Since then, I've installed Dovecot. Dovecot and Apple Mail don't get along perfectly, they both believe it's the other's responsibility to provide a complete chain of SSL certificates. So every time I launch Mail, I get a warning that it can't verify the SSL certificate that Dovecot presents it. It's a nuisance dialog to click through, but otherwise things work. mutt and Outlook Express don't blink at this.
While trying to trace an issue with SquirrelMail and IMAPS, I ran across a HOWTO on Postfix, Dovecot, JAMM, OpenLDAP, SSL, and SASL. Keith wrote JAMM, so I looked it over. I followed its link to the Dovecot wiki, thinking maybe I could take another shot at the SSL cert issue. Sho 'nuff, there is an entry for chained SSL certificates.
I tried getting this to work before, but never figured out that order was important. You have to start at the local public certificate and work your way backwards towards the root. Since I get my cert from Comodo's InstantSSL service, my certificate chain goes:
Local cert -> ComodoSecurityServicesCA.crt -> GTECyberTrustRoot.crt
Bingo, no more complaints from Mail.
SquirrelMail, by the way, is damned cool. It not only Just Works™ out of the box, it has a built-in plugin for new mail notification. Amongst the included WAV files is the "MESSAGE FOR YOU, SIR!" clip from Monty Python and the Holy Grail. This is the same clip that Jay Kreibich used for MacBiff ten years ago, and which I use for text/voicemail notification on my cell phone.
Of course, I modified SquirrelMail's
fortuneplugin to call
I'm using my X-RAY VISION to obtain a rare glimpse of the INNER WORKINGS of this POTATO!! -- Zippy the Pinhead