ssl_cipher_list of dovecot incompatible with Apple Mail in OS X 10.6

[janoliver]

Hi mailcow team.

First of all: Excellent piece of software, I'm amazed by how easy it was to migrate my existing mail setup to mailcow and how everything is just two clicks away now.

One of the users of my mail server was unable to connect via IMAP. Dovecot logs showed nothing unusual, but the Mail.app kept loading indefinitely. I tried to track down the issue and what made it work was commenting the line ssl_cipher_list = ... in dovecot.conf. I don't really know much about SSL and didn't have time to find out, which of the disallowed ciphers causes the issue. As far as the dovecot logs tell me, OS X connects via TLSv1.

imap-login:  Login: user=<...>, method=PLAIN,  rip=..., lip=..., mpid=19475, TLS, TLSv1 with cipher  ECDHE-RSA-AES256-SHA (256/256 bits)

Do you know what the appropriate value for ssl_cipher_list is to make mailcow compatible with OS X 10.6?

Thanks!

/edit: Or is it maybe as simple as adding ECDHE-RSA-AES256-SHA to ssl_cipher_list?

[amorfo77]

Hi, you can check the supported cipher suites on OSX 10.6 here

Another places to search:

• Mozilla
• Acunetix

Hope it helps.

[mkuron]

Mac OS X 10.6 is long out of support and really shouldn't be used on the internet anymore. With that warning, I think all you need to do is re-enable TLS 1.0. We disabled it around October 2018, so you should be able to find that in https://github.com/mailcow/mailcow-dockerized/commits/master/data/conf/dovecot/dovecot.conf relatively easily. There was also another issue about this regarding another email client software, but I can't find it.