[Dovecot] Dovecot with sasl/imaps/postfix and thunderbird

Wed Mar 13 06:37:02 EET 2013

Hi,

I have an fc18 system with postfix and dovecot-2.1.13 and have
configured them to use sasl for SMTP Auth and Maildir with imaps.

The system is running now, so I'm trying to set up thunderbird to
autodetect all settings during the initial account setup. However, it
seems to want to use port 143 and STARTTLS, and not port 993, which is
what I would expect. When I force it to use 993, I receive a
certificate failure message:

Mar 12 23:20:45 propnew postfix/submission/smtpd[14423]: initializing
the server-side TLS engine
Mar 12 23:20:45 propnew postfix/tlsmgr[14425]: open smtpd TLS cache
btree:/var/lib/postfix/smtpd_tls_session_cache
Mar 12 23:20:45 propnew postfix/tlsmgr[14425]: tlsmgr_cache_run_event:
start TLS smtpd session cache cleanup
Mar 12 23:20:45 propnew postfix/submission/smtpd[14423]: connect from
unknown[192.168.1.43]
Mar 12 23:20:45 propnew dovecot: imap-login: Disconnected (no auth
attempts in 0 secs): user=<>, rip=192.168.1.43, lip=66.111.222.101,
TLS: SSL_read() failed: error:14094412:SSL
routines:SSL3_READ_BYTES:sslv3 alert bad certificate: SSL alert number
42, session=<BGBS5MXXhQDAqAEr>
Mar 12 23:20:45 propnew postfix/submission/smtpd[14423]: lost
connection after CONNECT from unknown[192.168.1.43]

These are self-signed certs created using dovecot's mkcert.sh script.
Is this a problem with the cert or with the dovecot configuration?

Is it conventional to use port 143 for encrypted IMAP connections
these days, and not just 993?

I'm finding that port 25 works with TLS and postfix now too, not just
port 587, so I'm really confused.

I've included my doveconf output below. I'd appreciate it if someone
could review it for me to be sure.

# 2.1.13: /etc/dovecot/dovecot.conf
# OS: Linux 3.8.1-201.fc18.x86_64 x86_64 Fedora release 18 (Spherical Cow) ext4
auth_debug = yes
auth_mechanisms = plain login
auth_verbose = yes
default_client_limit = 2000
disable_plaintext_auth = no
lda_mailbox_autocreate = yes
lda_mailbox_autosubscribe = yes
mail_debug = yes
mail_location = maildir:/home/%u/Maildir
mail_privileged_group = mail
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope
encoded-character vacation subaddress comparator-i;ascii-numeric
relational regex imap4flags copy include variables body enotify
environment mailbox date ihave
namespace inbox {
  inbox = yes
  location =
  mailbox Drafts {
    special_use = \Drafts
  }
  mailbox Junk {
    special_use = \Junk
  }
  mailbox Sent {
    special_use = \Sent
  }
  mailbox "Sent Messages" {
    special_use = \Sent
  }
  mailbox Trash {
    special_use = \Trash
  }
  prefix =
}
passdb {
  driver = pam
}
passdb {
  driver = pam
}
plugin {
  sieve = ~/.dovecot.sieve
  sieve_dir = ~/sieve
}
service auth {
  unix_listener /var/spool/postfix/private/auth {
    group = postfix
    mode = 0660
    user = postfix
  }
}
service imap-login {
  inet_listener imaps {
    port = 993
    ssl = yes
  }
  process_min_avail = 20
  service_count = 0
}
ssl_cert = </etc/pki/dovecot/certs/dovecot.pem
ssl_key = </etc/pki/dovecot/private/dovecot.pem
userdb {
  driver = passwd
}
userdb {
  driver = passwd
}
protocol lda {
  info_log_path = /var/log/dovecot-lda.log
  log_path = /var/log/dovecot-lda-errors.log
}
protocol imap {
  mail_max_userip_connections = 100
}
protocol pop3 {
  pop3_uidl_format = %08Xu%08Xv
}

Thanks,
Alex