On Thu, Mar 17, 2016 at 8:18 PM, John Oliver <joliver@john-oliver.net> wrote:
dovecot-2.0.9 on CentOS 6.7
The system in question is not connected to the Internet, so I can't copy-and-paste. I have to type anything required :-(
Brand-new out-of-the-box install with a really minimal dovecot.conf including:
service imap-login { inet_listener imaps { address = 192.168.1.10 port = 143 ssl = yes } }
ssl_cert=</etc/pki/tls/certs/dovecot.pem ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL ssl_key =</etc/pki/tls/private/dovecot.pem
That's very, very similar to an existing dovecot server on an old VM I need to replace. Certs are self-signed, I know that's a horrible thing to do, but right now we don't have any choice. I'm connecting with Apple Mail 8.2 running on OS X 10.10.5, another thing we have no choice about :-/ The Apple Mail just sits there stupidly. It's "Connection Doctor" just helpfully reports that it can't establish a connection. I can use 'openssl s_client -showcerts -connect mail:143' and see what I expect to see. The dovecot log with lots of verbosity enabled tells me:
imap-login: Info: Disconnected (no auth attempts): rip=192.168.1.200, lip=192.168.1.10, TLS handshaking: Disconnected auth: Debug: auth client connected (pid=21006) imap-login: Warning: SSL: where=0x10, ret=1: before/accept initialization [192.168.1.200] imap-login: Warning: SSL: where=0x2001, ret=1: before/accept initialization [192.168.1.200] imap-login: Warning: SSL: where=0x2002, ret=1: SSLv2/v3 read client hello A [192.168.1.200]
And that's it... those lines get repeated every minute that Mail is running. I'm not seeing anything in any logs that even hints at what it's unhappy about, or any way to increase verbosity any more.
Any hints appreciated!
--
- John Oliver http://www.john-oliver.net/ *
*
May be use -starttls imap or 993 port and more logs verbose_ssl=yes