auth service over tls
Hi, I'm trying running tls connections for both auth and lmtp services. For lmtp it is ok, for auth service I couldnt make it. I configure dovecot with the next configuration in file "conf.d/10-myconfig.conf":
service auth { inet_listener { name = dovecot_auth address = 127.0.0.1 port = 12345 ssl = yes } user = mail # I've also tried with different users and without set it as well. }
service lmtp { inet_listener { name = dovecot_lmtp address = 127.0.0.1 port = 24 ssl = yes } }
Is something else I'm missing?
Hi, I'm trying running tls connections for both auth and lmtp services. For lmtp it is ok, for auth service I couldnt make it. I configure dovecot with the next configuration in file "conf.d/10-myconfig.conf":
service auth { inet_listener { name = dovecot_auth address = 127.0.0.1 port = 12345 ssl = yes } user = mail # I've also tried with different users and without set it as well. }
service lmtp { inet_listener { name = dovecot_lmtp address = 127.0.0.1 port = 24 ssl = yes } }
Is something else I'm missing?
Yep, testing purpose. In my config i set both lmtp and auth services with "ssl = yes", and then launch a client TLS connection: openssl s_client -servername mail.sample.com -connect localhost:12345 (and in port 24) What I saw is:
- port 24 port (lmtp) - TLS handshake was done
- 12345 port (SASL auth) - Error version <something>
So later I did:
$ telnet localhost 12345
Below is the trace of the conversation, where <Server> is what server returns me, and <Me> is the command I introduced. Note: spaces showed below are <TAB>, like specified here https://doc.dovecot.org/developer_manual/design/auth_protocol/
<Server> VERSION 1 2 <Server> MECH PLAIN plaintext <Server> MECH LOGIN plaintext <Server> SPID 478 <Server> CUID 11 <Server> COOKIE 37fefe8d32a7efd948538b7a33067e2d <Server> DONE <Me> VERSION 1 0 <Me> CPID 87 <Me> AUTH 11 LOGIN service=smtp debug <Me> AUTH 11 LOGIN service=smtp debug <Server> CONT 11 VXNlcm5hbWU6 <Me> CONT 11 dGVzdA== <Server> CONT 11 UGFzc3dvcmQ6 <Me> CONT 11 ZBmtdC== <Server> OK 11 user=test
So now what? How can I list the commands available? I didn't see in the docs where to find this info.
On 17/11/2023 13:55 EET hameos.yup@gmail.com wrote:
Yep, testing purpose. In my config i set both lmtp and auth services with "ssl = yes", and then launch a client TLS connection: openssl s_client -servername mail.sample.com -connect localhost:12345 (and in port 24) What I saw is:
- port 24 port (lmtp) - TLS handshake was done
- 12345 port (SASL auth) - Error version <something>
So later I did:
$ telnet localhost 12345Below is the trace of the conversation, where <Server> is what server returns me, and <Me> is the command I introduced. Note: spaces showed below are <TAB>, like specified here https://doc.dovecot.org/developer_manual/design/auth_protocol/
<Server> VERSION 1 2 <Server> MECH PLAIN plaintext <Server> MECH LOGIN plaintext <Server> SPID 478 <Server> CUID 11 <Server> COOKIE 37fefe8d32a7efd948538b7a33067e2d <Server> DONE <Me> VERSION 1 0 <Me> CPID 87 <Me> AUTH 11 LOGIN service=smtp debug <Me> AUTH 11 LOGIN service=smtp debug <Server> CONT 11 VXNlcm5hbWU6 <Me> CONT 11 dGVzdA== <Server> CONT 11 UGFzc3dvcmQ6 <Me> CONT 11 ZBmtdC== <Server> OK 11 user=test
So now what? How can I list the commands available? I didn't see in the docs where to find this info.
Not sure what "commands" you are after? The OK 11 says it's succeeded for user test.
Aki
Ok ok, so the conversation is done. Just checking if it allows you to introduce other commands.
hameos.yup@gmail.com skrev den 2023-11-17 13:10:
Ok ok, so the conversation is done. Just checking if it allows you to introduce other commands.
just stop using telnet if tls is tested, use openssl s_client .... is the only supported DEBUG tool, dont add debug in config if not asked
participants (4)
-
Aki Tuomi
-
Benny Pedersen
-
hameos.yup@gmail.com
-
ibra