Postfix / Courier: IMAP mit TLS funktioniert nicht

sga · 9. Dezember 2009

Guten Tag zusammen

Nachdem ich einen Linux-Server zu Hause installiert habe und einige Dienste darauf betrieben habe und mein Hosting zu unflexibel wurde, mietete ich kurzerhand einen vServer Gold.

Vieles habe ich schon hinbekommen beim IMAP mit TLS scheitere ich, darum bitte ich um Hilfe. Ich versuche mein Problem möglichst genau zu beschreiben:

Ziel: Mails IMAP mit TLS abrufen (z.B. mit Thunderbird)

Ausgangslage:
OS Debian Etch, von Netcup vorinstalliert
Folgende Konfiguartionen aus dem Syscp (1.4.2.1) wurden gemacht und angepasst (MySQL-Passwort):
- Debian 4.0 (Etch) => Mailserver (IMAP/POP3) => Courier
- Debian 4.0 (Etch) => Mailserver (SMTP) => Postfix
- Domains sind schon länger eingetragen. E-Mail test@domain1.com, welches in ein eigenes Postfach zeigt.
Abruf per IMAP klappt bestens, jetzt soll noch TLS dazu kommen.

Zerifikat für Test
cert_file /etc/ssl/certs/ssl-cert-snakeoil.pem
key_file /etc/ssl/private/ssl-cert-snakeoil.key

Config-Files:

[siehe folgender Post]

Reproduktion Fehler
===============

1. Daemons / Services neu gestartet

Code

/etc/init.d/courier-authdaemon restart
/etc/init.d/courier-pop restart
/etc/init.d/postfix restart
newaliases

1.1 Ausgabe Konsole:

Code

v(..hidden..):/# /etc/init.d/courier-authdaemon restart
Stopping Courier authentication services: authdaemond.
Starting Courier authentication services: authdaemond.
v(..hidden..):/# /etc/init.d/courier-pop restart
Stopping Courier POP3 server: pop3d.
Starting Courier POP3 server: pop3d.
v(..hidden..):/# /etc/init.d/courier-authdaemon restart
Stopping Courier authentication services: authdaemond.
Starting Courier authentication services: authdaemond.
v(..hidden..):/# /etc/init.d/courier-pop restart
Stopping Courier POP3 server: pop3d.
Starting Courier POP3 server: pop3d.
v(..hidden..):/# /etc/init.d/postfix restart
Stopping Postfix Mail Transport Agent: postfix.
Starting Postfix Mail Transport Agent: postfix.
v(..hidden..):/# newaliases
v(..hidden..):/#

Alles anzeigen

1.2 Logs

/var/log/mail.info

Code

Dec  9 16:52:48 v(..hidden..) postfix/master[24125]: terminating on signal 15
Dec  9 16:52:48 v(..hidden..) postfix/master[31463]: daemon started -- version 2.3.8, configuration /etc/postfix

/var/log/mail.log

Code

Dec  9 16:52:48 v(..hidden..) authdaemond: stopping authdaemond children
Dec  9 16:52:48 v(..hidden..) authdaemond: modules="authmysql", daemons=5
Dec  9 16:52:48 v(..hidden..) authdaemond: Installing libauthmysql
Dec  9 16:52:48 v(..hidden..) authdaemond: Installation complete: authmysql
Dec  9 16:52:48 v(..hidden..) postfix/master[24125]: terminating on signal 15
Dec  9 16:52:48 v(..hidden..) postfix/master[31463]: daemon started -- version 2.3.8, configuration /etc/postfix

/var/log/syslog

Code

Dec 9 16:52:48 v(..hidden..) authdaemond: stopping authdaemond children
Dec 9 16:52:48 v(..hidden..) authdaemond: modules="authmysql", daemons=5
Dec 9 16:52:48 v(..hidden..) authdaemond: Installing libauthmysql
Dec 9 16:52:48 v(..hidden..) authdaemond: Installation complete: authmysql
Dec 9 16:52:48 v(..hidden..) postfix/master[24125]: terminating on signal 15
Dec 9 16:52:48 v(..hidden..) postfix/master[31463]: daemon started -- version 2.3.8, configuration /etc/postfix

2. Abfrage mit Thunderbird von aussen auf vServer IMAP mit TLS.
Einstellungen (Server):
- Server-Typ: IMAP
- Server: [IP-Adresse vServer]
- Port: 143
- Benuztername: test@domain1.com (gem. Syscp)
- Sicherheit und Authentifizierung: TLS

Beim Abruf bekomme ich folgende Fehlermeldung:

Code

Der aktuelle Befehl war nicht erfolgreich. 
Der Mail-Server antwortete: 
Error in IMAP command received by server..

2.1. Logs

/var/log/mail.info
[keine neuen Einträge]

/var/log/mail.log

Code

Dec  9 17:00:09 v(..hidden..) imapd: Connection, ip=[::ffff:195.202.251.32]

/var/log/syslog

Code

Dec  9 17:00:09 v(..hidden..) imapd: Connection, ip=[::ffff:195.202.251.32]

Was könnte hier das Problem sein? Habt Ihr eine Idee? Wo sind noch Logs mit evtl. Fehlern?

sga

sga · 9. Dezember 2009

/etc/postfix/main.cf

Code

# Postfix programs paths settings
command_directory = /usr/sbin
daemon_directory = /usr/lib/postfix
program_directory = /usr/lib/postfix
sendmail_path = /usr/sbin/sendmail




## General Postfix configuration
# should be the default domain from your provider eg. "server100.provider.tld"
mydomain = v(..hidden..).yourvserver.net




# should be different from $mydomain eg. "mail.$mydomain"
myhostname = v(..hidden..).yourvserver.net




mydestination = $myhostname,
        $mydomain,
        localhost.$myhostname,
        localhost.$mydomain,
        localhost
mynetworks = 127.0.0.0/8
inet_interfaces = all
append_dot_mydomain = no
biff = no




# Postfix performance settings
default_destination_concurrency_limit = 20
local_destination_concurrency_limit = 2




# SMTPD Settings
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
smtpd_helo_required = yes
smtpd_recipient_restrictions = permit_mynetworks,
        permit_sasl_authenticated,
        reject_unauth_destination,
        reject_unauth_pipelining,
        reject_non_fqdn_recipient
smtpd_sender_restrictions = permit_mynetworks,
        permit_sasl_authenticated,
        reject_unknown_hostname,
        reject_unknown_recipient_domain,
        reject_unknown_sender_domain
smtpd_client_restrictions = permit_mynetworks,
        permit_sasl_authenticated,
        reject_unknown_client
# Maximum size of Message in bytes (50MB)
message_size_limit = 52428800




## SASL Auth Settings
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes
## Dovecot Settings for deliver, SASL Auth and virtual transport
## uncomment those line to use Dovecot
#mailbox_command = /usr/lib/dovecot/deliver
#virtual_transport = dovecot
#dovecot_destination_recipient_limit = 1
# Virtual delivery settings
virtual_mailbox_base = /var/kunden/mail/
virtual_mailbox_maps = mysql:/etc/postfix/mysql-virtual_mailbox_maps.cf
virtual_mailbox_domains = mysql:/etc/postfix/mysql-virtual_mailbox_domains.cf
virtual_mailbox_limit = 1073741824
virtual_alias_maps = mysql:/etc/postfix/mysql-virtual_alias_maps.cf
virtual_uid_maps = static:2000
virtual_gid_maps = static:2000




# Local delivery settings
local_transport = local
alias_database = hash:/etc/aliases
alias_maps = $alias_database




# Default Mailbox size, is set to 0 which means unlimited!
mailbox_size_limit = 1073741824




### TLS settings
###
## TLS for outgoing mails from the server to another server
#smtp_use_tls = yes
#smtp_tls_note_starttls_offer = yes
## TLS for email client
[FONT=monospace]smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
[/FONT]#smtpd_tls_CAfile = /etc/ssl/cacert.class3.crt  # Just an example for CACert.org
smtpd_tls_auth_only = no
smtpd_tls_loglevel = 3
#smtpd_tls_received_header = yes
#smtpd_tls_session_cache_timeout = 3600s
#tls_random_source = dev:/dev/urandom




debugger_command =
         PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
         ddd $daemon_directory/$process_name $process_id & sleep 5







smtpd_use_tls = yes
virtual_mailbox_limit = 0

Alles anzeigen

/etc/postfix/master.cf

Code

# Postfix master process configuration file.  For details on the format
# of the file, see the master(5) manual page (command: "man 5 master").
#
# ==========================================================================
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (100)
# ==========================================================================
smtp      inet  n       -       -       -       -       smtpd
#submission inet n       -       -       -       -       smtpd
#  -o smtpd_enforce_tls=yes
#  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#smtps     inet  n       -       -       -       -       smtpd
#  -o smtpd_tls_wrappermode=yes
#  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#628      inet  n       -       -       -       -       qmqpd
pickup    fifo  n       -       -       60      1       pickup
cleanup   unix  n       -       -       -       0       cleanup
qmgr      fifo  n       -       n       300     1       qmgr
#qmgr     fifo  n       -       -       300     1       oqmgr
tlsmgr    unix  -       -       -       1000?   1       tlsmgr
rewrite   unix  -       -       -       -       -       trivial-rewrite
bounce    unix  -       -       -       -       0       bounce
defer     unix  -       -       -       -       0       bounce
trace     unix  -       -       -       -       0       bounce
verify    unix  -       -       -       -       1       verify
flush     unix  n       -       -       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
smtp      unix  -       -       -       -       -       smtp
# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay     unix  -       -       -       -       -       smtp
        -o fallback_relay=
#       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq     unix  n       -       -       -       -       showq
error     unix  -       -       -       -       -       error
discard   unix  -       -       -       -       -       discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       -       -       -       lmtp
anvil     unix  -       -       -       -       1       anvil
scache    unix  -       -       -       -       1       scache
maildrop  unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
#
# See the Postfix UUCP_README file for configuration details.
#
uucp      unix  -       n       n       -       -       pipe
  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#
# Other external delivery methods.
#
ifmail    unix  -       n       n       -       -       pipe
  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp     unix  -       n       n       -       -       pipe
  flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix  -       n       n       -       2       pipe
  flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman   unix  -       n       n       -       -       pipe
  flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
  ${nexthop} ${user}




# Add this lines to be able to use dovecot as delivery agent
# Dovecot LDA
dovecot   unix  -       n       n       -       -       pipe
        flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -d ${recipient}

Alles anzeigen

/etc/postfix/mysql-virtual_alias_maps.cf

Code

user = syscp
password = (..hidden..)
dbname = syscp
table = mail_virtual
select_field = destination
where_field = email
additional_conditions = and destination <> '' and destination <> ' '
hosts = localhost

/etc/postfix/mysql-virtual_mailbox_domains.cf

Code

user = syscp
password = (..hidden..)
dbname = syscp
table = panel_domains
select_field = domain
where_field = domain
additional_conditions = and isemaildomain = '1'
hosts = localhost

/etc/postfix/mysql-virtual_mailbox_maps.cf

Code

user = syscp
password = (..hidden..)
dbname = syscp
table = mail_users
select_field = maildir
where_field = email
hosts = localhost

/etc/postfix/sasl/smtpd.conf

Code

pwcheck_method: auxprop
auxprop_plugin: sql
allowanonymouslogin: no
allowplaintext: yes
mech_list: plain login cram-md5 digest-md5
sql_engine: mysql
sql_hostnames: localhost
sql_user: syscp
sql_passwd: (..hidden..)
sql_database: syscp
sql_select: SELECT password FROM mail_users where username='%u@%r'

Alles anzeigen

/etc/courier/authdaemonrc

Code

##VERSION: $Id: authdaemonrc.in,v 1.8 2001/10/07 02:16:22 mrsam Exp $
#
# Copyright 2000-2001 Double Precision, Inc.  See COPYING for
# distribution information.







authmodulelist="authmysql"




##NAME: authmodulelistorig:1
#
# This setting is used by Courier's webadmin module, and should be left
# alone




authmodulelistorig="authcustom authcram authuserdb authldap authmysql authpam"




##NAME: daemons:0
#




daemons=5




##NAME: version:0
#
# When you have multiple versions of authdaemond.* installed, authdaemond
# just picks the first one it finds.  Set "version" to override that.
# For example:  version=authdaemond.plain




version=""




##NAME: authdaemonvar:0
#
# authdaemonvar is here, but is not used directly by authdaemond.  It's
# used by various configuration and build scripts, so don't touch it!




authdaemonvar=/var/run/courier/authdaemon

Alles anzeigen

/etc/courier/authmysqlrc

Code

MYSQL_SERVER localhost
MYSQL_USERNAME syscp
MYSQL_PASSWORD (..hidden..)
MYSQL_PORT 3306
MYSQL_DATABASE syscp
MYSQL_USER_TABLE mail_users
MYSQL_CRYPT_PWFIELD password_enc
MYSQL_UID_FIELD uid
MYSQL_GID_FIELD gid
MYSQL_LOGIN_FIELD username
MYSQL_HOME_FIELD homedir
MYSQL_MAILDIR_FIELD maildir
MYSQL_QUOTA_FIELD (quota*1024*1024)

Alles anzeigen

sugersgroer · 10. Dezember 2009

Code

#smtpd_tls_received_header = yes
#smtpd_tls_session_cache_timeout = 3600s

Bin mir grad nicht sicher da ichs nur mal überflogen habe aber müßte das nicht einkommentiert sein? im moment ists ja auskommentiert

Code

pwcheck_method: auxprop

Wenn ich mich recht entsinne hab ich da bei mir

Code

pwcheck_method: saslauthd

stehen. Wegen der Abfrage der Daten mit Sasl

Hast dus denn mal mit deiner Domain anstelle der IP des Servers versucht? Bin mir nicht sicher aber ich glaube mit der IP wirds so nicht funktionieren *denk* lass mich aber gern eines besseren beleeren. Hab wie gesagt das grad nur überflogen weil ich ziemlich im streß stehe grad. Hoffe konnte dir trotzdem helfen.

MfG
Andre

sga · 11. Dezember 2009

Code

#smtpd_tls_received_header = yes
#smtpd_tls_session_cache_timeout = 3600s

Code

pwcheck_method: saslauthd

Habe das so geändert. Postfix und courier-imap/pop neu gestartet. Dann habe ich noch den Domain eingetragen (domain1.tld) bei Server im Thunderbird. Immer noch das selbe Resultat (d.h. der IMAP Abruf mit TLS funktioniert nicht).

In den Logs steht auch nichts brauchbares (wie oben, kein Hinweis auf einen Fehler).

Fragen:
- Könnte jemand von Euch mal die Config-Files posten vom postfix, auf welchem per TLS Mails abgeholt werden?
- Benutzt Ihr dazu ein selbstgezeichnetes Zertifikat, ein gekauftes oder das bereits vorhandene (/etc/ssl/certs).
- Oder wie holt Ihr die Mails verschlüsselt vom Server?

@ Andre: Danke für Deine Hilfeversuch!

sga

sugersgroer · 11. Dezember 2009

Master.cf von postfix

Code

#
# Postfix master process configuration file.  For details on the format
# of the file, see the master(5) manual page (command: "man 5 master").
#
# Do not forget to execute "postfix reload" after editing this file.
#
# ==========================================================================
# service type  private unpriv  chroot  wakeup  maxproc command + args
#               (yes)   (yes)   (yes)   (never) (100)
# ==========================================================================
smtp      inet  n       -       -       -       -       smtpd
#submission inet n       -       -       -       -       smtpd
#  -o smtpd_tls_security_level=encrypt
#  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING
#smtps     inet  n       -       -       -       -       smtpd
#  -o smtpd_tls_wrappermode=yes
#  -o smtpd_sasl_auth_enable=yes
#  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
#  -o milter_macro_daemon_name=ORIGINATING
#628      inet  n       -       -       -       -       qmqpd
pickup    fifo  n       -       -       60      1       pickup
cleanup   unix  n       -       -       -       0       cleanup
qmgr      fifo  n       -       n       300     1       qmgr
#qmgr     fifo  n       -       -       300     1       oqmgr
tlsmgr    unix  -       -       -       1000?   1       tlsmgr
rewrite   unix  -       -       -       -       -       trivial-rewrite
bounce    unix  -       -       -       -       0       bounce
defer     unix  -       -       -       -       0       bounce
trace     unix  -       -       -       -       0       bounce
verify    unix  -       -       -       -       1       verify
flush     unix  n       -       -       1000?   0       flush
proxymap  unix  -       -       n       -       -       proxymap
proxywrite unix -       -       n       -       1       proxymap
smtp      unix  -       -       -       -       -       smtp
# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay     unix  -       -       -       -       -       smtp
    -o smtp_fallback_relay=
#       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq     unix  n       -       -       -       -       showq
error     unix  -       -       -       -       -       error
retry     unix  -       -       -       -       -       error
discard   unix  -       -       -       -       -       discard
local     unix  -       n       n       -       -       local
virtual   unix  -       n       n       -       -       virtual
lmtp      unix  -       -       -       -       -       lmtp
anvil     unix  -       -       -       -       1       anvil
scache    unix  -       -       -       -       1       scache
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent.  See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
maildrop  unix  -       n       n       -       -       pipe
  flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
#
# See the Postfix UUCP_README file for configuration details.
#
uucp      unix  -       n       n       -       -       pipe
  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#
# Other external delivery methods.
#
ifmail    unix  -       n       n       -       -       pipe
  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp     unix  -       n       n       -       -       pipe
  flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix    -    n    n    -    2    pipe
  flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman   unix  -       n       n       -       -       pipe
  flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
  ${nexthop} ${user}

Alles anzeigen

main.cf

Code

# See /usr/share/postfix/main.cf.dist for a commented, more complete version







# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname




smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no




# appending .domain is the MUA's job.
append_dot_mydomain = no




# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h




readme_directory = no




# TLS parameters
smtpd_tls_cert_file=/pfad/zum/cert.pem
smtpd_tls_key_file=/pfad/zumCert.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache




# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.




myhostname = server
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = domain.tld, localhost, localhost.localdomain, localhost
relayhost = 
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
broken_sasl_auth_clients = yes




maps_rbl_domains = relays.ordb.org
smtp_recipient_restrictions = reject_maps_rbl, reject_unauth_destination, reject_unauth_pipelining
smtp_client_restrictions = reject_maps_rbl, reject_unauth_destination, reject_unauth_pipelining
smtp_sender_restrictions = reject_maps_rbl, reject_unauth_destination, reject_unauth_pipelining, reject_unknown_sender_domain, reject_non_fqdn_sender, reject_non_fqdn_hostname
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination




smtpd_sasl_path = smtpd




virtual_transport = virtual




inet_protocols = ipv4




home_mailbox = Maildir/




smtpd_helo_required = yes
message_size_limit = 20480000




### CONFIXX POSTFIX ENTRY ###




virtual_maps = hash:/etc/postfix/confixx_virtualUsers, hash:/etc/postfix/confixx_localDomains




### /CONFIXX POSTFIX ENTRY ###

Alles anzeigen

smtpd.conf

Code

pwcheck_method: saslauthd
mech_list: PLAIN LOGIN
saslauthd_path: /pfad/zum/sasl
autotransition:true

/etc/default/saslauthd

Code

#
# Settings for saslauthd daemon
#




# Should saslauthd run automatically on startup? (default: no)
START=yes




# Which authentication mechanisms should saslauthd use? (default: pam)
#
# Available options in this Debian package:
# getpwent  -- use the getpwent() library function
# kerberos5 -- use Kerberos 5
# pam       -- use PAM
# rimap     -- use a remote IMAP server
# shadow    -- use the local shadow password file
# sasldb    -- use the local sasldb database file
# ldap      -- use LDAP (configuration is in /etc/saslauthd.conf)
#
# Only one option may be used at a time. See the saslauthd man page
# for more information.
#
# Example: MECHANISMS="pam"
MECHANISMS="shadow"




# Additional options for this mechanism. (default: none)
# See the saslauthd man page for information about mech-specific options.
MECH_OPTIONS=""




# How many saslauthd processes should we run? (default: 5)
# A value of 0 will fork a new process for each connection.
THREADS=5




# Other options (default: -c)
# See the saslauthd man page for information about these options.
#
# Example for postfix users: "-c -m /var/spool/postfix/var/run/saslauthd"
# Note: See /usr/share/doc/sasl2-bin/README.Debian
OPTIONS="-c  -m /var/spool/postfix/var/run/saslauthd"

Alles anzeigen

Acht da mal auf die letzte Zeile ob die so bei dir steht. Das war damals mein Problem das es nicht funktioniert hat.

Ich verwende gültige zertifikate die auch signiert sind aber das sollte damit nichts zutun haben.

Bei mir funktioniert das ganze ohne verschlüsselung, STARTTLS, TLS und SSL ohne Probleme.

hoffe bringt dir was.

MfG
Andre

sga · 11. Dezember 2009

Danke Andre, dass Du Deine Config gepostet hast.

Habe herausgefunden wo es dran lag. courier-imap-ssl war nicht installiert, ein apt-get install courier-imap-ssl hat es getan (shame over me, aber die Logs haben da auch nicht weitergeholfen). Ich weiss, ein Anfängerfehler, entschuldige, dass ich für ihn die Super-Resource der Community anzapfen musste. Danke nochmals.

Das File /etc/default/saslauthd habe ich übrigens nicht. Sasl (im Thunderbird heisst das glaub 'Sichere Authentifizierung verwenden') funktioniert bei mir nicht.

Anschlussfrage:
Wenn ich im Thunderbird per IMAP/TLS meine E-Mails abhole, geht dann mein Passwort per Klartext übers Netz oder verschlüsselt? Ich habe im die Einstellung 'Sichere Authentifizierung verwenden'. Ist diese beim TLS Abruf notwendig?

sga

sugersgroer · 11. Dezember 2009

Wenns mit TLS gesendet wird ist es verschlüsselt...
Son Fehler kann vorkommen is ja kein thema

MfG
Andre