SSL problem - no banner

Aki Tuomi aki.tuomi at dovecot.fi
Mon May 29 21:35:12 EEST 2017


> On May 29, 2017 at 9:27 PM Marcio Merlone <marcio.merlone at a1.ind.br> wrote:
> 
> 
> Hi,
> 
> I am running dovecot 2.2.22-1ubuntu2.4 on a ubuntu 16.04 server. It has 
> a valid Letsencrypt certificate but the problem also happens with a 
> self-digned one.
> 
> Only openssl s_client -connect localhost:993 works fine and fast, while 
> all MUA's and telnet does not. Telnet timeouts waiting for banner after 
> a minute or so:
> 
> root at netuno:~# openssl s_client -connect localhost:993
> CONNECTED(00000003)
> depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3
> verify return:1
> depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
> verify return:1
> (...)
>      Start Time: 1496081321
>      Timeout   : 300 (sec)
>      Verify return code: 0 (ok)
> ---
> * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE 
> IDLE AUTH=PLAIN AUTH=LOGIN] Dovecot ready.
> 0 logout
> * BYE Logging out
> 0 OK Logout completed.
> closed
> 
> root at netuno:~# telnet localhost 993
> Trying 127.0.0.1...
> Connected to localhost.
> Escape character is '^]'.
> (about 1 minute later...)
> Connection closed by foreign host.
> root at netuno:~#
> 
> I Have enabled verbose_ssl = yes and mail_debug = yes but no useful info 
> got to logs. Has anyone seen this? Any hint?
> 
> Thanks, best regards.
> 
> -- 
> *Marcio Merlone*

It is not exactly obvious what you are expecting to happen. You won't get plain text banner out of port 993, if you want to use STARTTLS, use port 143.

Aki


More information about the dovecot mailing list