[Dovecot] kmail + IMAPS
I have dovecot IMAPS + kmail working perfectly on two laptops - I'm using one now - but I just tried starting it on a third laptop, and cannot get it running; kmail on the third laptop just waits indefinitely, saying "Retrieving Folder Contents Please wait ...". All 3 laptops are running Fedora 7, with more or less the same packages, all updated.
(1) I suspect the problem lies with authentication. But how can I test this? Running "telnet <server> 993" gets the same response on all 3 laptops: [tim@elizabeth ~]$ telnet www.*.com 993 Trying 86.*.*.228... Connected to www.*.com. Escape character is '^]'. with no further response until I press ^].
I looked at http://wiki.dovecot.org/TestInstallation but this seems only to apply to IMAP on port 143.
(2) kmail has an option to "Check What the Server Supports" under the Security tag, but pressing this just returns without any message, leaving whatever settings as they are. (On the laptops where kmail is working as an IMAPS client, the settings are changed to "Use TLS ..." and "Clear text".)
I realise this is probably a kmail question, but shouldn't clicking on this option return some warning if it does not work?
(3) I guess I don't understand exactly how TLS authentication works. Does installing openssl set up the correct certificates on server and client? Is there any documentation on this?
Any suggestions or enlightenment gratefully received.
On Sun, 23 Sep 2007, Timothy Murphy wrote:
(1) I suspect the problem lies with authentication. But how can I test this?
From past experience (but also came up as #1 when googling "testing IMAPS" w/o quotes) you should use:
openssl s_client -connect servername:993
If your dovecot does TLS negotiation [not sure if it's the default], you may also want to use/try:
openssl s_client -starttls imap -connect servername:143 (Caveat: -starttls only supported "smtp" and "pop3" on my system [OpenSSL 0.9.8d on Gentoo]. Don't know what the defaults are.)
993/143 can be replaced by imaps/imaps or whatever your ports are.
openssl s_client is a generally-useful tool for SSL/TLS testing (SMTPS/HTTPS/IMAPS/etc.).
(2) [ skipping kmail question ]
(3) I guess I don't understand exactly how TLS authentication works. Does installing openssl set up the correct certificates on server and client?
I had a really hard time with this myself, and I felt like I knew what I was doing. There are HOWTO's to setup the server-side self-signed certificates, but for the client-side setup, I went through much of:
Pine+OpenSSL HOWTO - http://www.madboa.com/geek/pine-ssl/
Some(/many?) of the sections are specific to Pine, the email client. But, any of the sections with openssl commands are generally useful (and, I think, well-explained).
Is there any documentation on this?
For the server-side: http://wiki.dovecot.org/SSL http://wiki.dovecot.org/SSL/CertificateCreation http://wiki.dovecot.org/SSL/DovecotConfiguration
The Apache SSL/TLS documentation linked-to from that page [/SSL] looks good: http://httpd.apache.org/docs/2.2/ssl/ssl_intro.html
Best, Ben
participants (2)
-
Benjamin R. Haskell
-
Timothy Murphy