Oh, ofcourse - a pipe - silly me ;) But no, I don't know how it came there - I must have accidently done a typo while editing the mail. It looks like that on the server:

## ## SSL settings ## ssl = yes ssl_cert_file = /etc/ssl/mail/mail.cert ssl_key_file = /etc/ssl/mail/mail.key #ssl_key_password = passphrase

server [~]# cat /etc/ssl/mail/mail.cert -----BEGIN CERTIFICATE----- MIIC6TCCAlKgAwIBAgIJAN4Jfaj9QgEhMA0GCSqGSIb3DQEBBQUAMIGqMQswCQYD VQQGEwJERTEbMBkGA1UECBMSQmFkZW4tV3VlcnR0ZW1iZXJnMREwDwYDVQQHEwhO ZXVicm9ubjEWMBQGA1UEChMNTmV0T2NlYW4gR21iSDETMBEGA1UECxMKV2ViSG9z dGluZzEYMBYGA1UEAxMPc2VydmVyLm5ldG9jZWFuMSQwIgYJKoZIhvcNAQkBFhVh ZG1pbkBzZXJ2ZXIubmV0b2NlYW4wHhcNMTAwNzExMTgwMzQ4WhcNMzAwNzA2MTgw MzQ4WjCBqjELMAkGA1UEBhMCREUxGzAZBgNVBAgTEkJhZGVuLVd1ZXJ0dGVtYmVy ZzERMA8GA1UEBxMITmV1YnJvbm4xFjAUBgNVBAoTDU5ldE9jZWFuIEdtYkgxEzAR BgNVBAsTCldlYkhvc3RpbmcxGDAWBgNVBAMTD3NlcnZlci5uZXRvY2VhbjEkMCIG CSqGSIb3DQEJARYVYWRtaW5Ac2VydmVyLm5ldG9jZWFuMIGfMA0GCSqGSIb3DQEB AQUAA4GNADCBiQKBgQDFiBWAJ893Ocm4dooDHHkNRZcvC4N5qjfx1wywoS2DlnV4 GwBQPYcyewx5ptcjqq863r3rvHhbNeJbcnh8jNATTxto8r2NkadwccXw4LtqpfAS A2dhuYt8zKhiI2tlfZNCzSzDmqid4NuxKiNQGNB6OU6/x2vp0ZFTwstIr7TMAwID AQABoxUwEzARBglghkgBhvhCAQEEBAMCBkAwDQYJKoZIhvcNAQEFBQADgYEAtlPa GQ4Weyi9vlIDLL4PgGsNk4sR4Ca2gbYLTd5HaSkww+BKIfz1OkFEmsNozNSo19PJ WaOp7exCN23j5Z/+qfZSGgUAelJHxRJ0Mc8YmtTuLKaNHxWYBJit3T3n1lbuFENe vdh8oCo6GKjjm7RkbkEvTvdzrOdztXZt3Ij4gLE= -----END CERTIFICATE----- server [~]#

server [~]# cat /etc/ssl/mail/mail.key -----BEGIN RSA PRIVATE KEY----- MIICXQIBAAKBgQDFiBWAJ893Ocm4dooDHHkNRZcvC4N5qjfx1wywoS2DlnV4GwBQ PYcyewx5ptcjqq863r3rvHhbNeJbcnh8jNATTxto8r2NkadwccXw4LtqpfASA2dh uYt8zKhiI2tlfZNCzSzDmqid4NuxKiNQGNB6OU6/x2vp0ZFTwstIr7TMAwIDAQAB AoGAZwRgyjR486IUvPo9YgAAddZ8UVG84L/Qa3UPLjLw7LaUTu4uDKr6Dm60A+Hq Q7SprJcsD3x8fH0uryiVA8fgX7YU6SNOnW/F69asp66DLmuTHzWUJMknYhvbXpc/ mxOyOpbgKqCXQgVZvaRffTi5l6jafOn/HkShHVcCCb05WDkCQQD2PlcS39Q5PaAv jJmVt9PoyYTFQlcriwljWHKXWI4bdroVYIGiw1Mu5xdKYv9mhvOdulpktzCBaxUd ki/VZS9tAkEAzVuoBFgazVRIYOY1AK1P8Bu84Zp1erqRPf5+a99ppx1F/xbefP5T gZwEY18krRzvYbfuJDeBIfSw9OBKUIwTLwJBALi9bHYslvua0GLcCR3aHJG5HnMf omZ4mUJ/SPli5rqUCGehT6DdCbtWhJK6UwKInJzpAogtJ6bwv5a/5kMi9sECQQC/ miQCoZ2oNFovprqPPiVWdtrdd7ri3o3DVN7pkRLHrGVxownFf5m0VTg26z+SEWw8 NVuJCQx//QjaASb1TixbAkAJojqfpDAw79FxFnyZiqERz+DOs2A4zEd3z9sQRG+x YzKjYkVgNUG5JyVlZrh7xSNhgtw+U8IH7hx/p6RJ4+Ce -----END RSA PRIVATE KEY----- server [~]#

P.S. I just re-tested the whole procedure with 2.0.0.24 - and it didn't complain at all - it's just Thunderbird 3.1 where I faced the issue the very first time. weired.

Am 12.07.10 19:23, schrieb Daniel Petre:

hey, check your dovecot.conf :

"ssl_key_file = /etc/ssl/mail/mail.key"

is that a pipe, a vertical sign after "mail.key" ?

...

Thanks for your reply. What do you mean by "pipe"

See, I can even connect via the console from the outside:

|Notebook [~]$ openssl s_client -CApath ~/.cert/XYZ.com/ -connect XYZ.com:993 CONNECTED(00000003) depth=0 /C=DE/ST=BW/L=City/O=HomeServer GmbH/OU=WebHosting/CN=XYZ.com/emailAddress=admin@XYZ.com verify error:num=18:self signed certificate verify return:1 depth=0 /C=DE/ST=BW/L=City/O=HomeServer GmbH/OU=WebHosting/CN=XYZ.com/emailAddress=admin@XYZ.com verify return:1

Certificate chain 0 s:/C=DE/ST=BW/L=City/O=HomeServer GmbH/OU=WebHosting/CN=XYZ.com/emailAddress=admin@XYZ.com i:/C=DE/ST=BW/L=City/O=HomeServer GmbH/OU=WebHosting/CN=XYZ.com/emailAddress=admin@XYZ.com

Server certificate -----BEGIN CERTIFICATE----- MIIC6TCCAlKgAwIBAgIJAN4Jfaj9QgEhMA0GCSqGSIb3DQEBBQUAMIGqMQswCQYD VQQGEwJERTEbMBkGA1UECBMSQmFkZW4tV3VlcnR0ZW1iZXJnMREwDwYDVQQHEwhO ZXVicm9ubjEWMBQGA1UEChMNTmV0T2NlYW4gR21iSDETMBEGA1UECxMKV2ViSG9z dGluZzEYMBYGA1UEAxMPc2VydmVyLm5ldG9jZWFuMSQwIgYJKoZIhvcNAQkBFhVh ZG1pbkBzZXJ2ZXIubmV0b2NlYW4wHhcNMTAwNzExMTgwMzQ4WhcNMzAwNzA2MTgw MzQ4WjCBqjELMAkGA1UEBhMCREUxGzAZBgNVBAgTEkJhZGVuLVd1ZXJ0dGVtYmVy ZzERMA8GA1UEBxMITmV1YnJvbm4xFjAUBgNVBAoTDU5ldE9jZWFuIEdtYkgxEzAR BgNVBAsTCldlYkhvc3RpbmcxGDAWBgNVBAMTD3NlcnZlci5uZXRvY2VhbjEkMCIG CSqGSIb3DQEJARYVYWRtaW5Ac2VydmVyLm5ldG9jZWFuMIGfMA0GCSqGSIb3DQEB AQUAA4GNADCBiQKBgQDFiBWAJ893Ocm4dooDHHkNRZcvC4N5qjfx1wywoS2DlnV4 GwBQPYcyewx5ptcjqq863r3rvHhbNeJbcnh8jNATTxto8r2NkadwccXw4LtqpfAS A2dhuYt8zKhiI2tlfZNCzSzDmqid4NuxKiNQGNB6OU6/x2vp0ZFTwstIr7TMAwID AQABoxUwEzARBglghkgBhvhCAQEEBAMCBkAwDQYJKoZIhvcNAQEFBQADgYEAtlPa GQ4Weyi9vlIDLL4PgGsNk4sR4Ca2gbYLTd5HaSkww+BKIfz1OkFEmsNozNSo19PJ WaOp7exCN23j5Z/+qfZSGgUAelJHxRJ0Mc8YmtTuLKaNHxWYBJit3T3n1lbuFENe vdh8oCo6GKjjm7RkbkEvTvdzrOdztXZt3Ij4gLE= -----END CERTIFICATE----- subject=/C=DE/ST=BW/L=City/O=HomeServer GmbH/OU=WebHosting/CN=XYZ.com/emailAddress=admin@XYZ.com issuer=/C=DE/ST=BW/L=City/O=HomeServer GmbH/OU=WebHosting/CN=XYZ.com/emailAddress=admin@XYZ.com

No client certificate CA names sent

SSL handshake has read 1313 bytes and written 325 bytes

New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA Server public key is 1024 bit Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1 Cipher : DHE-RSA-AES256-SHA Session-ID: 54DC3526DB721308D460CBAF21D562958D34ED146332F0B4ACBE9E1311633ED1 Session-ID-ctx: Master-Key: 1BCB1FA49855FC38ACB52C2CD8D54594C006116220D66FA0E74F68663AFE3FC09086B9 BFB1FE0E515681A2E0DC7C1AFC Key-Arg : None Start Time: 1278952607 Timeout : 300 (sec) Verify return code: 18 (self signed certificate) --- * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN- REFERRALS ID ENABLE AUTH=CRAM-MD5] NetOcean MailSystem ^C Notebook [~]$|

Am 12.07.10 19:11, schrieb Daniel Petre:

...

dude, whats the pipe at the end of the mail.key location?

...

It's always the same when it fails ...

And this is how my dovecot.conf looks like:

[...]

|## ## SSL settings ## ssl = yes ssl_cert_file = /etc/ssl/mail/mail.cert ssl_key_file = /etc/ssl/mail/mail.key|

[...]

Thank you

No problem:

server [~]# dovecot -n # 1.2.4: /usr/local/etc/dovecot.conf # OS: FreeBSD 8.0-RELEASE amd64 ufs protocols: imap imaps pop3 pop3s managesieve listen(default): * listen(imap): * listen(pop3): * listen(managesieve): *:2000 ssl_cert_file: /etc/ssl/mail/mail.cert ssl_key_file: /etc/ssl/mail/mail.key login_dir: /var/run/dovecot/login login_executable(default): /usr/local/libexec/dovecot/imap-login login_executable(imap): /usr/local/libexec/dovecot/imap-login login_executable(pop3): /usr/local/libexec/dovecot/pop3-login login_executable(managesieve): /usr/local/libexec/dovecot/managesieve-login login_greeting: home MailSystem verbose_proctitle: yes first_valid_uid: 2000 first_valid_gid: 2000 mail_privileged_group: mail mail_location: maildir:/var/mail/%d/%n mail_executable(default): /usr/local/libexec/dovecot/imap mail_executable(imap): /usr/local/libexec/dovecot/imap mail_executable(pop3): /usr/local/libexec/dovecot/pop3 mail_executable(managesieve): /usr/local/libexec/dovecot/managesieve mail_plugins(default): quota imap_quota autocreate mail_plugins(imap): quota imap_quota autocreate mail_plugins(pop3): quota mail_plugins(managesieve): mail_plugin_dir(default): /usr/local/lib/dovecot/imap mail_plugin_dir(imap): /usr/local/lib/dovecot/imap mail_plugin_dir(pop3): /usr/local/lib/dovecot/pop3 mail_plugin_dir(managesieve): /usr/local/lib/dovecot/managesieve imap_client_workarounds(default): outlook-idle imap_client_workarounds(imap): outlook-idle imap_client_workarounds(pop3): imap_client_workarounds(managesieve): pop3_client_workarounds(default): pop3_client_workarounds(imap): pop3_client_workarounds(pop3): outlook-no-nuls oe-ns-eoh pop3_client_workarounds(managesieve): managesieve_implementation_string(default): dovecot managesieve_implementation_string(imap): dovecot managesieve_implementation_string(pop3): dovecot managesieve_implementation_string(managesieve): home lda: postmaster_address: admin@server.home mail_plugins: sieve log_path: /var/log/dovecot-deliver.log info_log_path: /var/log/dovecot-deliver.log auth default: mechanisms: cram-md5 username_format: %Lu passdb: driver: sql args: /usr/local/etc/dovecot-sql.conf userdb: driver: sql args: /usr/local/etc/dovecot-sql.conf socket: type: listen client: path: /var/spool/postfix/private/auth mode: 432 user: postfix group: postfix master: path: /var/run/dovecot/auth-master mode: 384 user: dovecot group: dovecot plugin: sieve: ~/.dovecot.sieve sieve_dir: ~/sieve sieve_global_path: /usr/local/etc/dovecot/sieve/default.sieve autocreate: Trash autocreate2: Sent autocreate3: Drafts autocreate4: Spam autocreate5: Virus autosubscribe: Trash autosubscribe2: Sent autosubscribe3: Drafts autosubscribe4: Spam autosubscribe5: Virus server [~]#

Best Regards

Am 12.07.10 19:37, schrieb Charles Marcus:

On 2010-07-12 1:34 PM, Leander S. wrote:

...

But no, I don't know how it came there - I must have accidently done a typo while editing the mail. It looks like that on the server: Always post output of dovecot -n, not copy/pastes from the config file (unless it is something that isn't output by dovecot -n)...

"Leander S." leander.schaefer@googlemail.com writes:

server [~]# cat /etc/ssl/mail/mail.key -----BEGIN RSA PRIVATE KEY----- [...]

Hmm, you have apparently posted your private key to a public maillist. You might want to generate a new key and cert.