On Oct 5, 2012, at 10:20 PM, Luigi Rosa <lists@luigirosa.com> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Nick Rosier said the following on 05/10/12 22:47:
How do you enable this in Thunderbird? If by "enabling IPv6" you mean you put in the IPv6 address in stead of the hostname, that's probably where you're wrong. The certificate contains your hostname, not the IP-address so the hostname verification check fails if you insert the IPv6 address (i.e. hostname.tld != 2001:470:1f09:203:fdbf:508e:4a29:56c5so your connection fails).
Good point. But does not explain why it works if I put the IPv4 address of the server (the local LAN IPv4, not the public IPv4).
I've verified this by changing the hostname to IPv6 in Thunderbird and got the same error as you do. You would get the same error if you configure the IPv4 address in TB.
The server I am referring to has 2 NICs one with a public IP and the other with a local IP address (10.0.0.254)
If I put 10.0.0.254 instead of the IPv6 address I can successfully connect using TLS:
Oct 6 07:13:44 mail dovecot: imap-login: Login: user=<lrosa@hypertrek.info>, method=CRAM-MD5, rip=10.0.0.155, lip=10.0.0.254, mpid=17812, TLS, session=<LZhzDV3LMQAKE0Ob>
And do you have a PTR record for 10.0.0.254?
Sean