Re: [Dovecot] IMAP STARTTLS Problem
- markus@opsys.de markus@opsys.de:
Yep, I set the rights for the cert in Thunderbird. With this CERT SSL is working in Thunderbird but not with STARTTLS.
4440[af7d580]: bcde800:mail.opsys.de:NA:CreateNewLineFromSocket: 1 BAD TLS not available due to temporary reason
Your server responds it has a temporary problem. Set the server verbose to get more useful log output.
p@rick
P.S. And please keep this thread onlist.
That's the message I get from Thunderbird.
And that's the hole log:
4440[af7d580]: ImapThreadMainLoop entering [this=bcde800] 0[c0f140]: bcde800:mail.opsys.de:NA:SetupWithUrl: clearing IMAP_CONNECTION_IS_OPEN 4440[af7d580]: bcde800:mail.opsys.de:NA:ProcessCurrentURL: entering 4440[af7d580]: bcde800:mail.opsys.de:NA:ProcessCurrentURL:imap://markus%40opsys%2Ede@mail.opsys.de:143/select%3E.INBOX: = currentUrl 4440[af7d580]: ReadNextLine [stream=bc59ca8 nb=118 needmore=0] 4440[af7d580]: bcde800:mail.opsys.de:NA:CreateNewLineFromSocket: * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE STARTTLS AUTH=PLAIN AUTH=LOGIN] Dovecot ready.
4440[af7d580]: bcde800:mail.opsys.de:NA:SendData: 1 STARTTLS
4440[af7d580]: ReadNextLine [stream=bc59ca8 nb=49 needmore=0] 4440[af7d580]: bcde800:mail.opsys.de:NA:CreateNewLineFromSocket: 1 BAD TLS not available due to temporary reason
4440[af7d580]: try to log in 4440[af7d580]: IMAP auth: server caps 0x4405427, pref 0x1006, failed 0x0, avail caps 0x1006 4440[af7d580]: (GSSAPI = 0x1000000, CRAM = 0x20000, NTLM = 0x100000, MSN = 0x200000, PLAIN = 0x1000, LOGIN = 0x2, old-style IMAP login = 0x4)auth external IMAP login = 0x20000000 4440[af7d580]: trying auth method 0x1000 4440[af7d580]: got new password 4440[af7d580]: IMAP: trying auth method 0x1000 4440[af7d580]: PLAIN auth 4440[af7d580]: bcde800:mail.opsys.de:NA:SendData: 2 authenticate plain
4440[af7d580]: ReadNextLine [stream=bc59ca8 nb=4294967295 needmore=0] 4440[af7d580]: bcde800:mail.opsys.de:NA:CreateNewLineFromSocket: clearing IMAP_CONNECTION_IS_OPEN - rv = 80470002 4440[af7d580]: bcde800:mail.opsys.de:NA:TellThreadToDie: close socket connection 4440[af7d580]: bcde800:mail.opsys.de:NA:CreateNewLineFromSocket: (null) 4440[af7d580]: authlogin failed 4440[af7d580]: marking auth method 0x1000 failed 4440[af7d580]: IMAP auth: server caps 0x4405427, pref 0x1006, failed 0x1000, avail caps 0x6 4440[af7d580]: (GSSAPI = 0x1000000, CRAM = 0x20000, NTLM = 0x100000, MSN = 0x200000, PLAIN = 0x1000, LOGIN = 0x2, old-style IMAP login = 0x4)auth external IMAP login = 0x20000000 4440[af7d580]: trying auth method 0x2 4440[af7d580]: login failed entirely
-- state of mind ()
Franziskanerstraße 15 Telefon +49 89 3090 4664 81669 München Telefax +49 89 3090 4666
Amtsgericht München Partnerschaftsregister PR 563
Am 06.05.2012 20:57, schrieb Patrick Ben Koetter:
- markus@opsys.demarkus@opsys.de:
Yep, I set the rights for the cert in Thunderbird. With this CERT SSL is working in Thunderbird but not with STARTTLS.
4440[af7d580]: bcde800:mail.opsys.de:NA:CreateNewLineFromSocket: 1 BAD TLS not available due to temporary reason Your server responds it has a temporary problem. Set the server verbose to get more useful log output.
p@rick
P.S. And please keep this thread onlist.
That's the message I get from Thunderbird.
And that's the hole log:
4440[af7d580]: ImapThreadMainLoop entering [this=bcde800] 0[c0f140]: bcde800:mail.opsys.de:NA:SetupWithUrl: clearing IMAP_CONNECTION_IS_OPEN 4440[af7d580]: bcde800:mail.opsys.de:NA:ProcessCurrentURL: entering 4440[af7d580]: bcde800:mail.opsys.de:NA:ProcessCurrentURL:imap://markus%40opsys%2Ede@mail.opsys.de:143/select%3E.INBOX: = currentUrl 4440[af7d580]: ReadNextLine [stream=bc59ca8 nb=118 needmore=0] 4440[af7d580]: bcde800:mail.opsys.de:NA:CreateNewLineFromSocket: * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE STARTTLS AUTH=PLAIN AUTH=LOGIN] Dovecot ready.
4440[af7d580]: bcde800:mail.opsys.de:NA:SendData: 1 STARTTLS
4440[af7d580]: ReadNextLine [stream=bc59ca8 nb=49 needmore=0] 4440[af7d580]: bcde800:mail.opsys.de:NA:CreateNewLineFromSocket: 1 BAD TLS not available due to temporary reason
4440[af7d580]: try to log in 4440[af7d580]: IMAP auth: server caps 0x4405427, pref 0x1006, failed 0x0, avail caps 0x1006 4440[af7d580]: (GSSAPI = 0x1000000, CRAM = 0x20000, NTLM = 0x100000, MSN = 0x200000, PLAIN = 0x1000, LOGIN = 0x2, old-style IMAP login = 0x4)auth external IMAP login = 0x20000000 4440[af7d580]: trying auth method 0x1000 4440[af7d580]: got new password 4440[af7d580]: IMAP: trying auth method 0x1000 4440[af7d580]: PLAIN auth 4440[af7d580]: bcde800:mail.opsys.de:NA:SendData: 2 authenticate plain
4440[af7d580]: ReadNextLine [stream=bc59ca8 nb=4294967295 needmore=0] 4440[af7d580]: bcde800:mail.opsys.de:NA:CreateNewLineFromSocket: clearing IMAP_CONNECTION_IS_OPEN - rv = 80470002 4440[af7d580]: bcde800:mail.opsys.de:NA:TellThreadToDie: close socket connection 4440[af7d580]: bcde800:mail.opsys.de:NA:CreateNewLineFromSocket: (null) 4440[af7d580]: authlogin failed 4440[af7d580]: marking auth method 0x1000 failed 4440[af7d580]: IMAP auth: server caps 0x4405427, pref 0x1006, failed 0x1000, avail caps 0x6 4440[af7d580]: (GSSAPI = 0x1000000, CRAM = 0x20000, NTLM = 0x100000, MSN = 0x200000, PLAIN = 0x1000, LOGIN = 0x2, old-style IMAP login = 0x4)auth external IMAP login = 0x20000000 4440[af7d580]: trying auth method 0x2 4440[af7d580]: login failed entirely
Now I got this: May 6 22:38:35 opsys dovecot: imap-login: Disconnected (no auth attempts): rip=84.150.37.251, lip=78.46.216.126, TLS: SSL_read() failed: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
What have I to do now? The cert is signed by myself.
- Markus Fritz markus@opsys.de:
Am 06.05.2012 20:57, schrieb Patrick Ben Koetter:
- markus@opsys.demarkus@opsys.de:
Yep, I set the rights for the cert in Thunderbird. With this CERT SSL is working in Thunderbird but not with STARTTLS.
4440[af7d580]: bcde800:mail.opsys.de:NA:CreateNewLineFromSocket: 1 BAD TLS not available due to temporary reason Your server responds it has a temporary problem. Set the server verbose to get more useful log output.
Now I got this: May 6 22:38:35 opsys dovecot: imap-login: Disconnected (no auth attempts): rip=84.150.37.251, lip=78.46.216.126, TLS: SSL_read() failed: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
What have I to do now? The cert is signed by myself.
You need to import your CAs certificate into TB.
p@rick
-- state of mind () Digitale Kommunikation
Franziskanerstraße 15 Telefon +49 89 3090 4664 81669 München Telefax +49 89 3090 4666
Amtsgericht München Partnerschaftsregister PR 563
Am 07.05.2012 09:56, schrieb Patrick Ben Koetter:
- Markus Fritzmarkus@opsys.de:
Am 06.05.2012 20:57, schrieb Patrick Ben Koetter:
- markus@opsys.demarkus@opsys.de:
Yep, I set the rights for the cert in Thunderbird. With this CERT SSL is working in Thunderbird but not with STARTTLS.
4440[af7d580]: bcde800:mail.opsys.de:NA:CreateNewLineFromSocket: 1 BAD TLS not available due to temporary reason Your server responds it has a temporary problem. Set the server verbose to get more useful log output.
Now I got this: May 6 22:38:35 opsys dovecot: imap-login: Disconnected (no auth attempts): rip=84.150.37.251, lip=78.46.216.126, TLS: SSL_read() failed: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
What have I to do now? The cert is signed by myself. You need to import your CAs certificate into TB.
p@rick
I imported the .pem public file, it's there and I set the trust status in Thunderbird. It still won't work. Screenshot: http://snpr.cm/hLClYx.png
- Markus Fritz markus@opsys.de:
Am 07.05.2012 09:56, schrieb Patrick Ben Koetter:
- Markus Fritzmarkus@opsys.de:
Am 06.05.2012 20:57, schrieb Patrick Ben Koetter:
- markus@opsys.demarkus@opsys.de:
Yep, I set the rights for the cert in Thunderbird. With this CERT SSL is working in Thunderbird but not with STARTTLS.
4440[af7d580]: bcde800:mail.opsys.de:NA:CreateNewLineFromSocket: 1 BAD TLS not available due to temporary reason Your server responds it has a temporary problem. Set the server verbose to get more useful log output.
Now I got this: May 6 22:38:35 opsys dovecot: imap-login: Disconnected (no auth attempts): rip=84.150.37.251, lip=78.46.216.126, TLS: SSL_read() failed: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
What have I to do now? The cert is signed by myself. You need to import your CAs certificate into TB.
p@rick
I imported the .pem public file, it's there and I set the trust status in Thunderbird. It still won't work. Screenshot: http://snpr.cm/hLClYx.png
This looks like your server certificate and not like your CA certificate.
p@rick
-- state of mind () Digitale Kommunikation
Franziskanerstraße 15 Telefon +49 89 3090 4664 81669 München Telefax +49 89 3090 4666
Amtsgericht München Partnerschaftsregister PR 563
Am 07.05.2012 10:16, schrieb Patrick Ben Koetter:
- Markus Fritzmarkus@opsys.de:
Am 07.05.2012 09:56, schrieb Patrick Ben Koetter:
- Markus Fritzmarkus@opsys.de:
Am 06.05.2012 20:57, schrieb Patrick Ben Koetter:
- markus@opsys.demarkus@opsys.de:
Yep, I set the rights for the cert in Thunderbird. With this CERT SSL is working in Thunderbird but not with STARTTLS.
4440[af7d580]: bcde800:mail.opsys.de:NA:CreateNewLineFromSocket: 1 BAD TLS not available due to temporary reason Your server responds it has a temporary problem. Set the server verbose to get more useful log output.
Now I got this: May 6 22:38:35 opsys dovecot: imap-login: Disconnected (no auth attempts): rip=84.150.37.251, lip=78.46.216.126, TLS: SSL_read() failed: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
What have I to do now? The cert is signed by myself. You need to import your CAs certificate into TB.
p@rick
I imported the .pem public file, it's there and I set the trust status in Thunderbird. It still won't work. Screenshot: http://snpr.cm/hLClYx.png This looks like your server certificate and not like your CA certificate.
p@rick
Okay, I resolved the error. I had to change the protocols setting in dovecot.conf. It was: protocols = imap imaps pop3 pop3s changed to: protocols = imaps pop3s
Now everything works fine and who will use his Mail unencrypted?
participants (2)
-
Markus Fritz
-
Patrick Ben Koetter