I believe I have the configuration set to use START TLS on IMAP4 (143)
and POP3 (110) ports. ?However, it does not seem to be working. ?Yet
"STARTTLS" is listed as a capability (which tells me I probably do
have it configured right).
In the session below, 172.30.0.24 is the mail server I'm putting up.
64.26.60.229 is an outside mail service. A similar thing happens on
POP3. The always-SSL/TLS ports (993 and 995) are working. There's
very little documentation matching "starttls".
=======================================================================altair/phil
/home/phil 162> telnet 172.30.0.24 143
Trying 172.30.0.24...
Connected to 172.30.0.24.
Escape character is '^]'.
* OK [CAPABILITY IMAP4rev1 SASL-IR SORT THREAD=REFERENCES MULTIAPPEND
UNSELECT LITERAL+ IDLE CHILDREN NAMESPACE LOGIN-REFERRALS UIDPLUS
LIST-EXTENDED I18NLEVEL=1 STARTTLS LOGINDISABLED] AUTHORIZED USERS
ONLY -- unauthorized access strictly prohibited
STARTTLS
STARTTLS BAD Error in IMAP command received by server.
^]quit
telnet> quit
Connection closed.
altair/phil /home/phil 163> telnet 64.26.60.229 143
Trying 64.26.60.229...
Connected to 64.26.60.229.
Escape character is '^]'.
* OK [CAPABILITY IMAP4rev1 UIDPLUS CHILDREN NAMESPACE
THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA IDLE STARTTLS]
Courier-IMAP ready. Copyright 1998-2005 Double Precision, Inc. ?See
COPYING for distribution information.
STARTTLS
STARTTLS OK Begin SSL/TLS negotiation now.
^]quit
telnet> quit
Connection closed.
altair/phil /home/phil 164>
=======================================================================
I do have "disable_plaintext_auth = yes" in my config file even though
"dovecot -n" does not show it ... must be a default.
=======================================================================# 1.1.11:
/etc/dovecot/dovecot.conf
# OS: Linux 2.6.31-19-server x86_64 Ubuntu 9.10 ext3
base_dir: /var/run/dovecot/
log_path: /var/log/dovecot/error.log
info_log_path: /var/log/dovecot/info.log
log_timestamp: %Y-%m-%d %H:%M:%S
protocols: imap pop3 imaps pop3s
listen: 172.30.0.24, [fc00::18], 127.0.0.1, [::1]
ssl_cert_file: /etc/ssl/certs/ssl-mail.pem
ssl_key_file: /etc/ssl/private/ssl-mail.key
ssl_parameters_regenerate: 24
ssl_cipher_list:
ALL:!LOW:!SSLv2:ALL:!aNULL:!ADH:!eNULL:!EXP:RC4+RSA:+HIGH:+MEDIUM
login_dir: /var/run/dovecot//login
login_executable(default): /usr/lib/dovecot/imap-login
login_executable(imap): /usr/lib/dovecot/imap-login
login_executable(pop3): /usr/lib/dovecot/pop3-login
login_greeting: AUTHORIZED USERS ONLY -- unauthorized access strictly prohibited
login_greeting_capability(default): yes
login_greeting_capability(imap): yes
login_greeting_capability(pop3): no
mail_max_userip_connections(default): 10
mail_max_userip_connections(imap): 10
mail_max_userip_connections(pop3): 3
verbose_proctitle: yes
first_valid_uid: 250
mail_privileged_group: mail
mail_uid: vmail
mail_gid: vmail
mail_location: maildir:/home/mail/%Ld/%Ln/mail
mail_debug: yes
mail_executable(default): /usr/lib/dovecot/imap
mail_executable(imap): /usr/lib/dovecot/imap
mail_executable(pop3): /usr/lib/dovecot/pop3
mail_process_size: 768
mail_plugin_dir(default): /usr/lib/dovecot/modules/imap
mail_plugin_dir(imap): /usr/lib/dovecot/modules/imap
mail_plugin_dir(pop3): /usr/lib/dovecot/modules/pop3
imap_client_workarounds(default): outlook-idle delay-newmail
imap_client_workarounds(imap): outlook-idle delay-newmail
imap_client_workarounds(pop3):
pop3_client_workarounds(default):
pop3_client_workarounds(imap):
pop3_client_workarounds(pop3): outlook-no-nuls oe-ns-eoh
auth default:
mechanisms: plain login
username_format: %Ln@%Ld
verbose: yes
debug: yes
debug_passwords: yes
passdb:
driver: passwd-file
args: username_format=%Ln@%Ld /etc/mailauth/deny
deny: yes
passdb:
driver: passwd-file
args: username_format=%Ln /etc/mailauth/%Ld/deny
deny: yes
passdb:
driver: passwd-file
args: scheme=crypt username_format=%Ln@%Ld /etc/mailauth/passwd
passdb:
driver: passwd-file
args: scheme=crypt username_format=%Ln /etc/mailauth/%Ld/passwd
userdb:
driver: passwd-file
args: username_format=%Ln@%Ld /etc/mailauth/passwd
userdb:
driver: passwd-file
args: username_format=%Ln /etc/mailauth/%Ld/passwd
socket:
type: listen
client:
path: /var/spool/postfix/private/dovecot-auth
mode: 432
user: postfix
group: postfix
master:
path: /var/run/dovecot/auth-master
mode: 384
user: vmail
group: vmail
========================================================================
> altair/phil /home/phil 162> telnet 172.30.0.24 143 > Trying 172.30.0.24... > Connected to 172.30.0.24. > Escape character is '^]'. > * OK [CAPABILITY IMAP4rev1 SASL-IR SORT THREAD=REFERENCES MULTIAPPEND > UNSELECT LITERAL+ IDLE CHILDREN NAMESPACE LOGIN-REFERRALS UIDPLUS > LIST-EXTENDED I18NLEVEL=1 STARTTLS LOGINDISABLED] AUTHORIZED USERS > ONLY -- unauthorized access strictly prohibited > STARTTLS > STARTTLS BAD Error in IMAP command received by server. > ^]quitEvery IMAP command needs a command tag. Instead of "STARTTLS" try "A STARTTLS".
On Mon, May 24, 2010 at 11:49, Mike Abbott <michael.abbott at apple.com> wrote:>> Anyway, with the tag it does work on IMAP. ?But it still fails on POP > > For POP3 the command is STLS. >Well, that kinda complicates a "STARTTLS tunnel" :-) ... I was thinking of trying to do that to address some issues. OK, well, put the emphasis on "seem" in my subject. It seems I made assumptions about the protocols.