View All Products
Compute
Storage
Networking
Databases
Services
Developer Tools
Industries
Pricing
Community
Engage With Us
Community Questions "Thunderbird failed to find the settings for your email
Log in to Ask a Question

"Thunderbird failed to find the settings for your email

email

Hi,

I've set up Postfix/Dovecot on my linode. I am now able to receive mail and send it, both from within my linode and from my gmail account, but I cannot log in with Thunderbird on my home PC. The Dovecot configuration tutorials are confusing me (I'm a n00b at setting up any sort of server)

The mail.log file for the most recent attempt (a few minutes before I posted this) reads:

Sep  5 03:29:11 localhost dovecot: imap-login: Aborted login (no auth attempts): rip=x.x.x.x, lip=x.x.x.x
Sep  5 03:29:11 localhost dovecot: imap-login: Aborted login (no auth attempts): rip=x.x.x.x, lip=x.x.x.x
Sep  5 03:29:11 localhost dovecot: imap-login: Disconnected (no auth attempts): rip=x.x.x.x, lip=x.x.x.x, TLS handshaking: SSL_accept() failed: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
Sep  5 03:29:13 localhost dovecot: imap-login: Aborted login (no auth attempts): rip=x.x.x.x, lip=x.x.x.x, TLS

(I've obfuscated the IP addresses)

I'm guessing this means there is some sort of SSL feature I need to configure, as Thunderbird is at least in some sort of contact with Dovecot?

Can anyone please point me in the right direction? Are there any more logs I should post?

Thanks.

4 Replies

Did you set up sslcertfile and sslkeyfile options properly in dovecot.conf?

Also keep in mind that the cert file might have to be compound, ie. your cert + intermediate + CA. And the key file must be without password protection.

I'm not sure. I copied and pasted the contents of the dovecot.conf file as listed here ~~[http://library.linode.com/email/postfix/dovecot-mysql-ubuntu-10.04-lucid#sphconfigure-dovecot" target="blank">](http://library.linode.com/email/postfix … re-dovecot">http://library.linode.com/email/postfix/dovecot-mysql-ubuntu-10.04-lucid#sph_configure-dovecot]( - as far as I can tell that is telling dovecot to find the certificate at /etc/ssl/certs/dovecot.pem

I've checked in /etc/ssl/certs/ and the dovecot.pem certificate exists. The key file mentioned in the above link also exists.

I've been trying to use the guide at ~~[https://help.ubuntu.com/community/Dovecot#AccessingfromOutside" target="blank">](https://help.ubuntu.com/community/Dovec … om_Outside">https://help.ubuntu.com/community/Dovecot#Accessingfrom_Outside]( but because there are conflicts between what is in that, and what I copied and pasted from the linode guide, I'm not sure what I need to do.

Could the problem merely be that I need to create a user on my linode with the same username as the username in my email address? The only user I have currently set up in linode is 'root'.

EDIT: RE your second paragraph, do you mean I need to tell the cert file to look for several certificates? I have to find/download an intermediate certificate and CA certificate and place them in the SSL folder on my linode?

Where did you get the dovecot.pem from? You need a cert tailored for your own domain, either self signed (at which Thunderbird will complain, but you can store permanent exception) or purchase one. If you do the latter, then yes you will probably have to cat your cert with your CA's intermediate and ca certs, and keep the key without password.

As for users, if you use PAM for authentication then you'll need a non-root user. The "user = root" config directive is for the user of the dovecot process, not the authenticated user(s). You adjust passdb and userdb sections of dovecot.conf.

AFAIK, distros include a fairly documented and commented dovecot.conf so I suggest you start with that one and adjust accordingly.

OK, I removed the password from the key file (using the instructions at ~~[http://chrisschuld.com/2008/08/removing-the-password-on-an-apache-ssl-certificate/" target="_blank">](http://chrisschuld.com/2008/08/removing … rtificate/">http://chrisschuld.com/2008/08/removing-the-password-on-an-apache-ssl-certificate/](. After I did this, Thunderbird was recognising the server.

I still had a problem logging in. This was because I ignored the part of ~~[http://library.linode.com/email/postfix/dovecot-mysql-ubuntu-10.04-lucid#sphsetting-up-domains-and-users" target="blank">](http://library.linode.com/email/postfix … -and-users">http://library.linode.com/email/postfix/dovecot-mysql-ubuntu-10.04-lucid#sph_setting-up-domains-and-users]( that told me:

> Given the possibility for virtual hosting a large number of virtual domains on a single mail system, the username portion of an email address (i.e. before the @ sign) is not sufficient to authenticate to the mail server. When email users authenticate to the server, they must supply their email clients with the entire email address created above as their username.

I was ignoring it because it was confusing being asked for the password for "david@djackmanson.com@hostname.example.com". But once I entered all that it let me in and I am now reading my mail in Thunderbird.

Thanks very much for your help and suggestions.

EDIT: For future reference, the dovecot.pem files were created by dovecot after I installed it by following the instructions in the guide I've linked to above. I checked the contents of the certificates using http://www.sslshopper.com/certificate-decoder.html and confirmed that they were showing the Fully Qualified Domain Name of my server.

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Log in to Reply
Community Code of Conduct