Problem with TLS and Outlook 2010
Wayne Andersen
wayne.andersen at clima-tech.com
Tue Dec 16 17:09:07 UTC 2014
Thank you, see my answers below.
> -----Original Message-----
> From: Steffen Kaiser [mailto:skdovecot at smail.inf.fh-brs.de]
> Sent: Tuesday, December 16, 2014 12:30 AM
> To: Wayne Andersen
> Cc: dovecot at dovecot.org
> Subject: Re: Problem with TLS and Outlook 2010
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On Thu, 11 Dec 2014, Wayne Andersen wrote:
>
> > Log onto incoming mail server (IMAP): A secure connection to the
> > server cannot be established.
> >
> > I have set the port to 143,993,995 none of them work, and the security
> > to TLS.
>
> 993 is IMAP-over-SSL, which is probably not named "TLS", but "SSL" in
> Outlook.
> Usually "TLS" means to use STARTTLS.
> See: http://www.cs.umd.edu/faq/mailclient/outlook.html
> But there are a lot of different Outlook versions and different names for
> settings.
>
My preference is STARTTLS, which I assumed I would get by selecting port 143
and TLS.
> > IMAP: 14:48:40 [db] srv_name = "mail.mydomain.com" srv_addr =
> > 174.46.198.101:143
>
> is this IP correct?
>
Yes, it is correct.
> > IMAP: 14:48:40 [rx] * OK [CAPABILITY IMAP4REV1 LOGIN-REFERRALS IDLE
> > AUTH=PLAIN AUTH=LOGIN] Dovecot ready. ß----- not seeing the
> STARTTLS
> > capability here.
>
> Do you have a local Firewall or a Cisco-Router between this client and the
> server? Some firewalls filter out STARTTLS in order to scan the
transferred
> content.
>
No, all of these machines are on a local subnet.
> > C:\OpenSSL-Win64\bin>openssl.exe s_client -connect
> > mail.mydomain.com:993
> >
> > verify error:num=20:unable to get local issuer certificate ß--- Yes I
> > see this and it may be an issue, but this certificate exist and is
valid.
>
> openssl does not guess certificates, you need to specify them on command
> line.
>
I am not sure I understand this. Dovecot has the certificate chain, which it
should send to the client if I understand correctly.
There may be an issue with the format of the certificate chain file, but if
there is I don’t know how to fix it.
> > ---
> > From a linux client I get :
> >
> > * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID
> ENABLE
> > IDLE STARTTLS AUTH=PLAIN AUTH=LOGIN] Dovecot ready.
> >
> > I do see STARTTLS here.
>
> does this client run in the same network as the windows client?
>
Yes, same local subnet, in fact the Linux client is a virtual machine
running on the same machine as the windows client.
> - --
> Steffen Kaiser
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.11 (GNU/Linux)
>
> iQEVAwUBVI/fZHz1H7kL/d9rAQJivAgAiatTp5CXbTEwKMN5HTHvN9B4BB3sIN
> 99
> P8adumkEAZ5AZVIRSfmWvhGf77jsyC5/Rxc/R2OuqY+hLUkyU0svu6OqhNME
> gXrR
> hA9PFUp3MXj4FBzxkFMOC/RKdzyClNuPEAAwUU/IvZugRhF95C9+5fa66rKIXg
> Dl
> /s5eKhcml9M1Zx4qK0336XmV6W0VXXiOJM1YBSwUt/yq0NseUuyDE6+FS50z
> +5kL
> lIk7BRf3p/pJC8hUBJmtVu67S0ZSUD6i9kYbuKvpd7bAfWDOMtXDZTRl8VoEVJ
> Wg
> QXz7fF1FPy7KqEo67gthkMwwTeXeN6tHm0cpgu53FnXZEVSKR+nuuQ==
> =VHS1
> -----END PGP SIGNATURE-----
More information about the dovecot
mailing list