Dovecot Certificate failure for mail.domain.com

H

heininger

New member
Joined
Mar 18, 2004
Messages
55
Location
Europe / Vienna
Hi!

I converted our new server to Dovecot and it works really great!

Unfortunately we have one problem ... some mail clients (e.g. Eudora) have problems with the certificate.

I have a php script that gives me the following error:
PHP Notice: Unknown: Certificate failure for mail.domain.com: self signed certificate: /C=GB/ST=Someprovince/L=Sometown/O=none/OU=none/CN=localhost/emailAddress=webaster@localhost (errflg=2) in Unknown on line 0
Click to expand...

My dovecot.conf reads like this ...
protocols = imap imaps pop3 pop3s

ssl_cert_file = /etc/exim.cert
ssl_key_file = /etc/exim.key
Click to expand...

I have now added ...
ssl_disable = yes
Click to expand...
... so everyone can login again but it would be nice to change the exim.cert/key to valid ones.

How to do that and will it then work only on my main domain or on all domains?

TIA,
Mike
 
Hello,

The exim certificates should be valid, just not authenticated (they're self-signed).

You could try setting it to use your apache certificates:

ssl_cert_file = /etc/httpd/conf/ssl.crt/server.crt
ssl_key_file = /etc/httpd/conf/ssl.key/server.key

see if that helps. It might be that eudora is a bit too picky about if cerificates are authenticated or not.. not too sure.

The certificate works for all connections into dovecot, regardless of domain name.

John
 
I have also noticed that I am getting failures with my webmail application after changing to dovecot.

<snip>
There was an error connecting to your mail server. Your server reported: Certificate failure for localhost: Server name does not match certificate: /C=US/O=www.tudads.com/OU=https://services.choicepoint.net/get.jsp?GT40774202/OU=See www.freessl.com/cps (c)04/OU=Domain Control Validated - This is a GeoTrust StarterSSL(TM) Certificate/CN=www.tudads.com
<end snip>

I did check Squirrelmail via https and it is working fine.
Until we get this resolved, we can't check email using webmail apps.
 
point the mail to the host wich have certificate
mail and certificate must match
web is another pointer but can be the same
www.domain.tld is not domain.tld neither localhost

possible you have to change the mx with www.domain.tld notmail.domaine.tld
 
xemaps said:
point the mail to the host wich have certificate
mail and certificate must match
web is another pointer but can be the same
www.domain.tld is not domain.tld neither localhost

possible you have to change the mx with www.domain.tld notmail.domaine.tld
Click to expand...

i am not the smartest kid on the block so I will admit I am very confused with your suggestion.

First, email sending and receiving is fine using 3rd party email (outlook, eudora, thunderbird). Therefore, it makes no sense the MX records have anything to do with the generated error.
Second, the problem is with a specific webmail client. I do not have any problems with the certificate when using Squirrelmail.
Third, the error says the certificate server name does not match certificate. In all instances and throughout all configuration files on my server, the mail server is and all databases refer to the default server name as localhost.
I am not going to change all my localhost values due to this certificate error.
What I am trying to do is figure out if there is a direct relation between systems that use IMAP for webmail applications and the installation of dovecot. From our initial experience, we think there is...

Certainly, we are open to any other suggestions that will help us get to the bottom of this issue.

thanks!
 
Did you take John's advice (the DirectAdmin Support reply)?

Does everything work now excet for the webmail client? If so which webmail client?

Jeff
 
jlasman said:
Did you take John's advice (the DirectAdmin Support reply)?

Does everything work now excet for the webmail client? If so which webmail client?

Jeff
Click to expand...

hi Jeff,

Initially, my dovecot settings were the same as heininger and the error message was exact as his.

I made the change as suggested by John (DA) and I get the error that is specific to my the cert.

So far, from what I can tell, everything works as it did with exception to the webmail software.
I have a thread running on the site for the web app (dwMail) and have not gotten anything specific.

I am needing to run an upgrade on the web software anyway, so I figure I will get the upgrade done and then come back to the original cert problem. At least with the upgraded software, it can't be blamed that the old software is to blame.
 
I could go outside and yell at the top of my lungs....but it is too cold outside!

Well, as mentioned in the last post, I figured I may as well upgrade the web client. I have no idea what changed or why but I am not having a cert problem now. I am able to log in http and https with no issues.

Everything seems to be working good for now...

Thanks all for the inputs!
 
jechilt said:
I could go outside and yell at the top of my lungs....but it is too cold outside!
Click to expand...
I know what you mean. It's 56 F here, and I'm in the Southern California desert.

:)

Jeff
 
jlasman said:
I know what you mean. It's 56 F here, and I'm in the Southern California desert.

:)

Jeff
Click to expand...

silly to think it was always hot in the desert! when i was in saudi, it was hot all the time....even at night, but not as hot as in the day!
 
You must log in or register to reply here.
Back
Top