<HTML><BODY style="word-wrap: break-word; -khtml-nbsp-mode: space; -khtml-line-break: after-white-space; ">Hopefully you're not all sick to death of me and my Dovecot SSL problems but I've tried everything I know, plus some other things I didn't know, and I still can't get Apple's Mail to work with my Dovecot install using SSL.<DIV><BR class="khtml-block-placeholder"></DIV><DIV>Below are log, debug, and openssl output. I can successfully use my mail client to connect to other servers using the same cert/key, I can also connect to other people's dovecot ssl installations (I hope you don't mind Morgan, I used nightbear.net to test if it was my client ;). I also can use other clients (thunderbird) to connect to my own Dovecot SSL server and it appears to work just fine.</DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV><SPAN class="Apple-style-span">I'm totally out of ideas. Everything <I>looks</I> okay, but something obviously isn't. I <I>really</I> would like to move off courier and use dovecot!</SPAN></DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV>.tim<BR></DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV>Dovecot log:</DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV><BLOCKQUOTE type="cite"><DIV>dovecot: Sep 21 11:21:45 Warning: imap-login: SSL_accept() syscall failed: EOF [17.207.13.42]</DIV><DIV>dovecot: Sep 21 11:22:24 Info: imap-login: Disconnected: Inactivity: rip=17.207.13.42, lip=69.72.209.92, TLS</DIV></BLOCKQUOTE></DIV><DIV><SPAN class="Apple-tab-span" style="white-space:pre"> </SPAN></DIV><DIV>Extended Mail.app Logging:</DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV><BLOCKQUOTE type="cite"><DIV>CONNECTED Sep 21 11:17:10[kCFStreamSocketSecurityLevelNone] -- host:dovecot.design1st.org -- port:994 -- socket:0x4c14230 -- thread:0x4c11c10</DIV><DIV>2006-09-21 11:18:15.539 Mail[4391] *** _NSSocket.m:1014 failed; socket=0x4c14230 error=(NSPOSIXErrorDomain,60)</DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV>CONNECTED Sep 21 11:18:15[kCFStreamSocketSecurityLevelNone] -- host:dovecot.design1st.org -- port:994 -- socket:0x4c09460 -- thread:0x469260</DIV><DIV>2006-09-21 11:18:19.389 Mail[4391] exception raised during syncing: *** -[NSCFDictionary setObject:forKey:]: attempt to insert nil value</DIV><DIV>2006-09-21 11:19:20.744 Mail[4391] *** _NSSocket.m:1014 failed; socket=0x4c09460 error=(NSPOSIXErrorDomain,60)</DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV>CONNECTED Sep 21 11:19:21[kCFStreamSocketSecurityLevelNone] -- host:dovecot.design1st.org -- port:994 -- socket:0x4c2e340 -- thread:0x4c11c10</DIV><DIV>2006-09-21 11:20:26.044 Mail[4391] *** _NSSocket.m:1014 failed; socket=0x4c2e340 error=(NSPOSIXErrorDomain,60)</DIV></BLOCKQUOTE></DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV>openssl s_client output:</DIV><DIV><BR class="khtml-block-placeholder"></DIV><DIV><BLOCKQUOTE type="cite"><DIV>CONNECTED(00000003)</DIV><DIV>depth=0 /C=US/ST=California/L=Sunnyvale/O=Design1st Dot Org/CN=mail.design1st.org/emailAddress=<A href="mailto:d1st-admin@design1st.org">d1st-admin@design1st.org</A></DIV><DIV>verify error:num=18:self signed certificate</DIV><DIV>verify return:1</DIV><DIV>depth=0 /C=US/ST=California/L=Sunnyvale/O=Design1st Dot Org/CN=mail.design1st.org/emailAddress=<A href="mailto:d1st-admin@design1st.org">d1st-admin@design1st.org</A></DIV><DIV>verify return:1</DIV><DIV>---</DIV><DIV>Certificate chain</DIV><DIV> 0 s:/C=US/ST=California/L=Sunnyvale/O=Design1st Dot Org/CN=mail.design1st.org/emailAddress=<A href="mailto:d1st-admin@design1st.org">d1st-admin@design1st.org</A></DIV><DIV> i:/C=US/ST=California/L=Sunnyvale/O=Design1st Dot Org/CN=mail.design1st.org/emailAddress=<A href="mailto:d1st-admin@design1st.org">d1st-admin@design1st.org</A></DIV><DIV>---</DIV><DIV>Server certificate</DIV><DIV>-----BEGIN CERTIFICATE-----</DIV><DIV>MIIDoTCCAwqgAwIBAgIBADANBgkqhkiG9w0BAQQFADCBmDELMAkGA1UEBhMCVVMx</DIV><DIV>EzARBgNVBAgTCkNhbGlmb3JuaWExEjAQBgNVBAcTCVN1bm55dmFsZTEaMBgGA1UE</DIV><DIV>ChMRRGVzaWduMXN0IERvdCBPcmcxGzAZBgNVBAMTEm1haWwuZGVzaWduMXN0Lm9y</DIV><DIV>ZzEnMCUGCSqGSIb3DQEJARYYZDFzdC1hZG1pbkBkZXNpZ24xc3Qub3JnMB4XDTA1</DIV><DIV>MTEwNTA2NDIwNFoXDTMzMDMyMjA2NDIwNFowgZgxCzAJBgNVBAYTAlVTMRMwEQYD</DIV><DIV>VQQIEwpDYWxpZm9ybmlhMRIwEAYDVQQHEwlTdW5ueXZhbGUxGjAYBgNVBAoTEURl</DIV><DIV>c2lnbjFzdCBEb3QgT3JnMRswGQYDVQQDExJtYWlsLmRlc2lnbjFzdC5vcmcxJzAl</DIV><DIV>BgkqhkiG9w0BCQEWGGQxc3QtYWRtaW5AZGVzaWduMXN0Lm9yZzCBnzANBgkqhkiG</DIV><DIV>9w0BAQEFAAOBjQAwgYkCgYEAueMIqNJGCB9QIZXBZw+17iT06feMdyzi0p7rB5xt</DIV><DIV>3nz/nTSMRFTIzmabN0tR8wFJ1oA3TlHFKQ51x08ZSUPLHmVo61xZIn392mwDL9Zn</DIV><DIV>ozh3FreVXkKHMhANvwTV2kqMcOJzeyNgENO0YSl6iv1MydMAM2OGbC6FdHAz6dHG</DIV><DIV>4GkCAwEAAaOB+DCB9TAdBgNVHQ4EFgQUF985KOsukGEGsY1eyBgWouDOVxIwgcUG</DIV><DIV>A1UdIwSBvTCBuoAUF985KOsukGEGsY1eyBgWouDOVxKhgZ6kgZswgZgxCzAJBgNV</DIV><DIV>BAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRIwEAYDVQQHEwlTdW5ueXZhbGUx</DIV><DIV>GjAYBgNVBAoTEURlc2lnbjFzdCBEb3QgT3JnMRswGQYDVQQDExJtYWlsLmRlc2ln</DIV><DIV>bjFzdC5vcmcxJzAlBgkqhkiG9w0BCQEWGGQxc3QtYWRtaW5AZGVzaWduMXN0Lm9y</DIV><DIV>Z4IBADAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBAUAA4GBABwOsxpHng49aC9u</DIV><DIV>eRe1a3wn5tyZDPq5YQqpACHvz5JRX54y6Dh+PB2Y0Qim6/Ihf2r91D/WnFwULHvX</DIV><DIV>gllx6L4DnoB5Zq8+P+4B8m27VqgzaJAeIawXm0hXAl7E8UTUCXFCCUvuHmzVqHKl</DIV><DIV>dtAuA5z38boKKywg6U1HUhbuAmd8</DIV><DIV>-----END CERTIFICATE-----</DIV><DIV>subject=/C=US/ST=California/L=Sunnyvale/O=Design1st Dot Org/CN=mail.design1st.org/emailAddress=<A href="mailto:d1st-admin@design1st.org">d1st-admin@design1st.org</A></DIV><DIV>issuer=/C=US/ST=California/L=Sunnyvale/O=Design1st Dot Org/CN=mail.design1st.org/emailAddress=<A href="mailto:d1st-admin@design1st.org">d1st-admin@design1st.org</A></DIV><DIV>---</DIV><DIV>No client certificate CA names sent</DIV><DIV>---</DIV><DIV>SSL handshake has read 1497 bytes and written 340 bytes</DIV><DIV>---</DIV><DIV>New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA</DIV><DIV>Server public key is 1024 bit</DIV><DIV>SSL-Session:</DIV><DIV> Protocol : TLSv1</DIV><DIV> Cipher : DHE-RSA-AES256-SHA</DIV><DIV> Session-ID: 032499DFB1AEF924C4359B63499B6566A02373A6BF24C029EB08A3B1D5FA4A1F</DIV><DIV> Session-ID-ctx: </DIV><DIV> Master-Key: E53F0F952B1E390113D5851A7BF6F0949D47804BF2E3ED0182914065792E2B12A17AAD2DA44BEB958E673C26AC26EFFD</DIV><DIV> Key-Arg : None</DIV><DIV> Start Time: 1158862805</DIV><DIV> Timeout : 300 (sec)</DIV><DIV> Verify return code: 18 (self signed certificate)</DIV><DIV>---</DIV><DIV>* OK [CAPABILITY IMAP4rev1 SASL-IR SORT THREAD=REFERENCES MULTIAPPEND UNSELECT LITERAL+ IDLE CHILDREN NAMESPACE LOGIN-REFERRALS QUOTA AUTH=PLAIN] Dovecot ready.</DIV></BLOCKQUOTE></DIV></BODY></HTML>