[Dovecot] No "Ok Dovecot Ready " on fc3 with ssl on ports 993 and 995

ankush grover grover1711 at gmail.com
Wed Dec 14 14:54:58 EET 2005


On 12/14/05, Magnus Holmgren <holmgren at lysator.liu.se> wrote:
>
> ankush grover wrote:
> > hey friends,
> >
> > I am trying to secure my mail server on FC3.I have enabled TLS support
> > in postfix(version postfix-2.1.5) and want to use ssl settings for
> > dovecot(0.99.13).
> > ...
> > If i do telnet localhost 993 or 995 I don't see any "Ok Dovecot Ready"
> > message.If I enable pop3 and imap in dovecot.conf and then I telnet
> > localhost 110 or 143 I can see "Ok Dovecot Ready" message.
>
> That's normal. Dovecot is waiting for the SSL handshake to complete
> before it will send "Ok Dovecot Ready" (over the encrypted line). Use
>
> openssl s_client -connect yourhost:995
>
> to test.


it is working fine as I get the Ok Dovecot Ready Message.


Some clients can also connect to port 110 or 143 and issue the
> STARTTLS/STLS command to initiate encryption. If you only have such
> clients (unlikely), then you don't need pop3s and imaps in the protocols
> line. At any rate, you can pretty safely allow pop3 and imap; dovecot
> will not allow any plaintext authentication until the connection is
> encrypted. Caveat: Some clients, most notably Mozilla Thunderbird, will
> send IMAP passwords in clear anyway, instead of checking if it's OK.
> (The IMAP LOGIN command takes the username and the password in the same
> command. You should issue the CAPABILITY command, which shows that LOGIN
> is disabled while STARTTLS is available.)


My clients are outlook express,incredimail,squirrelmail,microsoft outlook,
evolution and kmail.

I hope none of these clients passes imap passwords in clear text.

Thanks for your guidance.

Thanks & Regards

Ankush
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://dovecot.org/pipermail/dovecot/attachments/20051214/7930619f/attachment.html


More information about the dovecot mailing list