On November 15, 2016 at 7:42 PM Adrian POPA adrianp@aageneral.ro wrote:
Hi
You can't think how glad I am that SSL issues rise again in a new Dovecot version with next Ubuntu release with a new OpenSSL library. Some days ago I have posted something similar about Ubuntu 14.04 - Dovecot 2.2.9 - OpenSSL 1.0 (Dovecot processes turning zombie) but noone cared about. I still think is somehow related to ssl-param process + config + auth + ...whatever (all of them "ignoring idle SIGINT")
Well, 2.2.9 is pretty old. It was released almost 4 years ago.
If Dovecot SSL implementation is so dependant of a certain version of a library (OpenSSL for example) you should consider saving a copy of the "known-good" library version somewhere in Dovecot private space and use it without relaing on generic system upgrades.
OpenSSL has breaking API changes between 1.0.0, 1.0.1, 1.0.2 and 1.1.0.
Don't get me wrong: I love Dovecot as IMAP server and local delivery agent. But public interface is unreliable, authentication too, so for now I am using Dovecot as an isolated server in localhost and attach other public interfaces to it. Even so, delivery agent LDA is still trying to authenticate and complains about null passwords (what?). I have destination addresses that should go to a shared mailbox and that user@domain is never allowed to login. The workaround is to set an "impossible" password for those but this is not a nice solution. LDA should care only about what counts for him (maybe using some defaults) and leave everything else for the "big boys".
Perhaps you could post your doveconf -n to some new thread along with some explanation of your setup and problem you are trying to solve.
Sorry for any inconvenience, Adrian POPA
Aki Tuomi Dovecot oy