On Aug 16, 2006, at 9:29 AM, Richard wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160
hi,
i've built dovecot latest cvs on OSX 10.4.7. i'm making a 1st
attempt @ trying/failing to get TLS operation up-n-running ...
<snip> > i've config'd for ssl/tls w/: > > ... > listen = 10.0.0.6 > ssl_listen = 10.0.0.6 > ssl_disable = no > > verbose_ssl = yes > auth_verbose = yes > auth_debug = yes > > disable_plaintext_auth = no > > ssl_cert_file = > /var/MailServer/Data/CERTS/mail.testdomain.com.cert.rsa.pem > ssl_key_file = > /var/MailServer/Data/CERTS/mail.testdomain.com.privkey.rsa.pem > ssl_ca_file = /var/MailServer/Data/CERTS/main.CA.cert.rsa.pem > > ssl_verify_client_cert = no > ssl_parameters_regenerate = 24 > ssl_cipher_list = ALL:!SSLv2:!aNULL:!NULL:!EXPORT:!DES:!LOW:@STRENGTH > 17 ... > > >
on test via telnet, i see:
% telnet 10.0.0.6 143 Trying 10.0.0.6... Connected to mail.testdomain.com. Escape character is '^]'. * OK mail.testdomain.com Dovecot IMAP4 v1.0cvs server ready 1 capability * CAPABILITY IMAP4rev1 SASL-IR SORT THREAD=REFERENCES MULTIAPPEND UNSELECT LITERAL+ IDLE CHILDREN NAMESPACE LOGIN-REFERRALS STARTTLS AUTH=PLAIN AUTH=DIGEST-MD5 AUTH=CRAM-MD5 1 OK Capability completed. ...
but, a test with:
% openssl s_client -connect 10.0.0.6:143
On port 143 you have an imap with starttls, i.e. plaintext until
STARTTLS has been issued. Unfortunately openssl s_client (not mine at
least) support imap (only smtp and pop3), but for smtp I would use
something like this
openssl s_client -starttls smtp -crlf -connect 1.2.3.4:25
You should have an imap with ssl/tls on port 993, however.
/Thorbjorn