[Dovecot] SSL with startssl.com certificates

[Dan Langille]

On 2013-09-17 08:43, Reindl Harald wrote:
> Am 17.09.2013 14:39, schrieb Dan Langille:
> On 2013-09-16 20:28, Noel Butler wrote:
> Since we just ruled this one out, might I suggest you grab the source
> and build it, install it all under /opt/dovecot  that way it wont
> interfere with your ports installation and try that, the one you
> successfully just tested uses dovecot 2.1 not 2.2, so maybe try source
> of 2.1 and see if it works.
> 
> I just tried 2.1.16.  The iPhone has no trouble on 143 but on 993, it's 
> just like 2.2
> 
> But, if it does work on port 143 with TLS I wouldnt worry too much 
> about it
> 
> tcpdump is showing me raw text going past, so I know I'm not getting 
> TLS on either Dovecot 2.1 or 2.2
> 
> It seems that TLS is not supported by my client.  Pity.
> 
> iPhone is the worst mail client on this planet but for sure supports 
> TLS
> 
> Apple is here the same as Microsoft
> 
> * remove the account completly
> * add it again and it will detect that encryption is available

Done. But tcpdump is still showing me plain text.

# dovecot -n
# 2.1.16: /usr/local/etc/dovecot/dovecot.conf
# OS: FreeBSD 9.1-RELEASE-p6 amd64
auth_debug = yes
auth_verbose = yes
disable_plaintext_auth = no
first_valid_gid = 1001
first_valid_uid = 1001
mail_debug = yes
mail_location = maildir:~/Maildir
mail_privileged_group = mail
passdb {
args = scheme=BLF-CRYPT /var/db/dovecot.users
driver = passwd-file
}
protocols = imap
service imap-login {
inet_listener imap {
address = 199.233.228.197
}
inet_listener imaps {
address = 199.233.228.197
port = 0
}
}
ssl_cert = </usr/local/etc/ssl/imaps.unixathome.org.crt
ssl_key = </usr/local/etc/ssl/imaps.unixathome.org.nopassword.key
userdb {
args = /var/db/dovecot.users
driver = passwd-file
}
verbose_proctitle = yes
verbose_ssl = yes
protocol imap {
imap_client_workarounds = delay-newmail tb-extra-mailbox-sep
}


-- 
Dan Langille - http://langille.org/