A probably dumb question, but I'm stumped

[Aki Tuomi]

> On 29/11/2020 22:31 Christy S <christys1075 at gmail.com> wrote:
> 
>  
> Hi folks,
> 
> I'm stumped on an error we're getting in dovecot after upgrading ubuntu. 
> I will say up front that I'm far from a linux expert. I'm helping my 
> husband by managing a virtual private server to handle his domain, 
> including its email. We set this up two years ago and once I finally got 
> the mail working, it's been humming along just fine since, until two 
> days ago when I performed the ubuntu upgrade. Now, when we try to send 
> mail through his domain thunderbird gives this error:
> 
> Your message was sent but a copy was not placed in your sent folder 
> (Sent) due to network or file access errors.
> 
> Note that it says this, but the mail isn't actually sent at all. We are 
> using SSL and have been since the beginning which might be part of our 
> problem, but I'm not positive.
> 
> A google search suggested adding two lines to the 10-ssl.conf file.
> 
> ssl_dh = </usr/share/dovecot/dh.pem
> ssl_cipher_list = HIGH:!DH:!aNULL
> 
> I did both of these things and restarted the server completely, but no 
> luck. looking in /var/log/mail.err I see this.
> 
> Nov 29 14:08:56 kylesmith-music dovecot: imap-login: Error: Failed to 
> initialize SSL server context: Can't load SSL cert
> ificate: error:140AB18F:SSL routines:SSL_CTX_use_certificate:ee key too 
> small: user=<>, rip=xxx.xxx.xxx.xxx, lip=xxx.xxx.xxx.xxx, 
> session=<t4qrdkS1kPNLFhL4>
> What's interesting is that last line only showed up after I added the 
> two lines to the config file.
> 
> My guess is I need to do something with SSL, update it maybe? But I 
> don't want to go fiddling around purely on a guess and potentially break 
> things even more. So, any of you much more linux familiar types want to 
> point me in the right direction? Thanks!
> 
> Christy

Your DH parameters are too weak. You should generate at least 2048 byte parameters.

Aki