[Dovecot] Dovecot with sasl/imaps/postfix and thunderbird
Stan Hoeppner
stan at hardwarefreak.com
Wed Mar 13 07:51:31 EET 2013
On 3/13/2013 12:00 AM, Alex wrote:
> Hi,
Hi "Alex"
>> I have an fc18 system with postfix and dovecot-2.1.13 and have
>> configured them to use sasl for SMTP Auth and Maildir with imaps.
>>
>> The system is running now, so I'm trying to set up thunderbird to
>> autodetect all settings during the initial account setup. However, it
>> seems to want to use port 143 and STARTTLS, and not port 993, which is
>> what I would expect. When I force it to use 993, I receive a
>> certificate failure message:
>>
>> Mar 12 23:20:45 propnew postfix/submission/smtpd[14423]: initializing
>> the server-side TLS engine
>> Mar 12 23:20:45 propnew postfix/tlsmgr[14425]: open smtpd TLS cache
>> btree:/var/lib/postfix/smtpd_tls_session_cache
>> Mar 12 23:20:45 propnew postfix/tlsmgr[14425]: tlsmgr_cache_run_event:
>> start TLS smtpd session cache cleanup
>> Mar 12 23:20:45 propnew postfix/submission/smtpd[14423]: connect from
>> unknown[192.168.1.43]
>> Mar 12 23:20:45 propnew dovecot: imap-login: Disconnected (no auth
>> attempts in 0 secs): user=<>, rip=192.168.1.43, lip=66.111.222.101,
>> TLS: SSL_read() failed: error:14094412:SSL
>> routines:SSL3_READ_BYTES:sslv3 alert bad certificate: SSL alert number
>> 42, session=<BGBS5MXXhQDAqAEr>
>
> After doing a bit more research, it looks like it's failing because
> Thunderbird doesn't prompt to accept the self-signed certificate
> during the "auto config" part of the setup, so just falls back to
> using port 143.
>
> Although I think it's still using TLS on 143.
I just verified that TB (17.0.4) won't do STARTTLS on TCP 143 without
first accepting the self signed cert.
> I'm really hoping someone can help me to clarify more specifically
> what's going on here.
You've already clarified it. You simply can't do account auto
configuration with a self signed cert, at least not with a vanilla TB
setup. The only possible solution I can think of would be to preload
the user profile with the certificate. I don't know how you'd do this.
I think you have some research ahead of you.
--
Stan
More information about the dovecot
mailing list