Testing IMAP connectivity

Would like to use secure IMAP for Blackberry but having trouble getting it to work.
Testing IMAP locally on port 143 and 993. Below is the log I get when I try to connect

ON PORT 143:
* OK Microsoft Exchange Server 2003 IMAP4rev1 server version 6.5.7638.1 (Phoenix.Ungerfabrik.local) ready.
login bbimap Blackxx
login BAD Protocol Error: "Unidentifiable command specified".

ON PORT 993:
SSL handshake has read 3951 bytes and written 300 bytes
---
New, TLSv1/SSLv3, Cipher is RC4-MD5
Server public key is 1024 bit
SSL-Session:
    Protocol  : TLSv1
    Cipher    : RC4-MD5
    Session-ID: 550F0000C9035406ADA10A318A9EEABC9A4FFFA50034045019D36E28FA528DBE
    Session-ID-ctx:
    Master-Key: 3B8D0A0B67C02DD4282686308B9B64F09A29771E2168D1EB285CABACE5177A4FDDDBF7879ECAFB5158063BF25708CC76
    Key-Arg   : None
    Start Time: 1201645639
    Timeout   : 300 (sec)
    Verify return code: 20 (unable to get local issuer certificate)
---
* OK Microsoft Exchange Server 2003 IMAP4rev1 server version 6.5.7638.1 (Phoenix.Ungerfabrik.local) ready.
login bbimap Black15
* BAD Protocol Error: "Command received without terminating <CR><LF> sequence".
guerafAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

LeeDerbyshireCommented:
You are doing this by telnet, I guess?  IMAP commands need to be preceded by a command ID, like this:

01 login bbimap Blackxx
0
guerafAuthor Commented:
using a telnet session to port 143 from a terminal(unix) with the following command:
001 login bbimap Blackxx - this works
telnet does not seem to work for port 993, so I issue below command to open an SSL session:
open ssl s_client -connect servername:993 ....using the same format with the ID still unable to login
0
LeeDerbyshireCommented:
I don't know much about telnet with SSL - I don't think I even have a telnet client that can handle it.  I just thought I'd mention to you the fact that IMAP commands need that ID at the beginning.

Do you still see the IMAP banner when you connect?  What error message are you getting now?  Still the same * BAD Protocol Error: "Command received without terminating <CR><LF> sequence"?
0
The Ultimate Tool Kit for Technolgy Solution Provi

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy for valuable how-to assets including sample agreements, checklists, flowcharts, and more!

guerafAuthor Commented:
Yep, I do get the banner and still same BAD Protocol Error: and because of this error the guys at RIM thinks the problem is on my exchange server. Blackberry works with IMAP If connected to the non secure port.
0
LeeDerbyshireCommented:
FWIW, I don't think the problem is with Exchange per se (although it may still be something at the server end), since the SSL en/decryption should be taking place at a higher level than the IMAP conversation.  In other words, it is my belief that something else should be handling the SSL before Exchange's IMAP even gets to look at what is being sent.

How about if you try to connect another IMAP client, like Outlook Express, via SSL?
0
guerafAuthor Commented:
definitely works with outlook express via SSL
0
LeeDerbyshireCommented:
That's a good sign, I guess.  I wonder if the error you see in telnet:
    Verify return code: 20 (unable to get local issuer certificate)
is spoiling the telnet IMAP test?

Are you able to get IMAP working on the Blackberry without SSL?  That would tell you whether it is an SSL problem, or not.
0
guerafAuthor Commented:
yes it works without SSL
0
LeeDerbyshireCommented:
Did you do your telnet port 993 test from the LAN?  Is your firewall/router configured to forward port 993 traffic to the correct server?
0
guerafAuthor Commented:
Did the test in and out and same result, that was actuall my first guess and firewall just lets it thru
0
LeeDerbyshireCommented:
Did you issue your own SSL certificate, or purchase one?
0
guerafAuthor Commented:
I purchased one from GoDaddy.com
0
LeeDerbyshireCommented:
Do you know if the device supports that certificate?  If not, is there an option to import it?
0
guerafAuthor Commented:
do not know, will contact RIM and find out, I called GoDaddy and was told that the os on the blackberry 4.1 and above is compatible checked the BB and it is 4.2
0
LeeDerbyshireCommented:
If you are able to connect an Outlook Express, or another IMAP client, from an external location using SSL, then my first guess would be that there is a compatibility issue with the cert and the Blackberry.  SSL acts as a kind of wrapper around the client-server traffic, so there isn't anything you can configure in Exchange that would affect this.  Anyway, let's see what RIM have to say about the GoDaddy cert.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
guerafAuthor Commented:
I just got a call from RIM, they said it seems to be a problem with the SSL implementation. They will do some more testing and will get back with me.

Thanks!
0
guerafAuthor Commented:
Called Microsoft, was told that there was nothing wrong with the setup and that the certificate from GoDaddy is ok, since they tested entourage(mac) and outlook express from outside using IMAP SSL.
So I asked them to create a self signed certificate, I'm currently using that on the IMAP and the Blackberry was able to connect. I think this pretty much points to the certificate as the problem.
0
sherrysidhuCommented:
Are you doing your telnet from a Linux box?

I get the exact same error.

Here is what i found.
I am trying to telnet to exchange server on port 993 from a Linux machine.
When I try the exact same thing from windows 7 cmd line it works like a charm.

So, something to do with the way CRLF is treated by two operating systems.

Please let me know if you know how to fix the CRLF translation

Regards and thanks
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.