dovecot - Jan 2012 - dovecot: imap-login: Disconnected (no auth attempts)

Morning everyone,

	On the 8th of Jan the TLS/SSL certificate I use with Dovecot expired. I
replaced it with a new on the 9th of Jan.  I tested this with
Thunderbird and all is well.

This morning people tell me they cannot get their email using their
mobile telephones  :  K9 Mail

I have reverted the SSL cert back to the old one just in case.
Thunderbird will works.


Dovecot 1:1.2.15-7 running on Debian 6

The messages in the logs are:

Jan  9 10:11:37 logout dovecot: imap-login: Disconnected (no auth
attempts): rip=90.131.95.130, lip=88.119.95.13, TLS: Disconnected
Jan  9 10:11:38 logout dovecot: imap-login: Disconnected (no auth
attempts): rip=90.131.95.130, lip=88.119.95.13, TLS: Disconnected

In dovecot.conf I have this set :

disable_plaintext_auth = no

And the auth default mechanisms are set to:
  mechanisms = plain login

What is strange is the only item that changed is the SSL cert, which has
since been changed back to the old one (which has expired... ^^).

Any ideas where I may look or change?

Regards, S

Am 09.01.2012 10:16, schrieb J4K:
> Morning everyone,
> 
> 	On the 8th of Jan the TLS/SSL certificate I use with Dovecot expired. I
> replaced it with a new on the 9th of Jan.  I tested this with
> Thunderbird and all is well.
> 
> This morning people tell me they cannot get their email using their
> mobile telephones  :  K9 Mail
> 
> I have reverted the SSL cert back to the old one just in case.
> Thunderbird will works.
> 
> 
> Dovecot 1:1.2.15-7 running on Debian 6
> 
> The messages in the logs are:
> 
> Jan  9 10:11:37 logout dovecot: imap-login: Disconnected (no auth
> attempts): rip=90.131.95.130, lip=88.119.95.13, TLS: Disconnected
> Jan  9 10:11:38 logout dovecot: imap-login: Disconnected (no auth
> attempts): rip=90.131.95.130, lip=88.119.95.13, TLS: Disconnected
> 
> In dovecot.conf I have this set :
> 
> disable_plaintext_auth = no
> 
> And the auth default mechanisms are set to:
>   mechanisms = plain login
> 
> What is strange is the only item that changed is the SSL cert, which has
> since been changed back to the old one (which has expired... ^^).
> 
> Any ideas where I may look or change?
> 
> Regards, S
if you only changed the crt etc, and youre sure you did everything right

perhaps you have forgot adding a needed intermediate cert ?

read here
http://www.trustico.co.uk/install/how-to-install-ssl-certificate.php

Required Intermediate Certificates (CA Certificates)

To successfully install your SSL Certificate you may be required to
install an Intermediate CA Certificate. Please review the above
installation instructions carefully to determine if an Intermediate CA
Certificate is required, how to obtain it and correctly import it into
your system. For more information please Contact Us.
Alternatively, and for systems not covered by the above installation
instructions, please use our Intermediate Certificate Wizard to find the
correct CA Certificate or Root Bundle that is required for your SSL
Certificate to function correctly. Find Out More Information
-- 
Best Regards

MfG Robert Schetterer

Germany/Munich/Bavaria

On 09/01/12 10:27, Robert Schetterer wrote:
> Am 09.01.2012 10:16, schrieb J4K:
>> Morning everyone,
>>
>> 	On the 8th of Jan the TLS/SSL certificate I use with Dovecot expired.
I
>> replaced it with a new on the 9th of Jan.  I tested this with
>> Thunderbird and all is well.
>>
>> This morning people tell me they cannot get their email using their
>> mobile telephones  :  K9 Mail
>>
>> I have reverted the SSL cert back to the old one just in case.
>> Thunderbird will works.
>>
>>
>> Dovecot 1:1.2.15-7 running on Debian 6
>>
>> The messages in the logs are:
>>
>> Jan  9 10:11:37 logout dovecot: imap-login: Disconnected (no auth
>> attempts): rip=90.131.95.130, lip=88.119.95.13, TLS: Disconnected
>> Jan  9 10:11:38 logout dovecot: imap-login: Disconnected (no auth
>> attempts): rip=90.131.95.130, lip=88.119.95.13, TLS: Disconnected
>>
>> In dovecot.conf I have this set :
>>
>> disable_plaintext_auth = no
>>
>> And the auth default mechanisms are set to:
>>   mechanisms = plain login
>>
>> What is strange is the only item that changed is the SSL cert, which
has
>> since been changed back to the old one (which has expired... ^^).
>>
>> Any ideas where I may look or change?
>>
>> Regards, S
> if you only changed the crt etc, and youre sure you did everything right
>
> perhaps you have forgot adding a needed intermediate cert ?
>
> read here
> http://www.trustico.co.uk/install/how-to-install-ssl-certificate.php
>
> Required Intermediate Certificates (CA Certificates)
>
> To successfully install your SSL Certificate you may be required to
> install an Intermediate CA Certificate. Please review the above
> installation instructions carefully to determine if an Intermediate CA
> Certificate is required, how to obtain it and correctly import it into
> your system. For more information please Contact Us.
> Alternatively, and for systems not covered by the above installation
> instructions, please use our Intermediate Certificate Wizard to find the
> correct CA Certificate or Root Bundle that is required for your SSL
> Certificate to function correctly. Find Out More Information
   
You may have some email problems with the mobile phone because of the
certificates.  Thunderbird and webmail are fine. You have only to access
its complaint about a unknown certificate.

I am working on the certificate problem.

Am 09.01.2012 10:37, schrieb Simon Loewenthal:
> On 09/01/12 10:27, Robert Schetterer wrote:
>> Am 09.01.2012 10:16, schrieb J4K:
>>> Morning everyone,
>>>
>>> 	On the 8th of Jan the TLS/SSL certificate I use with Dovecot
expired. I
>>> replaced it with a new on the 9th of Jan.  I tested this with
>>> Thunderbird and all is well.
>>>
>>> This morning people tell me they cannot get their email using their
>>> mobile telephones  :  K9 Mail
>>>
>>> I have reverted the SSL cert back to the old one just in case.
>>> Thunderbird will works.
>>>
>>>
>>> Dovecot 1:1.2.15-7 running on Debian 6
>>>
>>> The messages in the logs are:
>>>
>>> Jan  9 10:11:37 logout dovecot: imap-login: Disconnected (no auth
>>> attempts): rip=90.131.95.130, lip=88.119.95.13, TLS: Disconnected
>>> Jan  9 10:11:38 logout dovecot: imap-login: Disconnected (no auth
>>> attempts): rip=90.131.95.130, lip=88.119.95.13, TLS: Disconnected
>>>
>>> In dovecot.conf I have this set :
>>>
>>> disable_plaintext_auth = no
>>>
>>> And the auth default mechanisms are set to:
>>>   mechanisms = plain login
>>>
>>> What is strange is the only item that changed is the SSL cert,
which has
>>> since been changed back to the old one (which has expired... ^^).
>>>
>>> Any ideas where I may look or change?
>>>
>>> Regards, S
>> if you only changed the crt etc, and youre sure you did everything
right
>>
>> perhaps you have forgot adding a needed intermediate cert ?
>>
>> read here
>> http://www.trustico.co.uk/install/how-to-install-ssl-certificate.php
>>
>> Required Intermediate Certificates (CA Certificates)
>>
>> To successfully install your SSL Certificate you may be required to
>> install an Intermediate CA Certificate. Please review the above
>> installation instructions carefully to determine if an Intermediate CA
>> Certificate is required, how to obtain it and correctly import it into
>> your system. For more information please Contact Us.
>> Alternatively, and for systems not covered by the above installation
>> instructions, please use our Intermediate Certificate Wizard to find
the
>> correct CA Certificate or Root Bundle that is required for your SSL
>> Certificate to function correctly. Find Out More Information
> I know that the intermediate certs are messed up, which is why I rolled
> back to the old expired certificate.   I did not expect an expired
> certificate to block authentication, and it does not mean that it does
> block. The problem may be elsewhere.
that might be a k9 problem ( older versions ) or in android older
versions, is there a ignore ssl failure option as workaround

what does thunderbird tell you about the new cert ?

but for sure the problem may elsewhere
> 
> -- 
> 	     PGP is optional: 4BA78604
> 	     simon @ klunky  .     org
> 	     simon @ klunky  .   co.uk
> 	I won't accept your confidentiality
> 	agreement, and your Emails are kept.
>       		       ~???~
> 

-- 
Best Regards

MfG Robert Schetterer

Germany/Munich/Bavaria