Hello all,
I've got an issue I'm almost positive is not related to Dovecot, but was
wondering whether anyone else has had similar problems or could
duplicate my results. Please accept my apologies if this is considered
off-topic or this issue is actually just a symptom of my own ignorance.
Also, sorry for how long this email got, I knew I wouldn't be able to
explain my issue in a paragraph.
I'm having issues connecting to my dovecot mail server, running with SSL under Solaris while connected via Cingular/ATT wireless, specifically via the wap.cingular access point. This server is not firewall, either via software or hardware and sits on a fully routable internet IP address. A few days after we made the transition from UW-IMAP to Dovecot, I could no longer connect from my Nokia E61i to our server (IMAP w/ SSL, port 993). Until today, I just assumed I did something to anger the Nokia gods and just did without mobile email.
Today, someone walked in with an iPhone and could only connect to our server via wifi connections, not over Cingular/ATT's EDGE network. When I looked into it, I saw the same behavior with my E61i which also has wifi.
Here's where it gets weird. I can connect to other IMAP servers (imap.gmail.com, mail.columbia.edu) but not to our departmental mail server running dovcot (paradox.psych.columbia.edu). All three are on port 993 using IMAP with SSL. Ping, SSH and web traffic don't have any difficulty getting through, but IMAP/POP seems to be prematurely disconnected. So I did a little digging, by tethering my Macbook with Thunderbird through my phone I saw the following traffic in Wireshark between me and my server (Paradox):
Me: SYN Paradox: SYN, ACK Me: ACK Me: Client Hello Paradox: ACK Paradox: FIN, ACK Me: ACK Paradox: FIN, ACK Me: ACK -dead-
Maybe I'm misunderstanding something here, but it looks likely that ATT is sending a FIN which kills the connection before my mail client can even get out of the gate. I thought it might be related to SSL so I setup a inetd to launch a secondary dovecot process listening on port 997 without encryption. I see the same behavior, without the "Client Hello" above. I've also run it on other ports and seen the same behavior. Needless to say, both SSL/noSSL work without issue from local and a variety of remote networks, except ATT. Tomorrow I'll do some sniffing to confirm that Cingular is sending a fake TCP FIN packet, but I've got to wait till the network folks set me up a port in mirror mode.
I did not paste the full Wireshark output as it has long lines which would look hella ugly in email, so here it is nicely formatted: http://duckies.org/~peter/damncingular.txt
Has anyone else seen similar behavior or know what might be causing this? It looks like ATT/Cingular is killing the connection before it really ever even gets started, but I have no idea why. I've spent a couple hours on the phone with them and not been able to contact anyone who might know why this just started happening when it had been working before.
Can anyone replicate the same behavior, you shouldn't need an un/pw as it doesn't get that far, just need an ATT customer with tethering setup to capture an attempt at connecting to the server (paradox.psych.columbia.edu).
Ideas? I'm totally stumped, but it sounds a lot like the sort of thing Comcast was doing to Bittorrent for their users, except they were injecting RST instead of FIN.
Thanks in advance for any help anyone might be able to offer me. --Peter