iPhone and imaps (TLS) with dovecot – solved!

I’ve been fighting this issue for a long time. Have seen some strange messages in maillog (see bellow), changed a lot of settings and … finally it’s here :) What has been the troublemaker? xinetd. Yep. I’ve turned it off and tried with “dovecot -F” and .. it worked!

maillog (invalid) records:

Jun  9 01:31:41 orin dovecot: auth(default): new auth connection: pid=2937
Jun  9 01:31:41 orin imap-login: Disconnected (no auth attempts): rip=clientip, lip=serverip, TLS
handshaking: Disconnected

here’s my “dovecot -n” settings:

# 1.2.11: /usr/local/etc/dovecot.conf
# OS: Linux 2.6.21.5-smp i686 Slackware 12.0.0
base_dir: /var/run/dovecot/
ssl_listen: *:993
ssl_ca_file: /etc/ssl/certs/cacert.crt
ssl_cert_file: /etc/ssl/certs/dovecot.crt
ssl_key_file: /etc/ssl/private/server.key
ssl_parameters_regenerate: 24
ssl_cipher_list: ALL:!LOW
verbose_ssl: yes
login_dir: /var/run/dovecot/login
login_executable: /usr/local/libexec/dovecot/imap-login
first_valid_uid: 1000
first_valid_gid: 100
mail_location: mbox:~/mail:INBOX=/var/spool/mail/%u
imap_client_workarounds: delay-newmail outlook-idle netscape-eoh tb-extra-mailbox-sep
auth default:
  verbose: yes
  debug: yes
  passdb:
    driver: shadow
  userdb:
    driver: passwd

I’m using SSL certificates from cacert.org, issued for the dovecot. Then created one .p12 file, including the CA certificate, and imported into the iPhone.

# openssl pkcs12 -export -in dovecot.crt -inkey ../private/server.key -certfile cacert.crt -out dovecot.p12

Now it works like a charm :)

Leave a Reply

Your email address will not be published. Required fields are marked *

59 − 50 =