[Dovecot] Dovecot with STARTTLS
Dovecot rc7
I have Dovecot working fine with using SSL on port 995. However, if I attempt to use STARTTLS on port 110, I receive the following error message from my MUA:
Connecting to "192.168.0.2" (SSL/TLS) [9/1/2006 5:36:12 PM] <<< +OK Seibercom.net at your service [ISafe POP3 Proxy] STLS +OK Begin TLS negotiation now.
The connection then times out. This is the only entry in the Dovecot.log:
dovecot: Sep 01 17:36:52 Info: pop3-login: Disconnected: Inactivity: rip=192.168.0.4, lip=192.168.0.2, TLS handshake
Does anyone have an idea what the problem might be?
Thanks!
Gerard Seibert gerard@seibercom.net
+OK Seibercom.net at your service [ISafe POP3 Proxy] STLS +OK Begin TLS negotiation now.
The connection then times out. This is the only entry in the Dovecot.log:
dovecot: Sep 01 17:36:52 Info: pop3-login: Disconnected: Inactivity: rip=192.168.0.4, lip=192.168.0.2, TLS handshake
Does anyone have an idea what the problem might be?
My guess that problem caused by Antivirus/Antispam solution you are using.
Regards, Vaidas
Vaidas Pilkauskas wrote:
[...]
My guess that problem caused by Antivirus/Antispam solution you are using.
Nothing personal, but I would rather a solution as opposed to a guess. Furthermore, if AV were involved, and I have already ruled that out by shutting down every none essential application prior to attempting the connection, then in all likelihood the connection would fail on a connection attempt via SSL and port 995.
I Googled and found that someone else had experienced this problem also. There was a patch for it, but it was for an older version of Dovecot. I doubt that it would be relevant to this version.
-- Gerard Seibert gerard@seibercom.net
Think about it: The *average* American has one tit and one testicle.
Hi,
looking at the prompt you get :
"+OK Seibercom.net at your service [ISafe POP3 Proxy]"
It's clear that there is something between your mail client and dovecot. On my server, I get :
"+OK Dovecot ready."
Searching for "ISafe POP3 Proxy" brings me to "Computer Associates eTrust AntiVirus". So it look that you still have it underway.
Charles
On sam, 2006-09-02 at 05:36 -0400, Dovecot Mailing List wrote:
Vaidas Pilkauskas wrote:
[...]
My guess that problem caused by Antivirus/Antispam solution you are using.
Nothing personal, but I would rather a solution as opposed to a guess. Furthermore, if AV were involved, and I have already ruled that out by shutting down every none essential application prior to attempting the connection, then in all likelihood the connection would fail on a connection attempt via SSL and port 995.
I Googled and found that someone else had experienced this problem also. There was a patch for it, but it was for an older version of Dovecot. I doubt that it would be relevant to this version.
-- Charles Bueche charles@bueche.ch sand, snow, wave, wind and net -surfer
On Sep 2, 2006, at 9:02 , Charles Bueche wrote:
Hi,
looking at the prompt you get :
"+OK Seibercom.net at your service [ISafe POP3 Proxy]"
It's clear that there is something between your mail client and
dovecot. On my server, I get :"+OK Dovecot ready."
Searching for "ISafe POP3 Proxy" brings me to "Computer Associates eTrust AntiVirus". So it look that you still have it underway.
found the problem, if anyone else has the same, please get in touch.
Rob
On Sep 2, 2006, at 11:03 , Gerard Seibert wrote:
On Saturday 02 September 2006 13:01, Rob Lingelbach wrote:
found the problem, if anyone else has the same, please get in touch.
OK, how do I solve the problem?
assuming you have the same problem I did, which is outlined in the
following query to the group,
On Sep 2, 2006, at 11:03 , Gerard Seibert wrote:
On Saturday 02 September 2006 13:01, Rob Lingelbach wrote:
found the problem, if anyone else has the same, please get in touch.
OK, how do I solve the problem?
http://www.linuxforums.org/forum/linux-tutorials-howtos-reference- material/31487-selinux-fedora-core-workstations.html
i realize this is cryptic, but once one has an understanding of the
hidden attributes of SELinux it becomes clearer, assuming
you have the same problem I did.
My problem, to be more specific, was that I had done a stupid thing a
few days ago and affixed the http attribute to all my $HOME
files thinking (in a quick fix mode) that this would allow
squirrelmail and IMAP to access them. Read carefully the above
reference
and I hope you can solve the same problem I did.
Rob
Gerard Seibert wrote:
On Saturday 02 September 2006 13:01, Rob Lingelbach wrote:
found the problem, if anyone else has the same, please get in touch.
OK, how do I solve the problem?
Rob's problem was different to yours, I think he may have accidentally replied to the wrong thread. What you need to do before you can even try to fix any problems you may have is to TURN OFF YOUR ANTIVIRUS, whether it be on your local machine, an upstream transparent proxy, or the mail server itself, unless you can turn it off or bypass it, as has already been suggested to you, there's just no way we can even start to look at your problem.
On Saturday 02 September 2006 19:29, Peter Fern wrote:
[...]
Rob's problem was different to yours, I think he may have accidentally replied to the wrong thread. What you need to do before you can even try to fix any problems you may have is to TURN OFF YOUR ANTIVIRUS, whether it be on your local machine, an upstream transparent proxy, or the mail server itself, unless you can turn it off or bypass it, as has already been suggested to you, there's just no way we can even start to look at your problem.
I already solved it. It seems that the version of CA (Computer Associates) ISafe POP3 Proxy that ZA (Zone Alarm) is using on their top of the line products is not RFC 2595 compliant.
I did not at first realize that disabling ZA did not also shut down the AV mail proxy. I had thought it would since they load together. ZA is aware of the problem and has a work around for it. However, they claim it is CA's prob;em to correct. This bug had existed for over a year and CA has no intention of rewriting the source code to correct until they do a major upgrade. Evidently, it is not just a small one or two line patch job.
If anyone else is having problems accessing Dovecot via STARTTLS with ZA installed I can assist them in modifying their ZA configuration.
-- Gerard Seibert gerard@seibercom.net
Female rabbits: The gift that just "keeps on giving."
participants (6)
-
Charles Bueche
-
Dovecot Mailing List
-
Gerard Seibert
-
Peter Fern
-
Rob Lingelbach
-
Vaidas Pilkauskas