Testing IMAP connectivity

Would like to use secure IMAP for Blackberry but having trouble getting it to work.
Testing IMAP locally on port 143 and 993. Below is the log I get when I try to connect

ON PORT 143:
* OK Microsoft Exchange Server 2003 IMAP4rev1 server version 6.5.7638.1 (Phoenix.Ungerfabrik.local) ready.
login bbimap Blackxx
login BAD Protocol Error: "Unidentifiable command specified".

ON PORT 993:
SSL handshake has read 3951 bytes and written 300 bytes
---
New, TLSv1/SSLv3, Cipher is RC4-MD5
Server public key is 1024 bit
SSL-Session:
    Protocol  : TLSv1
    Cipher    : RC4-MD5
    Session-ID: 550F0000C9035406ADA10A318A9EEABC9A4FFFA50034045019D36E28FA528DBE
    Session-ID-ctx:
    Master-Key: 3B8D0A0B67C02DD4282686308B9B64F09A29771E2168D1EB285CABACE5177A4FDDDBF7879ECAFB5158063BF25708CC76
    Key-Arg   : None
    Start Time: 1201645639
    Timeout   : 300 (sec)
    Verify return code: 20 (unable to get local issuer certificate)
---
* OK Microsoft Exchange Server 2003 IMAP4rev1 server version 6.5.7638.1 (Phoenix.Ungerfabrik.local) ready.
login bbimap Black15
* BAD Protocol Error: "Command received without terminating <CR><LF> sequence".
guerafAsked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
LeeDerbyshireConnect With a Mentor Commented:
If you are able to connect an Outlook Express, or another IMAP client, from an external location using SSL, then my first guess would be that there is a compatibility issue with the cert and the Blackberry.  SSL acts as a kind of wrapper around the client-server traffic, so there isn't anything you can configure in Exchange that would affect this.  Anyway, let's see what RIM have to say about the GoDaddy cert.
0
 
LeeDerbyshireCommented:
You are doing this by telnet, I guess?  IMAP commands need to be preceded by a command ID, like this:

01 login bbimap Blackxx
0
 
guerafAuthor Commented:
using a telnet session to port 143 from a terminal(unix) with the following command:
001 login bbimap Blackxx - this works
telnet does not seem to work for port 993, so I issue below command to open an SSL session:
open ssl s_client -connect servername:993 ....using the same format with the ID still unable to login
0
Easily manage email signatures in Office 365

Managing email signatures in Office 365 can be a challenging task if you don't have the right tool. CodeTwo Email Signatures for Office 365 will help you implement a unified email signature look, no matter what email client is used by users. Test it for free!

 
LeeDerbyshireCommented:
I don't know much about telnet with SSL - I don't think I even have a telnet client that can handle it.  I just thought I'd mention to you the fact that IMAP commands need that ID at the beginning.

Do you still see the IMAP banner when you connect?  What error message are you getting now?  Still the same * BAD Protocol Error: "Command received without terminating <CR><LF> sequence"?
0
 
guerafAuthor Commented:
Yep, I do get the banner and still same BAD Protocol Error: and because of this error the guys at RIM thinks the problem is on my exchange server. Blackberry works with IMAP If connected to the non secure port.
0
 
LeeDerbyshireCommented:
FWIW, I don't think the problem is with Exchange per se (although it may still be something at the server end), since the SSL en/decryption should be taking place at a higher level than the IMAP conversation.  In other words, it is my belief that something else should be handling the SSL before Exchange's IMAP even gets to look at what is being sent.

How about if you try to connect another IMAP client, like Outlook Express, via SSL?
0
 
guerafAuthor Commented:
definitely works with outlook express via SSL
0
 
LeeDerbyshireCommented:
That's a good sign, I guess.  I wonder if the error you see in telnet:
    Verify return code: 20 (unable to get local issuer certificate)
is spoiling the telnet IMAP test?

Are you able to get IMAP working on the Blackberry without SSL?  That would tell you whether it is an SSL problem, or not.
0
 
guerafAuthor Commented:
yes it works without SSL
0
 
LeeDerbyshireCommented:
Did you do your telnet port 993 test from the LAN?  Is your firewall/router configured to forward port 993 traffic to the correct server?
0
 
guerafAuthor Commented:
Did the test in and out and same result, that was actuall my first guess and firewall just lets it thru
0
 
LeeDerbyshireCommented:
Did you issue your own SSL certificate, or purchase one?
0
 
guerafAuthor Commented:
I purchased one from GoDaddy.com
0
 
LeeDerbyshireCommented:
Do you know if the device supports that certificate?  If not, is there an option to import it?
0
 
guerafAuthor Commented:
do not know, will contact RIM and find out, I called GoDaddy and was told that the os on the blackberry 4.1 and above is compatible checked the BB and it is 4.2
0
 
guerafAuthor Commented:
I just got a call from RIM, they said it seems to be a problem with the SSL implementation. They will do some more testing and will get back with me.

Thanks!
0
 
guerafAuthor Commented:
Called Microsoft, was told that there was nothing wrong with the setup and that the certificate from GoDaddy is ok, since they tested entourage(mac) and outlook express from outside using IMAP SSL.
So I asked them to create a self signed certificate, I'm currently using that on the IMAP and the Blackberry was able to connect. I think this pretty much points to the certificate as the problem.
0
 
sherrysidhuCommented:
Are you doing your telnet from a Linux box?

I get the exact same error.

Here is what i found.
I am trying to telnet to exchange server on port 993 from a Linux machine.
When I try the exact same thing from windows 7 cmd line it works like a charm.

So, something to do with the way CRLF is treated by two operating systems.

Please let me know if you know how to fix the CRLF translation

Regards and thanks
0
All Courses

From novice to tech pro — start learning today.