i set up the postfix ssl and imap ssl accourding to the article in the docs, and the postfix is working great, but i'm getting a connection refused if i try to connect to the server on port 993. is there a startup script or something that i need to add to get imap-ssl working?
Did you start up the imap server with the ssl script, so that is /usr/local/libexec/imapd-ssl.rc instead of the normal /usr/local/libexec/imapd.rc.
Otherwise it could be a firewall blocking access ?
john 13 Jan 2008
hey richard -
Thanks for the reply. I changed my /Library/StartupItems/CourierIMAP/CourierIMAP to use imapd-ssl.rc and I was able to connect. Thanks! However, then I started getting an ssl error that, in the mail log file, looked like:
imapd-ssl[427]: couriertls: connect: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
Google told me to change the line in /usr/local/etc/imapd-ssl from what you had:
TLS_PROTOCOL=SSL3
to
TLS_PROTOCOL=SSL2
and it is now working. So now my question is, is this a big deal? Should i try to get it working with ssl3, or is ssl2 "secure enough"? Thanks for your help.
Please change the entry to TLS_PROTOCOL=SSL23 which means to use SSL3 when possible and fall back to SSL2 when SSL3 isn't working. The cause of this is that not every mail client implemented the SSL3 protocol as it should be. I will update the documentation to reflect this change. Sorry I forgot to do it earlier, my apologies!
john 13 Jan 2008
No problems - everything is working great. Thanks again for your awesome guide!
13 Jan 2008
hi all -
i set up the postfix ssl and imap ssl accourding to the article in the docs, and the postfix is working great, but i'm getting a connection refused if i try to connect to the server on port 993. is there a startup script or something that i need to add to get imap-ssl working?
thanks for this great guide!
john
13 Jan 2008
Did you start up the imap server with the ssl script, so that is
/usr/local/libexec/imapd-ssl.rcinstead of the normal/usr/local/libexec/imapd.rc.Otherwise it could be a firewall blocking access ?
13 Jan 2008
hey richard -
Thanks for the reply. I changed my /Library/StartupItems/CourierIMAP/CourierIMAP to use imapd-ssl.rc and I was able to connect. Thanks! However, then I started getting an ssl error that, in the mail log file, looked like:
imapd-ssl[427]: couriertls: connect: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
Google told me to change the line in /usr/local/etc/imapd-ssl from what you had:
TLS_PROTOCOL=SSL3
to
TLS_PROTOCOL=SSL2
and it is now working. So now my question is, is this a big deal? Should i try to get it working with ssl3, or is ssl2 "secure enough"? Thanks for your help.
john
13 Jan 2008
Please change the entry to
TLS_PROTOCOL=SSL23which means to use SSL3 when possible and fall back to SSL2 when SSL3 isn't working. The cause of this is that not every mail client implemented the SSL3 protocol as it should be. I will update the documentation to reflect this change. Sorry I forgot to do it earlier, my apologies!13 Jan 2008
No problems - everything is working great. Thanks again for your awesome guide!
john