Cannot test SSL ports for Postfix and Dovecot

[Martin Sebald]

Hello all,

I am new to this list because I cannot get my Monit problems fixed. So first
of all, hello everybody.

The problems are the following:

I tried everything, but I cannot get SSL tests up and running for Postfix and
Dovecot. I use Monit 5.8.1. Here is what I have/had/tried in the config (left
out uninteresting parts):

Postfix:

if failed host 127.0.0.1 port 465 type TCPSSL for 2 cycles then restart

I also tried with SSLV3 and TLSV1:
if failed host 127.0.0.1 port 465 type TCPSSL SSLV3 for 2 cycles then restart
if failed host 127.0.0.1 port 465 type TCPSSL TLSV1 for 2 cycles then restart

(I do not use "protocol smtp" here as I check SMTP-Auth by using expect/send
statements.)

Dovecot:

if failed host 127.0.0.1 port 993 type TCPSSL protocol imap for 2 cycles then
restart
if failed host 127.0.0.1 port 995 type TCPSSL protocol pop for 2 cycles then
restart

I also tried with SSLV3 and TLSV1, like with Postfix, see above.

Whatever I setup, Monit just tells me basicly the same for all 3 tests (1 for
Postfix, 2 for Dovecot) on its daemon website:
connection failed to 127.0.0.1:993 [IMAP via TCPSSL]
connection failed to 127.0.0.1:995 [POP via TCPSSL]

But there is intersting stuff in syslog:
Jun 10 15:55:34 server monit[31627]: Cannot get the SSL server certificate
Jun 10 15:55:34 server monit[31627]: 'postfix' failed, cannot open a
connection to INET[mail.hot-chilli.net:465] via TCPSSL

Jun 10 21:06:56 server monit[25072]: 'dovecot' failed protocol test [POP] at
INET[127.0.0.1:995] via TCPSSL -- POP: error receiving data -- Success

Jun 10 21:06:57 server monit[25072]: 'dovecot' failed protocol test [IMAP] at
INET[127.0.0.1:993] via TCPSSL -- IMAP: error receiving data -- Success

Can anybody help? I really am confused...

As we are planning to shut down the unencrypted ports in the near future the
monitoring should also work on the SSL ports as well.

Thanks a lot and cheers,
Martin