Port 143 is no SSL; no client auth; plain password auth. But port 993 is SSL; client cert auth.

UK Universal Support Limited contact at ukuniversalsupport.com
Sun Aug 21 16:19:12 UTC 2016 

I am experiencing the error
"Error: BUG: Authentication client sent unknown handshake command:"

My goal is
Port 143: no SSL; no client auth; plain password auth.
Port 993: SSL; client cert auth.

I found the archive
http://www.dovecot.org/list/dovecot/2016-February/103067.html


and followed it, but does not work, I see the following log in /var/log/maillog

Aug 21 15:36:42 vps0 dovecot: master: Dovecot v2.2.25 (7be1766) starting up for imap (core dumps disabled)
Aug 21 15:37:51 vps0 dovecot: auth: Error: BUG: Authentication client sent unknown handshake command: REQUEST?1997012993?3734?1?e067999d43eebcecf0c9d44a1c108d75?session_pid=3741?r...
Aug 21 15:37:51 vps0 dovecot: imap: Error: Authentication server didn't send valid SPID as expected: MECH#011PLAIN#011plaintext
Aug 21 15:37:51 vps0 dovecot: imap: Error: Disconnected from auth server, aborting (client-pid=3734 client-id=1)
Aug 21 15:37:51 vps0 dovecot: imap-login: Internal login failure (pid=3734 id=1) (internal failure, 1 successful auths): user=<contact>, method=PLAIN, rip=212.104.147.161, lip=46.30.14.36, mpid=3741, TLS, session=<UkXhtpY6W8XUaJOh>
Aug 21 15:37:51 vps0 dovecot: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=212.104.147.161, lip=46.30.14.36, TLS handshaking: SSL_accept() failed: error:140D9115:SSL routines:SSL_GET_PREV_SESSION:session id context uninitialized, session=<nkrktpY6XMXUaJOh>


Can anyone advice any solution?


Dovecot version: 2.2.25 (7be1766)
Operating system:CentOS 7, 64bit, selinux is off.
CPU architecture: Intel x86 64bit.
Filesystem: xfs


# /usr/local/bin/doveconf -n
# 2.2.25 (7be1766): /usr/local/etc/dovecot/dovecot.conf
# OS: Linux 3.10.0-327.28.2.el7.x86_64 x86_64 CentOS Linux release 7.2.1511 (Core)
auth_mechanisms = plain login
auth_ssl_username_from_cert = yes
disable_plaintext_auth = no
mail_location = maildir:~/Maildir
namespace inbox {
   inbox = yes
   location =
   mailbox Drafts {
     special_use = \Drafts
   }
   mailbox Junk {
     special_use = \Junk
   }
   mailbox Sent {
     special_use = \Sent
   }
   mailbox "Sent Messages" {
     special_use = \Sent
   }
   mailbox Trash {
     special_use = \Trash
   }
   prefix =
}
passdb {
   driver = pam
}
protocols = imap
service auth-ssl {
   executable = auth -o auth_ssl_require_client_cert=yes
   unix_listener auth-master-ssl {
     mode = 0666
   }
   unix_listener login/login-ssl {
     mode = 0666
   }
}
service imap-login-ssl {
   chroot = login
   executable = imap-login -l imap-ssl login-ssl
   inet_listener imaps {
     port = 993
     ssl = yes
   }
   user = $default_login_user
}
service imap-login {
   inet_listener imaps {
     port = 0
   }
}
service imap-ssl {
   executable = imap -a auth-master-ssl
   unix_listener login/imap-ssl {
     user = $default_login_user
   }
}
ssl_ca = </etc/SslCert/dovecot/2016080505CAcert.WithCrl.pem
ssl_cert = </etc/SslCert/dovecot/2016080506cert.pem
ssl_key = </etc/SslCert/dovecot/2016080506PrivateKey.NoPassPhrase.pem
userdb {
   driver = passwd
}
protocol imap {
   auth_ssl_require_client_cert = no
   ssl_require_crl = no
   ssl_verify_client_cert = no
}
protocol imaps {
   auth_ssl_require_client_cert = yes
   ssl_require_crl = yes
   ssl_verify_client_cert = yes
}
#

More information about the dovecot mailing list