Edit: Maybe it's the DH file issue (like https://i-mscp.net/index.php/Thread/10005-Notice-SSL-for-services-with-Couri...), so added to the conf:
ssl_dh_parameters_length = 2048
removed old file /usr/var/lib/dovecot/ssl-parameters.dat and dovecot generated new file. Still same error.
Stared to look files timestaps and found the reason. I have a RH based custom disto and I'm using self compiled openssl, simple make, without any special options:
./config --prefix=/usr/local/ssl && make && make install
And at some point, after building dovecot 2.2.24, I built new openssl, openssl-1.0.1t and with this and also with latest openssl-1.0.2j dovecot builds fine but doesn't work with windows 10. So finally I built latest openssl-0.9.8zh and dovecot 2.2.27 against it and windows 10 works like a charm.
But I'm still curios, why latest openssl and latest dovecot doesn't work for windows 10. As new openssl should even provide more options, than older.
/usr/local/ssl/bin/openssl version -a OpenSSL 0.9.8za 5 Jun 2014 built on: Wed Aug 6 15:45:46 EEST 2014 platform: linux-elf options: bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) idea(int) blowfish(idx) compiler: gcc -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -Wa,--noexecstack -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DSHA1_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM OPENSSLDIR: "/usr/local/ssl/ssl"
/usr/local/ssl/bin/openssl version -o options: bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) idea(int) blowfish(idx)
##################
/usr/local/ssl/bin/openssl version -a OpenSSL 1.0.2j 26 Sep 2016 built on: reproducible build, date unspecified platform: linux-elf options: bn(64,32) rc4(1x,char) des(ptr,risc1,16,long) idea(int) blowfish(idx) compiler: gcc -I. -I.. -I../include -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -Wa,--noexecstack -DL_ENDIAN -O3 -fomit-frame-pointer -Wall -DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DRC4_ASM -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DRMD160_ASM -DAES_ASM -DVPAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM OPENSSLDIR: "/usr/local/ssl/ssl"
/usr/local/ssl/bin/openssl version -o options: bn(64,32) rc4(1x,char) des(ptr,risc1,16,long) idea(int) blowfish(idx)
###############
Edit: When using win8, then logs started appear in dovecot.rawlog. But as win10 gives error in ssl level, before user authentication, then no debug logs will be written into user dovecot.rawlog folder.
So how to debug this ssl issue?
Aki Tuomi wrote:
https://wiki2.dovecot.org/Debugging/Rawlog
can you try this to get rawlogs to find out what happens?
Aki I'm bit confused, how this rawlog works. I did:
doveadm user -u kaka userdb: kaka user : kaka system_groups_user: kaka uid : 566 gid : 566 home : /home/kaka
ls -al /home/kaka total 16 drwx------ 4 kaka kaka 4096 Dec 12 15:36 . drwxr-xr-x 12 root root 4096 Dec 12 12:41 .. drwx------ 2 kaka kaka 4096 Dec 12 12:41 dovecot.rawlog drwx------ 2 kaka kaka 4096 Dec 12 12:41 Maildir
Added into dovecot.conf:
protocol imap { rawlog_dir = /tmp/rawlog/%u }
service imap { executable = imap postlogin }
service postlogin { executable = script-login -d rawlog unix_listener postlogin { } }
But /tmp/rawlog/kaka/ and /home/kaka/dovecot.rawlog/ are empty. What did I miss?
The whole conf:
listen = * plugin { mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename mail_log_group_events = no mail_log_fields = uid box msgid size from subject vsize } login_log_format_elements = %u %r %m %c service imap-login { inet_listener imap { port = 0 } inet_listener imaps { port = 993 ssl = yes } } service pop3-login { inet_listener pop3 { port = 110 } inet_listener pop3s { port = 995 ssl = yes } } service lmtp { unix_listener lmtp { } } service imap { executable = imap postlogin } service pop3 { } service postlogin { executable = script-login -d rawlog unix_listener postlogin { } } service auth { unix_listener auth-userdb { } unix_listener /var/spool/postfix/private/auth { mode = 0666 user = postfix group = postfix } } service auth-worker { } service dict { unix_listener dict { } } disable_plaintext_auth = no auth_cache_size = 1024 auth_cache_ttl = 1 hour auth_cache_negative_ttl = 1 hour auth_failure_delay = 60 secs auth_mechanisms = plain login passdb { driver = pam args = cache_key=%u%r%s * } userdb { driver = passwd } mail_location = maildir:~/Maildir mail_plugin_dir = /usr/lib/dovecot mail_plugins = $mail_plugins mail_log notify maildir_very_dirty_syncs = yes protocol imap { mail_max_userip_connections = 90 imap_logout_format = bytes=%i/%o imap_client_workarounds = tb-extra-mailbox-sep delay-newmail rawlog_dir = /tmp/rawlog/%u } protocol pop3 { pop3_logout_format = bytes=%i/%o, del=%d/%m, size=%s mail_max_userip_connections = 9 pop3_client_workarounds = outlook-no-nuls oe-ns-eoh } ssl_cert =
-- Mart