I'm having problems with the iPhone client in the 1.1.1 version of the iPhone software. Things with other clients work fine, and the iPhone worked fine before it was upgraded to 1.1.1. Other phones on 1.1.1 failed. I'm still working on testing against the client with the iPhone 1.0.2 software on it.
The problem is that the client simply doesn't connect to dovecot. I can see the packets passing back and forth in a number of ways, but haven't been able to see the contents. I tried turning on raw logging, but don't get log files for accesses from the iPhone. What I get are lines like so:
Oct 13 00:08:34 bhuda dovecot: imap-login: Disconnected: rip=xxx.xxx.xxx.xx2, lip=xxx.xxx.xxx.xx1, TLS
Turning off SSL both ways, and the message changes to:
Oct 13 18:21:38 bhuda dovecot: imap-login: Aborted login: rip=xxx.xxx.xxx.xx2, lip=xxx.xxx.xxx.xx1
Tweaking the logging in the firewall reveals something interesting: apparently the phone makes the connection to 993, then dovecot drops the connection, but the phone keeps sending to it (and yes, I've tried setting the firewall to allow arbitrary traffic between the phone and the server).
So, first question: is anyone who has clients using iPhone software version 1.1.1 working willing to share config information?
Second question: suggestions for things to try to solve the problem? (Other than talk to apple as that process is underway)? For instance, a recipe to sniff the text of the interchange?
Final question: Any other information I can provide that might help debug this?
Thanks,
<mike
dovecot info: bhuda# dovecot --version 1.0.5 bhuda# dovecot -n # 1.0.5: /usr/opt/etc/dovecot.conf ssl_cert_file: /usr/local/etc/openvpn/server.crt ssl_key_file: /usr/local/etc/openvpn/server.key login_dir: /var/run/dovecot/login login_executable: /usr/opt/libexec/dovecot/imap-login verbose_proctitle: yes first_valid_gid: 0 mail_extra_groups: mail mail_location: maildir:~/mailboxes imap_client_workarounds: delay-newmail outlook-idle netscape-eoh tb-extra-mailbox-sep auth default: passdb: driver: pam userdb: driver: passwd
System info: bhuda# uname -a FreeBSD bhuda.mired.org 6.2-STABLE FreeBSD 6.2-STABLE #6: Sun Jun 3 04:17:59 EDT 2007 mwm@bhuda.mired.org:/usr/src/sys/amd64/compile/BHUDA amd64
And all the mailboxes are stored on ufs file systems.
<mike
-- Mike Meyer mwm@mired.org http://www.mired.org/consulting.html Independent Network/Unix/Perforce consultant, email for more information.
On Oct 13, 2007, at 17:33, Mike Meyer wrote:
I'm having problems with the iPhone client in the 1.1.1 version of the iPhone software. Things with other clients work fine, and the iPhone worked fine before it was upgraded to 1.1.1. Other phones on 1.1.1 failed. I'm still working on testing against the client with the iPhone 1.0.2 software on it.
Works fine here.
The problem is that the client simply doesn't connect to dovecot. I can see the packets passing back and forth in a number of ways, but haven't been able to see the contents. I tried turning on raw logging, but don't get log files for accesses from the iPhone. What I get are lines like so:
Oct 13 00:08:34 bhuda dovecot: imap-login: Disconnected:
rip=xxx.xxx.xxx.xx2, lip=xxx.xxx.xxx.xx1, TLSTurning off SSL both ways, and the message changes to:
Oct 13 18:21:38 bhuda dovecot: imap-login: Aborted login:
rip=xxx.xxx.xxx.xx2, lip=xxx.xxx.xxx.xx1Tweaking the logging in the firewall reveals something interesting: apparently the phone makes the connection to 993, then dovecot drops the connection, but the phone keeps sending to it (and yes, I've tried setting the firewall to allow arbitrary traffic between the phone and the server).
Have you tried using port 143? Check the Incoming Mail Server setting
on the iPhone. For port 143, there should just be a Host Name without
":993" appended. ... I haven't tested with port 993. If you're
synching email accounting with your desktop, you'll need to change it
there and resynch - you won't be able to change it on the iPhone
unless you setup the account directly on the iPhone.
So, first question: is anyone who has clients using iPhone software version 1.1.1 working willing to share config information?
# 1.0.5: /usr/local/etc/dovecot/dovecot.conf protocols: imap imaps pop3 pop3s ssl_ca_file: /usr/local/etc/certs/ca.pem ssl_cert_file(default): /usr/local/etc/certs/dovecot-imaps.pem ssl_cert_file(imap): /usr/local/etc/certs/dovecot-imaps.pem ssl_cert_file(pop3): /usr/local/etc/certs/dovecot-pop3s.pem ssl_key_file(default): /usr/local/etc/certs/dovecot-imaps.pem ssl_key_file(imap): /usr/local/etc/certs/dovecot-imaps.pem ssl_key_file(pop3): /usr/local/etc/certs/dovecot-pop3s.pem ssl_cipher_list: TLSv1+SSLv3+aRSA+RSA:-LOW:-EXPORT:-eNULL:@STRENGTH login_dir: /opt/local/var/run/dovecot/login login_executable(default): /opt/local/libexec/dovecot/imap-login login_executable(imap): /opt/local/libexec/dovecot/imap-login login_executable(pop3): /opt/local/libexec/dovecot/pop3-login login_processes_count(default): 3 login_processes_count(imap): 3 login_processes_count(pop3): 2 login_max_processes_count(default): 20 login_max_processes_count(imap): 20 login_max_processes_count(pop3): 5 verbose_proctitle: yes mail_location: maildir:~/.maildir/ dotlock_use_excl: yes mail_executable(default): /opt/local/libexec/dovecot/imap mail_executable(imap): /opt/local/libexec/dovecot/imap mail_executable(pop3): /opt/local/libexec/dovecot/pop3 mail_plugin_dir(default): /opt/local/lib/dovecot/imap mail_plugin_dir(imap): /opt/local/lib/dovecot/imap mail_plugin_dir(pop3): /opt/local/lib/dovecot/pop3 pop3_uidl_format(default): pop3_uidl_format(imap): pop3_uidl_format(pop3): %08Xv%08Xu auth default: passdb: driver: pam userdb: driver: passwd
Second question: suggestions for things to try to solve the problem? (Other than talk to apple as that process is underway)? For instance, a recipe to sniff the text of the interchange?
Try ssldump. It's probably in ports. If not, you can get it from
http://www.rtfm.com/ssldump/. Make sure you use "-k" with the IMAP
server's key.
Final question: Any other information I can provide that might help debug this?
Thanks, <mike
dovecot info: bhuda# dovecot --version 1.0.5 bhuda# dovecot -n # 1.0.5: /usr/opt/etc/dovecot.conf ssl_cert_file: /usr/local/etc/openvpn/server.crt ssl_key_file: /usr/local/etc/openvpn/server.key login_dir: /var/run/dovecot/login login_executable: /usr/opt/libexec/dovecot/imap-login verbose_proctitle: yes first_valid_gid: 0 mail_extra_groups: mail mail_location: maildir:~/mailboxes imap_client_workarounds: delay-newmail outlook-idle netscape-eoh tb- extra-mailbox-sep auth default: passdb: driver: pam userdb: driver: passwd
System info: bhuda# uname -a FreeBSD bhuda.mired.org 6.2-STABLE FreeBSD 6.2-STABLE #6: Sun Jun
3 04:17:59 EDT 2007 mwm@bhuda.mired.org:/usr/src/sys/amd64/ compile/BHUDA amd64And all the mailboxes are stored on ufs file systems.
<mike
-- Mike Meyer mwm@mired.org http://www.mired.org/consulting.html Independent Network/Unix/Perforce consultant, email for more
information.
On Sun, 14 Oct 2007 10:18:50 -0700 Jim Maenpaa jim+dovecot@ohwell.org wrote:
On Oct 13, 2007, at 17:33, Mike Meyer wrote:
I'm having problems with the iPhone client in the 1.1.1 version of the iPhone software. Things with other clients work fine, and the iPhone worked fine before it was upgraded to 1.1.1. Other phones on 1.1.1 failed. I'm still working on testing against the client with the iPhone 1.0.2 software on it. Works fine here.
Cool. Thanks.
The problem is that the client simply doesn't connect to dovecot. I can see the packets passing back and forth in a number of ways, but haven't been able to see the contents. I tried turning on raw logging, but don't get log files for accesses from the iPhone. What I get are lines like so:
Have you tried using port 143? Check the Incoming Mail Server setting
on the iPhone. For port 143, there should just be a Host Name without
":993" appended. ... I haven't tested with port 993. If you're
synching email accounting with your desktop, you'll need to change it
there and resynch - you won't be able to change it on the iPhone
unless you setup the account directly on the iPhone.
Actually, you can change it on the phone; it'll get put back when you sync with the your desktop again. At least it worked that way for me.
In particular, setting the iPhone to not do SSL, use port 143, and set Dovecot to accept plaintext passwords on unencrypted channels, it works.
At Apples suggestion, I deleted and recreated the mail account on the phone, and it did the "checking connection" - and the SSL connection failed, it asked me to try unencrypted (I said yes), and that worked.
The config then switched back to SSL and port 993, and that works. Reverting dovecot back to the original config didn't change that.
Apparently, the 1.0.2 settings moved to 1.1.1 didn't like something in my SSL setup. Letting 1.1.1 set things up itself solved the problem.
Thanks,
Mike Meyer mwm@mired.org http://www.mired.org/consulting.html
Independent Network/Unix/Perforce consultant, email for more information.
Mike Meyer mwm@mired.org http://www.mired.org/consulting.html Independent Network/Unix/Perforce consultant, email for more information.
Mike Meyer wrote:
Apparently, the 1.0.2 settings moved to 1.1.1 didn't like something in my SSL setup. Letting 1.1.1 set things up itself solved the problem.
Thanks for the update. I can confirm that a new 1.1.1 that does its own setup against dovecot with SSL on port 993 works just fine.
Mark
participants (3)
-
Jim Maenpaa
-
Mark Nienberg
-
Mike Meyer