Hi,
I am running dovecot 2.2.22-1ubuntu2.4 on a ubuntu 16.04 server. It has
a valid Letsencrypt certificate but the problem also happens with a
self-digned one.
Only openssl s_client -connect localhost:993 works fine and fast, while
all MUA's and telnet does not. Telnet timeouts waiting for banner after
a minute or so:
root at netuno:~# openssl s_client -connect localhost:993
CONNECTED(00000003)
depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
verify return:1
(...)
Start Time: 1496081321
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE
IDLE AUTH=PLAIN AUTH=LOGIN] Dovecot ready.
0 logout
* BYE Logging out
0 OK Logout completed.
closed
root at netuno:~# telnet localhost 993
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
(about 1 minute later...)
Connection closed by foreign host.
root at netuno:~#
I Have enabled verbose_ssl = yes and mail_debug = yes but no useful info
got to logs. Has anyone seen this? Any hint?
Thanks, best regards.
--
*Marcio Merlone*
> On May 29, 2017 at 9:27 PM Marcio Merlone <marcio.merlone at a1.ind.br> wrote: > > > Hi, > > I am running dovecot 2.2.22-1ubuntu2.4 on a ubuntu 16.04 server. It has > a valid Letsencrypt certificate but the problem also happens with a > self-digned one. > > Only openssl s_client -connect localhost:993 works fine and fast, while > all MUA's and telnet does not. Telnet timeouts waiting for banner after > a minute or so: > > root at netuno:~# openssl s_client -connect localhost:993 > CONNECTED(00000003) > depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3 > verify return:1 > depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3 > verify return:1 > (...) > Start Time: 1496081321 > Timeout : 300 (sec) > Verify return code: 0 (ok) > --- > * OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE > IDLE AUTH=PLAIN AUTH=LOGIN] Dovecot ready. > 0 logout > * BYE Logging out > 0 OK Logout completed. > closed > > root at netuno:~# telnet localhost 993 > Trying 127.0.0.1... > Connected to localhost. > Escape character is '^]'. > (about 1 minute later...) > Connection closed by foreign host. > root at netuno:~# > > I Have enabled verbose_ssl = yes and mail_debug = yes but no useful info > got to logs. Has anyone seen this? Any hint? > > Thanks, best regards. > > -- > *Marcio Merlone*It is not exactly obvious what you are expecting to happen. You won't get plain text banner out of port 993, if you want to use STARTTLS, use port 143. Aki
On 05/29/2017 08:35 PM, Aki Tuomi wrote:> >> On May 29, 2017 at 9:27 PM Marcio Merlone <marcio.merlone at a1.ind.br> wrote: >> >>>> -- >> *Marcio Merlone* > > It is not exactly obvious what you are expecting to happen. You won't get plain text banner out of port 993, if you want to use STARTTLS, use port 143. > > Aki >To see the Dovecot-IMAP-banner via SSL-port 993 use openssl: openssl s_client -connect localhost:993 Olaf -- Karlsruher Institut f?r Technologie (KIT) ATIS - Abt. Technische Infrastruktur, Fakult?t f?r Informatik Dipl.-Geophys. Olaf Hopp - Leitung IT-Dienste - Am Fasanengarten 5, Geb?ude 50.34, Raum 009 76131 Karlsruhe Telefon: +49 721 608-43973 Fax: +49 721 608-46699 E-Mail: Olaf.Hopp at kit.edu www.atis.informatik.kit.edu www.kit.edu KIT - Die Forschungsuniversit?t in der Helmholtz-Gemeinschaft Das KIT ist seit 2010 als familiengerechte Hochschule zertifiziert. -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 5304 bytes Desc: S/MIME Cryptographic Signature URL: <http://dovecot.org/pipermail/dovecot/attachments/20170530/0fb93e8d/attachment.p7s>
Em 29/05/2017 15:35, Aki Tuomi escreveu:>> On May 29, 2017 at 9:27 PM Marcio Merlone <marcio.merlone at a1.ind.br> wrote: >> >> I am running dovecot 2.2.22-1ubuntu2.4 on a ubuntu 16.04 server. It has >> a valid Letsencrypt certificate but the problem also happens with a >> self-digned one. >> >> Only openssl s_client -connect localhost:993 works fine and fast, while >> all MUA's and telnet does not. Telnet timeouts waiting for banner after >> a minute or so: >> (...) > It is not exactly obvious what you are expecting to happen. You won't get plain text banner out of port 993, if you want to use STARTTLS, use port 143.So obvious, thank you. -- *Marcio Merlone*