On Sat, 2013-09-14 at 15:21 -0400, Dan Langille wrote:
Hmmm, I tried ssl = yes. Mail.app still crashes when trying to connect.
Well, its likely an Apple fault, after all their implementation of pop3 has been known to be broken for many many many years, but still after all these years are incapable of finding a developer to fix it by inserting a QUIT after its done everything.
Sep 14 19:19:22 imaps dovecot: imap-login: Warning: SSL failed: where=0x2002: SSLv3 read client certificate A [173.49.195.214]
What is this… read client certificate? There is no client certification in this config.
dovecot wants to know if your client wishes to authenticate using a local-to-client certificate, wouldnt focus too much on that (unless that client is trying to give a certificate that is invalid - not sure, I have never ever in 20 years, seen any client try to auth with a local certificate to a mail server)...
is this just one user? or all using apple? is it you?
Have you/they tried simply using TLS on 143? (preferred as POP3s/IMAPs has really be deprecated everywhere for some time now)
a successful TLS login appears like (and this particular user I know uses an ipad) :
Sep 15 12:09:38 imap-login: Debug: SSL: where=0x10, ret=1: before/accept initialization [101.xxxx] Sep 15 12:09:38 imap-login: Debug: SSL: where=0x2001, ret=1: before/accept initialization [101.xx] Sep 15 12:09:38 imap-login: Debug: SSL: where=0x2002, ret=-1: SSLv2/v3 read client hello A [101.xxx] Sep 15 12:09:38 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 read client hello A [101.xxx] Sep 15 12:09:38 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write server hello A [101.xxxx] Sep 15 12:09:38 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write certificate A [101.xxxxx] Sep 15 12:09:38 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write server done A [101.xxxxx] Sep 15 12:09:38 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 flush data [101.xxxxxx] Sep 15 12:09:38 imap-login: Debug: SSL: where=0x2002, ret=-1: SSLv3 read client certificate A [101.xxxx] Sep 15 12:09:38 imap-login: Debug: SSL: where=0x2002, ret=-1: SSLv3 read client certificate A [101.xxx] Sep 15 12:09:45 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 read client key exchange A [101.xxxx] Sep 15 12:09:45 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 read finished A [101.xxxxxxx] Sep 15 12:09:45 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write change cipher spec A [101.xxxx] Sep 15 12:09:45 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 write finished A [101.xxxxx] Sep 15 12:09:45 imap-login: Debug: SSL: where=0x2001, ret=1: SSLv3 flush data [101.xxxxxx] Sep 15 12:09:45 imap-login: Debug: SSL: where=0x20, ret=1: SSL negotiation finished successfully [101.xxxxxx] Sep 15 12:09:45 imap-login: Debug: SSL: where=0x2002, ret=1: SSL negotiation finished successfully [101.xxxxx] Sep 15 12:09:45 imap-login: Info: Login: user<x@x>, method=PLAIN, rip=xxxxx, TLS
protocols = imap service imap-login { inet_listener imap { port = 0 } inet_listener imaps { address = 199.233.228.197 } }
inet_listener imap {
port = 143 <-- use it for TLS, its possiblethis is why fails as its falling back to TLS, i cant test that theory
} since we all use
android devices.
inet_listener imaps {
port = 993
}
Anyway, the fact you said thunderbird works, indicates it is not a cert issue, and I fail to see dovecot issue, have they tried another mail app?