Hello, I just decided to try dovecot again after a long pause, and I must say that I am very impressed with the speed and resource usage, even when running with UNIX mailboxes. However, I have a problem with SSL. Every two minutes the connection is frozen, and the client has to reconnect after it times out waiting for a response from the server. My IMAP client fetches all headers, and then caches all messages in my mailboxes. However, if I do this while connected to dovecot using SSL (imaps, port 993) the connection times out roughly every two minutes, and the IMAP client must close the connection, reconnect and resume operations from where it left off. This makes resynching a 40000 message 300MB folder take VERY long :-) Using the same client, connected to the same server and syncing the same mailbox connecting to regular imap port (no TLS, port 143), everything works smoothly. The very same client, server and mailbox works flawlessly with uw-imapd and SSL. I have turned on rawlog, and everything seems to be OK. I am unable to dump the wire, because it's SSL, so not sure what to do to debug this. One thing I find a bit strange is that /var/run/dovecot/ssl-parameters.dat is a 0 byte file. Is this normal? Client: Apple Mail 1.3.11 (v622) Server: dovecot 0.99.14, installed from ports on FreeBSD 5 dovecot.conf: -------------- next part -------------- A non-text attachment was scrubbed... Name: dovecot.conf Type: application/octet-stream Size: 20827 bytes Desc: not available URL: <http://dovecot.org/pipermail/dovecot/attachments/20050507/8c06cddc/attachment-0001.obj> -------------- next part -------------- Regards, Frode Nordahl
Have you tried another client? /jon Frode Nordahl said the following on 2005-05-07 14:02:> Hello, > > I just decided to try dovecot again after a long pause, and I must say > that I am very impressed with the speed and resource usage, even when > running with UNIX mailboxes. > > However, I have a problem with SSL. Every two minutes the connection > is frozen, and the client has to reconnect after it times out waiting > for a response from the server. > > My IMAP client fetches all headers, and then caches all messages in my > mailboxes. However, if I do this while connected to dovecot using SSL > (imaps, port 993) the connection times out roughly every two minutes, > and the IMAP client must close the connection, reconnect and resume > operations from where it left off. This makes resynching a 40000 > message 300MB folder take VERY long :-) > > Using the same client, connected to the same server and syncing the > same mailbox connecting to regular imap port (no TLS, port 143), > everything works smoothly. > > The very same client, server and mailbox works flawlessly with > uw-imapd and SSL. > > I have turned on rawlog, and everything seems to be OK. I am unable to > dump the wire, because it's SSL, so not sure what to do to debug this. > > One thing I find a bit strange is that > /var/run/dovecot/ssl-parameters.dat is a 0 byte file. Is this normal? > > Client: Apple Mail 1.3.11 (v622) > Server: dovecot 0.99.14, installed from ports on FreeBSD 5 > dovecot.conf:
Hi,> I have turned on rawlog, and everything seems to be OK. I am unable to > dump the wire, because it's SSL, so not sure what to do to debug this.Since you know the private key of the server (I assume you run it yourself), you can use ssldump to dump the traffic (use ssldump -k keyfile -d to decode the traffic with the private key in PEM format) johannes -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 832 bytes Desc: This is a digitally signed message part URL: <http://dovecot.org/pipermail/dovecot/attachments/20050507/eb319b83/attachment-0001.bin>
On May 7, 2005, at 20:49, Johannes Berg wrote:> Hi, > >> I have turned on rawlog, and everything seems to be OK. I am unable to >> dump the wire, because it's SSL, so not sure what to do to debug this. > > Since you know the private key of the server (I assume you run it > yourself), you can use ssldump to dump the traffic (use > ssldump -k keyfile -d > to decode the traffic with the private key in PEM format)Great! I have been looking (obviously not hard enough) for something like that. Thanks! Regards, Frode> johannes
On Sat, May 07, 2005 at 02:02:21PM +0200, Frode Nordahl wrote:> However, I have a problem with SSL. Every two minutes the connection is > frozen, and the client has to reconnect after it times out waiting for > a response from the server.[...]> Client: Apple Mail 1.3.11 (v622) > Server: dovecot 0.99.14, installed from ports on FreeBSD 5Many of us have had problems with the version of Apple Mail that was distributed with OS X 10.3.9 using SSL connections to a variety of different IMAP servers, including Dovecot. Fortunately Mail.app Version 2 (727/728) distributed with OS 10.4 doesn't exhibit the same problem. If you aren't ready to upgrade, I would recommend trying another client. Mulberry V4.0 is shaping up quite nicely. -- Jim Tittsler http://www.OnJapan.net/ GPG: 0x01159DB6 Python Starship http://Starship.Python.net/ Ringo MUG Tokyo http://www.ringo.net/rss.html
On Sat, 2005-05-07 at 14:02 +0200, Frode Nordahl wrote:> One thing I find a bit strange is that > /var/run/dovecot/ssl-parameters.dat is a 0 byte file. Is this normal?Yes, it's for GNUTLS although I think I should do something similar to OpenSSL too..> Server: dovecot 0.99.14, installed from ports on FreeBSD 5I'd recommend trying 1.0-stables (or 1.0-tests even) instead. Their code is almost completely different from 0.99.x. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part URL: <http://dovecot.org/pipermail/dovecot/attachments/20050508/3c672e14/attachment-0001.bin>