On Sun, 23 Sep 2007, Timothy Murphy wrote:
(1) I suspect the problem lies with authentication. But how can I test this?
From past experience (but also came up as #1 when googling "testing IMAPS" w/o quotes) you should use:
openssl s_client -connect servername:993
If your dovecot does TLS negotiation [not sure if it's the default], you may also want to use/try:
openssl s_client -starttls imap -connect servername:143 (Caveat: -starttls only supported "smtp" and "pop3" on my system [OpenSSL 0.9.8d on Gentoo]. Don't know what the defaults are.)
993/143 can be replaced by imaps/imaps or whatever your ports are.
openssl s_client is a generally-useful tool for SSL/TLS testing (SMTPS/HTTPS/IMAPS/etc.).
(2) [ skipping kmail question ]
(3) I guess I don't understand exactly how TLS authentication works. Does installing openssl set up the correct certificates on server and client?
I had a really hard time with this myself, and I felt like I knew what I was doing. There are HOWTO's to setup the server-side self-signed certificates, but for the client-side setup, I went through much of:
Pine+OpenSSL HOWTO - http://www.madboa.com/geek/pine-ssl/
Some(/many?) of the sections are specific to Pine, the email client. But, any of the sections with openssl commands are generally useful (and, I think, well-explained).
Is there any documentation on this?
For the server-side: http://wiki.dovecot.org/SSL http://wiki.dovecot.org/SSL/CertificateCreation http://wiki.dovecot.org/SSL/DovecotConfiguration
The Apache SSL/TLS documentation linked-to from that page [/SSL] looks good: http://httpd.apache.org/docs/2.2/ssl/ssl_intro.html
Best, Ben