Hi,
STARTTTLS refers to a client connecting on the normal. plaintext IMAP port, 143, and then issuing a STARTTLS command, starting a TLS session. I am able to connect from my computer to your IMAP server using STARTTLS using this command: openssl s_client -starttls imap -connect 78.46.216.126:143
Your server seems to not be listening on ports 993 and 995 for imaps and pop3s, respectively, where a TLS session is started immediately when the connection is initiated.
If you are using dovecot 2, you need to have something like the following in your config
service imap-login { inet_listener imap { #port = 143 } inet_listener imaps { #port = 993 #ssl = yes } }
service pop3-login { inet_listener pop3 { #port = 110 } inet_listener pop3s { #port = 995 #ssl = yes } }
(The commented out lines represent the defaults, you uncomment them only if you want to change them)
For dovecot 1.2, you need a line like this: protocols = imap imaps pop3 pop3s
On 5/5/2012 3:06 PM, Markus Fritz wrote:
Hello,
I have this problem: May 5 21:02:35 opsys dovecot: imap-login: Disconnected (no auth attempts): rip=84.150.52.31, lip=78.46.216.126
Connecting via Thunderbird to STARTTLS won't work, but with a website from the same server it works for tls://opsys.de. So why is the port closed for external ip's? IPTABLES entry for imap is this: fail2ban-dovecot-pop3imap tcp -- anywhere
anywhere multiport dports pop3,pop3s,imap2,imapsKey files are correct TLS is working from localhost.
System is Debian squeeze