Re: [Dovecot] SSL / TLS Problem
Am 23.07.10 02:59, schrieb Andrew Bruce: eel free to post this to the running conversation on the list (strip my email address from this email though please) The issue was a case sensitive typo. When Setting up your Thunderbird don't type in eMail Addresses Usernames including uppercase letters! DON'T: u...@domain.tld BUT therefore: u...@domain.tld I faced that Problem only when I was using dyndns as domain service provider.
Re: [Dovecot] SSL / TLS Problem
Leander S. wrote: Am 23.07.10 02:59, schrieb Andrew Bruce: eel free to post this to the running conversation on the list (strip my email address from this email though please) The issue was a case sensitive typo. When Setting up your Thunderbird don't type in eMail Addresses Usernames including uppercase letters! DON'T: u...@domain.tld BUT therefore: u...@domain.tld Better, when checking for valid recipients, always lowercase the input befopre doing so. Dovecot uses %Lu (the 'L' means 'lowercase')... I faced that Problem only when I was using dyndns as domain service provider. Dunno about dyndns, but usernames should never be case-sensitive, passwords always.
Re: [Dovecot] SSL / TLS Problem
Am 23.07.10 21:35, schrieb Charles Marcus: ovecot uses %Lu (the 'L' means 'lowercase')... ^^ Where must I add this option to make it work cause that sounds like something nice to have ...
Re: [Dovecot] SSL / TLS Problem
On 07/23/2010 09:46 PM Leander S. wrote: ^^ Where must I add this option to make it work cause that sounds like something nice to have ... See http://wiki.dovecot.org/Variables Regards, Pascal -- The trapper recommends today: http://kopfkrebs.de/mitarbeiter/mitarbeiter_der_woche.html
Re: [Dovecot] SSL / TLS Problem
Leander S. wrote: Am 23.07.10 21:35, schrieb Charles Marcus: ovecot uses %Lu (the 'L' means 'lowercase')... ^^ Where must I add this option to make it work cause that sounds like something nice to have ... In your user query...?
Re: [Dovecot] SSL / TLS Problem
ofcourse - thx ;) Am 23.07.10 22:07, schrieb Charles Marcus: Leander S. wrote: Am 23.07.10 21:35, schrieb Charles Marcus: ovecot uses %Lu (the 'L' means 'lowercase')... ^^ Where must I add this option to make it work cause that sounds like something nice to have ... In your user query...?
Re: [Dovecot] SSL / TLS Problem
Leander S. leander.schae...@googlemail.com writes: server [~]# cat /etc/ssl/mail/mail.key -BEGIN RSA PRIVATE KEY- [...] Hmm, you have apparently posted your private key to a public maillist. You might want to generate a new key and cert.
Re: [Dovecot] SSL / TLS Problem
Am 11.07.10 15:59, schrieb Stan Hoeppner: Leander S. put forth on 7/11/2010 8:24 AM: There is something else missed - I just don't get it ;/ The solution to your problem, or at least information pointing you in the right direction, is in those Google search results, if you'd bother to actually read some of them. I guess you'd rather wait for someone here to solve the problem for you instead of spending that time solving it yourself? Hi Stan, you most probably think I'm just too lazy impationed to google my problems - but it's not. I more and more get the feeling that this is ether a Thunderbird incompatibly or a little switch which is missed in the dovecot.conf to get compatible - but I'm not getting it. I set up Dovecot SSL/TLS Postfix SSL/TLS for several times succesfully now ... and now oll of a sudden it stops working with Thunderbird version 3.1 ?! Out of my frustration I was even using http://dovecot.org/doc/mkcert.sh to create the neccesarry files - but with the same result ;( Therefore I would really more then appreciate a hepful hint if possible - cause I'm really stucking at a point where I'm not getting to anything anymore. Here are three screenshots of the Thunderbird situation - even though it's in german - I think everybody knows how it looks in english isnce it's a common dialog. *IMAP:* http://hald-bau-gmbh.de/Screenshots-Debianforum/public_143.png http://hald-bau-gmbh.de/Screenshots-Debianforum/Local_143.png *SMTP:* http://hald-bau-gmbh.de/Screenshots-Debianforum/public_25.png Local: same as public - works And here again the mailog output: server dovecot: imap-login: Disconnected (no auth attempts): rip=84.157.133.248, lip=192.168.1.100, TLS handshaking: SSL_accept() failed: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca It's always the same when it fails ... And this is how my dovecot.conf looks like: [...] |## ## SSL settings ## ssl = yes ssl_cert_file = /etc/ssl/mail/mail.cert ssl_key_file = /etc/ssl/mail/mail.key| [...] Thank you
Re: [Dovecot] SSL / TLS Problem
Thanks for your reply. What do you mean by pipe See, I can even connect via the console from the outside: |Notebook [~]$ openssl s_client -CApath ~/.cert/XYZ.com/ -connect XYZ.com:993 CONNECTED(0003) depth=0 /C=DE/ST=BW/L=City/O=HomeServer GmbH/OU=WebHosting/CN=XYZ.com/emailaddress=ad...@xyz.com verify error:num=18:self signed certificate verify return:1 depth=0 /C=DE/ST=BW/L=City/O=HomeServer GmbH/OU=WebHosting/CN=XYZ.com/emailaddress=ad...@xyz.com verify return:1 --- Certificate chain 0 s:/C=DE/ST=BW/L=City/O=HomeServer GmbH/OU=WebHosting/CN=XYZ.com/emailaddress=ad...@xyz.com i:/C=DE/ST=BW/L=City/O=HomeServer GmbH/OU=WebHosting/CN=XYZ.com/emailaddress=ad...@xyz.com --- Server certificate -BEGIN CERTIFICATE- MIIC6TCCAlKgAwIBAgIJAN4Jfaj9QgEhMA0GCSqGSIb3DQEBBQUAMIGqMQswCQYD VQQGEwJERTEbMBkGA1UECBMSQmFkZW4tV3VlcnR0ZW1iZXJnMREwDwYDVQQHEwhO ZXVicm9ubjEWMBQGA1UEChMNTmV0T2NlYW4gR21iSDETMBEGA1UECxMKV2ViSG9z dGluZzEYMBYGA1UEAxMPc2VydmVyLm5ldG9jZWFuMSQwIgYJKoZIhvcNAQkBFhVh ZG1pbkBzZXJ2ZXIubmV0b2NlYW4wHhcNMTAwNzExMTgwMzQ4WhcNMzAwNzA2MTgw MzQ4WjCBqjELMAkGA1UEBhMCREUxGzAZBgNVBAgTEkJhZGVuLVd1ZXJ0dGVtYmVy ZzERMA8GA1UEBxMITmV1YnJvbm4xFjAUBgNVBAoTDU5ldE9jZWFuIEdtYkgxEzAR BgNVBAsTCldlYkhvc3RpbmcxGDAWBgNVBAMTD3NlcnZlci5uZXRvY2VhbjEkMCIG CSqGSIb3DQEJARYVYWRtaW5Ac2VydmVyLm5ldG9jZWFuMIGfMA0GCSqGSIb3DQEB AQUAA4GNADCBiQKBgQDFiBWAJ893Ocm4dooDHHkNRZcvC4N5qjfx1wywoS2DlnV4 GwBQPYcyewx5ptcjqq863r3rvHhbNeJbcnh8jNATTxto8r2NkadwccXw4LtqpfAS A2dhuYt8zKhiI2tlfZNCzSzDmqid4NuxKiNQGNB6OU6/x2vp0ZFTwstIr7TMAwID AQABoxUwEzARBglghkgBhvhCAQEEBAMCBkAwDQYJKoZIhvcNAQEFBQADgYEAtlPa GQ4Weyi9vlIDLL4PgGsNk4sR4Ca2gbYLTd5HaSkww+BKIfz1OkFEmsNozNSo19PJ WaOp7exCN23j5Z/+qfZSGgUAelJHxRJ0Mc8YmtTuLKaNHxWYBJit3T3n1lbuFENe vdh8oCo6GKjjm7RkbkEvTvdzrOdztXZt3Ij4gLE= -END CERTIFICATE- subject=/C=DE/ST=BW/L=City/O=HomeServer GmbH/OU=WebHosting/CN=XYZ.com/emailaddress=ad...@xyz.com issuer=/C=DE/ST=BW/L=City/O=HomeServer GmbH/OU=WebHosting/CN=XYZ.com/emailaddress=ad...@xyz.com --- No client certificate CA names sent --- SSL handshake has read 1313 bytes and written 325 bytes --- New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA Server public key is 1024 bit Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1 Cipher: DHE-RSA-AES256-SHA Session-ID: 54DC3526DB721308D460CBAF21D562958D34ED146332F0B4ACBE9E1311633ED1 Session-ID-ctx: Master-Key: 1BCB1FA49855FC38ACB52C2CD8D54594C006116220D66FA0E74F68663AFE3FC09086B9BFB1FE0E515681A2E0DC7C1AFC Key-Arg : None Start Time: 1278952607 Timeout : 300 (sec) Verify return code: 18 (self signed certificate) --- * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE AUTH=CRAM-MD5] NetOcean MailSystem ^C Notebook [~]$| Am 12.07.10 19:11, schrieb Daniel Petre: dude, whats the pipe at the end of the mail.key location? It's always the same when it fails ... And this is how my dovecot.conf looks like: [...] |## ## SSL settings ## ssl = yes ssl_cert_file = /etc/ssl/mail/mail.cert ssl_key_file = /etc/ssl/mail/mail.key| [...] Thank you
Re: [Dovecot] SSL / TLS Problem
hey, check your dovecot.conf : ssl_key_file = /etc/ssl/mail/mail.key is that a pipe, a vertical sign after mail.key ? Thanks for your reply. What do you mean by pipe See, I can even connect via the console from the outside: |Notebook [~]$ openssl s_client -CApath ~/.cert/XYZ.com/ -connect XYZ.com:993 CONNECTED(0003) depth=0 /C=DE/ST=BW/L=City/O=HomeServer GmbH/OU=WebHosting/CN=XYZ.com/emailaddress=ad...@xyz.com verify error:num=18:self signed certificate verify return:1 depth=0 /C=DE/ST=BW/L=City/O=HomeServer GmbH/OU=WebHosting/CN=XYZ.com/emailaddress=ad...@xyz.com verify return:1 --- Certificate chain 0 s:/C=DE/ST=BW/L=City/O=HomeServer GmbH/OU=WebHosting/CN=XYZ.com/emailaddress=ad...@xyz.com i:/C=DE/ST=BW/L=City/O=HomeServer GmbH/OU=WebHosting/CN=XYZ.com/emailaddress=ad...@xyz.com --- Server certificate -BEGIN CERTIFICATE- MIIC6TCCAlKgAwIBAgIJAN4Jfaj9QgEhMA0GCSqGSIb3DQEBBQUAMIGqMQswCQYD VQQGEwJERTEbMBkGA1UECBMSQmFkZW4tV3VlcnR0ZW1iZXJnMREwDwYDVQQHEwhO ZXVicm9ubjEWMBQGA1UEChMNTmV0T2NlYW4gR21iSDETMBEGA1UECxMKV2ViSG9z dGluZzEYMBYGA1UEAxMPc2VydmVyLm5ldG9jZWFuMSQwIgYJKoZIhvcNAQkBFhVh ZG1pbkBzZXJ2ZXIubmV0b2NlYW4wHhcNMTAwNzExMTgwMzQ4WhcNMzAwNzA2MTgw MzQ4WjCBqjELMAkGA1UEBhMCREUxGzAZBgNVBAgTEkJhZGVuLVd1ZXJ0dGVtYmVy ZzERMA8GA1UEBxMITmV1YnJvbm4xFjAUBgNVBAoTDU5ldE9jZWFuIEdtYkgxEzAR BgNVBAsTCldlYkhvc3RpbmcxGDAWBgNVBAMTD3NlcnZlci5uZXRvY2VhbjEkMCIG CSqGSIb3DQEJARYVYWRtaW5Ac2VydmVyLm5ldG9jZWFuMIGfMA0GCSqGSIb3DQEB AQUAA4GNADCBiQKBgQDFiBWAJ893Ocm4dooDHHkNRZcvC4N5qjfx1wywoS2DlnV4 GwBQPYcyewx5ptcjqq863r3rvHhbNeJbcnh8jNATTxto8r2NkadwccXw4LtqpfAS A2dhuYt8zKhiI2tlfZNCzSzDmqid4NuxKiNQGNB6OU6/x2vp0ZFTwstIr7TMAwID AQABoxUwEzARBglghkgBhvhCAQEEBAMCBkAwDQYJKoZIhvcNAQEFBQADgYEAtlPa GQ4Weyi9vlIDLL4PgGsNk4sR4Ca2gbYLTd5HaSkww+BKIfz1OkFEmsNozNSo19PJ WaOp7exCN23j5Z/+qfZSGgUAelJHxRJ0Mc8YmtTuLKaNHxWYBJit3T3n1lbuFENe vdh8oCo6GKjjm7RkbkEvTvdzrOdztXZt3Ij4gLE= -END CERTIFICATE- subject=/C=DE/ST=BW/L=City/O=HomeServer GmbH/OU=WebHosting/CN=XYZ.com/emailaddress=ad...@xyz.com issuer=/C=DE/ST=BW/L=City/O=HomeServer GmbH/OU=WebHosting/CN=XYZ.com/emailaddress=ad...@xyz.com --- No client certificate CA names sent --- SSL handshake has read 1313 bytes and written 325 bytes --- New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA Server public key is 1024 bit Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1 Cipher: DHE-RSA-AES256-SHA Session-ID: 54DC3526DB721308D460CBAF21D562958D34ED146332F0B4ACBE9E1311633ED1 Session-ID-ctx: Master-Key: 1BCB1FA49855FC38ACB52C2CD8D54594C006116220D66FA0E74F68663AFE3FC09086B9 BFB1FE0E515681A2E0DC7C1AFC Key-Arg : None Start Time: 1278952607 Timeout : 300 (sec) Verify return code: 18 (self signed certificate) --- * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN- REFERRALS ID ENABLE AUTH=CRAM-MD5] NetOcean MailSystem ^C Notebook [~]$| Am 12.07.10 19:11, schrieb Daniel Petre: dude, whats the pipe at the end of the mail.key location? It's always the same when it fails ... And this is how my dovecot.conf looks like: [...] |## ## SSL settings ## ssl = yes ssl_cert_file = /etc/ssl/mail/mail.cert ssl_key_file = /etc/ssl/mail/mail.key| [...] Thank you
Re: [Dovecot] SSL / TLS Problem
Oh, ofcourse - a pipe - silly me ;) But no, I don't know how it came there - I must have accidently done a typo while editing the mail. It looks like that on the server: ## ## SSL settings ## ssl = yes ssl_cert_file = /etc/ssl/mail/mail.cert ssl_key_file = /etc/ssl/mail/mail.key #ssl_key_password = passphrase server [~]# cat /etc/ssl/mail/mail.cert -BEGIN CERTIFICATE- MIIC6TCCAlKgAwIBAgIJAN4Jfaj9QgEhMA0GCSqGSIb3DQEBBQUAMIGqMQswCQYD VQQGEwJERTEbMBkGA1UECBMSQmFkZW4tV3VlcnR0ZW1iZXJnMREwDwYDVQQHEwhO ZXVicm9ubjEWMBQGA1UEChMNTmV0T2NlYW4gR21iSDETMBEGA1UECxMKV2ViSG9z dGluZzEYMBYGA1UEAxMPc2VydmVyLm5ldG9jZWFuMSQwIgYJKoZIhvcNAQkBFhVh ZG1pbkBzZXJ2ZXIubmV0b2NlYW4wHhcNMTAwNzExMTgwMzQ4WhcNMzAwNzA2MTgw MzQ4WjCBqjELMAkGA1UEBhMCREUxGzAZBgNVBAgTEkJhZGVuLVd1ZXJ0dGVtYmVy ZzERMA8GA1UEBxMITmV1YnJvbm4xFjAUBgNVBAoTDU5ldE9jZWFuIEdtYkgxEzAR BgNVBAsTCldlYkhvc3RpbmcxGDAWBgNVBAMTD3NlcnZlci5uZXRvY2VhbjEkMCIG CSqGSIb3DQEJARYVYWRtaW5Ac2VydmVyLm5ldG9jZWFuMIGfMA0GCSqGSIb3DQEB AQUAA4GNADCBiQKBgQDFiBWAJ893Ocm4dooDHHkNRZcvC4N5qjfx1wywoS2DlnV4 GwBQPYcyewx5ptcjqq863r3rvHhbNeJbcnh8jNATTxto8r2NkadwccXw4LtqpfAS A2dhuYt8zKhiI2tlfZNCzSzDmqid4NuxKiNQGNB6OU6/x2vp0ZFTwstIr7TMAwID AQABoxUwEzARBglghkgBhvhCAQEEBAMCBkAwDQYJKoZIhvcNAQEFBQADgYEAtlPa GQ4Weyi9vlIDLL4PgGsNk4sR4Ca2gbYLTd5HaSkww+BKIfz1OkFEmsNozNSo19PJ WaOp7exCN23j5Z/+qfZSGgUAelJHxRJ0Mc8YmtTuLKaNHxWYBJit3T3n1lbuFENe vdh8oCo6GKjjm7RkbkEvTvdzrOdztXZt3Ij4gLE= -END CERTIFICATE- server [~]# server [~]# cat /etc/ssl/mail/mail.key -BEGIN RSA PRIVATE KEY- MIICXQIBAAKBgQDFiBWAJ893Ocm4dooDHHkNRZcvC4N5qjfx1wywoS2DlnV4GwBQ PYcyewx5ptcjqq863r3rvHhbNeJbcnh8jNATTxto8r2NkadwccXw4LtqpfASA2dh uYt8zKhiI2tlfZNCzSzDmqid4NuxKiNQGNB6OU6/x2vp0ZFTwstIr7TMAwIDAQAB AoGAZwRgyjR486IUvPo9YgAAddZ8UVG84L/Qa3UPLjLw7LaUTu4uDKr6Dm60A+Hq Q7SprJcsD3x8fH0uryiVA8fgX7YU6SNOnW/F69asp66DLmuTHzWUJMknYhvbXpc/ mxOyOpbgKqCXQgVZvaRffTi5l6jafOn/HkShHVcCCb05WDkCQQD2PlcS39Q5PaAv jJmVt9PoyYTFQlcriwljWHKXWI4bdroVYIGiw1Mu5xdKYv9mhvOdulpktzCBaxUd ki/VZS9tAkEAzVuoBFgazVRIYOY1AK1P8Bu84Zp1erqRPf5+a99ppx1F/xbefP5T gZwEY18krRzvYbfuJDeBIfSw9OBKUIwTLwJBALi9bHYslvua0GLcCR3aHJG5HnMf omZ4mUJ/SPli5rqUCGehT6DdCbtWhJK6UwKInJzpAogtJ6bwv5a/5kMi9sECQQC/ miQCoZ2oNFovprqPPiVWdtrdd7ri3o3DVN7pkRLHrGVxownFf5m0VTg26z+SEWw8 NVuJCQx//QjaASb1TixbAkAJojqfpDAw79FxFnyZiqERz+DOs2A4zEd3z9sQRG+x YzKjYkVgNUG5JyVlZrh7xSNhgtw+U8IH7hx/p6RJ4+Ce -END RSA PRIVATE KEY- server [~]# P.S. I just re-tested the whole procedure with 2.0.0.24 - and it didn't complain at all - it's just Thunderbird 3.1 where I faced the issue the very first time. weired. Am 12.07.10 19:23, schrieb Daniel Petre: hey, check your dovecot.conf : ssl_key_file = /etc/ssl/mail/mail.key is that a pipe, a vertical sign after mail.key ? Thanks for your reply. What do you mean by pipe See, I can even connect via the console from the outside: |Notebook [~]$ openssl s_client -CApath ~/.cert/XYZ.com/ -connect XYZ.com:993 CONNECTED(0003) depth=0 /C=DE/ST=BW/L=City/O=HomeServer GmbH/OU=WebHosting/CN=XYZ.com/emailaddress=ad...@xyz.com verify error:num=18:self signed certificate verify return:1 depth=0 /C=DE/ST=BW/L=City/O=HomeServer GmbH/OU=WebHosting/CN=XYZ.com/emailaddress=ad...@xyz.com verify return:1 --- Certificate chain 0 s:/C=DE/ST=BW/L=City/O=HomeServer GmbH/OU=WebHosting/CN=XYZ.com/emailaddress=ad...@xyz.com i:/C=DE/ST=BW/L=City/O=HomeServer GmbH/OU=WebHosting/CN=XYZ.com/emailaddress=ad...@xyz.com --- Server certificate -BEGIN CERTIFICATE- MIIC6TCCAlKgAwIBAgIJAN4Jfaj9QgEhMA0GCSqGSIb3DQEBBQUAMIGqMQswCQYD VQQGEwJERTEbMBkGA1UECBMSQmFkZW4tV3VlcnR0ZW1iZXJnMREwDwYDVQQHEwhO ZXVicm9ubjEWMBQGA1UEChMNTmV0T2NlYW4gR21iSDETMBEGA1UECxMKV2ViSG9z dGluZzEYMBYGA1UEAxMPc2VydmVyLm5ldG9jZWFuMSQwIgYJKoZIhvcNAQkBFhVh ZG1pbkBzZXJ2ZXIubmV0b2NlYW4wHhcNMTAwNzExMTgwMzQ4WhcNMzAwNzA2MTgw MzQ4WjCBqjELMAkGA1UEBhMCREUxGzAZBgNVBAgTEkJhZGVuLVd1ZXJ0dGVtYmVy ZzERMA8GA1UEBxMITmV1YnJvbm4xFjAUBgNVBAoTDU5ldE9jZWFuIEdtYkgxEzAR BgNVBAsTCldlYkhvc3RpbmcxGDAWBgNVBAMTD3NlcnZlci5uZXRvY2VhbjEkMCIG CSqGSIb3DQEJARYVYWRtaW5Ac2VydmVyLm5ldG9jZWFuMIGfMA0GCSqGSIb3DQEB AQUAA4GNADCBiQKBgQDFiBWAJ893Ocm4dooDHHkNRZcvC4N5qjfx1wywoS2DlnV4 GwBQPYcyewx5ptcjqq863r3rvHhbNeJbcnh8jNATTxto8r2NkadwccXw4LtqpfAS A2dhuYt8zKhiI2tlfZNCzSzDmqid4NuxKiNQGNB6OU6/x2vp0ZFTwstIr7TMAwID AQABoxUwEzARBglghkgBhvhCAQEEBAMCBkAwDQYJKoZIhvcNAQEFBQADgYEAtlPa GQ4Weyi9vlIDLL4PgGsNk4sR4Ca2gbYLTd5HaSkww+BKIfz1OkFEmsNozNSo19PJ WaOp7exCN23j5Z/+qfZSGgUAelJHxRJ0Mc8YmtTuLKaNHxWYBJit3T3n1lbuFENe vdh8oCo6GKjjm7RkbkEvTvdzrOdztXZt3Ij4gLE= -END CERTIFICATE- subject=/C=DE/ST=BW/L=City/O=HomeServer GmbH/OU=WebHosting/CN=XYZ.com/emailaddress=ad...@xyz.com issuer=/C=DE/ST=BW/L=City/O=HomeServer GmbH/OU=WebHosting/CN=XYZ.com/emailaddress=ad...@xyz.com --- No client certificate CA names sent --- SSL handshake has read 1313 bytes and written 325 bytes --- New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA Server public key is 1024 bit Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1 Cipher
Re: [Dovecot] SSL / TLS Problem
On 2010-07-12 1:34 PM, Leander S. wrote: But no, I don't know how it came there - I must have accidently done a typo while editing the mail. It looks like that on the server: Always post output of dovecot -n, not copy/pastes from the config file (unless it is something that isn't output by dovecot -n)... -- Best regards, Charles
Re: [Dovecot] SSL / TLS Problem
No problem: server [~]# dovecot -n # 1.2.4: /usr/local/etc/dovecot.conf # OS: FreeBSD 8.0-RELEASE amd64 ufs protocols: imap imaps pop3 pop3s managesieve listen(default): * listen(imap): * listen(pop3): * listen(managesieve): *:2000 ssl_cert_file: /etc/ssl/mail/mail.cert ssl_key_file: /etc/ssl/mail/mail.key login_dir: /var/run/dovecot/login login_executable(default): /usr/local/libexec/dovecot/imap-login login_executable(imap): /usr/local/libexec/dovecot/imap-login login_executable(pop3): /usr/local/libexec/dovecot/pop3-login login_executable(managesieve): /usr/local/libexec/dovecot/managesieve-login login_greeting: home MailSystem verbose_proctitle: yes first_valid_uid: 2000 first_valid_gid: 2000 mail_privileged_group: mail mail_location: maildir:/var/mail/%d/%n mail_executable(default): /usr/local/libexec/dovecot/imap mail_executable(imap): /usr/local/libexec/dovecot/imap mail_executable(pop3): /usr/local/libexec/dovecot/pop3 mail_executable(managesieve): /usr/local/libexec/dovecot/managesieve mail_plugins(default): quota imap_quota autocreate mail_plugins(imap): quota imap_quota autocreate mail_plugins(pop3): quota mail_plugins(managesieve): mail_plugin_dir(default): /usr/local/lib/dovecot/imap mail_plugin_dir(imap): /usr/local/lib/dovecot/imap mail_plugin_dir(pop3): /usr/local/lib/dovecot/pop3 mail_plugin_dir(managesieve): /usr/local/lib/dovecot/managesieve imap_client_workarounds(default): outlook-idle imap_client_workarounds(imap): outlook-idle imap_client_workarounds(pop3): imap_client_workarounds(managesieve): pop3_client_workarounds(default): pop3_client_workarounds(imap): pop3_client_workarounds(pop3): outlook-no-nuls oe-ns-eoh pop3_client_workarounds(managesieve): managesieve_implementation_string(default): dovecot managesieve_implementation_string(imap): dovecot managesieve_implementation_string(pop3): dovecot managesieve_implementation_string(managesieve): home lda: postmaster_address: ad...@server.home mail_plugins: sieve log_path: /var/log/dovecot-deliver.log info_log_path: /var/log/dovecot-deliver.log auth default: mechanisms: cram-md5 username_format: %Lu passdb: driver: sql args: /usr/local/etc/dovecot-sql.conf userdb: driver: sql args: /usr/local/etc/dovecot-sql.conf socket: type: listen client: path: /var/spool/postfix/private/auth mode: 432 user: postfix group: postfix master: path: /var/run/dovecot/auth-master mode: 384 user: dovecot group: dovecot plugin: sieve: ~/.dovecot.sieve sieve_dir: ~/sieve sieve_global_path: /usr/local/etc/dovecot/sieve/default.sieve autocreate: Trash autocreate2: Sent autocreate3: Drafts autocreate4: Spam autocreate5: Virus autosubscribe: Trash autosubscribe2: Sent autosubscribe3: Drafts autosubscribe4: Spam autosubscribe5: Virus server [~]# Best Regards Am 12.07.10 19:37, schrieb Charles Marcus: On 2010-07-12 1:34 PM, Leander S. wrote: But no, I don't know how it came there - I must have accidently done a typo while editing the mail. It looks like that on the server: Always post output of dovecot -n, not copy/pastes from the config file (unless it is something that isn't output by dovecot -n)...
Re: [Dovecot] SSL / TLS Problem
P.S. I just had another look at my Logs again - and I'm finding now the following when Thunderbird 3.1 tries to establish TLS unsuccessful: server dovecot: imap-login: Disconnected (no auth attempts): rip=84.157.147.152, lip=192.168.1.100, TLS handshaking: SSL_accept() failed: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate But still - I'm not getting it since I'm even able to establish the connection successful via the konsol as you could see in one of my last mails. weired. # No problem: server [~]# dovecot -n # 1.2.4: /usr/local/etc/dovecot.conf # OS: FreeBSD 8.0-RELEASE amd64 ufs protocols: imap imaps pop3 pop3s managesieve listen(default): * listen(imap): * listen(pop3): * listen(managesieve): *:2000 ssl_cert_file: /etc/ssl/mail/mail.cert ssl_key_file: /etc/ssl/mail/mail.key login_dir: /var/run/dovecot/login login_executable(default): /usr/local/libexec/dovecot/imap-login login_executable(imap): /usr/local/libexec/dovecot/imap-login login_executable(pop3): /usr/local/libexec/dovecot/pop3-login login_executable(managesieve): /usr/local/libexec/dovecot/managesieve-login login_greeting: home MailSystem verbose_proctitle: yes first_valid_uid: 2000 first_valid_gid: 2000 mail_privileged_group: mail mail_location: maildir:/var/mail/%d/%n mail_executable(default): /usr/local/libexec/dovecot/imap mail_executable(imap): /usr/local/libexec/dovecot/imap mail_executable(pop3): /usr/local/libexec/dovecot/pop3 mail_executable(managesieve): /usr/local/libexec/dovecot/managesieve mail_plugins(default): quota imap_quota autocreate mail_plugins(imap): quota imap_quota autocreate mail_plugins(pop3): quota mail_plugins(managesieve): mail_plugin_dir(default): /usr/local/lib/dovecot/imap mail_plugin_dir(imap): /usr/local/lib/dovecot/imap mail_plugin_dir(pop3): /usr/local/lib/dovecot/pop3 mail_plugin_dir(managesieve): /usr/local/lib/dovecot/managesieve imap_client_workarounds(default): outlook-idle imap_client_workarounds(imap): outlook-idle imap_client_workarounds(pop3): imap_client_workarounds(managesieve): pop3_client_workarounds(default): pop3_client_workarounds(imap): pop3_client_workarounds(pop3): outlook-no-nuls oe-ns-eoh pop3_client_workarounds(managesieve): managesieve_implementation_string(default): dovecot managesieve_implementation_string(imap): dovecot managesieve_implementation_string(pop3): dovecot managesieve_implementation_string(managesieve): home lda: postmaster_address: ad...@server.home mail_plugins: sieve log_path: /var/log/dovecot-deliver.log info_log_path: /var/log/dovecot-deliver.log auth default: mechanisms: cram-md5 username_format: %Lu passdb: driver: sql args: /usr/local/etc/dovecot-sql.conf userdb: driver: sql args: /usr/local/etc/dovecot-sql.conf socket: type: listen client: path: /var/spool/postfix/private/auth mode: 432 user: postfix group: postfix master: path: /var/run/dovecot/auth-master mode: 384 user: dovecot group: dovecot plugin: sieve: ~/.dovecot.sieve sieve_dir: ~/sieve sieve_global_path: /usr/local/etc/dovecot/sieve/default.sieve autocreate: Trash autocreate2: Sent autocreate3: Drafts autocreate4: Spam autocreate5: Virus autosubscribe: Trash autosubscribe2: Sent autosubscribe3: Drafts autosubscribe4: Spam autosubscribe5: Virus server [~]# Best Regards Am 12.07.10 19:37, schrieb Charles Marcus: On 2010-07-12 1:34 PM, Leander S. wrote: But no, I don't know how it came there - I must have accidently done a typo while editing the mail. It looks like that on the server: Always post output of dovecot -n, not copy/pastes from the config file (unless it is something that isn't output by dovecot -n)...
[Dovecot] SSL / TLS Problem
Hi, since I upgraded to the new Thunderbird version 3.1 I can't establish a TLS/SSL connection anymore. But before the update Thunerbird was able to establish an encrypted session ... Maillog shows me the following now: server dovecot: imap-login: Disconnected (no auth attempts): rip=84.157.133.248, lip=192.168.1.100, TLS handshaking: SSL_accept() failed: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca Why is the CA unknowen - all of a sudden - ?! Thanks
[Dovecot] SSL / TLS Problem
P.S. Postfix TLS/SSL works still fine ... I don't understand why dovecot doesn't want to work with the new thunderbird version ... Hi, since I upgraded to the new Thunderbird version 3.1 I can't establish a TLS/SSL connection anymore. But before the update Thunerbird was able to establish an encrypted session ... Maillog shows me the following now: server dovecot: imap-login: Disconnected (no auth attempts): rip=84.157.133.248, lip=192.168.1.100, TLS handshaking: SSL_accept() failed: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca Why is the CA unknowen - all of a sudden - ?! Thanks
Re: [Dovecot] SSL / TLS Problem
Leander S. put forth on 7/11/2010 7:26 AM: Hi, since I upgraded to the new Thunderbird version 3.1 I can't establish a TLS/SSL connection anymore. But before the update Thunerbird was able to establish an encrypted session ... Maillog shows me the following now: server dovecot: imap-login: Disconnected (no auth attempts): rip=84.157.133.248, lip=192.168.1.100, TLS handshaking: SSL_accept() failed: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca Why is the CA unknowen - all of a sudden - ?! http://lmgtfy.com/?q=tlsv1+alert+unknown+ca+ -- Stan
Re: [Dovecot] SSL / TLS Problem
Am 11.07.10 14:35, schrieb Stan Hoeppner: Leander S. put forth on 7/11/2010 7:26 AM: Hi, since I upgraded to the new Thunderbird version 3.1 I can't establish a TLS/SSL connection anymore. But before the update Thunerbird was able to establish an encrypted session ... Maillog shows me the following now: server dovecot: imap-login: Disconnected (no auth attempts): rip=84.157.133.248, lip=192.168.1.100, TLS handshaking: SSL_accept() failed: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca Why is the CA unknowen - all of a sudden - ?! http://lmgtfy.com/?q=tlsv1+alert+unknown+ca+ Thanks a lot for the sarcastic google hint (even I had to smile) - but I'm not living behind the moon plus I wouldn't bother asking if I would find hints somwhere else ;) Dovecot's SSL/TLS capability is configured as told by: http://wiki.dovecot.org/SSL/CertificateCreation PLUS it uses to run without any issues on other MTAs. There is something else missed - I just don't get it ;/ Best Regards
Re: [Dovecot] SSL / TLS Problem
Leander S. put forth on 7/11/2010 8:24 AM: There is something else missed - I just don't get it ;/ The solution to your problem, or at least information pointing you in the right direction, is in those Google search results, if you'd bother to actually read some of them. I guess you'd rather wait for someone here to solve the problem for you instead of spending that time solving it yourself? -- Stan