RE: Cannot telnet...
I tried retrieving with Eudora from outside the LAN and got the same "TLS handshake" message in the maillog (different rip=).
I think I have found the source of the problem:
1. The original self-signed cert was genned when I first setup the server.
2. This was copied to /etc/pki/dovecot/certs/dovecot.pem
3. Subsequently a CSR was genned for a CA SSL cert and that cert was installed later.
4. The original self-signed cert is still sitting as dovecot.pem and was never updated.
When accessing the email account from the internet with Eudora, it gave the following:
SSL Negotiation Failed: Certificate Error: Unknown and unprovided root certificate.
Certificate bad: Destination Host name does not match host name in certificate
But ignoring this error because Certificate is trusted
The connection with the server has been lost.
It also popped a window with the following:
Version: 3 (0x2)
Signature Algorithm: sha1WithRSAEncryption
Issuer: OU=IMAP server, CN=imap.example.com/emailAddressemail@example.com
Not Before: Jan 16 21:55:55 2008 GMT
Not After : Jan 15 21:55:55 2009 GMT
Subject: OU=IMAP server, CN=imap.example.com/emailAddressfirstname.lastname@example.org
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
etc, etc, etc.
From the date I could tell taht this was prior to the CA SSL cert being installed.
Now I have to update the dovecot configs to recognize the new cert.
Have to do a little more reading, but I will let you know of the outcome.