
>>> connection fails).
> 
> Good point. But does not explain why it works if I put the IPv4 address of the
> server (the local LAN IPv4, not the public IPv4).
> 
>>> I've verified this by changing the hostname to IPv6 in Thunderbird and
>>> got the same error as you do. You would get the same error if you
>>> configure the IPv4 address in TB.
> 
> The server I am referring to has 2 NICs one with a public IP and the other
> with a local IP address (10.0.0.254)
> 
> If I put 10.0.0.254 instead of the IPv6 address I can successfully connect
> using TLS:
> 
> Oct  6 07:13:44 mail dovecot: imap-login: Login: user=<lrosa at hypertrek.info>,
> method=CRAM-MD5, rip=10.0.0.155, lip=10.0.0.254, mpid=17812, TLS,
> session=<LZhzDV3LMQAKE0Ob>

And do you have a PTR record for 10.0.0.254?

Sean




More information about the dovecot mailing list