Hi Timo,
I have set up 2.07 to answer on several different IP's with different SSL certs, like the following :
local 209.132.xx.4 { ssl_cert = *.xxxxx.com.crt-pem-298 ssl_key = .xxxxx.com.key-298 }
I have several of these, and there appears to be a problem with one in particular that is dropping connections, and I'm not sure why.
In this case it is a wildcard cert issued from godaddy, and I have the cert file in pem format with the chain on it. I have another completely separate local IP setup with a different cert on it that works without any problems.
This particular one drops the connection when I try to connect to IMAP using TLS on port 143, or using the IMAP SSL port of 993. When I try it using Thunderbird, I am using the default settings for both tests.
The Thunderbird error I get is "The server has disconnected. The server may have gone down or there may be a network problem." I don't see any errors in the dovecot error log or the system error log, and when using doveadm who to view the current connections, it does not show a connection. I tried enabling the logs for SSL errors, but nothing appears for my IP when attempting to connect.
FreeBSD 8.1 with openssl 0.9.8n. The IP's are on the box and are on the loopback interface if that makes any difference for a direct server return load balancing system.
But, I don't know how that would make a difference since one of the separated IP's works with its cert, and the other one disconnects.
Thanks,
Tim.
Here is my dovecot -n output :
# 2.0.7: /usr/local/etc/dovecot/dovecot.conf # OS: FreeBSD 8.1-STABLE i386 auth_username_format = %Lu auth_username_translation = %@ auth_verbose = yes disable_plaintext_auth = no dotlock_use_excl = yes first_valid_uid = 100 listen = * lock_method = dotlock log_path = /local/logs/dovecot.errors mail_fsync = always mail_gid = 100 mail_location = maildir:%h/Maildir mail_nfs_index = yes mail_nfs_storage = yes mail_plugins = " quota" mail_uid = 100 managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date imapflags notify mmap_disable = yes passdb { args = /bin/checkpassword_dovecot_auth driver = checkpassword } plugin { quota = maildir:User quota quota_rule = Trash:storage=+100M sieve = ~/.dovecot.sieve sieve_after = /home/mailboxes/sieve/to_spam_folder.sieve sieve_dir = ~/Maildir/sieve sieve_extensions = +notify +imapflags } protocols = imap pop3 sieve service auth { unix_listener auth-userdb { group = sn mode = 0600 user = sn } } ssl_cert = *.xxxxx.com.crt-pem-298 ssl_key = .xxxxx.com.key-298 } local 209.132.79.1 { ssl_cert = *.ssl.xxxxx.com.crt-278 ssl_key = .ssl.xxxxx.com.key-278 }