hey friends,<br>


<br>


I am trying to secure my mail server.I have enabled TLS support in
postfix(version postfix-2.1.5), now I am trying to configure squirrelmail(version 1.4.4-1 rpm) for tls/ssl
support.In config.php i have choosen use_imap_tls=true and
use_smpt_tls=true.<br>


<br>


Moreover If I send any mail from squirrelmail there are no entries for
ssl or tls in maillogs whereas If I send the mail through evolution I
can see tls/ssl entries in maillogs.<br>


<br>


starting TLS engine<br>


Dec 12 12:30:08 cluster1 postfix/smtpd[7965]: setting up TLS connection from [<a href="http://192.168.1.68/" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">192.168.1.68</a>]<br>


Dec 12 12:30:08 cluster1 postfix/smtpd[7965]: SSL_accept:before/accept initialization<br>


Dec 12 12:30:08 cluster1 postfix/smtpd[7965]: SSL_accept:error in SSLv2/v3 read client hello A<br>


Dec 12 12:30:08 cluster1 postfix/smtpd[7965]: SSL_accept:error in SSLv2/v3 read client hello B<br>


Dec 12 12:30:08 cluster1 postfix/smtpd[7965]: SSL_accept:SSLv3 read client hello A<br>


Dec 12 12:30:08 cluster1 postfix/smtpd[7965]: SSL_accept:SSLv3 write server hello A<br>


Dec 12 12:30:08 cluster1 postfix/smtpd[7965]: SSL_accept:SSLv3 write certificate A<br>


Dec 12 12:30:08 cluster1 postfix/smtpd[7965]: SSL_accept:SSLv3 write server done A<br>


Dec 12 12:30:08 cluster1 postfix/smtpd[7965]: SSL_accept:SSLv3 flush data<br>


Dec 12 12:30:08 cluster1 postfix/smtpd[7965]: SSL_accept:error in SSLv3 read client certificate A<br>


Dec 12 12:30:08 cluster1 last message repeated 2 times<br>


Dec 12 12:30:08 cluster1 postfix/smtpd[7965]: SSL_accept:SSLv3 read client key exchange A<br>


Dec 12 12:30:08 cluster1 postfix/smtpd[7965]: SSL_accept:error in SSLv3 read certificate verify A<br>


Dec 12 12:30:08 cluster1 last message repeated 3 times<br>


Dec 12 12:30:08 cluster1 postfix/smtpd[7965]: SSL_accept:SSLv3 read finished A<br>


Dec 12 12:30:08 cluster1 postfix/smtpd[7965]: SSL_accept:SSLv3 write change cipher spec A
<br>


Dec 12 12:30:08 cluster1 postfix/smtpd[7965]: SSL_accept:SSLv3 write finished A
<br>


Dec 12 12:30:08 cluster1 postfix/smtpd[7965]: SSL_accept:SSLv3 flush data<br>


Dec 12 12:30:08 cluster1 postfix/smtpd[7965]: TLS connection
established from [<a href="http://192.168.1.68/" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">192.168.1.68</a>]: SSLv3 with cipher RC4-MD5 (128/128
bits)<br>


<br>

But when I did the config.test for squirrelmail I got the below error<br>


<br>


Checking IMAP service....<br>



&nbsp;&nbsp;&nbsp;&nbsp;IMAP server ready (<tt><small>* OK dovecot ready.</small></tt>)<br>



&nbsp;&nbsp;&nbsp;&nbsp;Capabilities: <tt>* CAPABILITY IMAP4rev1 SORT THREAD=REFERENCES MULTIAPPEND UNSELECT IDLE CHILDREN LISTEXT LIST-SUBSCRIBED NAMESPACE AUTH=PLAIN
</tt><br>



&nbsp;&nbsp;&nbsp;&nbsp;<font color="red"><b>ERROR:</b></font> You have enabled TLS
encryption in the config, but the server does not report STARTTLS
capability. TLS is probably not supported.<br>


<br>


Lines of ssl in /etc/dovecot.conf<br>


protocols = imaps pop3s <br>


imaps_listen = * <br>


pop3s_listen = *<br>


ssl_disable = no<br>


ssl_cert_file = /usr/share/ssl/certs/dovecot.pem&nbsp;&nbsp;&nbsp; <br>

<div id="mb_0"><div>
ssl_key_file = /usr/share/ssl/private/dovecot.pem<br>
ssl_parameters_file = /var/run/dovecot/ssl-parameters.dat<br>
disable_plaintext_auth = yes <br>
<br>
If i do telnet localhost 993 or 995 I don't see any &quot;Ok Dovecot Ready&quot;
message.But If I enable pop3 and imap in dovecot.conf and then I telnet
localhost 110 or 143 I can see &quot;Ok Dovecot Ready&quot; message.<br>
<br>
How do I make squirrelmail to use tls/ssl for both imap &amp; smtp.<br>
<br>
Thanks &amp; Regards<br><span>
<br>
Ankush Grover</span></div></div>