[Dovecot] imaps tls/ssl and stupid clients

Timo Sirainen tss at iki.fi
Sat May 28 15:59:23 EEST 2005


On Thu, 2005-05-26 at 20:05 +0100, Michael Moritz wrote:
> We have been using dovecot now as replacement for qpopper for over 2 weeks and 
> it's working nicely. I have now tried to enable ssl/tls for myself and other 
> inhouse users which also works fine. But the problem is that I use an 
> uncertified certificate. Which is not a problem for kmail, as it just pops up 
> a box asking whether I want to accept the certificate or not. But apparently, 
> some stupid email programs used by other people just hang up on an 
> uncertified certificate. 

By uncertified do you mean a self-signed certificate, or have you
created your own CA and used it to sign the certificate? By using your
own CA it could work better..

> I have figured out that
>   ssl_disable = yes
> is the critical setting. If it's set everything works, if not, then all 
> services allow tls/ssl and the stupid clients choke on it. Since others just 
> use pop3 I wonder whether there is a way I can disable tls support for pop3 
> but enable it for imap or even only for imaps?
> Any ideas or am I starting from the wrong side?

No way to disable it for just POP3 without changing the sources
(pop3-login/client-authenticate.c cmd_capa() remove STLS line and line
before that). I'm doing some configuration code rewrites right now,
after those are finished it should be possible.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://dovecot.org/pipermail/dovecot/attachments/20050528/47a1884c/attachment-0001.pgp


More information about the dovecot mailing list