[Dovecot] Logout after SSL/TLS negociation
Hi All,
I've set up Dovecot to use my signed SSL certificate and IMAP client is using STARTTLS on port 143 without secure authentication.
The TLS negociation process seems to go through ok but once the negociation is finished the client sends an IMAP LOGOUT message; he does not try to authenticate, below is the Dovecot's info log:
dovecot: 2010-06-15 15:37:01 Info: auth(default): new auth connection: pid=3932 dovecot: 2010-06-15 15:37:03 Info: imap-login: Aborted login (0 authentication attempts): rip=130.100.32.54, lip=10.0.3.3, TLS
I've decrypted the TLS negociation thanks to Wireshark (in SSL preferences I added the certificate's private key to decode the stream between client and server) but unfortunately it does not say why the client is sending the LOGOUT command.
Do you have an idea of what could be wrong in my server set up? What debugging process would you advise me to follow?
Thanks a lot for your precious help.
Bastien
View this message in context: http://old.nabble.com/Logout-after-SSL-TLS-negociation-tp28900688p28900688.h... Sent from the Dovecot mailing list archive at Nabble.com.
On Wed, Jun 16, 2010 at 05:22, bmfr bastien.murzeau@palomanetworks.com wrote:
I've set up Dovecot to use my signed SSL certificate and IMAP client is using STARTTLS on port 143 without secure authentication.
The TLS negociation process seems to go through ok but once the negociation is finished the client sends an IMAP LOGOUT message; he does not try to authenticate, below is the Dovecot's info log:
dovecot: 2010-06-15 15:37:01 Info: auth(default): new auth connection: pid=3932 dovecot: 2010-06-15 15:37:03 Info: imap-login: Aborted login (0 authentication attempts): rip=130.100.32.54, lip=10.0.3.3, TLS
I've decrypted the TLS negociation thanks to Wireshark (in SSL preferences I added the certificate's private key to decode the stream between client and server) but unfortunately it does not say why the client is sending the LOGOUT command.
Do you have an idea of what could be wrong in my server set up? What debugging process would you advise me to follow?
What client are you using? Have you tried other clients to see if they do the same LOGOUT?
Hi Phil,
Thanks for your reply, I'm using a thrid party IMAP client (can not disclose its name) and testing with other IMAP clients work. I'm wondering if you had an idea of what could trigger this LOGOUT msg from the client and if it could be something I could fix from the server side.
Thank you very much for your time, any log you need please let me know,
Bastien
Phil Howard-12 wrote:
On Wed, Jun 16, 2010 at 05:22, bmfr bastien.murzeau@palomanetworks.com wrote:
I've set up Dovecot to use my signed SSL certificate and IMAP client is using STARTTLS on port 143 without secure authentication.
The TLS negociation process seems to go through ok but once the negociation is finished the client sends an IMAP LOGOUT message; he does not try to authenticate, below is the Dovecot's info log:
dovecot: 2010-06-15 15:37:01 Info: auth(default): new auth connection: pid=3932 dovecot: 2010-06-15 15:37:03 Info: imap-login: Aborted login (0 authentication attempts): rip=130.100.32.54, lip=10.0.3.3, TLS
I've decrypted the TLS negociation thanks to Wireshark (in SSL preferences I added the certificate's private key to decode the stream between client and server) but unfortunately it does not say why the client is sending the LOGOUT command.
Do you have an idea of what could be wrong in my server set up? What debugging process would you advise me to follow?
What client are you using? Have you tried other clients to see if they do the same LOGOUT?
-- View this message in context: http://old.nabble.com/Logout-after-SSL-TLS-negociation-tp28900688p28903641.h... Sent from the Dovecot mailing list archive at Nabble.com.
On 2010-06-16 10:42 AM, bmfr wrote:
I'm using a thrid party IMAP client (can not disclose its name)
? wtf
I'm wondering if you had an idea of what could trigger this LOGOUT msg from the client and if it could be something I could fix from the server side.
Yes absolutely (can not disclose the details)...
--
Best regards,
Charles
On Wed, Jun 16, 2010 at 10:42, bmfr bastien.murzeau@palomanetworks.com wrote:
Hi Phil,
Thanks for your reply, I'm using a thrid party IMAP client (can not disclose its name) and testing with other IMAP clients work. I'm wondering if you had an idea of what could trigger this LOGOUT msg from the client and if it could be something I could fix from the server side.
I know of no such behaviour with clients I've been using (AppleMail, Evolution, Outlook, Thunderbird). So I have to suspect something in that third party client itself. Maybe the people who support it can tell you how to enabled client debugging modes that give more detail than just the IMAP traffic. Apparently it is making the decision to do a LOGOUT.
One speculation is that the server certificate was not authenticated via a known CA certificate. Is the server certificate signed by a well known (to the client) certificate authority? Ordinarily, a client encountering this should notify you about it, somehow (popup in GUI, messages in text, syslog for web based, etc). Check such logs, too.
participants (3)
-
bmfr
-
Charles Marcus
-
Phil Howard