Hi, I have a fairly basic dovecot 2.0.19 configuration on Ubuntu 12.04 LTS server with self signed certificates and "ssl = required" option set. It had been working for years flawlessly (including upgrade from 1.x to 2.0.19). Please see full "dovecot -n" output at the end of this post.

Until recently, new mail user agents (MUA) are having problems. I cannot pass the account creation step, MUA says that there is some problem. I tried to isolate the problem and did some testing with various combinations of MUA and OS and I am still confused where is the problem - in dovecot, self signed certificates (in operation since 2003, expires this summer), or MUA, or operating system. All tests done with IMAP.

For example, Recent Thunderbird versions (>10) do not work at all on most OS'es (tried Windows, Linux, OS X). Actually, v10 does not let me setup an account, but there is a way to get through by clicking on Advanced button. Then the account in Thunderbird is created. After that all works fine and Thunderbird can even be upgraded to the latest version.

Windows Live Mail 2012 (former Outlook Express) works on Windows XP and Windows 7, but fails on Windows 8. dovecot.log gets this: 2013-03-06 22:44:38 imap-login: Info: Disconnected (no auth attempts): rip=x.x.x.x, lip=y.y.y.y, TLS handshaking: Disconnected

Outlook 2013 does not work in either Windows 7 or Windows 8. Dovecot log for Outlook 2013 looks good, but Outlook complains. 2013-03-06 18:38:22 imap-login: Info: Login: user=<ivarss>, method=PLAIN, rip=x.x.x.x lip=y.y.y.y, mpid=16801, TLS

I enabled verbose_ssl = yes in dovecot configuration, and all failing attempts produce this type of log 2013-03-06 22:34:10 imap-login: Warning: SSL failed: where=0x2002: SSLv3 read client certificate A [x.x.x.x]

What does this mean - a problem with certificate on the client side, MUA, that is? How could this be cured then?

Thanks for your time and patience! Ivars

doveconf -n output:

# 2.0.19: /etc/dovecot/dovecot.conf # OS: Linux 3.2.0-37-virtual x86_64 Ubuntu 12.04.2 LTS auth_mechanisms = plain login auth_socket_path = /var/run/dovecot/auth-master auth_verbose = yes default_process_limit = 300 info_log_path = /var/log/dovecot-info.log lda_mailbox_autocreate = yes lda_mailbox_autosubscribe = yes log_path = /var/log/dovecot.log log_timestamp = "%Y-%m-%d %H:%M:%S " mail_fsync = never mail_location = maildir:~/Maildir:INBOX=~/Maildir:LAYOUT=fs mail_privileged_group = mail maildir_very_dirty_syncs = yes managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave passdb { driver = pam } plugin { antispam_backend = mailtrain antispam_mail_notspam = --ham antispam_mail_sendmail = /usr/local/sbin/antispam.sh antispam_mail_sendmail_args = -f;%u@edited.domain antispam_mail_spam = --spam antispam_spam = junk antispam_trash = Trash autocreate = junk autocreate2 = Sent autocreate3 = Drafts autocreate4 = Trash autosubscribe = junk autosubscribe2 = Sent autosubscribe3 = Drafts autosubscribe4 = Trash fts = squat fts_squat = partial=4 full=10 mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename flag_change append mail_log_fields = from, subject, flags, uid, box, msgid, size sieve = ~/roundcube.sieve sieve_dir = ~/sieve } postmaster_address = postmaster protocols = " imap sieve pop3" service auth-worker { client_limit = 0 } service auth { unix_listener /var/spool/postfix/private/dovecot-auth { group = postfix mode = 0660 user = postfix } unix_listener auth-master { group = musers mode = 0660 user = root } user = root } service imap { process_limit = 1024 } service pop3 { process_limit = 1024 } ssl = required ssl_cert =