[Dovecot] SSL issues on separate IPs

Timo Sirainen tss at iki.fi
Fri Dec 3 06:47:06 EET 2010

On 3.12.2010, at 2.15, Tim Traver wrote:

> local 209.132.xx.4 {
> ssl_cert = </shared/templates/res/1040/certs/*.xxxxx.com.crt-pem-298
> ssl_key = </shared/templates/res/1040/certs/*.xxxxx.com.key-298
> }
> I have several of these, and there appears to be a problem with one in
> particular that is dropping connections, and I'm not sure why.

Your doveconf output has two and here you say several. So are there multiple ones that work or only one?

> This particular one drops the connection when I try to connect to IMAP
> using TLS on port 143, or using the IMAP SSL port of 993. When I try it
> using Thunderbird, I am using the default settings for both tests.

Test with openssl s_client -connect localhost:993

> The Thunderbird error I get is "The server has disconnected. The server
> may have gone down or there may be a network problem." I don't see any
> errors in the dovecot error log or the system error log, and when using
> doveadm who to view the current connections, it does not show a
> connection. I tried enabling the logs for SSL errors, but nothing
> appears for my IP when attempting to connect.

Set verbose_ssl=yes to log more stuff about SSL.

> But, I don't know how that would make a difference since one of the
> separated IP's works with its cert, and the other one disconnects.

Would be easiest if you could test with a simple setup where there is only a single SSL cert. Then it would be clear if the problem has to do with SSL cert itself or about the per-IP settings.

If it has to do with SSL cert, you could also try if you can connect with s_client to openssl s_server running with that cert.

More information about the dovecot mailing list