Hi, What's your handle at Clearfoundation? Mail is not my strong point but I have port 587 working with user/pass and I had been hoping to make it relatively hack-proof by using certificates. Isn't SSL/TLS just user/pass as well or can it use certificates?
I have IMAPS working on 993. FWIW, I filed a bug recently in ClearOS as by default (on 6.x at least) even with authentication off in the Webconfig, it is in fact still on through port 465 but not port 587 through the configuration in /etc/postfix/master.cf. To me it should either be off everywhere or, if on with 465 it should also be on with 587 and a warning added to the webconfig to that effect. Nick On Sunday, 5 April 2015 17:29:01 UTC+1, Nick Howitt wrote: > > Hi, > I am trying to get K-9 to use certificates/STARTTLS to communicate with > and relay through my postfix mail server. I have a self-signed ca-cert and > have generated user certificates and keys from this. I have imported the > ca-cert into Android and the p12 user certificate into K-9. > > Using STARTTLS/port 587, every time I switch from user/pass authentication > to certificates I get a message from K-9:[code]Cannot connect to server. > (Unable to authenticate. The server does not advertise the SASL EXTERNAL > capability. This could be a problem with the client certificate (expired, > unknown certificate authority) or some other configuration > problem.)[/code]I have tried using a user certificate and the system > certificate but nothing I do changes the reply. > > If I try telnetting into port 587 I get:[code][root@server ~]# telnet > 127.0.0.1 587 > Trying 127.0.0.1... > Connected to 127.0.0.1. > Escape character is '^]'. > 220 mailserver.howitts.co.uk ESMTP Postfix > ehlo howitts.co.uk > 250-mailserver.howitts.co.uk > 250-PIPELINING > 250-SIZE 51200000 > 250-ETRN > 250-STARTTLS > 250-AUTH LOGIN PLAIN > 250-AUTH=LOGIN PLAIN > 250-ENHANCEDSTATUSCODES > 250-8BITMIME > 250 DSN[/code]So STARTTLS is advertised. In postfix the message I get > is:[code]Apr 5 16:33:27 server postfix/smtpd[9162]: connect from > motog.howitts.co.uk[172.17.2.113] > Apr 5 16:33:27 server postfix/smtpd[9162]: setting up TLS connection from > motog.howitts.co.uk[172.17.2.113] > Apr 5 16:33:27 server postfix/smtpd[9162]: > motog.howitts.co.uk[172.17.2.113]: > Trusted: subject_CN=ourfamily, issuer=ca.server.howitts.lan, > fingerprint=13:45:A2:B4:94:B0:18:4A:E3:46:C0:29:29:BE:1E:27 > Apr 5 16:33:27 server postfix/smtpd[9162]: Trusted TLS connection > established from motog.howitts.co.uk[172.17.2.113]: TLSv1.2 with cipher > DHE-RSA-AES256-SHA (256/256 bits)[/code]So the connection seems to be OK at > the postfix end. > > I do sometimes get host-name mismatch warnings which I accept but then I > end up with the same error. > > Have you any idea what I am doing wrong? > > TIA, > > Nick > > -- -- You received this message because you are subscribed to the K-9 Mail Users List. To post to this group, send email to [email protected] To unsubscribe, email [email protected] To report an issue with K-9 Mail, visit http://code.google.com/p/k9mail/issues/list For more options, visit this group at http://groups.google.com/group/k-9-mail --- You received this message because you are subscribed to the Google Groups "K-9 Mail" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
