[Dovecot] auth, partially resolved

Spyros Tsiolis stsiol at yahoo.co.uk
Tue Jan 5 13:41:12 EET 2010


Hello people,

After a lot of wading through the dovecot documentation (which btw, is
excellent !, everything lies under "dovecot/doc/wiki"), I managed to
authenticate a couple of accounts.

For starters, I want dovecot to work as an imap/imaps box and nothing 
else.

So , I went ahead and created a "passwd" file with two users.
One user being my name (spyros) and plaintext password and the other
user "postmaster" with encrypted password ("/etc/dovecot/passwd" shown) :

---
spyros at webmail.domain.gr:{PLAIN}plainpassword
postmaster at webmail.domain.gr:{SSHA}SSHAPassword
---

Now, if I telnet to port 143 with both users, the system comes back with
the following :

---
[root at webmail dovecot]# telnet localhost 143
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE STARTTLS AUTH=PLAIN] Dovecot ready
. login spyros at webmail.domain.gr password
. OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS MULTIAPPEND UNSELECT IDLE CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH] Logged in
---
As I said, it allows login on port 143 for both users. So, the same for
"postmaster".


Now for port 993 :
---
[root at webmail dovecot]# openssl s_client -connect webmail.domain.gr:993
[lots of SSL-related certificate information]

* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE AUTH=PLAIN] Dovecot ready
. login spyros at webmail.domain.gr password
. OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS MULTIAPPEND UNSELECT IDLE CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH] Logged in
---
Again, the same for user "postmaster". I don't paste.

So, everything is fine. However, I have an issue with the (?!) issued
certificate. If I check the dovecot logs I find nothing.

If on the other hand, I do the same check on the Horde application, It comes back with the following :

---
    * Trying protocol imap/notls, Port 143:

          SUCCESS - INBOX has 0 messages (0 new 0 recent)

    * Trying protocol imap/ssl, Port 993:

          ERROR - The server returned the following error message:

          SECURITY PROBLEM: insecure server advertised AUTH=PLAIN[SERVERBUG] Internal error occurred. Refer to server log for more
          information. [2010-01-05 13:30:12]Certificate failure for localhost: self signed certificate:
          /C=GR/ST=Kerkyra/L=Kerkyra/O=Tourist Enterprizes/OU=IMAP
          server/CN=webmail.domain.gr/emailAddress=postmaster at webmail.domain.gr

    * Trying protocol imap/ssl/novalidate-cert, Port 993:

          SUCCESS - INBOX has 0 messages (0 new 0 recent)

    * Trying protocol imap/tls/novalidate-cert, Port 143:

          SUCCESS - INBOX has 0 messages (0 new 0 recent)
---

Now, I know I am not supposed to ask you chaps about this, but direct
my questions to the horde mailing list. 
However, I would like an opinion before I go ahead and bug them with 
this.

Certificate was created with "dovecot/doc/mkcert.sh" and the relevant
certificate file (can't recall its name at the moment).

Any help would be appreciated. On the other hand, If I went too
far with this I apologize and I'll try to find another way to
resolve this.

Thank you people,

s.


      


More information about the dovecot mailing list