[Dovecot] No "Ok Dovecot Ready " on fc3 with ssl on ports 993 and
995
ankush grover
grover1711 at gmail.com
Wed Dec 14 14:54:58 EET 2005
On 12/14/05, Magnus Holmgren <holmgren at lysator.liu.se> wrote:
>
> ankush grover wrote:
> > hey friends,
> >
> > I am trying to secure my mail server on FC3.I have enabled TLS support
> > in postfix(version postfix-2.1.5) and want to use ssl settings for
> > dovecot(0.99.13).
> > ...
> > If i do telnet localhost 993 or 995 I don't see any "Ok Dovecot Ready"
> > message.If I enable pop3 and imap in dovecot.conf and then I telnet
> > localhost 110 or 143 I can see "Ok Dovecot Ready" message.
>
> That's normal. Dovecot is waiting for the SSL handshake to complete
> before it will send "Ok Dovecot Ready" (over the encrypted line). Use
>
> openssl s_client -connect yourhost:995
>
> to test.
it is working fine as I get the Ok Dovecot Ready Message.
Some clients can also connect to port 110 or 143 and issue the
> STARTTLS/STLS command to initiate encryption. If you only have such
> clients (unlikely), then you don't need pop3s and imaps in the protocols
> line. At any rate, you can pretty safely allow pop3 and imap; dovecot
> will not allow any plaintext authentication until the connection is
> encrypted. Caveat: Some clients, most notably Mozilla Thunderbird, will
> send IMAP passwords in clear anyway, instead of checking if it's OK.
> (The IMAP LOGIN command takes the username and the password in the same
> command. You should issue the CAPABILITY command, which shows that LOGIN
> is disabled while STARTTLS is available.)
My clients are outlook express,incredimail,squirrelmail,microsoft outlook,
evolution and kmail.
I hope none of these clients passes imap passwords in clear text.
Thanks for your guidance.
Thanks & Regards
Ankush
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://dovecot.org/pipermail/dovecot/attachments/20051214/7930619f/attachment.html
More information about the dovecot
mailing list