[Dovecot] No "Ok Dovecot Ready " on fc3 with ssl on ports 993
and 995
Magnus Holmgren
holmgren at lysator.liu.se
Wed Dec 14 13:43:22 EET 2005
ankush grover wrote:
> hey friends,
>
> I am trying to secure my mail server on FC3.I have enabled TLS support
> in postfix(version postfix-2.1.5) and want to use ssl settings for
> dovecot(0.99.13).
> ...
> If i do telnet localhost 993 or 995 I don't see any "Ok Dovecot Ready"
> message.If I enable pop3 and imap in dovecot.conf and then I telnet
> localhost 110 or 143 I can see "Ok Dovecot Ready" message.
That's normal. Dovecot is waiting for the SSL handshake to complete
before it will send "Ok Dovecot Ready" (over the encrypted line). Use
openssl s_client -connect yourhost:995
to test.
Some clients can also connect to port 110 or 143 and issue the
STARTTLS/STLS command to initiate encryption. If you only have such
clients (unlikely), then you don't need pop3s and imaps in the protocols
line. At any rate, you can pretty safely allow pop3 and imap; dovecot
will not allow any plaintext authentication until the connection is
encrypted. Caveat: Some clients, most notably Mozilla Thunderbird, will
send IMAP passwords in clear anyway, instead of checking if it's OK.
(The IMAP LOGIN command takes the username and the password in the same
command. You should issue the CAPABILITY command, which shows that LOGIN
is disabled while STARTTLS is available.)
--
Magnus Holmgren
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 253 bytes
Desc: OpenPGP digital signature
Url : http://dovecot.org/pipermail/dovecot/attachments/20051214/a6cf0747/signature.pgp
More information about the dovecot
mailing list