Dovecot and thunderbird authentication issue?
David Mehler
dave.mehler at gmail.com
Thu Apr 23 02:22:58 EEST 2020
Hello,
I got the issue fixed. Here's what it was, and my understanding is a
little vague in some areas. I use letsencrypt for my certificates and
one of the options I pass to acme.sh is the --ocsp option. This works
fine for web servers apparently, but for some reason and here I get
muddy depending on what I'm reading on Google, both Dovecot and
Postfix do not support OCSP stapling, so when Thunderbird asks Dovecot
about an OCSP response gets back faulty, invalid, or nothing, (I did
say my knowledge was muddy) Thunderbird apparently concludes the
certificate is invalid, expired, or whatever, and doesn't accept it.
This problem only occurs with Thunderbird, my phone with various email
clients, and Outlook 2010 all work great, so I was unwilling to mess
around with my certificates. What I ended up doing was going in to
thunderbird's configuration editor and searching for ocsp there were a
bunch of options, I turned all that were on or enabled off, restarted
Thunderbird, and it fired right up.
Thanks and hope this helps someone.
Dave.
On 4/20/20, Juri Haberland <juri at koschikode.com> wrote:
> On 19.04.20 23:44, David Mehler wrote:
>> I'm using Dovecot 2.2, Postfix 3.5, and am atempting to get the latest
>> version of Thunderbird to work. I tried account autoconfig which did
>> not work, so I had to manually enter information and correct other
>> information. On my server dovecot supports plane and login
>> authentication methods but only over starttls i've got a letsencrypt
>> certificate. My thunderbird configuration looks good, right hosts for
>> incoming and outgoing mail, right ports, 143 starttls, and 587 smtp
>> submission, and thunderbird has the authentication method set for
>> normal password. This I interpreted to mean thunderbird is going to
>> starttls then send the username and password. Thunderbird is giving me
>> this error:
>>
>> imap server does not support the selected authentication method
>>
>> I realize this is vague, any suggestions?
>
> What about showing what dovecot logged at that moment?
> Output from "doveconf -n" would be helpful, too.
>
> Even though I don't use Thunderbird with STARTTLS (but with SSL/TLS on port
> 993) I'm pretty sure this should work.
>
>
> Best,
> Juri
>
More information about the dovecot
mailing list