[Dovecot] IMAP STARTTLS Problem

[Gedalya]

Hi,

STARTTTLS refers to a client connecting on the normal. plaintext IMAP 
port, 143, and then issuing a STARTTLS command, starting a TLS session. 
I am able to connect from my computer to your IMAP server using STARTTLS 
using this command:
openssl s_client -starttls imap -connect 78.46.216.126:143

Your server seems to not be listening on ports 993 and 995 for imaps and 
pop3s, respectively, where a TLS session is started immediately when the 
connection is initiated.

If you are using dovecot 2, you need to have something like the 
following in your config

service imap-login {
   inet_listener imap {
     #port = 143
   }
   inet_listener imaps {
     #port = 993
     #ssl = yes
   }
}

service pop3-login {
   inet_listener pop3 {
     #port = 110
   }
   inet_listener pop3s {
     #port = 995
     #ssl = yes
   }
}

(The commented out lines represent the defaults, you uncomment them only 
if you want to change them)

For dovecot 1.2, you need  a line like this:
protocols = imap imaps pop3 pop3s


On 5/5/2012 3:06 PM, Markus Fritz wrote:
> Hello,
>
> I have this problem:
> May  5 21:02:35 opsys dovecot: imap-login: Disconnected (no auth 
> attempts): rip=84.150.52.31, lip=78.46.216.126
>
> Connecting via Thunderbird to STARTTLS won't work, but with a website 
> from the same server it works for tls://opsys.de.
> So why is the port closed for external ip's?
> IPTABLES entry for imap is this:
> fail2ban-dovecot-pop3imap  tcp  --  anywhere             
> anywhere           multiport dports pop3,pop3s,imap2,imaps
>
> Key files are correct TLS is working from localhost.
>
> System is Debian squeeze
>