[Dovecot] Improper listening on IMAPS

Patrick Audley lists at blackcat.ca
Wed Nov 16 11:02:28 EET 2005


On Tuesday 15 November 2005 22:07, Marian Hercek wrote:
> But when I telnet on 993:
>
> $ telnet localhost 993
> Trying 127.0.0.1...
> Connected to localhost.
> Escape character is '^]'.

Hi Marian,
   You can't telnet to SSL ports like you do to normal ports because the 
connection is encrypted and it requires an SSL handshake before you can pass 
data.  You can use openssl's s_client command to connect to it though.  I use 
this to test my server:

  # openssl s_client -connect kitty:993

Replace kitty:993 with your mailserver name or IP and the port.  You should 
see something like this:

- -----------------------------------------8<------------------------
paudley at inanna ~ $ openssl s_client -connect kitty:993
CONNECTED(00000003)
depth=1 /C=ZA/O=Thawte Consulting (Pty) Ltd./CN=Thawte SSL Domain CA
verify error:num=20:unable to get local issuer certificate
verify return:0
- --
Certificate chain
 0 s:/O=mail.blackcat.ca/OU=Domain Validated/OU=Go to 
https://www.thawte.com/repository/index.html/OU=Thawte SSL123 
certificate/CN=mail.blackcat.ca
   i:/C=ZA/O=Thawte Consulting (Pty) Ltd./CN=Thawte SSL Domain CA
 1 s:/C=ZA/O=Thawte Consulting (Pty) Ltd./CN=Thawte SSL Domain CA
   i:/C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting cc/OU=Certification 
Services Division/CN=Thawte Server CA/emailAddress=server-certs at thawte.com
- --
Server certificate
- ----BEGIN CERTIFICATE-----
MIIDKjCCApOgAwIBAgIDINv1MA0GCSqGSIb3DQEBBAUAMFMxCzAJBgNVBAYTAlpB
MSUwIwYDVQQKExxUaGF3dGUgQ29uc3VsdGluZyAoUHR5KSBMdGQuMR0wGwYDVQQD
ExRUaGF3dGUgU1NMIERvbWFpbiBDQTAeFw0wNTAyMDEyMDI4NDlaFw0wNzAyMDEy
MDI4NDlaMIGyMRkwFwYDVQQKExBtYWlsLmJsYWNrY2F0LmNhMRkwFwYDVQQLExBE
b21haW4gVmFsaWRhdGVkMTswOQYDVQQLEzJHbyB0byBodHRwczovL3d3dy50aGF3
dGUuY29tL3JlcG9zaXRvcnkvaW5kZXguaHRtbDEiMCAGA1UECxMZVGhhd3RlIFNT
TDEyMyBjZXJ0aWZpY2F0ZTEZMBcGA1UEAxMQbWFpbC5ibGFja2NhdC5jYTCBnzAN
BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAz4Dp0Z1JXN1L33dmVXJ6uBoxvBH2GldV
Nois9VMW5udDZsnSHqBggkVCbt7EzJXHLc2PkB6+Cr59jGPvcbWvfbJy4Fy0mNgX
ajizSaWy6adoC7gMKgI3+d/Mvnji1YJhcdGfW4w/MPIaCMVhIYXidWU3/wTfp13I
rcEq1SCUU6sCAwEAAaOBqzCBqDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUH
AwIweQYIKwYBBQUHAQEEbTBrMCIGCCsGAQUFBzABhhZodHRwOi8vb2NzcC50aGF3
dGUuY29tMEUGCCsGAQUFBzAChjlodHRwOi8vd3d3LnRoYXd0ZS5jb20vcmVwb3Np
dG9yeS9UaGF3dGVfU1NMX0RvbWFpbl9DQS5jcnQwDAYDVR0TAQH/BAIwADANBgkq
hkiG9w0BAQQFAAOBgQAMUG8WdxpPv4qcRcpTwtzg9d/a5BcaLdcBWzIpUXXiXJd8
FHUUX1Hu4VZ0O+/YScW1aL5PtiY8mDW5tMqZwDT5rU+pbWWUVwExMuJniCRSi57h
fyZRfy7mL0Rxz08bQNgOKn4CBgb7qTrotTLHtC7TE2x0z3acTmQd4PvnKLP60A==
- ----END CERTIFICATE-----
subject=/O=mail.blackcat.ca/OU=Domain Validated/OU=Go to 
https://www.thawte.com/repository/index.html/OU=Thawte SSL123 
certificate/CN=mail.blackcat.ca
issuer=/C=ZA/O=Thawte Consulting (Pty) Ltd./CN=Thawte SSL Domain CA
- --
No client certificate CA names sent
- --
SSL handshake has read 1802 bytes and written 346 bytes
- --
New, TLSv1/SSLv3, Cipher is AES256-SHA
Server public key is 1024 bit
SSL-Session:
    Protocol  : TLSv1
    Cipher    : AES256-SHA
    Session-ID: 
0D40DB2EFD89B5495FFA1C0A8AF56EDF0A88F91C9312E5E7472A0DFEF9DD822B
    Session-ID-ctx:
    Master-Key: 
8B4039B0562E7B0C1895A61C694CC30D514E5247E4F14826AFF5AE9BAFEC1B1DBFAF2E53C788CEB26442F6B704846437
    Key-Arg   : None
    Start Time: 1132131265
    Timeout   : 300 (sec)
    Verify return code: 20 (unable to get local issuer certificate)
- --
* OK [CAPABILITY IMAP4rev1 SORT THREAD=REFERENCES MULTIAPPEND UNSELECT 
LITERAL+ IDLE CHILDREN NAMESPACE LOGIN-REFERRALS AUTH=PLAIN] Dovecot ready.
- ------->8----------------------------------------------------------------


Hope that helps,
      Patrick.

-- 
"Believe those who are seeking the truth. Doubt those who find it."   -
Andre Gide
...
Patrick Audley                          paudley at blackcat.ca
Blackcat Systems                        http://blackcat.ca
             Bringing Elegance to Complexity



More information about the dovecot mailing list