> 2. openssl s_client -connect mail.privustech.com:xxx
> a. xxx=25, 110, 143 all return
> error:140770FC
You need to add the "-starttls protocol" parameter, otherwise
"openssl s_client"
thinks your using SSL, not STARTTLS i.e.
openssl s_client -starttls pop3 -connect mail.privustech.com:110
openssl s_client -starttls imap -connect mail.privustech.com:143
But even if you do that, you get the same error because it can't start the
TLS session:
$ nc mail.privustech.com 143
* OK [CAPABILITY IMAP4REV1 I18NLEVEL=1 LITERAL+ SASL-IR LOGIN-REFERRALS
STARTTLS LOGINDISABLED AUTH=CRAM-MD5] privustech.com IMAP4rev1 2007e.404 at Wed,
4 May 2016 22:26:36 -0400 (EDT)
x STARTTLS
x NO Server certificate not installed
So there you go, dovecot can't get at your server certificate. You can
start the search of your problem from there. The configuration
verbose_ssl = yes
will help to log the problem.
> ssl_dh_parameters_length = 2048
Probably not related to your problem, but this will cause wildly variable
dovecot initialization times, as temp key generation of this length
can result in a lot of candidate primailty testing.
Joseph Tam <jtam.home at gmail.com>