In setting up my new mail server, I am getting the following in the logs:
Oct 11 07:10:59 kumo dovecot[5704]: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=24.53.79.10, lip=172.26.12.90, *TLS handshaking: SSL_accept() syscall failed: Success*, session=<B9OokqCUD+UYNU8K>
I have tried various ssl_protocols entries, but for now have defaulted back to ssl_protocols = !SSLv3 (the "out of the box" setting).
The certificate (ssl_cert = </etc/ssl/certs/certificate_and_key.crt) is valid and the same one used by postfix. However, I belive the error appeared only after removing the self signed certificate and installing the one I purchased.
Warning: though I was a sysadmin a long long time, it has been a while! I have not run a mail server in 15 years, but am moving my mail back "in-house" as I approach retirement! I searched for a forum where I could post this issue, but only found this list.
# 2.2.33.2 (d6601f4ec): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.21 (92477967) # OS: Linux 4.15.0-1051-aws x86_64 Ubuntu 18.04.1 LTS auth_mechanisms = plain login mail_location = maildir:~/Maildir mail_privileged_group = mail managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { driver = pam } plugin { sieve = ~/.dovecot.sieve sieve_dir = ~/sieve } protocols = " imap sieve pop3" service auth { unix_listener /var/spool/postfix/private/dovecot-auth { group = postfix mode = 0660 user = postfix } } ssl_cert = </etc/ssl/certs/certificate_and_key.crt ssl_cipher_list = ALL:!ADH:!LOW:!EXP:!aNULL:+HIGH:+MEDIUM ssl_client_ca_dir = /etc/ssl/certs ssl_key = # hidden, use -P to show it userdb { driver = passwd } protocol lda { deliver_log_format = msgid=%m: %$ mail_plugins = sieve postmaster_address = postmaster quota_full_tempfail = yes rejection_reason = Your message to <%t> was automatically rejected:%n%r } protocol imap { imap_client_workarounds = delay-newmail mail_max_userip_connections = 10 } protocol pop3 { mail_max_userip_connections = 10 pop3_client_workarounds = outlook-no-nuls oe-ns-eoh }