verbose_ssl=yes would log more.
It didn't actually - just tried that, same result.
With that enabled Dovecot should log all alerts as warnings (as well
as anything else OpenSSL reports). Are you sure the log file you were
looking at contained also errors/warnings? With syslog they may be in
different files. See http://wiki.dovecot.org/Logging
Yes - it's logging everything to /var/log/maillog, just tested that. No error messages.
Also with verbose_ssl=yes Dovecot should have logged either "Invalid
certificate" or "Valid certificate". If it didn't, the client didn't
send any certificate. Although in that case the client still should
have tried to log in.. Wonder where that alert comes from.
Certainly didn't see that. For some reason I can't get ssldump to give me the type of alert it is seeing. I suspect it isn't decrypting although I've provided a key. Darren