dovecot - Dec 2005 - No "Ok Dovecot Ready " on fc3 with ssl on ports 993 and 995

Skipped content of type multipart/alternative-------------- next part
--------------
A non-text attachment was scrubbed...
Name: dovecot.conf
Type: application/octet-stream
Size: 20440 bytes
Desc: not available
Url :
http://dovecot.org/pipermail/dovecot/attachments/20051214/c3493d0b/dovecot-0001.obj

ankush grover wrote:
> hey friends,
> 
> I am trying to secure my mail server on FC3.I have enabled TLS support
> in postfix(version postfix-2.1.5) and want to use ssl settings for
> dovecot(0.99.13).
> ...
> If i do telnet localhost 993 or 995 I don't see any "Ok Dovecot
Ready"
> message.If I enable pop3 and imap in dovecot.conf and then I telnet
> localhost 110 or 143 I can see "Ok Dovecot Ready" message.
That's normal. Dovecot is waiting for the SSL handshake to complete
before it will send "Ok Dovecot Ready" (over the encrypted line). Use

 openssl s_client -connect yourhost:995

to test.

Some clients can also connect to port 110 or 143 and issue the
STARTTLS/STLS command to initiate encryption. If you only have such
clients (unlikely), then you don't need pop3s and imaps in the protocols
line. At any rate, you can pretty safely allow pop3 and imap; dovecot
will not allow any plaintext authentication until the connection is
encrypted. Caveat: Some clients, most notably Mozilla Thunderbird, will
send IMAP passwords in clear anyway, instead of checking if it's OK.
(The IMAP LOGIN command takes the username and the password in the same
command. You should issue the CAPABILITY command, which shows that LOGIN
is disabled while STARTTLS is available.)

-- 
Magnus Holmgren
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 253 bytes
Desc: OpenPGP digital signature
Url :
http://dovecot.org/pipermail/dovecot/attachments/20051214/a6cf0747/signature.pgp