I need upgrade and split Centos 6.3, RoundCube 0.7.2 and Dovecot 2.0.9. Apache link is old.mydomain.
IMAP section: $rcmail_config['default_host'] = 'localhost';
Dovecot authenticate against Microsoft Active Directory.
I've install RoundCube 1.4.12 LTE on separate Centos 7 server.
IMAP section: $config['default_host'] = 'ssl://old.mydomain' or IP;
I would like setup and test RoundCube in parallel. Then I will stop Apache on old.mydomain and rename Apache link from new.mydomain to old.mydomain.
My new installation test with standalone Postfix servet is OK, but connection to Dovecot with default sets fails with error on web browser:
Connection to storage server failed
errors.log:
Could not connect to ssl://IP or old.mydomain:143 or 993 ... Unknown reason
ADD:
I've try log with false user and/or password. Result exactly the same. And any logs in Dovecot server side.
$config['imap_conn_options'] = array(
'ssl' => array(
'verify_peer' => true,
'verify_depth' => 3,
'cafile' => '/etc/pki/tls/domain.crt',
'local_pk' => '/etc/pki/tls/private/domain.key',
),
);
old> openssl s_client -connect old.mydomain:993 -crlf -quiet
depth=0 CN = *.mydomain
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 CN = *.mydomain
verify error:num=21:unable to verify the first certificate
verify return:1
* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE AUTH=PLAIN AUTH=LOGIN] Dovecot ready.
user name@mydomain
user BAD Error in IMAP command received by server.
Check new.mydomain> telnet old.mydomain 143
Trying 192.168.1.1...
Connected to old.mydomain.
Escape character is '^]'.
* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE START TLS LOGINDISABLED] Dovecot ready.
a login mymail@mydomain Passwd
* BAD [ALERT] Plaintext authentication not allowed without SSL/TLS, but your client did it anyway. If anyone was listening, the password was exposed.
a NO [PRIVACYREQUIRED] Plaintext authentication disallowed on non-secure (SSL/TLS) connections.
c list "" *
c BAD Error in IMAP command received by server.
e logout
e OK Logout completed.
Connection closed by foreign host.
Next. Allow insecure POP3/IMAP connections
disable_plaintext_auth=no
ssl=yes
new.mydomain> telnet old.mydomain 143
Trying 192.168.1.1...
Connected to old.mydomain.
Escape character is '^]'.
* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=PLAIN AUTH=LOGIN] Dovecot ready.
a login mymail@mydomain Passwd
a OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS MULTIAPPEND UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS] Logged in
c list "" *
* LIST (\HasNoChildren) "." "Sent"
* LIST (\HasNoChildren) "." "INBOX"
c OK List completed.
e logout
e OK Logout completed.
Connection closed by foreign host.
Roundcube modify config
IMAP section: $config['default_host'] = 'old.mydomain';
And RoundCube IMAP no error. Does POP connection from outlook to Dovecot remains most secure or become plain and dangeraus?
So, question remains open. What to do with error "Connection to storage server failed"