Okay, so I go this new phone which allows me to access my gmail and hotmail accounts – I have a lot of e-mails. Part of the problem with my frazzled brain is that I setup a lot of different e-mails
Setting up Dovecot
Dovecot was remarkably simple to setup and get the authentication working. A quick follow of these instructions got the SSL connection to my phone working. I was even able to reuse my self-signed certificate which I use for other services on the same CNAME.
Setting up Exim SSL
Exim has two levels here. One is TLS/SSL setup and other is authentication. I first started with SSL to encrypt the content and authentication information. Seems obvious doesn’t it?
My system is a Ubuntu(Debian) system using the single file configuration. I find this far easier to manage.
This is where I ran into my first issue. A follow of these instructions did not fully enable the connection with the phone. The Exim log indicated repeated problems with the TLS connection. Not so easy after all.
Reasearch indicates that some e-mail clients are unable to use the new STARTTLS syntax and instead used a immediate jump into SSL. I would be miffed if that was the case with the Windows Phone client. I set about trying it anyway.
Exim has the setting
tls_on_connect_ports = 465
This initiates the SSL connection from the start. This did not work either giving other errors. It appeared that my SSL certificates were not compatible with Exim – even though they worked fine with dovecot. (see above)
However even after I used the certificate generation tool
exim-gencert
I still received the same errors. This was beyond my meagre skills. So I moved on, perhaps another day I will find the answer.
Setting up Exim Auth
This part of the setup was very much easier, but sorting out the Debian single file setup was a bit of fun. Not really.
As I use LDAP for authentication and mapping of the virtual e-mail addresses the basic Exim – Debian setup was required to be changed. Below is what I used and is pretty self explanatory.
plain:
driver = plaintext
public_name = PLAIN
server_condition = ${if ldapauth{user="uid=${quote_ldap_dn:$2},PEOPLE_BASEDN" pass=${quote:$3} \
ldap://localhost/} {yes}{no}}
server_set_id = $2
login:
driver = plaintext
public_name = LOGIN
server_prompts = Username:: : Password::
server_condition = ${if and{ {!eq{}{$1} }\
{ldapauth{user="uid=${quote_ldap_dn:$1},PEOPLE_BASEDN" pass=${quote:$2} \
ldap://localhost/} }} \
{yes}{no}}
server_set_id = $1
Note that the PLAIN authenticator does not have prompts and that the userid is $2, because $1 is and unique ID passed through, but often not used. As well there is no empty check for userid – like there is with the LOGIN. This seemed to cause errors.
Summary
I can now read and send e-mails from my phone which is great. While the send cannot use SSL for now, this is something I hope to find an answer for.
One last issue is that the phone client likes to store outgoing e-mails in the Sent Items folder and trash in Deleted Items. This is not the standard setup that Outlook and client use so I will show you how to fix that in my next post.