[Dovecot] IPv6 & SSL
Sean Kamath
kamath at moltingpenguin.com
Sat Oct 6 08:44:56 EEST 2012
On Oct 5, 2012, at 10:20 PM, Luigi Rosa <lists at luigirosa.com> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Nick Rosier said the following on 05/10/12 22:47:
>
>>> How do you enable this in Thunderbird? If by "enabling IPv6" you mean you
>>> put in the IPv6 address in stead of the hostname, that's probably where
>>> you're wrong. The certificate contains your hostname, not the IP-address
>>> so the hostname verification check fails if you insert the IPv6 address
>>> (i.e. hostname.tld != 2001:470:1f09:203:fdbf:508e:4a29:56c5so your
>>> connection fails).
>
> Good point. But does not explain why it works if I put the IPv4 address of the
> server (the local LAN IPv4, not the public IPv4).
>
>>> I've verified this by changing the hostname to IPv6 in Thunderbird and
>>> got the same error as you do. You would get the same error if you
>>> configure the IPv4 address in TB.
>
> The server I am referring to has 2 NICs one with a public IP and the other
> with a local IP address (10.0.0.254)
>
> If I put 10.0.0.254 instead of the IPv6 address I can successfully connect
> using TLS:
>
> Oct 6 07:13:44 mail dovecot: imap-login: Login: user=<lrosa at hypertrek.info>,
> method=CRAM-MD5, rip=10.0.0.155, lip=10.0.0.254, mpid=17812, TLS,
> session=<LZhzDV3LMQAKE0Ob>
And do you have a PTR record for 10.0.0.254?
Sean
More information about the dovecot
mailing list