Denis Iskandarov
2011-Jun-13 13:42 UTC
[Dovecot] SSL comunication problems with client side.
I can get messages without SSL with no problems. but i need to setup server accept only SSL secured connections. I think my configuration is very proper, but cant find "obvious" problem. Postfix 2.3.3 + dovecot 2.0.13-1_129.el5 + PostfixAdmin 2.3.3 I made own CA. configured postfix and dovecot with same cert key ca. Same public cert i gave for client just converted it to PKCS#12. I cant undestand valid and invalid certs strings in long, they look same. You can check logs and config bellow. Also some other questions regarding SSL: 1. How to make client MUA (thunderbird) automatically retrieve certificate ? My thunderbird cant do it by itself so i'm importing mail cert by myself. 2. If i want to setup Roundcube/Squirrelmail webmail clients with TLS support (https) i have to provide them with same certificates as dovecot and postfix have. Or in this case i can use whatever certificate dedicated for with "virtualhost"? dovecot-deliver.log: Jun 13 13:26:42 imap-login: Info: Invalid certificate: unable to get certificate CRL: /C=GE/ST=Tbilisi/O=Caucasus Digital Network/OU=Mail Server/CN=mx.office.dev/emailAddress=hostmaster at office.dev Jun 13 13:26:42 imap-login: Info: Invalid certificate: unable to get certificate CRL: /C=GE/ST=Tbilisi/L=Tbilisi/O=Caucasus Digital Network/OU=Caucasus Digital Network/CN=Caucasus Digital Network/emailAddress=hostmaster at office.dev Jun 13 13:26:42 imap-login: Info: Valid certificate: /C=GE/ST=Tbilisi/L=Tbilisi/O=Caucasus Digital Network/OU=Caucasus Digital Network/CN=Caucasus Digital Network/emailAddress=hostmaster at office.dev Jun 13 13:26:42 imap-login: Info: Valid certificate: /C=GE/ST=Tbilisi/O=Caucasus Digital Network/OU=Mail Server/CN=mx.office.dev/emailAddress=hostmaster at office.dev Jun 13 13:26:42 auth: Info: PLAIN(?,192.168.0.11): Client didn't present valid SSL certificate Jun 13 13:26:42 auth: Info: LOGIN(?,192.168.0.11): Client didn't present valid SSL certificate Jun 13 13:26:42 auth: Info: PLAIN(?,192.168.0.11): Client didn't present valid SSL certificate Jun 13 13:26:42 imap-login: Info: Disconnected (client sent an invalid cert): method=PLAIN, rip=192.168.0.11, lip=192.168.0.31, TLS maillog. Jun 13 13:26:42 cent56dev dovecot: imap-login: Warning: SSL: where=0x10, ret=1: before/accept initialization [192.168.0.11] Jun 13 13:26:42 cent56dev dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: before/accept initialization [192.168.0.11] Jun 13 13:26:42 cent56dev dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 read client hello A [192.168.0.11] Jun 13 13:26:42 cent56dev dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 write server hello A [192.168.0.11] Jun 13 13:26:42 cent56dev dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 write certificate A [192.168.0.11] Jun 13 13:26:42 cent56dev dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 write certificate request A [192.168.0.11] Jun 13 13:26:42 cent56dev dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 flush data [192.168.0.11] Jun 13 13:26:42 cent56dev dovecot: imap-login: Warning: SSL: where=0x2002, ret=-1: SSLv3 read client certificate A [192.168.0.11] Jun 13 13:26:42 cent56dev dovecot: imap-login: Warning: SSL: where=0x2002, ret=-1: SSLv3 read client certificate A [192.168.0.11] Jun 13 13:26:42 cent56dev dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 read client certificate A [192.168.0.11] Jun 13 13:26:42 cent56dev dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 read client key exchange A [192.168.0.11] Jun 13 13:26:42 cent56dev dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 read certificate verify A [192.168.0.11] Jun 13 13:26:42 cent56dev dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 read finished A [192.168.0.11] Jun 13 13:26:42 cent56dev dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 write change cipher spec A [192.168.0.11] Jun 13 13:26:42 cent56dev dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 write finished A [192.168.0.11] Jun 13 13:26:42 cent56dev dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 flush data [192.168.0.11] Jun 13 13:26:42 cent56dev dovecot: imap-login: Warning: SSL: where=0x20, ret=1: SSL negotiation finished successfully [192.168.0.11] Jun 13 13:26:42 cent56dev dovecot: imap-login: Warning: SSL: where=0x2002, ret=1: SSL negotiation finished successfully [192.168.0.11] Jun 13 13:26:42 cent56dev dovecot: imap-login: Warning: SSL alert: where=0x4004, ret=256: warning close notify [192.168.0.11] Jun 13 13:26:42 cent56dev dovecot: imap-login: Warning: SSL alert: where=0x4008, ret=256: warning close notify [192.168.0.11] # doveconf -n # 2.0.13: /etc/dovecot/dovecot.conf # OS: Linux 2.6.18-238.9.1.el5 i686 CentOS release 5.6 (Final) ext3 auth_mechanisms = plain login auth_socket_path = /var/run/dovecot/auth-userdb auth_ssl_require_client_cert = yes auth_verbose = yes base_dir = /var/run/dovecot/ debug_log_path = /var/log/dovecot-deliver.log dict { expire = sqlite:/etc/dovecot/dovecot-dict-sql.conf.ext quota = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext } first_valid_gid = 12 first_valid_uid = 1001 hostname = mx.office.dev info_log_path = /var/log/dovecot-deliver.log last_valid_gid = 12 last_valid_uid = 1001 listen = * mail_debug = yes mail_gid = 12 mail_location = maildir:/home/vmail/%d/%u mail_plugins = quota mail_privileged_group = mail mail_uid = 1001 managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date mbox_write_locks = fcntl passdb { args = /etc/dovecot/conf.d/sql/sql.conf driver = sql } plugin { autocreate = Trash autocreate2 = Spam autosubscribe = Trash autosubscribe2 = Spam } postmaster_address = postmaster at office.dev service auth { unix_listener /var/spool/postfix/private/auth { group = mail mode = 0660 user = postfix } unix_listener auth-userdb { group = mail mode = 0660 user = vmail } } service imap-login { inet_listener imap { port = 143 } inet_listener imaps { port = 993 ssl = yes } } service pop3-login { inet_listener pop3 { port = 110 } inet_listener pop3s { port = 995 ssl = yes } } ssl_ca = </etc/pki/CA/cacert.pem ssl_cert = </etc/pki/CA/mail/mx.office.dev.crt ssl_key = </etc/pki/CA/mail/mx.office.dev.key ssl_verify_client_cert = yes userdb { args = /etc/dovecot/conf.d/sql/sql.conf driver = sql } verbose_ssl = yes protocol lda { mail_plugins = quota autocreate } protocol imap { imap_client_workarounds = delay-newmail mail_plugins = quota imap_quota autocreate } protocol pop3 { mail_plugins = quota pop3_client_workarounds = outlook-no-nuls oe-ns-eoh }
Denis Iskandarov
2011-Jun-13 14:44 UTC
[Dovecot] SSL comunication problems with client side.
I've tried next thing: ssl = required ssl_verify_client_cert = no auth_ssl_require_client_cert = no And began getting emails. Successful logs attached. But i cant understand if data was passed with TLS. How can i enable those 2 options "ssl_verify_client_cert", "auth_ssl_require_client_cert" and get em working ? dovecot-deliver.log Jun 13 14:40:17 lda: Debug: Loading modules from directory: /usr/lib/dovecot Jun 13 14:40:17 lda: Debug: Module loaded: /usr/lib/dovecot/lib10_quota_plugin.so Jun 13 14:40:17 lda: Debug: Module loaded: /usr/lib/dovecot/lib20_autocreate_plugin.so Jun 13 14:40:17 lda: Debug: auth input: test at office.dev home=/home/vmail/office.dev/test/ mail=maildir:/home/vmail/office.dev/test/ uid=1001 gid=12 quota=maildir:storage=10240000 Jun 13 14:40:17 lda: Debug: Added userdb setting: mail=maildir:/home/vmail/office.dev/test/ Jun 13 14:40:17 lda: Debug: Added userdb setting: plugin/quota=maildir:storage=10240000 Jun 13 14:40:17 lda(test at office.dev): Debug: Effective uid=1001, gid=12, home=/home/vmail/office.dev/test/ Jun 13 14:40:17 lda(test at office.dev): Debug: Quota root: name=storage=10240000 backend=maildir argsJun 13 14:40:17 lda(test at office.dev): Debug: maildir++: root=/home/vmail/office.dev/test, index=, control=, inbox=/home/vmail/office.dev/test Jun 13 14:40:17 lda(test at office.dev): Debug: Namespace : Using permissions from /home/vmail/office.dev/test: mode=0700 gid=-1 Jun 13 14:40:17 lda(test at office.dev): Debug: quota: No quota setting - plugin disabled Jun 13 14:40:17 lda(test at office.dev): Debug: none: root=, index=, control=, inboxJun 13 14:40:17 lda(test at office.dev): Debug: Destination address: test at office.dev (source: user at hostname) Jun 13 14:40:17 auth: Info: mysql(localhost): Connected to database postfix Jun 13 14:40:17 lda(test at office.dev): Info: msgid=<20110613104017.30B331B09AB at mx.office.dev>: saved mail to INBOX Jun 13 14:40:27 imap-login: Info: Login: user=<test at office.dev>, method=PLAIN, rip=192.168.0.11, lip=192.168.0.31, mpid=7927, TLS Jun 13 14:40:27 imap: Debug: Loading modules from directory: /usr/lib/dovecot Jun 13 14:40:27 imap: Debug: Module loaded: /usr/lib/dovecot/lib10_quota_plugin.so Jun 13 14:40:27 imap: Debug: Module loaded: /usr/lib/dovecot/lib11_imap_quota_plugin.so Jun 13 14:40:27 imap: Debug: Module loaded: /usr/lib/dovecot/lib20_autocreate_plugin.so Jun 13 14:40:27 imap: Debug: Added userdb setting: mail=maildir:/home/vmail/office.dev/test/ Jun 13 14:40:27 imap: Debug: Added userdb setting: plugin/quota=maildir:storage=10240000 Jun 13 14:40:27 imap(test at office.dev): Debug: Effective uid=1001, gid=12, home=/home/vmail/office.dev/test/ Jun 13 14:40:27 imap(test at office.dev): Debug: Quota root: name=storage=10240000 backend=maildir argsJun 13 14:40:27 imap(test at office.dev): Debug: maildir++: root=/home/vmail/office.dev/test, index=, control=, inbox=/home/vmail/office.dev/test Jun 13 14:40:27 imap(test at office.dev): Debug: Namespace : Using permissions from /home/vmail/office.dev/test: mode=0700 gid=-1 Jun 13 14:40:37 imap-login: Info: Login: user=<test at office.dev>, method=PLAIN, rip=192.168.0.11, lip=192.168.0.31, mpid=7929, TLS Jun 13 14:40:37 imap: Debug: Loading modules from directory: /usr/lib/dovecot Jun 13 14:40:37 imap: Debug: Module loaded: /usr/lib/dovecot/lib10_quota_plugin.so Jun 13 14:40:37 imap: Debug: Module loaded: /usr/lib/dovecot/lib11_imap_quota_plugin.so Jun 13 14:40:37 imap: Debug: Module loaded: /usr/lib/dovecot/lib20_autocreate_plugin.so Jun 13 14:40:37 imap: Debug: Added userdb setting: mail=maildir:/home/vmail/office.dev/test/ Jun 13 14:40:37 imap: Debug: Added userdb setting: plugin/quota=maildir:storage=10240000 Jun 13 14:40:37 imap(test at office.dev): Debug: Effective uid=1001, gid=12, home=/home/vmail/office.dev/test/ Jun 13 14:40:37 imap(test at office.dev): Debug: Quota root: name=storage=10240000 backend=maildir argsJun 13 14:40:37 imap(test at office.dev): Debug: maildir++: root=/home/vmail/office.dev/test, index=, control=, inbox=/home/vmail/office.dev/test Jun 13 14:40:37 imap(test at office.dev): Debug: Namespace : Using permissions from /home/vmail/office.dev/test: mode=0700 gid=-1 Jun 13 14:40:38 imap-login: Info: Login: user=<test at office.dev>, method=PLAIN, rip=192.168.0.11, lip=192.168.0.31, mpid=7931, TLS Jun 13 14:40:38 imap: Debug: Loading modules from directory: /usr/lib/dovecot Jun 13 14:40:38 imap: Debug: Module loaded: /usr/lib/dovecot/lib10_quota_plugin.so Jun 13 14:40:38 imap: Debug: Module loaded: /usr/lib/dovecot/lib11_imap_quota_plugin.so Jun 13 14:40:38 imap: Debug: Module loaded: /usr/lib/dovecot/lib20_autocreate_plugin.so Jun 13 14:40:38 imap: Debug: Added userdb setting: mail=maildir:/home/vmail/office.dev/test/ Jun 13 14:40:38 imap: Debug: Added userdb setting: plugin/quota=maildir:storage=10240000 Jun 13 14:40:38 imap(test at office.dev): Debug: Effective uid=1001, gid=12, home=/home/vmail/office.dev/test/ Jun 13 14:40:38 imap(test at office.dev): Debug: Quota root: name=storage=10240000 backend=maildir argsJun 13 14:40:38 imap(test at office.dev): Debug: maildir++: root=/home/vmail/office.dev/test, index=, control=, inbox=/home/vmail/office.dev/test Jun 13 14:40:38 imap(test at office.dev): Debug: Namespace : Using permissions from /home/vmail/office.dev/test: mode=0700 gid=-1 maillog Jun 13 14:40:17 cent56dev postfix/smtpd[7912]: connect from mx.office.dev[127.0.0.1] Jun 13 14:40:17 cent56dev postfix/smtpd[7912]: 30B331B09AB: client=mx.office.dev[127.0.0.1] Jun 13 14:40:17 cent56dev postfix/cleanup[7920]: 30B331B09AB: message-id=<20110613104017.30B331B09AB at mx.office.dev> Jun 13 14:40:17 cent56dev postfix/qmgr[5910]: 30B331B09AB: from=<postfix at office.dev>, size=461, nrcpt=1 (queue active) Jun 13 14:40:17 cent56dev postfix/smtpd[7912]: disconnect from mx.office.dev[127.0.0.1] Jun 13 14:40:17 cent56dev postfix/pipe[7921]: 30B331B09AB: to=<test at office.dev>, relay=dovecot, delay=0.27, delays=0.04/0.03/0/0.2, dsn=2.0.0, status=sent (delivered via dovecot service) Jun 13 14:40:17 cent56dev postfix/qmgr[5910]: 30B331B09AB: removed Jun 13 14:40:27 cent56dev dovecot: imap-login: Warning: SSL: where=0x10, ret=1: before/accept initialization [192.168.0.11] Jun 13 14:40:27 cent56dev dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: before/accept initialization [192.168.0.11] Jun 13 14:40:27 cent56dev dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 read client hello A [192.168.0.11] Jun 13 14:40:27 cent56dev dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 write server hello A [192.168.0.11] Jun 13 14:40:27 cent56dev dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 write certificate A [192.168.0.11] Jun 13 14:40:27 cent56dev dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 write server done A [192.168.0.11] Jun 13 14:40:27 cent56dev dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 flush data [192.168.0.11] Jun 13 14:40:27 cent56dev dovecot: imap-login: Warning: SSL: where=0x2002, ret=-1: SSLv3 read client certificate A [192.168.0.11] Jun 13 14:40:27 cent56dev dovecot: imap-login: Warning: SSL: where=0x2002, ret=-1: SSLv3 read client certificate A [192.168.0.11] Jun 13 14:40:27 cent56dev dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 read client key exchange A [192.168.0.11] Jun 13 14:40:27 cent56dev dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 read finished A [192.168.0.11] Jun 13 14:40:27 cent56dev dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 write change cipher spec A [192.168.0.11] Jun 13 14:40:27 cent56dev dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 write finished A [192.168.0.11] Jun 13 14:40:27 cent56dev dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 flush data [192.168.0.11] Jun 13 14:40:27 cent56dev dovecot: imap-login: Warning: SSL: where=0x20, ret=1: SSL negotiation finished successfully [192.168.0.11] Jun 13 14:40:27 cent56dev dovecot: imap-login: Warning: SSL: where=0x2002, ret=1: SSL negotiation finished successfully [192.168.0.11] Jun 13 14:40:37 cent56dev dovecot: imap-login: Warning: SSL: where=0x10, ret=1: before/accept initialization [192.168.0.11] Jun 13 14:40:37 cent56dev dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: before/accept initialization [192.168.0.11] Jun 13 14:40:37 cent56dev dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 read client hello A [192.168.0.11] Jun 13 14:40:37 cent56dev dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 write server hello A [192.168.0.11] Jun 13 14:40:37 cent56dev dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 write certificate A [192.168.0.11] Jun 13 14:40:37 cent56dev dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 write server done A [192.168.0.11] Jun 13 14:40:37 cent56dev dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 flush data [192.168.0.11] Jun 13 14:40:37 cent56dev dovecot: imap-login: Warning: SSL: where=0x2002, ret=-1: SSLv3 read client certificate A [192.168.0.11] Jun 13 14:40:37 cent56dev dovecot: imap-login: Warning: SSL: where=0x2002, ret=-1: SSLv3 read client certificate A [192.168.0.11] Jun 13 14:40:37 cent56dev dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 read client key exchange A [192.168.0.11] Jun 13 14:40:37 cent56dev dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 read finished A [192.168.0.11] Jun 13 14:40:37 cent56dev dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 write change cipher spec A [192.168.0.11] Jun 13 14:40:37 cent56dev dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 write finished A [192.168.0.11] Jun 13 14:40:37 cent56dev dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 flush data [192.168.0.11] Jun 13 14:40:37 cent56dev dovecot: imap-login: Warning: SSL: where=0x20, ret=1: SSL negotiation finished successfully [192.168.0.11] Jun 13 14:40:37 cent56dev dovecot: imap-login: Warning: SSL: where=0x2002, ret=1: SSL negotiation finished successfully [192.168.0.11] Jun 13 14:40:37 cent56dev dovecot: imap-login: Warning: SSL: where=0x10, ret=1: before/accept initialization [192.168.0.11] Jun 13 14:40:37 cent56dev dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: before/accept initialization [192.168.0.11] Jun 13 14:40:37 cent56dev dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 read client hello A [192.168.0.11] Jun 13 14:40:37 cent56dev dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 write server hello A [192.168.0.11] Jun 13 14:40:37 cent56dev dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 write certificate A [192.168.0.11] Jun 13 14:40:37 cent56dev dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 write server done A [192.168.0.11] Jun 13 14:40:37 cent56dev dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 flush data [192.168.0.11] Jun 13 14:40:37 cent56dev dovecot: imap-login: Warning: SSL: where=0x2002, ret=-1: SSLv3 read client certificate A [192.168.0.11] Jun 13 14:40:37 cent56dev dovecot: imap-login: Warning: SSL: where=0x2002, ret=-1: SSLv3 read client certificate A [192.168.0.11] Jun 13 14:40:38 cent56dev dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 read client key exchange A [192.168.0.11] Jun 13 14:40:38 cent56dev dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 read finished A [192.168.0.11] Jun 13 14:40:38 cent56dev dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 write change cipher spec A [192.168.0.11] Jun 13 14:40:38 cent56dev dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 write finished A [192.168.0.11] Jun 13 14:40:38 cent56dev dovecot: imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 flush data [192.168.0.11] Jun 13 14:40:38 cent56dev dovecot: imap-login: Warning: SSL: where=0x20, ret=1: SSL negotiation finished successfully [192.168.0.11] Jun 13 14:40:38 cent56dev dovecot: imap-login: Warning: SSL: where=0x2002, ret=1: SSL negotiation finished successfully [192.168.0.11] On Mon, Jun 13, 2011 at 5:42 PM, Denis Iskandarov <d.iskandarov at gmail.com> wrote:> I can get messages without SSL with no problems. but i need to setup > server accept only SSL secured connections. > I think my configuration is very proper, but cant find "obvious" problem. > Postfix 2.3.3 + dovecot 2.0.13-1_129.el5 + PostfixAdmin 2.3.3 > I made own CA. configured postfix and dovecot with same cert key ca. > Same public cert i gave for client just converted it to PKCS#12. > I cant undestand valid and invalid certs strings in long, they look same. > You can check logs and config bellow. > > Also some other questions regarding SSL: > 1. How to make client MUA (thunderbird) automatically retrieve > certificate ? My thunderbird cant do it by itself so i'm importing > mail cert by myself. > 2. If i want to setup Roundcube/Squirrelmail webmail clients with TLS > support (https) i have to provide them with same certificates as > dovecot and postfix have. Or in this case i can use whatever > certificate dedicated for with "virtualhost"? > > > > dovecot-deliver.log: > Jun 13 13:26:42 imap-login: Info: Invalid certificate: unable to get > certificate CRL: /C=GE/ST=Tbilisi/O=Caucasus Digital Network/OU=Mail > Server/CN=mx.office.dev/emailAddress=hostmaster at office.dev > Jun 13 13:26:42 imap-login: Info: Invalid certificate: unable to get > certificate CRL: /C=GE/ST=Tbilisi/L=Tbilisi/O=Caucasus Digital > Network/OU=Caucasus Digital Network/CN=Caucasus Digital > Network/emailAddress=hostmaster at office.dev > Jun 13 13:26:42 imap-login: Info: Valid certificate: > /C=GE/ST=Tbilisi/L=Tbilisi/O=Caucasus Digital Network/OU=Caucasus > Digital Network/CN=Caucasus Digital > Network/emailAddress=hostmaster at office.dev > Jun 13 13:26:42 imap-login: Info: Valid certificate: > /C=GE/ST=Tbilisi/O=Caucasus Digital Network/OU=Mail > Server/CN=mx.office.dev/emailAddress=hostmaster at office.dev > Jun 13 13:26:42 auth: Info: PLAIN(?,192.168.0.11): Client didn't > present valid SSL certificate > Jun 13 13:26:42 auth: Info: LOGIN(?,192.168.0.11): Client didn't > present valid SSL certificate > Jun 13 13:26:42 auth: Info: PLAIN(?,192.168.0.11): Client didn't > present valid SSL certificate > Jun 13 13:26:42 imap-login: Info: Disconnected (client sent an invalid > cert): method=PLAIN, rip=192.168.0.11, lip=192.168.0.31, TLS > > > maillog. > Jun 13 13:26:42 cent56dev dovecot: imap-login: Warning: SSL: > where=0x10, ret=1: before/accept initialization [192.168.0.11] > Jun 13 13:26:42 cent56dev dovecot: imap-login: Warning: SSL: > where=0x2001, ret=1: before/accept initialization [192.168.0.11] > Jun 13 13:26:42 cent56dev dovecot: imap-login: Warning: SSL: > where=0x2001, ret=1: SSLv3 read client hello A [192.168.0.11] > Jun 13 13:26:42 cent56dev dovecot: imap-login: Warning: SSL: > where=0x2001, ret=1: SSLv3 write server hello A [192.168.0.11] > Jun 13 13:26:42 cent56dev dovecot: imap-login: Warning: SSL: > where=0x2001, ret=1: SSLv3 write certificate A [192.168.0.11] > Jun 13 13:26:42 cent56dev dovecot: imap-login: Warning: SSL: > where=0x2001, ret=1: SSLv3 write certificate request A [192.168.0.11] > Jun 13 13:26:42 cent56dev dovecot: imap-login: Warning: SSL: > where=0x2001, ret=1: SSLv3 flush data [192.168.0.11] > Jun 13 13:26:42 cent56dev dovecot: imap-login: Warning: SSL: > where=0x2002, ret=-1: SSLv3 read client certificate A [192.168.0.11] > Jun 13 13:26:42 cent56dev dovecot: imap-login: Warning: SSL: > where=0x2002, ret=-1: SSLv3 read client certificate A [192.168.0.11] > Jun 13 13:26:42 cent56dev dovecot: imap-login: Warning: SSL: > where=0x2001, ret=1: SSLv3 read client certificate A [192.168.0.11] > Jun 13 13:26:42 cent56dev dovecot: imap-login: Warning: SSL: > where=0x2001, ret=1: SSLv3 read client key exchange A [192.168.0.11] > Jun 13 13:26:42 cent56dev dovecot: imap-login: Warning: SSL: > where=0x2001, ret=1: SSLv3 read certificate verify A [192.168.0.11] > Jun 13 13:26:42 cent56dev dovecot: imap-login: Warning: SSL: > where=0x2001, ret=1: SSLv3 read finished A [192.168.0.11] > Jun 13 13:26:42 cent56dev dovecot: imap-login: Warning: SSL: > where=0x2001, ret=1: SSLv3 write change cipher spec A [192.168.0.11] > Jun 13 13:26:42 cent56dev dovecot: imap-login: Warning: SSL: > where=0x2001, ret=1: SSLv3 write finished A [192.168.0.11] > Jun 13 13:26:42 cent56dev dovecot: imap-login: Warning: SSL: > where=0x2001, ret=1: SSLv3 flush data [192.168.0.11] > Jun 13 13:26:42 cent56dev dovecot: imap-login: Warning: SSL: > where=0x20, ret=1: SSL negotiation finished successfully > [192.168.0.11] > Jun 13 13:26:42 cent56dev dovecot: imap-login: Warning: SSL: > where=0x2002, ret=1: SSL negotiation finished successfully > [192.168.0.11] > Jun 13 13:26:42 cent56dev dovecot: imap-login: Warning: SSL alert: > where=0x4004, ret=256: warning close notify [192.168.0.11] > Jun 13 13:26:42 cent56dev dovecot: imap-login: Warning: SSL alert: > where=0x4008, ret=256: warning close notify [192.168.0.11] > > > # doveconf -n > # 2.0.13: /etc/dovecot/dovecot.conf > # OS: Linux 2.6.18-238.9.1.el5 i686 CentOS release 5.6 (Final) ext3 > auth_mechanisms = plain login > auth_socket_path = /var/run/dovecot/auth-userdb > auth_ssl_require_client_cert = yes > auth_verbose = yes > base_dir = /var/run/dovecot/ > debug_log_path = /var/log/dovecot-deliver.log > dict { > ?expire = sqlite:/etc/dovecot/dovecot-dict-sql.conf.ext > ?quota = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext > } > first_valid_gid = 12 > first_valid_uid = 1001 > hostname = mx.office.dev > info_log_path = /var/log/dovecot-deliver.log > last_valid_gid = 12 > last_valid_uid = 1001 > listen = * > mail_debug = yes > mail_gid = 12 > mail_location = maildir:/home/vmail/%d/%u > mail_plugins = quota > mail_privileged_group = mail > mail_uid = 1001 > managesieve_notify_capability = mailto > managesieve_sieve_capability = fileinto reject envelope > encoded-character vacation subaddress comparator-i;ascii-numeric > relational regex imap4flags copy include variables body enotify > environment mailbox date > mbox_write_locks = fcntl > passdb { > ?args = /etc/dovecot/conf.d/sql/sql.conf > ?driver = sql > } > plugin { > ?autocreate = Trash > ?autocreate2 = Spam > ?autosubscribe = Trash > ?autosubscribe2 = Spam > } > postmaster_address = postmaster at office.dev > service auth { > ?unix_listener /var/spool/postfix/private/auth { > ? ?group = mail > ? ?mode = 0660 > ? ?user = postfix > ?} > ?unix_listener auth-userdb { > ? ?group = mail > ? ?mode = 0660 > ? ?user = vmail > ?} > } > service imap-login { > ?inet_listener imap { > ? ?port = 143 > ?} > ?inet_listener imaps { > ? ?port = 993 > ? ?ssl = yes > ?} > } > service pop3-login { > ?inet_listener pop3 { > ? ?port = 110 > ?} > ?inet_listener pop3s { > ? ?port = 995 > ? ?ssl = yes > ?} > } > ssl_ca = </etc/pki/CA/cacert.pem > ssl_cert = </etc/pki/CA/mail/mx.office.dev.crt > ssl_key = </etc/pki/CA/mail/mx.office.dev.key > ssl_verify_client_cert = yes > userdb { > ?args = /etc/dovecot/conf.d/sql/sql.conf > ?driver = sql > } > verbose_ssl = yes > protocol lda { > ?mail_plugins = quota autocreate > } > protocol imap { > ?imap_client_workarounds = delay-newmail > ?mail_plugins = quota imap_quota autocreate > } > protocol pop3 { > ?mail_plugins = quota > ?pop3_client_workarounds = outlook-no-nuls oe-ns-eoh > } >
Maybe Matching Threads
- TLS not working with iOS beta?
- SSL certificate problem (SSL alert number 42)
- Dovecot IMAPS : Thunderbird SSL cert issue / Evolution OK
- Dovecot 2.2.27 & windows 10 outlook (no auth attempts in 0 secs) error.
- My dovecot works fine against Active Directory 2003, but not against AD2008