[Dovecot] Dovecot vs.Clients - strange behaviour, diagnostics sought
I've been experimenting with dovecot-1.0-stable on Solaris. Storage format is mbox. Dovecot, in test, runs in parallel with an UW IMAP, with dovecot running SSL-only on port 994.
It seems to work to some extent:
* dovecot runs
* authentication works
* SSL works
* all manual IMAP functionality checks seem to work fineHowever, I'm running into issues with IMAP clients.
Null client: I started by using telnet as a client, and talking IMAP manually. Seems OK.
Mutt: "mutt -f imap://my.imap.server:994" seems to work well, although mutt keeps reporting details about the SSL certificate, informs me that it belongs to the proper server and is a valid Globalsign-issued certificate -- and keeps insisting I either reject it or accept it once.
Apple Mail (Panther's version, 1.3.11 (v622)) works, though it seems to have problems with large mailboxes. Then again, it had these same problems with other IMAP servers as well.
Thunderbird doesn't work at all. After some waiting, it bums out and reports:
Unable to connect to your IMAP server. You may have exceeded the maximum number of conenctions to this server. If so, use the Advanced IMAP Server Settings dialog to reduce the number of cached connections.
Note that it never even shows an authentication dialog, and the only thing I see in dovecot's log that relates to Thunderbirds attempt is:
dovecot: Jul 20 09:41:09 Info: imap-login: Disconnected:
Inactivity [131.211.143.87]
I'm at a loss as to what's causing this. On the one hand, dovecot seems operational, on the other hand at least one client can do nothing with it.
All debugging/logging options are enabled. What am I missing?
On Wed, Jul 20, 2005 at 09:48:27AM +0200, Jeroen Scheerder wrote: [...]
Set the certificate_file variable to something writable by you. It's unset by default AFAIR, hence mutt keeps asking.
-- Dominik 'Rathann' Mierzejewski <rathann*at*icm.edu.pl> Interdisciplinary Centre for Mathematical and Computational Modelling Warsaw University | http://www.icm.edu.pl | tel. +48 (22) 5540810
Jeroen Scheerder wrote:
See, this one doesn't make a lot of sense to me. I've been running dovecot on Solaris for quite some time now, with an almost entirely Thunderbird user base. The only difference is I'm not using it for SSL connections.
From what I've seen, MANY people on this list DO run Dovecot w/ SSL and Thunderbird. There have been a few bugs, but I don't recall seeing this one.
-- Curtis
Curtis Maloney wrote:
I'm running Dovecot-1.0-stable on Solaris with Thunderbird OK, but, again, without SSL. Have you tried it without SSL? Can you get a packet trace (use Solaris "snoop" then look at it with Ethereal) or use rawlog (I think you have to compile support for the latter into Dovecot)?
Best Wishes, Chris
-- --+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+- Christopher Wakelin, c.d.wakelin@reading.ac.uk IT Services Centre, The University of Reading, Tel: +44 (0)118 378 8439 Whiteknights, Reading, RG6 2AF, UK Fax: +44 (0)118 975 3094
Curtis Maloney:
That's nice to know. :-)
My dovecot is running alongside another IMAP server. Dovecot, with SSL enabled, runs on port 994. What I really wish to do, is to make it an SSL-only service.
Thunderbird, in my test setup, is configured to use SSL. I did notice, though (if a bit unexpectedly) that the service on port 994 is plain, albeit with STARTTLS. Mutt and Apple's mail recognize that, switch to TLS, and work. Maybe Thunderbird doesn't handle this equally gracefully; will try tomorrow.
Regards, Jeroen.
Jeroen Scheerder wrote:
[...]
[...]
That's it. Thunderbird tried to talk ssl to a plain imap service, which horribly failed.
Over to SquirrelMail, and LDAP authentication with true LDAP authentication (i.e. without access to the password crypts). Yay!
Jeroen Scheerder wrote:
[...]
That's it. Thunderbird tried to talk ssl to a plain imap service, which horribly failed.
Well, having an IMAPS-only dovecot on port 994 fixed things for Thunderbird, mutt still works, but Apple Mail (Panther, 1.3.11 (v622)) won't anymore. I guess "SSL" in Apple Mail really means "no SLL, but STARTTLS once connected". Sheesh.
On Thu, 21 Jul 2005, Jeroen Scheerder wrote:
Why is it on port 994 -- is that a typo?
IMAPS is port 993. Here, using 1.0-stable, the port 993 service is pure SSL and not clear-with-STARTTLS.
-- -- Todd Vierling <tv@duh.org> <tv@pobox.com> <todd@vierling.name>
Todd Vierling wrote:
[...]
No. I'm testing the water for dovecot deployment, and have set up dovecot side by side with another IMAP daemon (so a loaded and active mailstore is available).
Thunderbird seems to run fine now; a matter of applying the proper ssl_listen to get that port pure SSL, alongside a clear-plus-starttls one.
It looks like Mail.app treats "non-standard" ports differently. On the standard port (993), the "SSL" option seems to do pure SSL; but with another port specified, it does clean-plus-starttls (and hence fails horribly, because it's talking to a pure SSl service).
Regards, Jeroen.
participants (5)
-
Chris Wakelin
-
Curtis Maloney
-
Dominik 'Rathann' Mierzejewski
-
Jeroen Scheerder
-
Todd Vierling