[Dovecot] Intermittent "certificate cannot be verified" error
Guy
wyldfury at gmail.com
Thu Jan 22 11:51:07 EET 2009
Hi guys,
Not sure where to start looking for this. I've got a few users getting
intermittent "certificate cannot be verified" messages when connecting
through SSL to Dovecot. Connections go through haproxy to Dovecot
1.1.8 on the back end servers.
I've got verbose_ssl and auth_debug enabled.
All I'm seeing on the logs for the time the users reported the error is this:
Jan 21 23:30:51 mink dovecot: auth(default): new auth connection: pid=28811
Jan 21 23:30:51 mink dovecot: IMAP(user1 at domain1.net): Disconnected in
IDLE bytes=73/4235
Jan 21 23:24:23 mink dovecot: auth(default): new auth connection: pid=28811
Jan 21 23:24:23 mink dovecot: imap-login: Disconnected (no auth
attempts): rip=x.x.x.x, lip=x.x.x.x
Jan 21 23:24:23 mink dovecot: auth(default): new auth connection: pid=28811
Jan 21 23:24:24 mink dovecot: IMAP(user2 at domain1.net): Disconnected in
IDLE bytes=89/920
Since it's so intermittent I'm not sure where to start. Since there
are no real errors in the Dovecot logs I'm suspecting that haproxy is
perhaps not routing every packet correctly leading to Dovecot not
getting all the data needed for the connection. Are there any other
possibilities I've missed?
Thanks
Guy
root at mink:/var/log/mail# dovecot -n
# 1.1.8: /etc/dovecot/dovecot.conf
# OS: Linux 2.6.24-23-server x86_64 Ubuntu 8.04.1
protocols: imap imaps pop3 pop3s
listen(default): *:143
listen(imap): *:143
listen(pop3): *:110
ssl_listen(default): *:993
ssl_listen(imap): *:993
ssl_listen(pop3): *:995
ssl_cert_file: /etc/ssl/certs/imapd.pem
ssl_key_file: /etc/ssl/private/imapd.pem
disable_plaintext_auth: no
verbose_ssl: yes
login_dir: /var/run/dovecot/login
login_executable(default): /usr/libexec/dovecot/imap-login
login_executable(imap): /usr/libexec/dovecot/imap-login
login_executable(pop3): /usr/libexec/dovecot/pop3-login
login_process_per_connection: no
login_processes_count: 5
login_max_processes_count: 256
max_mail_processes: 1024
verbose_proctitle: yes
mail_location: maildir:%h/Maildir/
mail_full_filesystem_access: yes
mmap_disable: yes
dotlock_use_excl: no
mail_nfs_storage: yes
mail_nfs_index: yes
lock_method: dotlock
mail_executable(default): /usr/libexec/dovecot/rawlog /usr/libexec/dovecot/imap
mail_executable(imap): /usr/libexec/dovecot/rawlog /usr/libexec/dovecot/imap
mail_executable(pop3): /usr/libexec/dovecot/rawlog /usr/libexec/dovecot/pop3
mail_process_size: 128
mail_plugins(default): imap_quota quota
mail_plugins(imap): imap_quota quota
mail_plugins(pop3): quota
mail_log_max_lines_per_sec: 30
imap_client_workarounds: outlook-idle delay-newmail
pop3_uidl_format: %08Xv%08Xu
pop3_client_workarounds: outlook-no-nuls oe-ns-eoh
namespace:
type: private
separator: /
inbox: yes
list: yes
subscriptions: yes
namespace:
type: private
separator: /
prefix: mail/
location: maildir:%h/Maildir/
hidden: yes
subscriptions: yes
auth default:
cache_size: 2048
cache_ttl: 300
cache_negative_ttl: 1
username_chars:
abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@'
master_user_separator: *
debug: yes
worker_max_count: 5
passdb:
driver: passwd-file
args: /etc/dovecot/dovecot-master.pwd
master: yes
passdb:
driver: sql
args: /etc/dovecot/dovecot-mysql.conf
userdb:
driver: sql
args: /etc/dovecot/dovecot-mysql.conf
plugin:
quota: maildir
quota_rule: *:storage=100M
quota_rule2: Trash:ignore
--
Don't just do something...sit there!
More information about the dovecot
mailing list