ankush grover
2005-Dec-12 11:11 UTC
[Dovecot] configuring squirrelmail with tls for both imap & smtp on FC3 with dovecot & postfix
hey friends,
I am trying to secure my mail server.I have enabled TLS support in
postfix(version postfix-2.1.5), now I am trying to configure
squirrelmail(version 1.4.4-1 rpm) for tls/ssl support.In config.php i have
choosen use_imap_tls=true and use_smpt_tls=true.
Moreover If I send any mail from squirrelmail there are no entries for ssl
or tls in maillogs whereas If I send the mail through evolution I can see
tls/ssl entries in maillogs.
starting TLS engine
Dec 12 12:30:08 cluster1 postfix/smtpd[7965]: setting up TLS connection from
[192.168.1.68]
Dec 12 12:30:08 cluster1 postfix/smtpd[7965]: SSL_accept:before/accept
initialization
Dec 12 12:30:08 cluster1 postfix/smtpd[7965]: SSL_accept:error in SSLv2/v3
read client hello A
Dec 12 12:30:08 cluster1 postfix/smtpd[7965]: SSL_accept:error in SSLv2/v3
read client hello B
Dec 12 12:30:08 cluster1 postfix/smtpd[7965]: SSL_accept:SSLv3 read client
hello A
Dec 12 12:30:08 cluster1 postfix/smtpd[7965]: SSL_accept:SSLv3 write server
hello A
Dec 12 12:30:08 cluster1 postfix/smtpd[7965]: SSL_accept:SSLv3 write
certificate A
Dec 12 12:30:08 cluster1 postfix/smtpd[7965]: SSL_accept:SSLv3 write server
done A
Dec 12 12:30:08 cluster1 postfix/smtpd[7965]: SSL_accept:SSLv3 flush data
Dec 12 12:30:08 cluster1 postfix/smtpd[7965]: SSL_accept:error in SSLv3 read
client certificate A
Dec 12 12:30:08 cluster1 last message repeated 2 times
Dec 12 12:30:08 cluster1 postfix/smtpd[7965]: SSL_accept:SSLv3 read client
key exchange A
Dec 12 12:30:08 cluster1 postfix/smtpd[7965]: SSL_accept:error in SSLv3 read
certificate verify A
Dec 12 12:30:08 cluster1 last message repeated 3 times
Dec 12 12:30:08 cluster1 postfix/smtpd[7965]: SSL_accept:SSLv3 read finished
A
Dec 12 12:30:08 cluster1 postfix/smtpd[7965]: SSL_accept:SSLv3 write change
cipher spec A
Dec 12 12:30:08 cluster1 postfix/smtpd[7965]: SSL_accept:SSLv3 write
finished A
Dec 12 12:30:08 cluster1 postfix/smtpd[7965]: SSL_accept:SSLv3 flush data
Dec 12 12:30:08 cluster1 postfix/smtpd[7965]: TLS connection established
from [192.168.1.68]: SSLv3 with cipher RC4-MD5 (128/128 bits)
But when I did the config.test for squirrelmail I got the below error
Checking IMAP service....
IMAP server ready (* OK dovecot ready.)
Capabilities: * CAPABILITY IMAP4rev1 SORT THREAD=REFERENCES MULTIAPPEND
UNSELECT IDLE CHILDREN LISTEXT LIST-SUBSCRIBED NAMESPACE AUTH=PLAIN
*ERROR:* You have enabled TLS encryption in the config, but the server
does not report STARTTLS capability. TLS is probably not supported.
Lines of ssl in /etc/dovecot.conf
protocols = imaps pop3s
imaps_listen = *
pop3s_listen = *
ssl_disable = no
ssl_cert_file = /usr/share/ssl/certs/dovecot.pem
ssl_key_file = /usr/share/ssl/private/dovecot.pem
ssl_parameters_file = /var/run/dovecot/ssl-parameters.dat
disable_plaintext_auth = yes
If i do telnet localhost 993 or 995 I don't see any "Ok Dovecot
Ready"
message.But If I enable pop3 and imap in dovecot.conf and then I telnet
localhost 110 or 143 I can see "Ok Dovecot Ready" message.
How do I make squirrelmail to use tls/ssl for both imap & smtp.
Thanks & Regards
Ankush Grover
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://dovecot.org/pipermail/dovecot/attachments/20051212/b7f93bbf/attachment-0001.htm
Possibly Parallel Threads
- managesieve script 'redirect' fails @ "Error: sieve: ... aborted due to temporary failure; Error: smtp-server: ... failed: SSL_accept() failed: error:1408F10B:SSL routines:ssl3_get_record:wrong version number"; direct send OK ?
- Quota status to postfix in distributed environment
- postfix -1 read errors
- unknown users
- Squirrelmail + Dovecot + Maildir
Wisdom of the Ancients
