Dovecot POP3 STARTTLS works on Thunderbird but not on Gmail

Sean Kamath kamath at moltingpenguin.com
Fri Nov 21 05:58:03 UTC 2014


http://googleonlinesecurity.blogspot.com/2014/09/gradually-sunsetting-sha-1.html

??

Sean

On Nov 16, 2014, at 5:39 AM, Aleš Grm <ales.grm at kopitarna.eu> wrote:

> Ok, I tried on port 995, and on Gmail I get "SSL error: unable to verify
> the first certificate". Certificate is not self-signed (using StartCOM).
> The log now shows:
> 
> Nov 16 14:37:52 mail dovecot: auth: Debug: auth client connected (pid=31923)
> Nov 16 14:37:52 mail dovecot: pop3-login: Warning: SSL: where=0x10, ret=1:
> before/accept initialization [209.85.213.23]
> Nov 16 14:37:52 mail dovecot: pop3-login: Warning: SSL: where=0x2001,
> ret=1: before/accept initialization [209.85.213.23]
> Nov 16 14:37:52 mail dovecot: pop3-login: Warning: SSL: where=0x2001,
> ret=1: SSLv3 read client hello A [209.85.213.23]
> Nov 16 14:37:52 mail dovecot: pop3-login: Warning: SSL: where=0x2001,
> ret=1: SSLv3 write server hello A [209.85.213.23]
> Nov 16 14:37:52 mail dovecot: pop3-login: Warning: SSL: where=0x2001,
> ret=1: SSLv3 write certificate A [209.85.213.23]
> Nov 16 14:37:52 mail dovecot: pop3-login: Warning: SSL: where=0x2001,
> ret=1: SSLv3 write server done A [209.85.213.23]
> Nov 16 14:37:52 mail dovecot: pop3-login: Warning: SSL: where=0x2001,
> ret=1: SSLv3 flush data [209.85.213.23]
> Nov 16 14:37:52 mail dovecot: pop3-login: Warning: SSL: where=0x2002,
> ret=-1: SSLv3 read client certificate A [209.85.213.23]
> Nov 16 14:37:52 mail dovecot: pop3-login: Warning: SSL: where=0x2002,
> ret=-1: SSLv3 read client certificate A [209.85.213.23]
> Nov 16 14:37:52 mail dovecot: pop3-login: Warning: SSL: where=0x2001,
> ret=1: SSLv3 read client key exchange A [209.85.213.23]
> Nov 16 14:37:52 mail dovecot: pop3-login: Warning: SSL: where=0x2001,
> ret=1: SSLv3 read finished A [209.85.213.23]
> Nov 16 14:37:52 mail dovecot: pop3-login: Warning: SSL: where=0x2001,
> ret=1: SSLv3 write session ticket A [209.85.213.23]
> Nov 16 14:37:52 mail dovecot: pop3-login: Warning: SSL: where=0x2001,
> ret=1: SSLv3 write change cipher spec A [209.85.213.23]
> Nov 16 14:37:52 mail dovecot: pop3-login: Warning: SSL: where=0x2001,
> ret=1: SSLv3 write finished A [209.85.213.23]
> Nov 16 14:37:52 mail dovecot: pop3-login: Warning: SSL: where=0x2001,
> ret=1: SSLv3 flush data [209.85.213.23]
> Nov 16 14:37:52 mail dovecot: pop3-login: Warning: SSL: where=0x20, ret=1:
> SSL negotiation finished successfully [209.85.213.23]
> Nov 16 14:37:52 mail dovecot: pop3-login: Warning: SSL: where=0x2002,
> ret=1: SSL negotiation finished successfully [209.85.213.23]
> Nov 16 14:37:53 mail dovecot: pop3-login: Warning: SSL alert: where=0x4008,
> ret=256: warning close notify [209.85.213.23]
> Nov 16 14:37:53 mail dovecot: pop3-login: Disconnected (no auth attempts in
> 1 secs): user=<>, rip=209.85.213.23, lip=192.168.100.94, TLS: Disconnected,
> session=<duAK+PkH5QDRVdUX>
> ^C
> 
> Could the form of public part of certificate be wrong? I'm using only .CRT.
> 
> Kopitarna Sevnica d. d.
> 
> Prvomajska ulica 8
> 8290 SEVNICA
> SLOVENIA
> www.kopitarna.eu
> Cell: +386 31 899 993
> Land: +386 7 81 63 440
> 
> On 16 November 2014 14:19, Reindl Harald <h.reindl at thelounge.net> wrote:
> 
>> 
>> Am 16.11.2014 um 14:05 schrieb Aleš Grm:
>> 
>>> I have configured Dovecot to work perfectly on Thundrebird using SSL
>>> certificates with STARTTLS on port 110. When I try to add this account on
>>> Gmail I get the error:
>>> 
>>> In Gmail my settings include port 110 and the use of SSL is checked.
>>> Dovecot configuration:
>>> 
>>> Any idea why does it work with Thunderbird and not with Gmail?
>>> 
>> 
>> surely - gmail wants 995 instead 110 (means not STARTTLS) and don't accept
>> self signed certificates BTW
>> 
>> 
> 



More information about the dovecot mailing list