claws-mail POP3S failure with Dovecot - main

19 Feb 2016


      OK guys this is now driving me crazy.
For some yaers now I have run my own mail service using postfix and
dovecot on debian. My preferred email client is claws but I use K9
when out and about on my android (cyanogenmod) devices. For purely
historic reasons I use IMAPS on all portable devices so that I leave
mail on the server until I sit at my desk where claws is configured to
use both IMAPS and POP3S. I do this so that mail is actually
downloaded from my server over POP3S and stored locally (where it is
backed up to two separate external systems. I also use IMAPS on claws
so that I have access to the "sent" folders for my email boxes (in
case I send from a mobile device). I can then simply move sent mail
to tjhe mailbox of my choice locally where it matches the incoming
mail.
So far so hunky dory for some long time.
Yesterday I upgraded my mailserver from Debian 7.9 to 8.3. As
expected, everything went fine and all seemed well - until I fired up
claws. Claws successfully connects to IMAPS and to my submission
port (587) but it fails to connect to POP3S with the error:
* Account 'mbm@rlogin.net': Connecting to POP3 server:
  smtp.rlogin.net:995... *** SSL handshake failed
Sure enough, the mail.log shows entries like:
Feb 19 12:27:59 pipe dovecot: pop3-login: Disconnected (no auth
attempts in 0 secs): user=<>, rip=178.238.155.43, lip=213.138.100.26,
TLS handshaking: SSL_accept() failed: error:14076102:SSL
routines:SSL23_GET_CLIENT_HELLO:unsupported protocol,
session=<Bu4YnR4swgCy7psr>
No athentication takes place because I insist on TLS (on both
client and server ends) before I allow credentials to be passed.
Here's the bonkers bit. The X509 certificate I use on the server is
self generated and is identical for SMTP, POP3S and IMAPS. Using
openssl client ("openssl s_client -connect smtp.rlogin.net:pop3s" and
"openssl s_client -connect smtp.rlogin.net:imaps3") to test the
connections returns identical (successful) results.
I see:
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES256-GCM-SHA384
blah, blah, etc.
Nothing has changed client side and the fact that K9 and claws can
successfully send/receive indicates server side is OK too. I have been
over the dovecot configuration probably a dozen times now and can see
nothing wrong (though dovecot's configuration files are a nightmare).
Doveconf -n shows a perfectly acceptable setup. So my suspicion is that
claws cannot handle the elliptic curve cipher offered by the server in
its new configuration for POP3S (but why for IMAPS?????) (Debian 8.3
shows "OpenSSL 1.0.1k 8 Jan 2015" whereas 7.9 shows "OpenSSL 1.0.1e 11
Feb 2013")
I really don't want to have to change from claws on the desktop (I'm
not a tbird fan) so if anyone has any ideas, please let me know.
Meanwhile I'll keep on searching (there's nothing on the claws buglist)
Mick
(I suppose I could just stick to IMAP - I know POP is an old protocol,
but I like the way I work, and this is just bugging me.....)
(Or I could try Cyrus...)
---------------------------------------------------------------------
Mick Morgan
 gpg fingerprint: FC23 3338 F664 5E66 876B  72C0 0A1F E60B 5BAD D312
 http://baldric.net
---------------------------------------------------------------------