[Dovecot] TLS timeout with Thunderbird
I'm trying to get dovecot working with various clients on my new
mailserver. I installed the base rc2 that comes with OpenBSD 4.0,
then upgraded to rc14 when I ran into problems with TLS and
Thunderbird. The server has no problems with Mail.app on my laptop,
but any connection attempts from Thunderbird timeout after the TCP
handshake.
13:53:41.074438 66.x.x.2.50483 > 38.x.x.248.993: S
3787736038:3787736038(0) win 65535 <mss 1460,nop,wscale
0,nop,nop,timestamp 2064284084 0,sackOK,eol> (DF)
13:53:41.074554 38.x.x.248.993 > 66.x.x.2.50483: S
1565942120:1565942120(0) ack 3787736039 win 16384 <mss
1460,nop,nop,sackOK,nop,wscale 0,nop,nop,timestamp 2681405076
2064284084> (DF)
13:53:41.459434 66.x.x.2.50483 > 38.x.x.248.993: . ack 1 win 65535
<nop,nop,timestamp 2064284084 2681405076> (DF)
13:53:47.028621 66.x.x.2.50483 > 38.x.x.248.993: F 1:1(0) ack 1 win
65535 <nop,nop,timestamp 2064284096 2681405076> (DF)
The only thing logged by dovecot is a disconnection event. There is
nothing else logged, even with ssl_verbose enabled.
Nov 17 14:23:05 colo2 dovecot: imap-login: Disconnected: rip=66.x.x. 2, lip=38.x.x.248, TLS handshake
This happens with Thunderbird 1.5.0.4 and 1.5.0.8 on Mac OS X, and
Thunderbird 1.5.0.7 on Windows 2000. Any ideas would be greatly
appreciated.
Thanks,
-- Jason Dixon DixonGroup Consulting http://www.dixongroup.net
On Nov 17, 2006, at 2:33 PM, Jason Dixon wrote:
I'm trying to get dovecot working with various clients on my new
mailserver. I installed the base rc2 that comes with OpenBSD 4.0,
then upgraded to rc14 when I ran into problems with TLS and
Thunderbird. The server has no problems with Mail.app on my
laptop, but any connection attempts from Thunderbird timeout after
the TCP handshake.This happens with Thunderbird 1.5.0.4 and 1.5.0.8 on Mac OS X, and
Thunderbird 1.5.0.7 on Windows 2000. Any ideas would be greatly
appreciated.
To add insult to injury, Office 2003 on Windows XP works fine.
-- Jason Dixon DixonGroup Consulting http://www.dixongroup.net
- November 17. 20:45, Jason Dixon:
On Nov 17, 2006, at 2:33 PM, Jason Dixon wrote:
I'm trying to get dovecot working with various clients on my new mailserver. I installed the base rc2 that comes with OpenBSD 4.0, then upgraded to rc14 when I ran into problems with TLS and Thunderbird. The server has no problems with Mail.app on my laptop, but any connection attempts from Thunderbird timeout after the TCP handshake.
This happens with Thunderbird 1.5.0.4 and 1.5.0.8 on Mac OS X, and Thunderbird 1.5.0.7 on Windows 2000. Any ideas would be greatly appreciated.
To add insult to injury, Office 2003 on Windows XP works fine.
Hi!
Really, this is just a long shot in the dark: I've recently experienced an issue with thunderbird; it was just hanging after "getting server capabilities...". I had to disable the antivirus software's Mail filter (it was Kaspersky's I think).
Hope this helps, Daniel
-- LeVA
On Nov 17, 2006, at 4:14 PM, LeVA wrote:
- November 17. 20:45, Jason Dixon:
On Nov 17, 2006, at 2:33 PM, Jason Dixon wrote:
I'm trying to get dovecot working with various clients on my new mailserver. I installed the base rc2 that comes with OpenBSD 4.0, then upgraded to rc14 when I ran into problems with TLS and Thunderbird. The server has no problems with Mail.app on my laptop, but any connection attempts from Thunderbird timeout after the TCP handshake.
This happens with Thunderbird 1.5.0.4 and 1.5.0.8 on Mac OS X, and Thunderbird 1.5.0.7 on Windows 2000. Any ideas would be greatly appreciated.
To add insult to injury, Office 2003 on Windows XP works fine.
Hi!
Really, this is just a long shot in the dark: I've recently experienced an issue with thunderbird; it was just
hanging after "getting server capabilities...". I had to disable the antivirus software's Mail filter (it was Kaspersky's I think).
There is no antivirus running on the Mac, so I doubt that's related.
Thanks though.
-- Jason Dixon DixonGroup Consulting http://www.dixongroup.net
Jason Dixon wrote: This happens with Thunderbird 1.5.0.4 and 1.5.0.8 on Mac OS X, and
Thunderbird 1.5.0.7 on Windows 2000. Any ideas would be greatly appreciated.
Dovecot works well with imaps and pops. I'm kind of surprised to hear that your Mail.app works. Is it really using TLS? Anyway, I'm sure if you switch to ssl instead, it will work. I have Thunderbird on Mac and Win doing it that way. There is some info in the wiki about how to configure.
Mark
On Nov 17, 2006, at 6:22 PM, Mark Nienberg wrote:
Jason Dixon wrote: This happens with Thunderbird 1.5.0.4 and 1.5.0.8 on Mac OS X, and
Thunderbird 1.5.0.7 on Windows 2000. Any ideas would be greatly
appreciated.Dovecot works well with imaps and pops. I'm kind of surprised to
hear that your Mail.app works. Is it really using TLS? Anyway,
I'm sure if you switch to ssl instead, it will work. I have
Thunderbird on Mac and Win doing it that way. There is some info
in the wiki about how to configure.
I stand corrected, Mail.app is using SSL (or at least, that's the
only option in the account settings). After changing Thunderbird to
use SSL, it makes a successful connection. I'm curious though; I
have verbose_ssl enabled, and all I see is that a TLS login was
completed. Why does it say TLS, if it's really using SSL? Why do we
not see any additional information about the session?
Nov 17 18:29:27 colo2 dovecot: imap-login: Login:
user=<jason@dixongroup.net>, method=PLAIN, rip=151.x.x.192,
lip=38.x.x.248, TLS
Thanks!
-- Jason Dixon DixonGroup Consulting http://www.dixongroup.net
On Fri, Nov 17, 2006 at 06:32:18PM -0500, Jason Dixon wrote:
On Nov 17, 2006, at 6:22 PM, Mark Nienberg wrote:
Jason Dixon wrote: This happens with Thunderbird 1.5.0.4 and 1.5.0.8 on Mac OS X, and
Thunderbird 1.5.0.7 on Windows 2000. Any ideas would be greatly
appreciated.Dovecot works well with imaps and pops. I'm kind of surprised to
hear that your Mail.app works. Is it really using TLS? Anyway,
I'm sure if you switch to ssl instead, it will work. I have
Thunderbird on Mac and Win doing it that way. There is some info
in the wiki about how to configure.I stand corrected, Mail.app is using SSL (or at least, that's the
only option in the account settings). After changing Thunderbird to
use SSL, it makes a successful connection. I'm curious though; I
have verbose_ssl enabled, and all I see is that a TLS login was
completed. Why does it say TLS, if it's really using SSL? Why do we
not see any additional information about the session?
Terminology. SSL has several versions: SSLv2, SSLv3, TLSv1. All are considered to be Secure Sockets Layer, with the last one being the most current version. I think what some folks think of when they hear "TLS" is the more modern way of negotiating an SSL/TLS connection via POP's STLS or IMAP's STARTTLS or SMTP's STARTTLS commands. Whether you use an "SSL" port (e.g. 465, 993, 995) or a non-SSL port (e.g. 25, 587, 143, 110) and negotiate "SSL", you are likely using TLSv1.
Nov 17 18:29:27 colo2 dovecot: imap-login: Login:
user=<jason@dixongroup.net>, method=PLAIN, rip=151.x.x.192,
lip=38.x.x.248, TLSThanks!
-- Jason Dixon DixonGroup Consulting http://www.dixongroup.net
--
Steven F. Siirila Office: Lind Hall, Room 130B Internet Services E-mail: sfs@umn.edu Office of Information Technology Voice: (612) 626-0244 University of Minnesota Fax: (612) 626-7593
On Nov 17, 2006, at 6:37 PM, Steven F Siirila wrote:
On Fri, Nov 17, 2006 at 06:32:18PM -0500, Jason Dixon wrote:
I stand corrected, Mail.app is using SSL (or at least, that's the only option in the account settings). After changing Thunderbird to use SSL, it makes a successful connection. I'm curious though; I have verbose_ssl enabled, and all I see is that a TLS login was completed. Why does it say TLS, if it's really using SSL? Why do we not see any additional information about the session?
Terminology. SSL has several versions: SSLv2, SSLv3, TLSv1. All are considered to be Secure Sockets Layer, with the last one being the most current version. I think what some folks think of when they hear "TLS" is the more modern way of negotiating an SSL/TLS connection via POP's STLS or IMAP's STARTTLS or SMTP's STARTTLS commands. Whether you use an "SSL" port (e.g. 465, 993, 995) or a non-SSL port (e.g. 25, 587, 143, 110) and negotiate "SSL", you are likely using
TLSv1.
Thanks for the explanation. Sounds like Thunderbird's "TLS" setting
probably means to try STARTTLS, rather than use TLSv1.
-- Jason Dixon DixonGroup Consulting http://www.dixongroup.net
Jason Dixon wrote:
Terminology. SSL has several versions: SSLv2, SSLv3, TLSv1. All are considered to be Secure Sockets Layer, with the last one being the most current version. I think what some folks think of when they hear "TLS" is the more modern way of negotiating an SSL/TLS connection via POP's STLS or IMAP's STARTTLS or SMTP's STARTTLS commands. Whether you use an "SSL" port (e.g. 465, 993, 995) or a non-SSL port (e.g. 25, 587, 143, 110) and negotiate "SSL", you are likely using
TLSv1.Thanks for the explanation. Sounds like Thunderbird's "TLS" setting
probably means to try STARTTLS, rather than use TLSv1.
That's true and it's the same for SMTP - and it's not the best possible I think. If you're interested in what lead to that naming, read through https://bugzilla.mozilla.org/show_bug.cgi?id=135357 (interesting part in respect to UI starts around comment 100).
Jürgen
On Fri, 2006-11-17 at 14:33 -0500, Jason Dixon wrote:
I'm trying to get dovecot working with various clients on my new mailserver. I installed the base rc2 that comes with OpenBSD 4.0, then upgraded to rc14 when I ran into problems with TLS and Thunderbird. The server has no problems with Mail.app on my laptop, but any connection attempts from Thunderbird timeout after the TCP handshake.
The SSL code has changed a lot since rc2, but I can't really see why this would be happening. Are rc2 and rc14 using the same OpenSSL library versions? And if you downgrade to rc2, does the problem go away? If you apply this patch, what does it log when Thunderbird logs in? RCS file: /var/lib/cvs/dovecot/src/login-common/ssl-proxy-openssl.c,v retrieving revision 1.37.2.12 diff -u -r1.37.2.12 ssl-proxy-openssl.c --- src/login-common/ssl-proxy-openssl.c 8 Nov 2006 20:51:30 -0000 1.37.2.12 +++ src/login-common/ssl-proxy-openssl.c 18 Nov 2006 20:20:28 -0000 @@ -323,6 +323,7 @@ int err; err = SSL_get_error(proxy->ssl, ret); + i_info("%s: ret=%d, err=%d", func_name, ret, err); switch (err) { case SSL_ERROR_WANT_READ:
On Nov 18, 2006, at 3:19 PM, Timo Sirainen wrote:
On Fri, 2006-11-17 at 14:33 -0500, Jason Dixon wrote:
I'm trying to get dovecot working with various clients on my new mailserver. I installed the base rc2 that comes with OpenBSD 4.0, then upgraded to rc14 when I ran into problems with TLS and Thunderbird. The server has no problems with Mail.app on my laptop, but any connection attempts from Thunderbird timeout after the TCP handshake.
The SSL code has changed a lot since rc2, but I can't really see why this would be happening. Are rc2 and rc14 using the same OpenSSL
library versions? And if you downgrade to rc2, does the problem go away?
It's already been covered in the thread, but it was user error.
Thunderbird's "TLS" setting apparently refers to STARTTLS, not TLSv1
(that's my theory, anyways). Setting it to SSL works fine.
Thanks,
-- Jason Dixon DixonGroup Consulting http://www.dixongroup.net
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Timo Sirainen schrieb:
On Fri, 2006-11-17 at 14:33 -0500, Jason Dixon wrote:
I'm trying to get dovecot working with various clients on my new mailserver. I installed the base rc2 that comes with OpenBSD 4.0, then upgraded to rc14 when I ran into problems with TLS and Thunderbird. The server has no problems with Mail.app on my laptop, but any connection attempts from Thunderbird timeout after the TCP handshake.
The SSL code has changed a lot since rc2, but I can't really see why this would be happening. Are rc2 and rc14 using the same OpenSSL library versions? And if you downgrade to rc2, does the problem go away?
If you apply this patch, what does it log when Thunderbird logs in?
RCS file: /var/lib/cvs/dovecot/src/login-common/ssl-proxy-openssl.c,v retrieving revision 1.37.2.12 diff -u -r1.37.2.12 ssl-proxy-openssl.c --- src/login-common/ssl-proxy-openssl.c 8 Nov 2006 20:51:30 -0000 1.37.2.12 +++ src/login-common/ssl-proxy-openssl.c 18 Nov 2006 20:20:28 -0000 @@ -323,6 +323,7 @@ int err;
err = SSL_get_error(proxy->ssl, ret); + i_info("%s: ret=%d, err=%d", func_name, ret, err);
switch (err) { case SSL_ERROR_WANT_READ:
Just a testing info I cant find any bug with tls Thunderbird Version 1.5.0.8 (20061025) windows xp srv 2 german and imap dovecot 1rc15 on suse 10.1, works like charme - -- Mit freundlichen Gruessen Best Regards Robert Schetterer robert_at_schetterer_dot_org Munich / Bavaria / Germany https://www.schetterer.org https://www.schetterer.com/public-gpg-robert-schetterer.key -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (MingW32) iD8DBQFFX6vnNxddAhXBw7QRAnrrAJ95aOk5jKiOXymETsebfI90iNJWXwCeMb99 fevnUcr+gvIAN2C1r2rjH5A= =bjd0 -----END PGP SIGNATURE----- -- Diese Nachricht wurde auf Viren und andere gefährliche Inhalte untersucht und ist - aktuelle Virenscanner vorausgesetzt - sauber.
participants (7)
-
Jason Dixon
-
Jürgen Herz
-
LeVA
-
Mark Nienberg
-
Robert Schetterer
-
Steven F Siirila
-
Timo Sirainen