Hi,
STARTTTLS refers to a client connecting on the normal. plaintext IMAP
port, 143, and then issuing a STARTTLS command, starting a TLS session.
I am able to connect from my computer to your IMAP server using STARTTLS
using this command:
openssl s_client -starttls imap -connect 78.46.216.126:143
Your server seems to not be listening on ports 993 and 995 for imaps and
pop3s, respectively, where a TLS session is started immediately when the
connection is initiated.
If you are using dovecot 2, you need to have something like the
following in your config
service imap-login {
inet_listener imap {
#port = 143
}
inet_listener imaps {
#port = 993
#ssl = yes
}
}
service pop3-login {
inet_listener pop3 {
#port = 110
}
inet_listener pop3s {
#port = 995
#ssl = yes
}
}
(The commented out lines represent the defaults, you uncomment them only
if you want to change them)
For dovecot 1.2, you need a line like this:
protocols = imap imaps pop3 pop3s
On 5/5/2012 3:06 PM, Markus Fritz wrote:
Hello,
I have this problem:
May 5 21:02:35 opsys dovecot: imap-login: Disconnected (no auth
attempts): rip=84.150.52.31, lip=78.46.216.126
Connecting via Thunderbird to STARTTLS won't work, but with a website
from the same server it works for tls://opsys.de.
So why is the port closed for external ip's?
IPTABLES entry for imap is this:
fail2ban-dovecot-pop3imap tcp -- anywhere
anywhere multiport dports pop3,pop3s,imap2,imaps
Key files are correct TLS is working from localhost.
System is Debian squeeze
