Thank you, see my answers below. > -----Original Message----- > From: Steffen Kaiser [mailto:skdove...@smail.inf.fh-brs.de] > Sent: Tuesday, December 16, 2014 12:30 AM > To: Wayne Andersen > Cc: dovecot@dovecot.org > Subject: Re: Problem with TLS and Outlook 2010 > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Thu, 11 Dec 2014, Wayne Andersen wrote: > > > Log onto incoming mail server (IMAP): A secure connection to the > > server cannot be established. > > > > I have set the port to 143,993,995 none of them work, and the security > > to TLS. > > 993 is IMAP-over-SSL, which is probably not named "TLS", but "SSL" in > Outlook. > Usually "TLS" means to use STARTTLS. > See: http://www.cs.umd.edu/faq/mailclient/outlook.html > But there are a lot of different Outlook versions and different names for > settings. >
My preference is STARTTLS, which I assumed I would get by selecting port 143 and TLS. > > IMAP: 14:48:40 [db] srv_name = "mail.mydomain.com" srv_addr = > > 174.46.198.101:143 > > is this IP correct? > Yes, it is correct. > > IMAP: 14:48:40 [rx] * OK [CAPABILITY IMAP4REV1 LOGIN-REFERRALS IDLE > > AUTH=PLAIN AUTH=LOGIN] Dovecot ready. ß----- not seeing the > STARTTLS > > capability here. > > Do you have a local Firewall or a Cisco-Router between this client and the > server? Some firewalls filter out STARTTLS in order to scan the transferred > content. > No, all of these machines are on a local subnet. > > C:\OpenSSL-Win64\bin>openssl.exe s_client -connect > > mail.mydomain.com:993 > > > > verify error:num=20:unable to get local issuer certificate ß--- Yes I > > see this and it may be an issue, but this certificate exist and is valid. > > openssl does not guess certificates, you need to specify them on command > line. > I am not sure I understand this. Dovecot has the certificate chain, which it should send to the client if I understand correctly. There may be an issue with the format of the certificate chain file, but if there is I dont know how to fix it. > > --- > > From a linux client I get : > > > > * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID > ENABLE > > IDLE STARTTLS AUTH=PLAIN AUTH=LOGIN] Dovecot ready. > > > > I do see STARTTLS here. > > does this client run in the same network as the windows client? > Yes, same local subnet, in fact the Linux client is a virtual machine running on the same machine as the windows client. > - -- > Steffen Kaiser > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.11 (GNU/Linux) > > iQEVAwUBVI/fZHz1H7kL/d9rAQJivAgAiatTp5CXbTEwKMN5HTHvN9B4BB3sIN > 99 > P8adumkEAZ5AZVIRSfmWvhGf77jsyC5/Rxc/R2OuqY+hLUkyU0svu6OqhNME > gXrR > hA9PFUp3MXj4FBzxkFMOC/RKdzyClNuPEAAwUU/IvZugRhF95C9+5fa66rKIXg > Dl > /s5eKhcml9M1Zx4qK0336XmV6W0VXXiOJM1YBSwUt/yq0NseUuyDE6+FS50z > +5kL > lIk7BRf3p/pJC8hUBJmtVu67S0ZSUD6i9kYbuKvpd7bAfWDOMtXDZTRl8VoEVJ > Wg > QXz7fF1FPy7KqEo67gthkMwwTeXeN6tHm0cpgu53FnXZEVSKR+nuuQ== > =VHS1 > -----END PGP SIGNATURE-----