[Dovecot] imaps tls/ssl and stupid clients
We have been using dovecot now as replacement for qpopper for over 2 weeks and it's working nicely. I have now tried to enable ssl/tls for myself and other inhouse users which also works fine. But the problem is that I use an uncertified certificate. Which is not a problem for kmail, as it just pops up a box asking whether I want to accept the certificate or not. But apparently, some stupid email programs used by other people just hang up on an uncertified certificate. I have figured out that ssl_disable = yes is the critical setting. If it's set everything works, if not, then all services allow tls/ssl and the stupid clients choke on it. Since others just use pop3 I wonder whether there is a way I can disable tls support for pop3 but enable it for imap or even only for imaps? Any ideas or am I starting from the wrong side?
Thanks and regards,
mimo
On Thu, 2005-05-26 at 20:05 +0100, Michael Moritz wrote:
We have been using dovecot now as replacement for qpopper for over 2 weeks and it's working nicely. I have now tried to enable ssl/tls for myself and other inhouse users which also works fine. But the problem is that I use an uncertified certificate. Which is not a problem for kmail, as it just pops up a box asking whether I want to accept the certificate or not. But apparently, some stupid email programs used by other people just hang up on an uncertified certificate.
By uncertified do you mean a self-signed certificate, or have you created your own CA and used it to sign the certificate? By using your own CA it could work better..
I have figured out that ssl_disable = yes is the critical setting. If it's set everything works, if not, then all services allow tls/ssl and the stupid clients choke on it. Since others just use pop3 I wonder whether there is a way I can disable tls support for pop3 but enable it for imap or even only for imaps? Any ideas or am I starting from the wrong side?
No way to disable it for just POP3 without changing the sources (pop3-login/client-authenticate.c cmd_capa() remove STLS line and line before that). I'm doing some configuration code rewrites right now, after those are finished it should be possible.
participants (2)
-
Michael Moritz
-
Timo Sirainen