Hi,
I am running dovecot 2.2.22-1ubuntu2.4 on a ubuntu 16.04 server. It has a valid Letsencrypt certificate but the problem also happens with a self-digned one.
Only openssl s_client -connect localhost:993 works fine and fast, while all MUA's and telnet does not. Telnet timeouts waiting for banner after a minute or so:
root@netuno:~# openssl s_client -connect localhost:993 CONNECTED(00000003) depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3 verify return:1 depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3 verify return:1 (...) Start Time: 1496081321 Timeout : 300 (sec) Verify return code: 0 (ok)
- OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN AUTH=LOGIN] Dovecot ready. 0 logout
- BYE Logging out 0 OK Logout completed. closed
root@netuno:~# telnet localhost 993 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. (about 1 minute later...) Connection closed by foreign host. root@netuno:~#
I Have enabled verbose_ssl = yes and mail_debug = yes but no useful info got to logs. Has anyone seen this? Any hint?
Thanks, best regards.
-- *Marcio Merlone*
On May 29, 2017 at 9:27 PM Marcio Merlone marcio.merlone@a1.ind.br wrote:
Hi,
I am running dovecot 2.2.22-1ubuntu2.4 on a ubuntu 16.04 server. It has a valid Letsencrypt certificate but the problem also happens with a self-digned one.
Only openssl s_client -connect localhost:993 works fine and fast, while all MUA's and telnet does not. Telnet timeouts waiting for banner after a minute or so:
root@netuno:~# openssl s_client -connect localhost:993 CONNECTED(00000003) depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3 verify return:1 depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3 verify return:1 (...) Start Time: 1496081321 Timeout : 300 (sec) Verify return code: 0 (ok)
- OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN AUTH=LOGIN] Dovecot ready. 0 logout
- BYE Logging out 0 OK Logout completed. closed
root@netuno:~# telnet localhost 993 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. (about 1 minute later...) Connection closed by foreign host. root@netuno:~#
I Have enabled verbose_ssl = yes and mail_debug = yes but no useful info got to logs. Has anyone seen this? Any hint?
Thanks, best regards.
-- *Marcio Merlone*
It is not exactly obvious what you are expecting to happen. You won't get plain text banner out of port 993, if you want to use STARTTLS, use port 143.
Aki
On 05/29/2017 08:35 PM, Aki Tuomi wrote:
On May 29, 2017 at 9:27 PM Marcio Merlone marcio.merlone@a1.ind.br wrote:
-- *Marcio Merlone*
It is not exactly obvious what you are expecting to happen. You won't get plain text banner out of port 993, if you want to use STARTTLS, use port 143.
Aki
To see the Dovecot-IMAP-banner via SSL-port 993 use openssl:
openssl s_client -connect localhost:993Olaf
-- Karlsruher Institut für Technologie (KIT) ATIS - Abt. Technische Infrastruktur, Fakultät für Informatik
Dipl.-Geophys. Olaf Hopp
- Leitung IT-Dienste -
Am Fasanengarten 5, Gebäude 50.34, Raum 009 76131 Karlsruhe Telefon: +49 721 608-43973 Fax: +49 721 608-46699 E-Mail: Olaf.Hopp@kit.edu www.atis.informatik.kit.edu
www.kit.edu
KIT - Die Forschungsuniversität in der Helmholtz-Gemeinschaft
Das KIT ist seit 2010 als familiengerechte Hochschule zertifiziert.
Em 29/05/2017 15:35, Aki Tuomi escreveu:
On May 29, 2017 at 9:27 PM Marcio Merlone marcio.merlone@a1.ind.br wrote:
I am running dovecot 2.2.22-1ubuntu2.4 on a ubuntu 16.04 server. It has a valid Letsencrypt certificate but the problem also happens with a self-digned one.
Only openssl s_client -connect localhost:993 works fine and fast, while all MUA's and telnet does not. Telnet timeouts waiting for banner after a minute or so: (...) It is not exactly obvious what you are expecting to happen. You won't get plain text banner out of port 993, if you want to use STARTTLS, use port 143. So obvious, thank you.
-- *Marcio Merlone*
participants (3)
-
Aki Tuomi
-
Marcio Merlone
-
Olaf Hopp