Re: [Dbmail] IMAP TLS after upgrade from 3.1.17 to 3.2.3

Thu, 14 Jul 2016 05:19:23 -0700 


Am 14.07.2016 um 13:57 schrieb Ken Drummond:

On 14-07-16 6:29 PM, Reindl Harald wrote:


Am 12.07.2016 um 16:24 schrieb Admin Beckspaced:

i just upgraded dbmail from 3.1.17 to most recent stable 3.2.3

with the old version 3.1.17 i could do an IMAP account setup in
thunderbird with SSL/TLS on port 993

with the new version 3.2.3 thunderbird now throws me an error that this
connection type is not supported by the IMAP server.
if i then switch to STARTTLS on port 143 all is working fine.

before i start into debugging this on my server ...

is this the expected behavior with the IMAP TLS setup in 3.2.3?
is SSL/TLS on port 993 not supported?
is STARTTLS on port 143 the only supported encryption?

if not ... how can i best debug this issue? what do i need to do to make
SSL/TLS on port 993 work again?


just run a proxy in front of dbmail like dovecot (i guess nearly
everybody still using dbmail does that for a long time to avoid
different troubles)

that way dbmail has no need to deal with anything in context of TLS
and 143 with STATTLS as well as 993 with the wrapper work and the same
for POP3


I am in a similar position I have been running dbmail 3.1.17 and using
imap with SSL/TLS on port 993 for a few years now.  Just for my own use
on a home gentoo server.  I am upgrading the hardware and thought I'd
take the opportunity to use dbmail to 3.2.2. However, in my testing
there seems to be no way to access IMAP on port 993 with SSL/TLS.

(Sorry to sound rude but) Rather than telling me to use a different
proxy, could someone confirm that SSL/TLS access on port 993 which
worked on 3.1.17 does NOT and CANNOT work using 3.2.2 (without using
some other proxy)



sorry to sound rude but in the current support situation making a dbmail 
major upgrade to 3.2 is somehow crazy and there where so much problems 
with TLS and haning services in the past years with 3.0/3.1 that it's a 
widely accepted recommendation to run it behind a proxy



and if it's only for security resons because dovecot makes the 
authetication based on the dbmail database directly with the client and 
until that was successful no single bit of a arbitary client passes to 
dbmail



guess where security bugs more likely and quicker fixed - dbmail or 
dovecot - look at the release freqency and userbase and you know





Attachment:
signature.asc

Description: OpenPGP digital signature


_______________________________________________
DBmail mailing list
DBmail@dbmail.org
http://mailman.fastxs.nl/cgi-bin/mailman/listinfo/dbmail






















					Reply via email to