[Dovecot] SSL with startssl.com certificates
Jerry
jerry at seibercom.net
Tue Sep 17 16:08:45 EEST 2013
On Tue, 17 Sep 2013 09:01:49 -0400
Dan Langille articulated:
> On 2013-09-17 08:43, Reindl Harald wrote:
> > Am 17.09.2013 14:39, schrieb Dan Langille:
> > On 2013-09-16 20:28, Noel Butler wrote:
> > Since we just ruled this one out, might I suggest you grab the
> > source and build it, install it all under /opt/dovecot that way it
> > wont interfere with your ports installation and try that, the one
> > you successfully just tested uses dovecot 2.1 not 2.2, so maybe try
> > source of 2.1 and see if it works.
> >
> > I just tried 2.1.16. The iPhone has no trouble on 143 but on 993,
> > it's just like 2.2
> >
> > But, if it does work on port 143 with TLS I wouldnt worry too much
> > about it
> >
> > tcpdump is showing me raw text going past, so I know I'm not
> > getting TLS on either Dovecot 2.1 or 2.2
> >
> > It seems that TLS is not supported by my client. Pity.
> >
> > iPhone is the worst mail client on this planet but for sure
> > supports TLS
> >
> > Apple is here the same as Microsoft
> >
> > * remove the account completly
> > * add it again and it will detect that encryption is available
>
> Done. But tcpdump is still showing me plain text.
>
> # dovecot -n
> # 2.1.16: /usr/local/etc/dovecot/dovecot.conf
> # OS: FreeBSD 9.1-RELEASE-p6 amd64
> auth_debug = yes
> auth_verbose = yes
> disable_plaintext_auth = no
> first_valid_gid = 1001
> first_valid_uid = 1001
> mail_debug = yes
> mail_location = maildir:~/Maildir
> mail_privileged_group = mail
> passdb {
> args = scheme=BLF-CRYPT /var/db/dovecot.users
> driver = passwd-file
> }
> protocols = imap
> service imap-login {
> inet_listener imap {
> address = 199.233.228.197
> }
> inet_listener imaps {
> address = 199.233.228.197
> port = 0
> }
> }
> ssl_cert = </usr/local/etc/ssl/imaps.unixathome.org.crt
> ssl_key = </usr/local/etc/ssl/imaps.unixathome.org.nopassword.key
> userdb {
> args = /var/db/dovecot.users
> driver = passwd-file
> }
> verbose_proctitle = yes
> verbose_ssl = yes
> protocol imap {
> imap_client_workarounds = delay-newmail tb-extra-mailbox-sep
> }
Show the entire dump from when you first attempt to make a connection to
the start of message transmission.
--
Jerry ♔
Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the Reply-To header.
__________________________________________________________________
More information about the dovecot
mailing list