On Thu, Mar 17, 2016 at 8:18 PM, John Oliver <joli...@john-oliver.net> wrote: > dovecot-2.0.9 on CentOS 6.7 > > The system in question is not connected to the Internet, so I can't > copy-and-paste. I have to type anything required :-( > > Brand-new out-of-the-box install with a really minimal dovecot.conf > including: > > service imap-login { > inet_listener imaps { > address = 192.168.1.10 > port = 143 > ssl = yes > } > } > > ssl_cert=</etc/pki/tls/certs/dovecot.pem > ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL > ssl_key =</etc/pki/tls/private/dovecot.pem > > > That's very, very similar to an existing dovecot server on an old VM I > need to replace. Certs are self-signed, I know that's a horrible thing > to do, but right now we don't have any choice. I'm connecting with > Apple Mail 8.2 running on OS X 10.10.5, another thing we have no choice > about :-/ The Apple Mail just sits there stupidly. It's "Connection > Doctor" just helpfully reports that it can't establish a connection. I > can use 'openssl s_client -showcerts -connect mail:143' and see what I > expect to see. The dovecot log with lots of verbosity enabled tells me: > > imap-login: Info: Disconnected (no auth attempts): rip=192.168.1.200, > lip=192.168.1.10, TLS handshaking: Disconnected > auth: Debug: auth client connected (pid=21006) > imap-login: Warning: SSL: where=0x10, ret=1: before/accept > initialization [192.168.1.200] > imap-login: Warning: SSL: where=0x2001, ret=1: before/accept > initialization [192.168.1.200] > imap-login: Warning: SSL: where=0x2002, ret=1: SSLv2/v3 read client > hello A [192.168.1.200] > > > And that's it... those lines get repeated every minute that Mail is > running. I'm not seeing anything in any logs that even hints at what > it's unhappy about, or any way to increase verbosity any more. > > Any hints appreciated! > > -- > *********************************************************************** > * John Oliver http://www.john-oliver.net/ * > * * > ***********************************************************************
May be use -starttls imap or 993 port and more logs verbose_ssl=yes