Thank you, see my answers below.
-----Original Message----- From: Steffen Kaiser [mailto:skdovecot@smail.inf.fh-brs.de] Sent: Tuesday, December 16, 2014 12:30 AM To: Wayne Andersen Cc: dovecot@dovecot.org Subject: Re: Problem with TLS and Outlook 2010
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Thu, 11 Dec 2014, Wayne Andersen wrote:
Log onto incoming mail server (IMAP): A secure connection to the server cannot be established.
I have set the port to 143,993,995 none of them work, and the security to TLS.
993 is IMAP-over-SSL, which is probably not named "TLS", but "SSL" in Outlook. Usually "TLS" means to use STARTTLS. See: http://www.cs.umd.edu/faq/mailclient/outlook.html But there are a lot of different Outlook versions and different names for settings.
My preference is STARTTLS, which I assumed I would get by selecting port 143 and TLS.
IMAP: 14:48:40 [db] srv_name = "mail.mydomain.com" srv_addr = 174.46.198.101:143
is this IP correct?
Yes, it is correct.
IMAP: 14:48:40 [rx] * OK [CAPABILITY IMAP4REV1 LOGIN-REFERRALS IDLE AUTH=PLAIN AUTH=LOGIN] Dovecot ready. ß----- not seeing the STARTTLS capability here.
Do you have a local Firewall or a Cisco-Router between this client and the server? Some firewalls filter out STARTTLS in order to scan the transferred content.
No, all of these machines are on a local subnet.
C:\OpenSSL-Win64\bin>openssl.exe s_client -connect mail.mydomain.com:993
verify error:num=20:unable to get local issuer certificate ß--- Yes I see this and it may be an issue, but this certificate exist and is valid.
openssl does not guess certificates, you need to specify them on command line.
I am not sure I understand this. Dovecot has the certificate chain, which it should send to the client if I understand correctly. There may be an issue with the format of the certificate chain file, but if there is I dont know how to fix it.
From a linux client I get :
- OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=PLAIN AUTH=LOGIN] Dovecot ready.
I do see STARTTLS here.
does this client run in the same network as the windows client?
Yes, same local subnet, in fact the Linux client is a virtual machine running on the same machine as the windows client.
Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux)
iQEVAwUBVI/fZHz1H7kL/d9rAQJivAgAiatTp5CXbTEwKMN5HTHvN9B4BB3sIN 99 P8adumkEAZ5AZVIRSfmWvhGf77jsyC5/Rxc/R2OuqY+hLUkyU0svu6OqhNME gXrR hA9PFUp3MXj4FBzxkFMOC/RKdzyClNuPEAAwUU/IvZugRhF95C9+5fa66rKIXg Dl /s5eKhcml9M1Zx4qK0336XmV6W0VXXiOJM1YBSwUt/yq0NseUuyDE6+FS50z +5kL lIk7BRf3p/pJC8hUBJmtVu67S0ZSUD6i9kYbuKvpd7bAfWDOMtXDZTRl8VoEVJ Wg QXz7fF1FPy7KqEo67gthkMwwTeXeN6tHm0cpgu53FnXZEVSKR+nuuQ== =VHS1 -----END PGP SIGNATURE-----