Hi there,
I'm using the latest Thunderbird & Dovecot. I'm trying to setup
either
pop3s or imaps. The plain versions of the protocols both work fine for
me, even with the TLS option selected in Thunderbird. But when I try to
use the ssl versions, my client does not negotiate - it just time's out.
I have as much logging enabled as possible and the only thing that shows
up in my logs is this:
dovecot: Apr 03 03:02:47 Info: imap-login: Disconnected: Inactivity:
rip=209.226.117.155, lip=10.20.0.13, TLS handshake
dovecot: Apr 03 03:04:45 Warning: imap-login: SSL_accept() syscall
failed: Connection reset by peer [209.226.117.155]
When I trace the execution of the imap-login process, the only thing I
notice when I connect is this:
03:55:28.624759 accept(1, 0xbffffaa0, [28]) = -1 EAGAIN (Resource
temporarily unavailable)
Along with the normal stuff:
03:55:30.682212 gettimeofday({1175586930, 682327}, {300, 0}) = 0
03:55:30.682412 gettimeofday({1175586930, 682483}, NULL) = 0
03:55:30.682525 poll([{fd=5,
events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=8,
events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNV
AL}, {fd=3, events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}, {fd=1,
events=POLLIN|POLLPRI|POLLERR|POLLHUP|POLLNVAL}], 4, 1000) 0
ssl_cert_file = /home/steve/loft/mail/pop.loftsoftware.ca.crt
pop3_uidl_format = %08Xu%08Xv
ssl_key_file = /home/steve/loft/mail/pop.loftsoftware.ca.key
mail_location = maildir:/home/steve/loft/mail/%d/%u
mail_extra_groups = mail
protocols = pop3 pop3s
ssl_parameters_regenerate = 0
auth_debug = yes
mail_debug = yes
auth_verbose = yes
auth_debug_passwords = yes
verbose_ssl = yes
first_valid_uid = 1006
last_valid_uid = 1006
maildir_copy_with_hardlinks = yes
ssl_disable = no
info_log_path = /home/steve/loft/logs/dovecot-pop.log
log_path = /home/steve/loft/logs/dovecot-pop.log
protocol imap {
ssl_disable = no
#listen = *:123
#ssl_listen = *:110
verbose_ssl = yes
imap_client_workarounds = outlook-idle delay-newmail
}
protocol pop3 {
ssl_disable = no
verbose_ssl = yes
#listen = *:123
#ssl_listen = *:110
pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
}
protocol lda {
postmaster_address = postmaster at loftsoftware.ca
log_path = /home/steve/loft/logs/dovecot-deliver.log
info_log_path = /home/steve/loft/logs/dovecot-deliver.log
auth_socket_path = /var/run/dovecot/auth-master
}
auth default {
mechanisms = login plain apop
passdb sql {
args = /etc/dovecot/sql.conf
}
userdb sql {
args = /etc/dovecot/sql.conf
}
userdb prefetch {
}
user = nobody
socket listen {
master {
path = /var/run/dovecot/auth-master
mode = 0660
user = vmail
group = mail
}
client {
path = /var/spool/postfix/private/auth
mode = 0660
user = postfix
group = mail
}
}
}
On Tue, 2007-04-03 at 04:12 -0400, Steve Mulligan wrote:> I'm using the latest Thunderbird & Dovecot. I'm trying to setup either > pop3s or imaps. The plain versions of the protocols both work fine for > me, even with the TLS option selected in Thunderbird. But when I try to > use the ssl versions, my client does not negotiate - it just time's out.Since it might just as well be a Thunderbird configuration problem, try with openssl directly: openssl s_client -connect localhost:995 If it works, try remotely the same in case it's a firewall problem. If that works too, it's just a Thunderbird problem.> protocol pop3 { > ssl_disable = no > verbose_ssl = yes > #listen = *:123 > #ssl_listen = *:110I hope you've never actually tried to use this "ssl_listen = *:110" setting? pop3s is in port 995. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part URL: <http://dovecot.org/pipermail/dovecot/attachments/20070403/2c831769/attachment.bin>
Timo Sirainen wrote:> On Tue, 2007-04-03 at 04:12 -0400, Steve Mulligan wrote: > >> I'm using the latest Thunderbird & Dovecot. I'm trying to setup either >> pop3s or imaps. The plain versions of the protocols both work fine for >> me, even with the TLS option selected in Thunderbird. But when I try to >> use the ssl versions, my client does not negotiate - it just time's out. >> > > Since it might just as well be a Thunderbird configuration problem, try > with openssl directly: > > openssl s_client -connect localhost:995 > > If it works, try remotely the same in case it's a firewall problem. If > that works too, it's just a Thunderbird problem. >Thanks Timo. It connects fine on localhost, but when I try from a remote machine, I get : /C:\OpenSSL\bin>openssl s_client -connect pop.loftsoftware.ca:110 Loading 'screen' into random state - done CONNECTED(000000FC) / Then there is a very long wait, 1-2 minutes. /5696:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:.\ssl\s23_lib.c:188: / So I would say firewall problem BUT - it works fine when I switch the dovecot server and thunderbird client over to plain pop on the same port.> >> protocol pop3 { >> ssl_disable = no >> verbose_ssl = yes >> #listen = *:123 >> #ssl_listen = *:110 >> > > I hope you've never actually tried to use this "ssl_listen = *:110" > setting? pop3s is in port 995. > >Sadly yes, for now. I'm the only one using the pop server and I don't have control over opening my own ports to the outside world so I have been trying to get it working on 110. It should still work on 110 from a remote machine though, right? Thanks, Steve.