dovecot - Oct 2007 - iPhone 1.1.1 problems.

I'm having problems with the iPhone client in the 1.1.1 version of the
iPhone software. Things with other clients work fine, and the iPhone
worked fine before it was upgraded to 1.1.1. Other phones on 1.1.1
failed. I'm still working on testing against the client with the
iPhone 1.0.2 software on it.

The problem is that the client simply doesn't connect to dovecot. I
can see the packets passing back and forth in a number of ways, but
haven't been able to see the contents. I tried turning on raw logging,
but don't get log files for accesses from the iPhone. What I get are
lines like so:

Oct 13 00:08:34 bhuda dovecot: imap-login: Disconnected: rip=xxx.xxx.xxx.xx2,
lip=xxx.xxx.xxx.xx1, TLS

Turning off SSL both ways, and the message changes to:

Oct 13 18:21:38 bhuda dovecot: imap-login: Aborted login: rip=xxx.xxx.xxx.xx2,
lip=xxx.xxx.xxx.xx1

Tweaking the logging in the firewall reveals something interesting:
apparently the phone makes the connection to 993, then dovecot drops
the connection, but the phone keeps sending to it (and yes, I've tried
setting the firewall to allow arbitrary traffic between the phone and
the server).

So, first question: is anyone who has clients using iPhone software
version 1.1.1 working willing to share config information?

Second question: suggestions for things to try to solve the problem?
(Other than talk to apple as that process is underway)? For instance,
a recipe to sniff the text of the interchange?

Final question: Any other information I can provide that might help
debug this?

      Thanks,
      <mike

dovecot info:
bhuda# dovecot --version
1.0.5
bhuda# dovecot -n
# 1.0.5: /usr/opt/etc/dovecot.conf
ssl_cert_file: /usr/local/etc/openvpn/server.crt
ssl_key_file: /usr/local/etc/openvpn/server.key
login_dir: /var/run/dovecot/login
login_executable: /usr/opt/libexec/dovecot/imap-login
verbose_proctitle: yes
first_valid_gid: 0
mail_extra_groups: mail
mail_location: maildir:~/mailboxes
imap_client_workarounds: delay-newmail outlook-idle netscape-eoh
tb-extra-mailbox-sep
auth default:
  passdb:
    driver: pam
  userdb:
    driver: passwd

System info:
bhuda# uname -a
FreeBSD bhuda.mired.org 6.2-STABLE FreeBSD 6.2-STABLE #6: Sun Jun  3 04:17:59
EDT 2007     mwm at bhuda.mired.org:/usr/src/sys/amd64/compile/BHUDA  amd64

And all the mailboxes are stored on ufs file systems.

    <mike
-- 
Mike Meyer <mwm at mired.org>		http://www.mired.org/consulting.html
Independent Network/Unix/Perforce consultant, email for more information.

On Oct 13, 2007, at 17:33, Mike Meyer wrote:
> I'm having problems with the iPhone client in the 1.1.1 version of the
> iPhone software. Things with other clients work fine, and the iPhone
> worked fine before it was upgraded to 1.1.1. Other phones on 1.1.1
> failed. I'm still working on testing against the client with the
> iPhone 1.0.2 software on it.
Works fine here.
> The problem is that the client simply doesn't connect to dovecot. I
> can see the packets passing back and forth in a number of ways, but
> haven't been able to see the contents. I tried turning on raw logging,
> but don't get log files for accesses from the iPhone. What I get are
> lines like so:
>
> Oct 13 00:08:34 bhuda dovecot: imap-login: Disconnected:  
> rip=xxx.xxx.xxx.xx2, lip=xxx.xxx.xxx.xx1, TLS
>
> Turning off SSL both ways, and the message changes to:
>
> Oct 13 18:21:38 bhuda dovecot: imap-login: Aborted login:  
> rip=xxx.xxx.xxx.xx2, lip=xxx.xxx.xxx.xx1
>
> Tweaking the logging in the firewall reveals something interesting:
> apparently the phone makes the connection to 993, then dovecot drops
> the connection, but the phone keeps sending to it (and yes, I've tried
> setting the firewall to allow arbitrary traffic between the phone and
> the server).
Have you tried using port 143? Check the Incoming Mail Server setting  
on the iPhone. For port 143, there should just be a Host Name without  
":993" appended. ... I haven't tested with port 993. If you're
synching email accounting with your desktop, you'll need to change it  
there and resynch - you won't be able to change it on the iPhone  
unless you setup the account directly on the iPhone.
> So, first question: is anyone who has clients using iPhone software
> version 1.1.1 working willing to share config information?
# 1.0.5: /usr/local/etc/dovecot/dovecot.conf
protocols: imap imaps pop3 pop3s
ssl_ca_file: /usr/local/etc/certs/ca.pem
ssl_cert_file(default): /usr/local/etc/certs/dovecot-imaps.pem
ssl_cert_file(imap): /usr/local/etc/certs/dovecot-imaps.pem
ssl_cert_file(pop3): /usr/local/etc/certs/dovecot-pop3s.pem
ssl_key_file(default): /usr/local/etc/certs/dovecot-imaps.pem
ssl_key_file(imap): /usr/local/etc/certs/dovecot-imaps.pem
ssl_key_file(pop3): /usr/local/etc/certs/dovecot-pop3s.pem
ssl_cipher_list: TLSv1+SSLv3+aRSA+RSA:-LOW:-EXPORT:-eNULL:@STRENGTH
login_dir: /opt/local/var/run/dovecot/login
login_executable(default): /opt/local/libexec/dovecot/imap-login
login_executable(imap): /opt/local/libexec/dovecot/imap-login
login_executable(pop3): /opt/local/libexec/dovecot/pop3-login
login_processes_count(default): 3
login_processes_count(imap): 3
login_processes_count(pop3): 2
login_max_processes_count(default): 20
login_max_processes_count(imap): 20
login_max_processes_count(pop3): 5
verbose_proctitle: yes
mail_location: maildir:~/.maildir/
dotlock_use_excl: yes
mail_executable(default): /opt/local/libexec/dovecot/imap
mail_executable(imap): /opt/local/libexec/dovecot/imap
mail_executable(pop3): /opt/local/libexec/dovecot/pop3
mail_plugin_dir(default): /opt/local/lib/dovecot/imap
mail_plugin_dir(imap): /opt/local/lib/dovecot/imap
mail_plugin_dir(pop3): /opt/local/lib/dovecot/pop3
pop3_uidl_format(default):
pop3_uidl_format(imap):
pop3_uidl_format(pop3): %08Xv%08Xu
auth default:
   passdb:
     driver: pam
   userdb:
     driver: passwd
> Second question: suggestions for things to try to solve the problem?
> (Other than talk to apple as that process is underway)? For instance,
> a recipe to sniff the text of the interchange?
Try ssldump. It's probably in ports. If not, you can get it from  
<http://www.rtfm.com/ssldump/>. Make sure you use "-k" with the
IMAP
server's key.
> Final question: Any other information I can provide that might help
> debug this?
>
>       Thanks,
>       <mike
>
> dovecot info:
> bhuda# dovecot --version
> 1.0.5
> bhuda# dovecot -n
> # 1.0.5: /usr/opt/etc/dovecot.conf
> ssl_cert_file: /usr/local/etc/openvpn/server.crt
> ssl_key_file: /usr/local/etc/openvpn/server.key
> login_dir: /var/run/dovecot/login
> login_executable: /usr/opt/libexec/dovecot/imap-login
> verbose_proctitle: yes
> first_valid_gid: 0
> mail_extra_groups: mail
> mail_location: maildir:~/mailboxes
> imap_client_workarounds: delay-newmail outlook-idle netscape-eoh tb- 
> extra-mailbox-sep
> auth default:
>   passdb:
>     driver: pam
>   userdb:
>     driver: passwd
>
> System info:
> bhuda# uname -a
> FreeBSD bhuda.mired.org 6.2-STABLE FreeBSD 6.2-STABLE #6: Sun Jun   
> 3 04:17:59 EDT 2007     mwm at bhuda.mired.org:/usr/src/sys/amd64/ 
> compile/BHUDA  amd64
>
> And all the mailboxes are stored on ufs file systems.
>
>     <mike
> -- 
> Mike Meyer <mwm at mired.org>		http://www.mired.org/consulting.html
> Independent Network/Unix/Perforce consultant, email for more  
> information.