[Dovecot] SSL with startssl.com certificates

Dan Langille dan at langille.org
Thu Oct 10 21:26:36 EEST 2013


On Oct 9, 2013, at 11:43 PM, Noel Butler wrote:

> On 10/10/2013 13:36, Noel Butler wrote:
>> I can't recall if we previously discussed it, but, why the fascination
>> with imaps, why not use TLS on 143, or wont that connect either? tried
>> pop3 TLS ? pop3s?
>> and when you test, use -CAfile /path/to/(startssl's)CA.pem
>> I see no auth mech statement, so using hte default is limited, IIRC, login is re
>> auth_mechanisms = plain login
> 
> bugger......  stupid webmail... as I was trying to say, IIRC type login is required for ssl
> ,at least with winblow sclients, try adding the above and see what goes.
> plain is preferred, but that's because TLS is preferred.

To be clear, I am using this now:

auth_mechanisms = plain login

> use the  local - int- ca  > cert.pem

I have all three in there.

> and remove the ssl_ca option

Removed.

Restarted dovecot.

Mail on the Macbook reports:

"There may be a problem with the mail server or network. Verify the settings for account “Langille” or try again.

The server returned the error: Mail was unable to connect to server “test1.langille.org” using SSL on port 993. Verify that this server supports SSL and that your account settings are correct."

/var/log/maillog shows:

Oct 10 18:25:19 imaps dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=98.111.147.220, lip=199.233.228.197, session=<5fLNH2foGABib5Pc>
Oct 10 18:25:19 imaps dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=98.111.147.220, lip=199.233.228.197, session=<5gDPH2fokABib5Pc>

I should have four separate IMAP instances ready later today.

-- 
Dan Langille - http://langille.org



More information about the dovecot mailing list