[Dovecot] SSL with startssl.com certificates

[Noel Butler]

On Tue, 2013-09-17 at 08:39 -0400, Dan Langille wrote:


> > Since we just ruled this one out, might I suggest you grab the source
> > and build it, install it all under /opt/dovecot  that way it wont
> > interfere with your ports installation and try that, the one you
> > successfully just tested uses dovecot 2.1 not 2.2, so maybe try source
> > of 2.1 and see if it works.
> 
> I just tried 2.1.16.  The iPhone has no trouble on 143 but on 993, it's 
> just like 2.2
> 
> > But, if it does work on port 143 with TLS I wouldnt worry too much 
> > about it
> 
> tcpdump is showing me raw text going past, so I know I'm not getting TLS 
> on either Dovecot 2.1 or 2.2
> 


Hrmm, do you still have that profile of when you used my test a/c? if so
TLS definitely worked, so just try changing the user/pass/server...  or
see whats different between the two profiles.


> It seems that TLS is not supported by my client.  Pity.
> 


Yes, TLS is supported on your iphone, and works
 imap-login: Info: Login: user=<xxx at xxxxxxxx>, method=PLAIN,
rip=xxxxxxx, TLS


> I thank you for your help though.  We have a workaround, which is good 
> enough for my particular
> situation: self-signed certificates.  However, that solution is not 
> ideal for most people.  It is
> for that reason that I'm willing to keep hacking at this if others have 
> further ideas / suggestions.
> 


Do you have another PC based mail client you can test with?  one that
you have never used to the mail server before and wont have ever
accepted a cert from that server, be it startssl's, or self signed, so
something completely clean, and try connect and see if cert fails?

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: This is a digitally signed message part
URL: <http://dovecot.org/pipermail/dovecot/attachments/20130918/3c051c87/attachment.bin>