0

I've set up a mail server running with postfix and dovecot. Mainly configured as described here. Also I created a signed certificate from Startssl.com. IMAP is running on port 993. From my computer everything works fine. I can send and retrieve email and also the certificate is ok. When adding the same mail account on my iPhone it just complains that the server does not respond. With ssl verbose logging dovecot.log says:

2014-04-23 09:15:08 imap-login: Warning: SSL: where=0x10, ret=1: before/accept initialization [172.17.42.1]
2014-04-23 09:15:08 imap-login: Warning: SSL: where=0x2001, ret=1: before/accept initialization [172.17.42.1]
2014-04-23 09:15:08 imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 read client hello A [172.17.42.1]
2014-04-23 09:15:08 imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 write server hello A [172.17.42.1]
2014-04-23 09:15:08 imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 write certificate A [172.17.42.1]
2014-04-23 09:15:08 imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 write server done A [172.17.42.1]
2014-04-23 09:15:08 imap-login: Warning: SSL: where=0x2001, ret=1: SSLv3 flush data [172.17.42.1]
2014-04-23 09:15:08 imap-login: Warning: SSL: where=0x2002, ret=-1: SSLv3 read client certificate A [172.17.42.1]
2014-04-23 09:15:08 imap-login: Warning: SSL: where=0x2002, ret=-1: SSLv3 read client certificate A [172.17.42.1]
2014-04-23 09:15:08 imap-login: Warning: SSL failed: where=0x2002: SSLv3 read client certificate A [172.17.42.1]
2014-04-23 09:15:08 imap-login: Info: Disconnected (no auth attempts in 0 secs): user=<>, rip=172.17.42.1, lip=172.17.0.2, TLS handshaking: Disconnected, session=<xMU9K7L3TgCsESoB>

So I landed here.

Aborted login (no auth attempts) means that the client isn't even attempting to log in. Most likely you have disable_plaintext_auth=yes (default) and the client isn't configured to use SSL/TLS (or you've also set ssl=no).

I tried setting disable_plaintext_auth=no explicitly and also SSL is on on my phone.

Is there something special with iPhone and SSL?

soupdiver
  • 807
  • 2
  • 9
  • 26
  • Nothing in particular. Make sure you use SSL, that authentication is Password, and the port is actually 993. – NickW Apr 23 '14 at 09:33
  • SSL is enabled, port is 993 and method is `Password` – soupdiver Apr 23 '14 at 09:45
  • Kind of odd that dovecot is expecting a client certificate.. – NickW Apr 23 '14 at 09:50
  • Though it seems to be part of the procedure, does your phone have a client certificate installed? – NickW Apr 23 '14 at 09:53
  • I need a client certificate when I want to get my emails over ssl? I thought client certs are for s/mime – soupdiver Apr 23 '14 at 10:02
  • No, I just see that that's the stage where the SSL conversation is failing.. client certs are nice, but a huge overhead for normal mail, and I was just wondering if you were using em. How do you have dovecot's TLS configured? – NickW Apr 23 '14 at 10:07
  • @NickW as described [here](http://wiki2.dovecot.org/SSL/DovecotConfiguration) with my signed cert – soupdiver Apr 23 '14 at 10:11
  • So `ssl_cert` and `ssl_key` `disable_plaintext_auth=yes` and `(auth { mechanisms = plain login } )` ? – NickW Apr 23 '14 at 10:21
  • @NickW just check my answer... kinda frustrating :> – soupdiver Apr 23 '14 at 16:14

1 Answers1

0

The problem had nothing to do with my configuration or setup. I created my private key with a length of 8192 bits. As it turns out the iPhone does not support key with such a length.

Reducing the key length to 4096 bit solved the problem.

soupdiver
  • 807
  • 2
  • 9
  • 26