On 2013-09-17 10:05, Reindl Harald wrote:
Am 17.09.2013 15:57, schrieb Dan Langille: On 2013-09-17 09:26, Reindl Harald wrote: Am 17.09.2013 15:01, schrieb Dan Langille: On 2013-09-17 08:43, Reindl Harald wrote: Am 17.09.2013 14:39, schrieb Dan Langille: On 2013-09-16 20:28, Noel Butler wrote: Since we just ruled this one out, might I suggest you grab the source and build it, install it all under /opt/dovecot that way it wont interfere with your ports installation and try that, the one you successfully just tested uses dovecot 2.1 not 2.2, so maybe try source of 2.1 and see if it works.
I just tried 2.1.16. The iPhone has no trouble on 143 but on 993, it's just like 2.2
But, if it does work on port 143 with TLS I wouldnt worry too much about it
tcpdump is showing me raw text going past, so I know I'm not getting TLS on either Dovecot 2.1 or 2.2
It seems that TLS is not supported by my client. Pity.
iPhone is the worst mail client on this planet but for sure supports TLS
Apple is here the same as Microsoft
- remove the account completly
- add it again and it will detect that encryption is available
Done. But tcpdump is still showing me plain text.
and you surely have "ssl = yes" in your configuration? "dovecot -n" does not show it here too while it is there
I do.
"dovecot -n" does not show it here too while it is there
*what* says "telnet your-server 143"
$ telnet imaps.unixathome.org 143 Trying 199.233.228.197... Connected to imaps.unixathome.org. Escape character is '^]'.
- OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=PLAIN] Dovecot ready.
if it is configured correctly you see "STARTTLS" in the capabilities if you do not see it than the problem is a completlöy different one
- OK [CAPABILITY IMAP4 IMAP4rev1 ACL RIGHTS=texk NAMESPACE CHILDREN SORT QUOTA THREAD=ORDEREDSUBJECT UNSELECT IDLE STARTTLS AUTH=CRAM-MD5 AUTH=DIGEST-MD5 AUTH=LOGIN AUTH=PLAIN AUTH=SCRAM-SHA-1]
may i suggest that you try a different mail client? pretty sure that this is one of the uncountable cases where Apple devices are failing
At present, I am using dovecot-1.2.17 on another server with a certificate from StartCom:
$ openssl s_client -connect nyi.unixathome.org:993 -quiet depth=0 /description=khACEsbS0LZ8es5F/C=US/CN=nyi.unixathome.org/emailAddress=postmaster@unixathome.org verify error:num=20:unable to get local issuer certificate verify return:1 depth=0 /description=khACEsbS0LZ8es5F/C=US/CN=nyi.unixathome.org/emailAddress=postmaster@unixathome.org verify error:num=27:certificate not trusted verify return:1 depth=0 /description=khACEsbS0LZ8es5F/C=US/CN=nyi.unixathome.org/emailAddress=postmaster@unixathome.org verify error:num=21:unable to verify the first certificate verify return:1
- OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE AUTH=PLAIN] Dovecot ready.
The server which fails me is running 2.1.16 (was 2.2 before this morning)
$ openssl s_client -connect imaps.unixathome.org:993 -quiet depth=0 /description=P4s7A2l6clvQRRJ4/C=US/CN=imaps.unixathome.org/emailAddress=postmaster@unixathome.org verify error:num=20:unable to get local issuer certificate verify return:1 depth=0 /description=P4s7A2l6clvQRRJ4/C=US/CN=imaps.unixathome.org/emailAddress=postmaster@unixathome.org verify error:num=27:certificate not trusted verify return:1 depth=0 /description=P4s7A2l6clvQRRJ4/C=US/CN=imaps.unixathome.org/emailAddress=postmaster@unixathome.org verify error:num=21:unable to verify the first certificate verify return:1
- OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN] Dovecot ready.
Somewhere, somehow, there is something vastly different and not working.
-- Dan Langille - http://langille.org/