Re: [Dovecot] ssl connections frozen, client times out
On 03/04/2007 17:45, Steve Mulligan wrote: Timo Sirainen wrote: I hope you've never actually tried to use this "ssl_listen = *:110" setting? pop3s is in port 995. Sadly yes, for now. I'm the only one using the pop server and I don't have control over opening my own ports to the outside world so I have been trying to get it working on 110. It should still work on 110 from a remote machine though, right? If you only have port 110, I'd suggest you don't run SSL on it, run TLS and have disable_plaintext_auth = yes. Cheers, John.
Re: [Dovecot] ssl connections frozen, client times out
Timo Sirainen wrote:
On Tue, 2007-04-03 at 04:12 -0400, Steve Mulligan wrote:
I'm using the latest Thunderbird & Dovecot. I'm trying to setup either
pop3s or imaps. The plain versions of the protocols both work fine for
me, even with the TLS option selected in Thunderbird. But when I try to
use the ssl versions, my client does not negotiate - it just time's out.
Since it might just as well be a Thunderbird configuration problem, try
with openssl directly:
openssl s_client -connect localhost:995
If it works, try remotely the same in case it's a firewall problem. If
that works too, it's just a Thunderbird problem.
Thanks Timo. It connects fine on localhost, but when I try from a
remote machine, I get :
/C:\OpenSSL\bin>openssl s_client -connect pop.loftsoftware.ca:110
Loading 'screen' into random state - done
CONNECTED(00FC)
/
Then there is a very long wait, 1-2 minutes.
/5696:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake
failure:.\ssl\s23_lib.c:188:
/
So I would say firewall problem BUT - it works fine when I switch the
dovecot server and thunderbird client over to plain pop on the same port.
protocol pop3 {
ssl_disable = no
verbose_ssl = yes
#listen = *:123
#ssl_listen = *:110
I hope you've never actually tried to use this "ssl_listen = *:110"
setting? pop3s is in port 995.
Sadly yes, for now. I'm the only one using the pop server and I don't
have control over opening my own ports to the outside world so I have
been trying to get it working on 110. It should still work on 110 from
a remote machine though, right?
Thanks,
Steve.
Re: [Dovecot] ssl connections frozen, client times out
On Tue, 2007-04-03 at 04:12 -0400, Steve Mulligan wrote:
> I'm using the latest Thunderbird & Dovecot. I'm trying to setup either
> pop3s or imaps. The plain versions of the protocols both work fine for
> me, even with the TLS option selected in Thunderbird. But when I try to
> use the ssl versions, my client does not negotiate - it just time's out.
Since it might just as well be a Thunderbird configuration problem, try
with openssl directly:
openssl s_client -connect localhost:995
If it works, try remotely the same in case it's a firewall problem. If
that works too, it's just a Thunderbird problem.
> protocol pop3 {
> ssl_disable = no
> verbose_ssl = yes
> #listen = *:123
> #ssl_listen = *:110
I hope you've never actually tried to use this "ssl_listen = *:110"
setting? pop3s is in port 995.
signature.asc
Description: This is a digitally signed message part
[Dovecot] ssl connections frozen, client times out
Hi there,
I'm using the latest Thunderbird & Dovecot. I'm trying to setup either
pop3s or imaps. The plain versions of the protocols both work fine for
me, even with the TLS option selected in Thunderbird. But when I try to
use the ssl versions, my client does not negotiate - it just time's out.
I have as much logging enabled as possible and the only thing that shows
up in my logs is this:
dovecot: Apr 03 03:02:47 Info: imap-login: Disconnected: Inactivity:
rip=209.226.117.155, lip=10.20.0.13, TLS handshake
dovecot: Apr 03 03:04:45 Warning: imap-login: SSL_accept() syscall
failed: Connection reset by peer [209.226.117.155]
When I trace the execution of the imap-login process, the only thing I
notice when I connect is this:
03:55:28.624759 accept(1, 0xbaa0, [28]) = -1 EAGAIN (Resource
temporarily unavailable)
Along with the normal stuff:
03:55:30.682212 gettimeofday({1175586930, 682327}, {300, 0}) = 0
03:55:30.682412 gettimeofday({1175586930, 682483}, NULL) = 0
03:55:30.682525 poll([{fd=5,
events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=8,
events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNV
AL}, {fd=3, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=1,
events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}], 4, 1000) =
0
ssl_cert_file = /home/steve/loft/mail/pop.loftsoftware.ca.crt
pop3_uidl_format = %08Xu%08Xv
ssl_key_file = /home/steve/loft/mail/pop.loftsoftware.ca.key
mail_location = maildir:/home/steve/loft/mail/%d/%u
mail_extra_groups = mail
protocols = pop3 pop3s
ssl_parameters_regenerate = 0
auth_debug = yes
mail_debug = yes
auth_verbose = yes
auth_debug_passwords = yes
verbose_ssl = yes
first_valid_uid = 1006
last_valid_uid = 1006
maildir_copy_with_hardlinks = yes
ssl_disable = no
info_log_path = /home/steve/loft/logs/dovecot-pop.log
log_path = /home/steve/loft/logs/dovecot-pop.log
protocol imap {
ssl_disable = no
#listen = *:123
#ssl_listen = *:110
verbose_ssl = yes
imap_client_workarounds = outlook-idle delay-newmail
}
protocol pop3 {
ssl_disable = no
verbose_ssl = yes
#listen = *:123
#ssl_listen = *:110
pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
}
protocol lda {
postmaster_address = [EMAIL PROTECTED]
log_path = /home/steve/loft/logs/dovecot-deliver.log
info_log_path = /home/steve/loft/logs/dovecot-deliver.log
auth_socket_path = /var/run/dovecot/auth-master
}
auth default {
mechanisms = login plain apop
passdb sql {
args = /etc/dovecot/sql.conf
}
userdb sql {
args = /etc/dovecot/sql.conf
}
userdb prefetch {
}
user = nobody
socket listen {
master {
path = /var/run/dovecot/auth-master
mode = 0660
user = vmail
group = mail
}
client {
path = /var/spool/postfix/private/auth
mode = 0660
user = postfix
group = mail
}
}
}
