Hello,
I got the issue fixed. Here's what it was, and my understanding is a little vague in some areas. I use letsencrypt for my certificates and one of the options I pass to acme.sh is the --ocsp option. This works fine for web servers apparently, but for some reason and here I get muddy depending on what I'm reading on Google, both Dovecot and Postfix do not support OCSP stapling, so when Thunderbird asks Dovecot about an OCSP response gets back faulty, invalid, or nothing, (I did say my knowledge was muddy) Thunderbird apparently concludes the certificate is invalid, expired, or whatever, and doesn't accept it.
This problem only occurs with Thunderbird, my phone with various email clients, and Outlook 2010 all work great, so I was unwilling to mess around with my certificates. What I ended up doing was going in to thunderbird's configuration editor and searching for ocsp there were a bunch of options, I turned all that were on or enabled off, restarted Thunderbird, and it fired right up.
Thanks and hope this helps someone. Dave.
On 4/20/20, Juri Haberland juri@koschikode.com wrote:
On 19.04.20 23:44, David Mehler wrote:
I'm using Dovecot 2.2, Postfix 3.5, and am atempting to get the latest version of Thunderbird to work. I tried account autoconfig which did not work, so I had to manually enter information and correct other information. On my server dovecot supports plane and login authentication methods but only over starttls i've got a letsencrypt certificate. My thunderbird configuration looks good, right hosts for incoming and outgoing mail, right ports, 143 starttls, and 587 smtp submission, and thunderbird has the authentication method set for normal password. This I interpreted to mean thunderbird is going to starttls then send the username and password. Thunderbird is giving me this error:
imap server does not support the selected authentication method
I realize this is vague, any suggestions?
What about showing what dovecot logged at that moment? Output from "doveconf -n" would be helpful, too.
Even though I don't use Thunderbird with STARTTLS (but with SSL/TLS on port 993) I'm pretty sure this should work.
Best, Juri