Hello
I am using dovecot 2.2.10 on CentOS 7
Any Outlook versions (2007, 2010, 2013...) hang if I tried to use TLS,
it works if I switch in client TLS to SSL. Thunderbird works perfect
both scenarios
Please find debug log
mail dovecot[24287]: imap-login: Debug: SSL: where=0x10, ret=1:
before/accept initialization [X.X.X.X]
mail dovecot[24287]: imap-login: Debug: SSL: where=0x2001, ret=1:
before/accept initialization [X.X.X.X]
mail dovecot[24287]: imap-login: Debug: SSL: where=0x2002, ret=-1:
SSLv2/v3 read client hello A [X.X.X.X]
?mail dovecot[24287]: imap-login: Debug: SSL: elliptic curve secp384r1
will be used for ECDH and ECDHE key exchanges
mail dovecot[24287]: imap-login: Debug: SSL: elliptic curve secp384r1
will be used for ECDH and ECDHE key exchanges
mail dovecot[24287]: auth: Debug: auth client connected (pid=24300)
mail dovecot[24287]: imap-login: Disconnected (no auth attempts in 31
secs): user=<>, rip=X.X.X.X, lip=X.X.X.X, TLS handshaking: Disconnected,
session=<bivt8iNuBgA+A08O>
Please find my config
# 2.2.10: /etc/dovecot/dovecot.conf
# OS: Linux 3.10.0-862.3.2.el7.x86_64 x86_64 CentOS Linux release
7.5.1804 (Core)
auth_cache_size = 16 M
auth_cache_ttl = 1 days
auth_debug = yes
auth_mechanisms = plain login
auth_username_chars = abcdefghijklmnopqrstuvwxyz.@
auth_verbose = yes
default_client_limit = 1024
default_process_limit = 16
doveadm_password = mysecretpasswordsharedamongservers
first_valid_uid = 1000
mail_attachment_dir = /srv/attachments
mail_attachment_min_size = 4 k
mail_debug = yes
mail_home = /var/spool/mail/%d/%n
mail_location = mdbox:~/mail
mail_plugins = replication notify
mail_privileged_group = mail
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope
encoded-character vacation subaddress comparator-i;ascii-numeric
relational regex imap4flags copy include variables body enotify
environment mailbox date ihave
mbox_write_locks = fcntl
namespace inbox {
? inbox = yes
? location ? mailbox Drafts {
??? auto = subscribe
??? special_use = \Drafts
? }
? mailbox Junk {
??? special_use = \Junk
? }
? mailbox Sent {
??? auto = subscribe
??? special_use = \Sent
? }
? mailbox "Sent Messages" {
??? auto = subscribe
??? special_use = \Sent
? }
? mailbox Spam {
??? auto = create
??? special_use = \Junk
? }
? mailbox Trash {
??? auto = subscribe
??? special_use = \Trash
? }
? mailbox virtual/All {
??? auto = no
??? special_use = \All
? }
? prefix ? type = private
}
passdb {
? args = /etc/dovecot/dovecot-sql.conf.ext
? driver = sql
}
plugin {
? sieve = ~/.dovecot.sieve
? sieve_dir = ~/sieve
}
protocols = imap lmtp
service aggregator {
? fifo_listener replication-notify-fifo {
??? mode = 0666
??? user = $default_internal_user
? }
? unix_listener replication-notify {
??? mode = 0666
??? user = $default_internal_user
? }
}
service auth {
? unix_listener auth-userdb {
??? mode = 0666
? }
}
service doveadm {
? inet_listener {
??? port = 55555
? }
}
service imap-login {
? inet_listener imap {
??? port = 0
? }
? inet_listener imaps {
??? port = 993
??? ssl = yes
? }
? process_min_avail = 2
? service_count = 1
}
service imap {
? client_limit = 0
}
service lmtp {
? unix_listener lmtp {
??? group = postfix
??? mode = 0600
??? user = postfix
? }
}
ssl = required
ssl_cert = </etc/letsencrypt/live/mail.example.com/fullchain.pem
ssl_dh_parameters_length = 2048
ssl_key = </etc/letsencrypt/live/mail.example.com/privkey.pem
ssl_prefer_server_ciphers = yes
ssl_protocols = !SSLv2 !SSLv3 TLSv1 TLSv1.1 TLSv1.2
userdb {
? driver = prefetch
}
userdb {
? args = /etc/dovecot/dovecot-sql.conf.ext
? driver = sql
}
verbose_ssl = yes
protocol imap {
? imap_client_workarounds = tb-extra-mailbox-sep delay-newmail
}