Thunderbird fails to connect to Dovecot and Postfix Announcing the arrival of Valued Associate #679: Cesar Manara Planned maintenance scheduled April 17/18, 2019 at 00:00UTC (8:00pm US/Eastern) 2019 Community Moderator Election Results Why I closed the “Why is Kali so hard” questionIMAP login not recognizing SASL while simple postfix send isDovecot with CAcert certificates, Outlook can't connect to IMAPMy server email can't connect to Outlook or ThunderbirdPostfix does not work with TLS but Dovecot doesMail Server send/receive issuesThe mail system : user unknown Action: failed Status: 5.1.1 Diagnostic-Code: x-unix; user unknownMailx SSL/TLS handshake failed: Unknown error -5938Dovecot rejecting client certificatePostfix unable to read ssl certs in default location due to SELinux policy on CentOS 6.7postfix and mailman. One list is working, others bounce
Do I really need recursive chmod to restrict access to a folder?
At the end of Thor: Ragnarok why don't the Asgardians turn and head for the Bifrost as per their original plan?
Why did the rest of the Eastern Bloc not invade Yugoslavia?
Echoing a tail command produces unexpected output?
Is pollution the main cause of Notre Dame Cathedral's deterioration?
What is a non-alternating simple group with big order, but relatively few conjugacy classes?
Is it ethical to give a final exam after the professor has quit before teaching the remaining chapters of the course?
Selecting the same column from Different rows Based on Different Criteria
Storing hydrofluoric acid before the invention of plastics
Identify plant with long narrow paired leaves and reddish stems
Apollo command module space walk?
Is it true that "carbohydrates are of no use for the basal metabolic need"?
What LEGO pieces have "real-world" functionality?
Withdrew £2800, but only £2000 shows as withdrawn on online banking; what are my obligations?
Bete Noir -- no dairy
Why did the IBM 650 use bi-quinary?
How to tell that you are a giant?
English words in a non-english sci-fi novel
How can I make names more distinctive without making them longer?
What is the role of the transistor and diode in a soft start circuit?
Overriding an object in memory with placement new
Are two submodules (where one is contained in the other) isomorphic if their quotientmodules are isomorphic?
How to find all the available tools in macOS terminal?
Why didn't this character "real die" when they blew their stack out in Altered Carbon?
Thunderbird fails to connect to Dovecot and Postfix
Announcing the arrival of Valued Associate #679: Cesar Manara
Planned maintenance scheduled April 17/18, 2019 at 00:00UTC (8:00pm US/Eastern)
2019 Community Moderator Election Results
Why I closed the “Why is Kali so hard” questionIMAP login not recognizing SASL while simple postfix send isDovecot with CAcert certificates, Outlook can't connect to IMAPMy server email can't connect to Outlook or ThunderbirdPostfix does not work with TLS but Dovecot doesMail Server send/receive issuesThe mail system : user unknown Action: failed Status: 5.1.1 Diagnostic-Code: x-unix; user unknownMailx SSL/TLS handshake failed: Unknown error -5938Dovecot rejecting client certificatePostfix unable to read ssl certs in default location due to SELinux policy on CentOS 6.7postfix and mailman. One list is working, others bounce
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;
I set up Dovecot and Postfix, but when I try to authenticate with Thunderbird, it gives this error: "Thunderbird failed to find the settings for your email account."
==> /var/log/dovecot-info.log <==
Apr 06 10:42:16 auth: Debug: auth client connected (pid=13243)
Apr 06 10:42:16 imap-login: Info: Disconnected (no auth attempts): rip=76.xx.xx.xx, lip=172.31.15.65, TLS: SSL_read() failed: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate: SSL alert number 42
==> /var/log/maillog <==
Apr 6 10:42:16 ip-172-31-15-65 postfix/smtpd[13238]: lost connection after UNKNOWN from user-xxxxxx.cable.mindspring.com[76.xx.xx.xxx]
Apr 6 10:42:16 ip-172-31-15-65 postfix/smtpd[13238]: disconnect from user-xxxxxx.cable.mindspring.com[76.xx.xx.xx]
I can connect with telnet.
Here is the Thunderbird error.
postfix ssl thunderbird dovecot
asked Apr 6 '14 at 10:49
ChloeChloe
2401513
add a comment |
I set up Dovecot and Postfix, but when I try to authenticate with Thunderbird, it gives this error: "Thunderbird failed to find the settings for your email account."
==> /var/log/dovecot-info.log <==
Apr 06 10:42:16 auth: Debug: auth client connected (pid=13243)
Apr 06 10:42:16 imap-login: Info: Disconnected (no auth attempts): rip=76.xx.xx.xx, lip=172.31.15.65, TLS: SSL_read() failed: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate: SSL alert number 42
==> /var/log/maillog <==
Apr 6 10:42:16 ip-172-31-15-65 postfix/smtpd[13238]: lost connection after UNKNOWN from user-xxxxxx.cable.mindspring.com[76.xx.xx.xxx]
Apr 6 10:42:16 ip-172-31-15-65 postfix/smtpd[13238]: disconnect from user-xxxxxx.cable.mindspring.com[76.xx.xx.xx]
I can connect with telnet.
Here is the Thunderbird error.
postfix ssl thunderbird dovecot
asked Apr 6 '14 at 10:49
ChloeChloe
2401513
add a comment |
I set up Dovecot and Postfix, but when I try to authenticate with Thunderbird, it gives this error: "Thunderbird failed to find the settings for your email account."
==> /var/log/dovecot-info.log <==
Apr 06 10:42:16 auth: Debug: auth client connected (pid=13243)
Apr 06 10:42:16 imap-login: Info: Disconnected (no auth attempts): rip=76.xx.xx.xx, lip=172.31.15.65, TLS: SSL_read() failed: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate: SSL alert number 42
==> /var/log/maillog <==
Apr 6 10:42:16 ip-172-31-15-65 postfix/smtpd[13238]: lost connection after UNKNOWN from user-xxxxxx.cable.mindspring.com[76.xx.xx.xxx]
Apr 6 10:42:16 ip-172-31-15-65 postfix/smtpd[13238]: disconnect from user-xxxxxx.cable.mindspring.com[76.xx.xx.xx]
I can connect with telnet.
Here is the Thunderbird error.
postfix ssl thunderbird dovecot
asked Apr 6 '14 at 10:49
ChloeChloe
2401513
I set up Dovecot and Postfix, but when I try to authenticate with Thunderbird, it gives this error: "Thunderbird failed to find the settings for your email account."
==> /var/log/dovecot-info.log <==
Apr 06 10:42:16 auth: Debug: auth client connected (pid=13243)
Apr 06 10:42:16 imap-login: Info: Disconnected (no auth attempts): rip=76.xx.xx.xx, lip=172.31.15.65, TLS: SSL_read() failed: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate: SSL alert number 42
==> /var/log/maillog <==
Apr 6 10:42:16 ip-172-31-15-65 postfix/smtpd[13238]: lost connection after UNKNOWN from user-xxxxxx.cable.mindspring.com[76.xx.xx.xxx]
Apr 6 10:42:16 ip-172-31-15-65 postfix/smtpd[13238]: disconnect from user-xxxxxx.cable.mindspring.com[76.xx.xx.xx]
I can connect with telnet.
Here is the Thunderbird error.
postfix ssl thunderbird dovecot
postfix ssl thunderbird dovecot
asked Apr 6 '14 at 10:49
ChloeChloe
2401513
asked Apr 6 '14 at 10:49
ChloeChloe
2401513
edited Apr 6 '14 at 21:43
Chloe
asked Apr 6 '14 at 10:49
ChloeChloe
2401513
asked Apr 6 '14 at 10:49
ChloeChloe
2401513
asked Apr 6 '14 at 10:49
ChloeChloe
2401513
2401513
add a comment |
add a comment |
6 Answers
6
active
oldest
votes
I had similar problems with Thunderbird on Mac OSX and a new StartSSL cert.
Thunderbird uses OCSP to validate the certificates and fails silently in this special case. Additionally the StartSSL OCSP server need some time to update the catalogue of known certificates (compare with https://forum.startcom.org/viewtopic.php?t=2654).
To check if OCSP is the cause of the trouble disable it temporarily and retry to connect to your server.
Preferences -> Advanced -> Certificates -> Validation -> Uncheck "Use the Online Certificate Status Protocol (OCSP) to confirm the current validity of certificates"
answered Jun 25 '14 at 20:39
Coding MindsCoding Minds
6113
2
If OCSP Must-Staple is set on the certificate, you can't disable it. Postfix and Dovecot don't support OCSP stapling (as of this comment), so Thunderbird will refuse to connect to them. Reissuing my certificates without the requirement solved the issue.
– Techwolf
Apr 28 '17 at 4:29
add a comment |
There MUST be a bug in Thunderbird. Even though I imported the server's certificate and added an exception, and it validates with openssl client, Thunderbird still fails. I was able to get it to work by using non-encrypted port numbers, but at least it uses STARTTLS to enable encryption anyways. I must star this to remember it a year from now.
$ openssl s_client -connect olixxxxx.xxx:993
CONNECTED(00000003)
... lots of certificate info ...
* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN] Dovecot ready.
. login staxxxxxx xxxxxxxxpasswordxxxxxxxxxxxx
. OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS MULTIAPPEND UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS] Logged in
. logout
* BYE Logging out
answered Apr 6 '14 at 22:16
ChloeChloe
2401513
add a comment |
It's not a bug of Thunderbird.
Check that /etc/dovecot/dovecot.pem refers to the right SSL certificate you bought
Also update the CA authority in /etc/dovecot/dovecot.ca.pem
Then restart dovecot:
service dovecot restart
answered Feb 12 '15 at 14:07
AlessandroAlessandro
11
add a comment |
For postfix to work with Thunderbird's 'SSL/TLS' setting for port 465, use master.cf settings like this:
smtps inet n - y - - smtpd
-o syslog_name=postfix/smtps
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
(The 'y' in the first line is if postfix runs chrooted, otherwise it should be 'n')
This is a deprecated way to connect - it's more normal these days to use STARTTLS over port 587 ('submission').
answered Jul 6 '17 at 11:29
gogoudgogoud
1,720816
add a comment |
Just a note - RFC 8314 - which is AFTER the answer by @gogoud - has once again standardized Port 465 for submission with implicit TLS using SMTPS and had deprecated submission via Port 587 as obsolete.
RFC 8314 also requires TLS 1.2 or better for connecting to a Mail Service Agent.
answered Nov 17 '18 at 12:16
Alice WonderAlice Wonder
1
add a comment |
This drove me mad!!!
In my case an existing setup stopped working when I've updated the outgoing and incoming server domain addresses, everything else stayed the same yet I was not connecting and getting ssl3_read_bytes:sslv3 alert bad certificate: SSL alert number 42 in the logs.
There must be some bug in Thunderbird...as the solutios was to delete the Thunderbird account and re-create it.
To help you save some time I've also tried the below with no succeess:
- Thunderbird advanced settings from here: https://community.letsencrypt.org/t/simple-guide-using-lets-encrypt-ssl-certs-with-dovecot/2921/6
- triple checked my
dovecot.confSSL setup
Again like in my case, if all else fails try just deleting and re-creating the accounts.
answered 9 hours ago
Daniel SokolowskiDaniel Sokolowski
1356
add a comment |
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "106"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f123367%2fthunderbird-fails-to-connect-to-dovecot-and-postfix%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
6 Answers
6
active
oldest
votes
6 Answers
6
active
oldest
votes
active
oldest
votes
active
oldest
votes
I had similar problems with Thunderbird on Mac OSX and a new StartSSL cert.
Thunderbird uses OCSP to validate the certificates and fails silently in this special case. Additionally the StartSSL OCSP server need some time to update the catalogue of known certificates (compare with https://forum.startcom.org/viewtopic.php?t=2654).
To check if OCSP is the cause of the trouble disable it temporarily and retry to connect to your server.
Preferences -> Advanced -> Certificates -> Validation -> Uncheck "Use the Online Certificate Status Protocol (OCSP) to confirm the current validity of certificates"
answered Jun 25 '14 at 20:39
Coding MindsCoding Minds
6113
2
If OCSP Must-Staple is set on the certificate, you can't disable it. Postfix and Dovecot don't support OCSP stapling (as of this comment), so Thunderbird will refuse to connect to them. Reissuing my certificates without the requirement solved the issue.
– Techwolf
Apr 28 '17 at 4:29
add a comment |
I had similar problems with Thunderbird on Mac OSX and a new StartSSL cert.
Thunderbird uses OCSP to validate the certificates and fails silently in this special case. Additionally the StartSSL OCSP server need some time to update the catalogue of known certificates (compare with https://forum.startcom.org/viewtopic.php?t=2654).
To check if OCSP is the cause of the trouble disable it temporarily and retry to connect to your server.
Preferences -> Advanced -> Certificates -> Validation -> Uncheck "Use the Online Certificate Status Protocol (OCSP) to confirm the current validity of certificates"
answered Jun 25 '14 at 20:39
Coding MindsCoding Minds
6113
2
If OCSP Must-Staple is set on the certificate, you can't disable it. Postfix and Dovecot don't support OCSP stapling (as of this comment), so Thunderbird will refuse to connect to them. Reissuing my certificates without the requirement solved the issue.
– Techwolf
Apr 28 '17 at 4:29
add a comment |
I had similar problems with Thunderbird on Mac OSX and a new StartSSL cert.
Thunderbird uses OCSP to validate the certificates and fails silently in this special case. Additionally the StartSSL OCSP server need some time to update the catalogue of known certificates (compare with https://forum.startcom.org/viewtopic.php?t=2654).
To check if OCSP is the cause of the trouble disable it temporarily and retry to connect to your server.
Preferences -> Advanced -> Certificates -> Validation -> Uncheck "Use the Online Certificate Status Protocol (OCSP) to confirm the current validity of certificates"
answered Jun 25 '14 at 20:39
Coding MindsCoding Minds
6113
I had similar problems with Thunderbird on Mac OSX and a new StartSSL cert.
Thunderbird uses OCSP to validate the certificates and fails silently in this special case. Additionally the StartSSL OCSP server need some time to update the catalogue of known certificates (compare with https://forum.startcom.org/viewtopic.php?t=2654).
To check if OCSP is the cause of the trouble disable it temporarily and retry to connect to your server.
Preferences -> Advanced -> Certificates -> Validation -> Uncheck "Use the Online Certificate Status Protocol (OCSP) to confirm the current validity of certificates"
answered Jun 25 '14 at 20:39
Coding MindsCoding Minds
6113
answered Jun 25 '14 at 20:39
Coding MindsCoding Minds
6113
answered Jun 25 '14 at 20:39
Coding MindsCoding Minds
6113
answered Jun 25 '14 at 20:39
Coding MindsCoding Minds
6113
6113
2
If OCSP Must-Staple is set on the certificate, you can't disable it. Postfix and Dovecot don't support OCSP stapling (as of this comment), so Thunderbird will refuse to connect to them. Reissuing my certificates without the requirement solved the issue.
– Techwolf
Apr 28 '17 at 4:29
add a comment |
2
If OCSP Must-Staple is set on the certificate, you can't disable it. Postfix and Dovecot don't support OCSP stapling (as of this comment), so Thunderbird will refuse to connect to them. Reissuing my certificates without the requirement solved the issue.
– Techwolf
Apr 28 '17 at 4:29
2
2
If OCSP Must-Staple is set on the certificate, you can't disable it. Postfix and Dovecot don't support OCSP stapling (as of this comment), so Thunderbird will refuse to connect to them. Reissuing my certificates without the requirement solved the issue.
– Techwolf
Apr 28 '17 at 4:29
If OCSP Must-Staple is set on the certificate, you can't disable it. Postfix and Dovecot don't support OCSP stapling (as of this comment), so Thunderbird will refuse to connect to them. Reissuing my certificates without the requirement solved the issue.
– Techwolf
Apr 28 '17 at 4:29
add a comment |
There MUST be a bug in Thunderbird. Even though I imported the server's certificate and added an exception, and it validates with openssl client, Thunderbird still fails. I was able to get it to work by using non-encrypted port numbers, but at least it uses STARTTLS to enable encryption anyways. I must star this to remember it a year from now.
$ openssl s_client -connect olixxxxx.xxx:993
CONNECTED(00000003)
... lots of certificate info ...
* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN] Dovecot ready.
. login staxxxxxx xxxxxxxxpasswordxxxxxxxxxxxx
. OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS MULTIAPPEND UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS] Logged in
. logout
* BYE Logging out
answered Apr 6 '14 at 22:16
ChloeChloe
2401513
add a comment |
There MUST be a bug in Thunderbird. Even though I imported the server's certificate and added an exception, and it validates with openssl client, Thunderbird still fails. I was able to get it to work by using non-encrypted port numbers, but at least it uses STARTTLS to enable encryption anyways. I must star this to remember it a year from now.
$ openssl s_client -connect olixxxxx.xxx:993
CONNECTED(00000003)
... lots of certificate info ...
* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN] Dovecot ready.
. login staxxxxxx xxxxxxxxpasswordxxxxxxxxxxxx
. OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS MULTIAPPEND UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS] Logged in
. logout
* BYE Logging out
answered Apr 6 '14 at 22:16
ChloeChloe
2401513
add a comment |
There MUST be a bug in Thunderbird. Even though I imported the server's certificate and added an exception, and it validates with openssl client, Thunderbird still fails. I was able to get it to work by using non-encrypted port numbers, but at least it uses STARTTLS to enable encryption anyways. I must star this to remember it a year from now.
$ openssl s_client -connect olixxxxx.xxx:993
CONNECTED(00000003)
... lots of certificate info ...
* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN] Dovecot ready.
. login staxxxxxx xxxxxxxxpasswordxxxxxxxxxxxx
. OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS MULTIAPPEND UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS] Logged in
. logout
* BYE Logging out
answered Apr 6 '14 at 22:16
ChloeChloe
2401513
There MUST be a bug in Thunderbird. Even though I imported the server's certificate and added an exception, and it validates with openssl client, Thunderbird still fails. I was able to get it to work by using non-encrypted port numbers, but at least it uses STARTTLS to enable encryption anyways. I must star this to remember it a year from now.
$ openssl s_client -connect olixxxxx.xxx:993
CONNECTED(00000003)
... lots of certificate info ...
* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN] Dovecot ready.
. login staxxxxxx xxxxxxxxpasswordxxxxxxxxxxxx
. OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS MULTIAPPEND UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS] Logged in
. logout
* BYE Logging out
answered Apr 6 '14 at 22:16
ChloeChloe
2401513
answered Apr 6 '14 at 22:16
ChloeChloe
2401513
answered Apr 6 '14 at 22:16
ChloeChloe
2401513
answered Apr 6 '14 at 22:16
ChloeChloe
2401513
2401513
add a comment |
add a comment |
It's not a bug of Thunderbird.
Check that /etc/dovecot/dovecot.pem refers to the right SSL certificate you bought
Also update the CA authority in /etc/dovecot/dovecot.ca.pem
Then restart dovecot:
service dovecot restart
answered Feb 12 '15 at 14:07
AlessandroAlessandro
11
add a comment |
It's not a bug of Thunderbird.
Check that /etc/dovecot/dovecot.pem refers to the right SSL certificate you bought
Also update the CA authority in /etc/dovecot/dovecot.ca.pem
Then restart dovecot:
service dovecot restart
answered Feb 12 '15 at 14:07
AlessandroAlessandro
11
add a comment |
It's not a bug of Thunderbird.
Check that /etc/dovecot/dovecot.pem refers to the right SSL certificate you bought
Also update the CA authority in /etc/dovecot/dovecot.ca.pem
Then restart dovecot:
service dovecot restart
answered Feb 12 '15 at 14:07
AlessandroAlessandro
11
It's not a bug of Thunderbird.
Check that /etc/dovecot/dovecot.pem refers to the right SSL certificate you bought
Also update the CA authority in /etc/dovecot/dovecot.ca.pem
Then restart dovecot:
service dovecot restart
answered Feb 12 '15 at 14:07
AlessandroAlessandro
11
edited Feb 12 '15 at 14:47
answered Feb 12 '15 at 14:07
AlessandroAlessandro
11
answered Feb 12 '15 at 14:07
AlessandroAlessandro
11
answered Feb 12 '15 at 14:07
AlessandroAlessandro
11
11
add a comment |
add a comment |
For postfix to work with Thunderbird's 'SSL/TLS' setting for port 465, use master.cf settings like this:
smtps inet n - y - - smtpd
-o syslog_name=postfix/smtps
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
(The 'y' in the first line is if postfix runs chrooted, otherwise it should be 'n')
This is a deprecated way to connect - it's more normal these days to use STARTTLS over port 587 ('submission').
answered Jul 6 '17 at 11:29
gogoudgogoud
1,720816
add a comment |
For postfix to work with Thunderbird's 'SSL/TLS' setting for port 465, use master.cf settings like this:
smtps inet n - y - - smtpd
-o syslog_name=postfix/smtps
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
(The 'y' in the first line is if postfix runs chrooted, otherwise it should be 'n')
This is a deprecated way to connect - it's more normal these days to use STARTTLS over port 587 ('submission').
answered Jul 6 '17 at 11:29
gogoudgogoud
1,720816
add a comment |
For postfix to work with Thunderbird's 'SSL/TLS' setting for port 465, use master.cf settings like this:
smtps inet n - y - - smtpd
-o syslog_name=postfix/smtps
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
(The 'y' in the first line is if postfix runs chrooted, otherwise it should be 'n')
This is a deprecated way to connect - it's more normal these days to use STARTTLS over port 587 ('submission').
answered Jul 6 '17 at 11:29
gogoudgogoud
1,720816
For postfix to work with Thunderbird's 'SSL/TLS' setting for port 465, use master.cf settings like this:
smtps inet n - y - - smtpd
-o syslog_name=postfix/smtps
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
(The 'y' in the first line is if postfix runs chrooted, otherwise it should be 'n')
This is a deprecated way to connect - it's more normal these days to use STARTTLS over port 587 ('submission').
answered Jul 6 '17 at 11:29
gogoudgogoud
1,720816
answered Jul 6 '17 at 11:29
gogoudgogoud
1,720816
answered Jul 6 '17 at 11:29
gogoudgogoud
1,720816
answered Jul 6 '17 at 11:29
gogoudgogoud
1,720816
1,720816
add a comment |
add a comment |
Just a note - RFC 8314 - which is AFTER the answer by @gogoud - has once again standardized Port 465 for submission with implicit TLS using SMTPS and had deprecated submission via Port 587 as obsolete.
RFC 8314 also requires TLS 1.2 or better for connecting to a Mail Service Agent.
answered Nov 17 '18 at 12:16
Alice WonderAlice Wonder
1
add a comment |
Just a note - RFC 8314 - which is AFTER the answer by @gogoud - has once again standardized Port 465 for submission with implicit TLS using SMTPS and had deprecated submission via Port 587 as obsolete.
RFC 8314 also requires TLS 1.2 or better for connecting to a Mail Service Agent.
answered Nov 17 '18 at 12:16
Alice WonderAlice Wonder
1
add a comment |
Just a note - RFC 8314 - which is AFTER the answer by @gogoud - has once again standardized Port 465 for submission with implicit TLS using SMTPS and had deprecated submission via Port 587 as obsolete.
RFC 8314 also requires TLS 1.2 or better for connecting to a Mail Service Agent.
answered Nov 17 '18 at 12:16
Alice WonderAlice Wonder
1
Just a note - RFC 8314 - which is AFTER the answer by @gogoud - has once again standardized Port 465 for submission with implicit TLS using SMTPS and had deprecated submission via Port 587 as obsolete.
RFC 8314 also requires TLS 1.2 or better for connecting to a Mail Service Agent.
answered Nov 17 '18 at 12:16
Alice WonderAlice Wonder
1
answered Nov 17 '18 at 12:16
Alice WonderAlice Wonder
1
answered Nov 17 '18 at 12:16
Alice WonderAlice Wonder
1
answered Nov 17 '18 at 12:16
Alice WonderAlice Wonder
1
1
add a comment |
add a comment |
This drove me mad!!!
In my case an existing setup stopped working when I've updated the outgoing and incoming server domain addresses, everything else stayed the same yet I was not connecting and getting ssl3_read_bytes:sslv3 alert bad certificate: SSL alert number 42 in the logs.
There must be some bug in Thunderbird...as the solutios was to delete the Thunderbird account and re-create it.
To help you save some time I've also tried the below with no succeess:
- Thunderbird advanced settings from here: https://community.letsencrypt.org/t/simple-guide-using-lets-encrypt-ssl-certs-with-dovecot/2921/6
- triple checked my
dovecot.confSSL setup
Again like in my case, if all else fails try just deleting and re-creating the accounts.
answered 9 hours ago
Daniel SokolowskiDaniel Sokolowski
1356
add a comment |
This drove me mad!!!
In my case an existing setup stopped working when I've updated the outgoing and incoming server domain addresses, everything else stayed the same yet I was not connecting and getting ssl3_read_bytes:sslv3 alert bad certificate: SSL alert number 42 in the logs.
There must be some bug in Thunderbird...as the solutios was to delete the Thunderbird account and re-create it.
To help you save some time I've also tried the below with no succeess:
- Thunderbird advanced settings from here: https://community.letsencrypt.org/t/simple-guide-using-lets-encrypt-ssl-certs-with-dovecot/2921/6
- triple checked my
dovecot.confSSL setup
Again like in my case, if all else fails try just deleting and re-creating the accounts.
answered 9 hours ago
Daniel SokolowskiDaniel Sokolowski
1356
add a comment |
This drove me mad!!!
In my case an existing setup stopped working when I've updated the outgoing and incoming server domain addresses, everything else stayed the same yet I was not connecting and getting ssl3_read_bytes:sslv3 alert bad certificate: SSL alert number 42 in the logs.
There must be some bug in Thunderbird...as the solutios was to delete the Thunderbird account and re-create it.
To help you save some time I've also tried the below with no succeess:
- Thunderbird advanced settings from here: https://community.letsencrypt.org/t/simple-guide-using-lets-encrypt-ssl-certs-with-dovecot/2921/6
- triple checked my
dovecot.confSSL setup
Again like in my case, if all else fails try just deleting and re-creating the accounts.
answered 9 hours ago
Daniel SokolowskiDaniel Sokolowski
1356
This drove me mad!!!
In my case an existing setup stopped working when I've updated the outgoing and incoming server domain addresses, everything else stayed the same yet I was not connecting and getting ssl3_read_bytes:sslv3 alert bad certificate: SSL alert number 42 in the logs.
There must be some bug in Thunderbird...as the solutios was to delete the Thunderbird account and re-create it.
To help you save some time I've also tried the below with no succeess:
- Thunderbird advanced settings from here: https://community.letsencrypt.org/t/simple-guide-using-lets-encrypt-ssl-certs-with-dovecot/2921/6
- triple checked my
dovecot.confSSL setup
Again like in my case, if all else fails try just deleting and re-creating the accounts.
answered 9 hours ago
Daniel SokolowskiDaniel Sokolowski
1356
answered 9 hours ago
Daniel SokolowskiDaniel Sokolowski
1356
answered 9 hours ago
Daniel SokolowskiDaniel Sokolowski
1356
answered 9 hours ago
Daniel SokolowskiDaniel Sokolowski
1356
1356
add a comment |
add a comment |
Thanks for contributing an answer to Unix & Linux Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f123367%2fthunderbird-fails-to-connect-to-dovecot-and-postfix%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
-dovecot, postfix, ssl, thunderbird
