Hello, I'm new to dovecot. I just installed it a few days ago on FreeBSD via the ports and got it up and running without too much trouble. Although yesterday I turned on the SSL/TLS features and tried to get secure connections to work. I don't get any error messages when launching dovecot, I saw it successfully create the SSL parameters after first enabling the feature yet I can't seem to get a successful connection. Normal non- ssl connections work fine. What happens: 1) my client claims to be attempting the connection. 2) things go on for some time with nothing happening 3) finally the dovecot log pops up with these messages dovecot: Sep 09 02:25:23 Warning: imap-login: SSL_accept() syscall failed: EOF [x.x.x.x] dovecot: Sep 09 02:25:23 Info: imap-login: Disconnected: rip=x.x.x.x, lip=x.x.x.x, TLS handshake dovecot: Sep 09 02:26:23 Info: imap-login: Disconnected: Inactivity: rip=x.x.x.x, lip=x.x.x.x, TLS handshake FYI: I've regenerated a fresh cert and key, just for dovecot and I'm using Mac OS X's Mail client. Any clues? .tim
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 hi tim, - -- On September 9, 2006 10:28:29 AM -0700 Timothy Martin <instanttim at mac.com> wrote:> Hello, I'm new to dovecot. I just installed it a few days ago on > FreeBSD via the ports and got it up and running without too much > trouble. Although yesterday I turned on the SSL/TLS features and > tried to get secure connections to work. > > I don't get any error messages when launching dovecot, I saw it > successfully create the SSL parameters after first enabling the > feature yet I can't seem to get a successful connection. Normal non- > ssl connections work fine. > > What happens: > 1) my client claims to be attempting the connection. > 2) things go on for some time with nothing happening > 3) finally the dovecot log pops up with these messages > dovecot: Sep 09 02:25:23 Warning: imap-login: SSL_accept() syscall > failed: EOF [x.x.x.x] > dovecot: Sep 09 02:25:23 Info: imap-login: Disconnected: > rip=x.x.x.x, lip=x.x.x.x, TLS handshake > dovecot: Sep 09 02:26:23 Info: imap-login: Disconnected: > Inactivity: rip=x.x.x.x, lip=x.x.x.x, TLS handshake > > FYI: I've regenerated a fresh cert and key, just for dovecot and I'm > using Mac OS X's Mail client.i'm running dovecot on OSX, but have previously had _similar_ troubles that, eventually, turned out to be borked certs. have you checked/verified the certs? if not, take a look with: (1) another server, if you have it (2) mulberry MUA (mulberrymail.com) or thunderbird. both have nice cert view capabilities. simply dunno if Mail.app does -- i don't use it (3) check your certs with, e.g.: openssl verify -verbose -issuer_checks -purpose sslserver -CAfile 'my_CA_CERT' 'my_SVR_CERT' fwiw, there's a useful reference starting point here: "Certificate Management and Installation with OpenSSL" http://gagravarr.org/writing/openssl-certs/ hth, richard - -- /"\ \ / ASCII Ribbon Campaign X against HTML email, vCards / \ & micro$oft attachments [GPG] OpenMacNews at gmail dot com fingerprint: 50C9 1C46 2F8F DE42 2EDB D460 95F7 DDBD 3671 08C6 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (Darwin) iEYEARECAAYFAkUDABEACgkQlffdvTZxCMbRLQCgqJ/UOWhrJYK1RdueynC+fQKt izIAoMKGMQd46gExFNIu/4B9cbgrkCCj =4mpP -----END PGP SIGNATURE-----
On Sep 15, 2006, at 9:11am, Morgan Nightbear wrote:> > It's one of a few that I use. And I've built dovecot using openssl > 0.9.8. >OpenSSL 0.9.7c-p1> > >> I don't even get to this point. I don't get the cert warning >> dialog with my dovecot server (i do for courier) -- the activity >> window just shows it trying to synchronize for a very long time >> with no success. >> > > What message do you have in the log file related to your attempted > connection? >dovecot: Sep 14 23:18:05 Warning: imap-login: SSL_accept() syscall failed: EOF [<client-ip>] dovecot: Sep 14 23:21:05 Info: imap-login: Disconnected: Inactivity: rip=<client-ip>, lip=<server-ip>, TLS handshake> Did you get a certificate warning when trying to connect to my server? > >With Apple Mail? I just tried, and yes. The standard warning i normally get with other servers. But this doesn't happen for my own server... .tim
Maybe Matching Threads
- Unknown return value from SSL_accept: Success
- managesieve script 'redirect' fails @ "Error: sieve: ... aborted due to temporary failure; Error: smtp-server: ... failed: SSL_accept() failed: error:1408F10B:SSL routines:ssl3_get_record:wrong version number"; direct send OK ?
- managesieve script 'redirect' fails @ "Error: sieve: ... aborted due to temporary failure; Error: smtp-server: ... failed: SSL_accept() failed: error:1408F10B:SSL routines:ssl3_get_record:wrong version number"; direct send OK ?
- Error: SSL_accept() syscall failed
- managesieve script 'redirect' fails @ "Error: sieve: ... aborted due to temporary failure; Error: smtp-server: ... failed: SSL_accept() failed: error:1408F10B:SSL routines:ssl3_get_record:wrong version number"; direct send OK ?