I'm using Dovecot 2.2.5. I'm setting up and new IMAPS server for personal use (i.e. only me).
I have success with self-signed certificates but not with others (e.g. StartSSL.com)
With StartSSL certs:
I've been able to connect and test commands via: openssl s_client -connect imaps.unixathome.org:993
Can you configure your iPhone or Macbook to access the above?
Authentication isn't the issue. Connection is the issue.
I've been able to get Thunderbird to connect and access my mail.
However, I've been unable to get my iPhone or my Mac configured to use the same IMAP server. On the iPhone, adding the new Mail account causes the Settings app to crash on a persistently consistent basis when adding the new account. The crash occurs when connecting to the IMAPS server. Configuration never completes.
I suspect the problem is SSL because in both cases (iPhone and Mac), I see these messages I see in the logs:
*** /var/log/debug.log *** Sep 13 11:50:32 imaps dovecot: imap-login: Debug: SSL: where=0x2002, ret=-1: SSLv3 read client certificate A [166.137.84.11] Sep 13 11:50:45 imaps dovecot: auth: Debug: auth client connected (pid=31647) Sep 13 11:50:45 imaps dovecot: imap-login: Debug: SSL: where=0x10, ret=1: before/accept initialization [166.137.84.11] Sep 13 11:50:45 imaps dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: before/accept initialization [166.137.84.11] Sep 13 11:50:45 imaps dovecot: imap-login: Debug: SSL: where=0x2002, ret=-1: SSLv2/v3 read client hello A [166.137.84.11] Sep 13 11:50:45 imaps dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 read client hello A [166.137.84.11] Sep 13 11:50:45 imaps dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write server hello A [166.137.84.11] Sep 13 11:50:45 imaps dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write certificate A [166.137.84.11] Sep 13 11:50:45 imaps dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write server done A [166.137.84.11] Sep 13 11:50:45 imaps dovecot: imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 flush data [166.137.84.11] Sep 13 11:50:45 imaps dovecot: imap-login: Debug: SSL: where=0x2002, ret=-1: SSLv3 read client certificate A [166.137.84.11]
*** /var/log/maillog *** Sep 13 11:50:46 imaps dovecot: imap-login: Warning: SSL failed: where=0x2002: SSLv3 read client certificate A [166.137.84.11] Sep 13 11:50:46 imaps dovecot: imap-login: Disconnected (no auth attempts in 1 secs): user=<>, rip=166.137.84.11, lip=199.233.228.197, TLS handshaking: Disconnected, session=<a7AJd0LmWwCmiVQL>
/usr/local/etc/ssl/imaps.unixathome.org.crt contains only the cert issued by StartSSL /usr/local/etc/ssl/imaps.unixathome.org.nopassword.key contains a no-password key generated by myself.
Output of doveconf -n:
# 2.2.5: /usr/local/etc/dovecot/dovecot.conf # OS: FreeBSD 9.1-RELEASE-p6 amd64 auth_debug = yes auth_verbose = yes first_valid_gid = 1001 first_valid_uid = 1001 mail_debug = yes mail_location = maildir:~/Maildir mail_privileged_group = mail passdb { args = scheme=BLF-CRYPT /var/db/dovecot.users driver = passwd-file } protocols = imap service imap-login { inet_listener imap { port = 0 } inet_listener imaps { address = 199.233.228.197 } } ssl = required ssl_cert = </usr/local/etc/ssl/imaps.unixathome.org.crt ssl_key = </usr/local/etc/ssl/imaps.unixathome.org.nopassword.key userdb { args = /var/db/dovecot.users driver = passwd-file } verbose_proctitle = yes verbose_ssl = yes protocol imap { imap_client_workarounds = delay-newmail tb-extra-mailbox-sep }
-- Dan Langille - http://langille.org/