I've got a dovecot 2.4.1 instance (from the DockerHub official image) in a test Docker container on MacOS, running both IMAPS and LMTP. The IMAPS service is behaving normally, including the SSL negotiation, so I'm sure my cert (from LetsEncrypt) are kosher.
I want to use fetchmail to deliver emails via LTMP, and fetchmail seems to connect to LMTP but doesn't succeed in delivering any emails.
I tried the following experiment to manually craft an mail-delivery interaction with LMTP, but the connection suddenly closed right after the server sees the "RCPT TO", with an odd internal SSL error:
$ openssl s_client -showcerts -connect 127.0.0.1:31024 ... <SSL negotiation diagnostics> ... Secure Renegotiation IS NOT supported ... 220 104b6de64916 Dovecot ready. LHLO test.mydomain.net 250-104b6de64916 250-8BITMIME 250-CHUNKING 250-ENHANCEDSTATUSCODES 250-PIPELINING 250 SMTPUTF8 MAIL FROM:<someuser@somedomain.net> 250 2.1.0 OK RCPT TO:<myuser@mydomain.net> RENEGOTIATING 8204750656:error:1404C042:SSL routines:ST_OK:called a function you should not call:/AppleInternal/Library/BuildRoots/4ff29661-3588-11ef-9513-e2437461156c/Library/Caches/com.apple.xbs/Sources/libressl/libressl-3.3/ssl/ssl_lib.c:2435: $
Note that during SSL negotiation, the client notes that "Secure Renegotiation IS NOT supported". Not sure whether that's relevant, but I do see "RENEGOTIATING" just before the fatal (?) error.
FWIW, the recipient "myuser@mydomain.net" really exists on the Dovecot server; I have a mail client that connects to the IMAP service and successfully authenticates as that user.
The relevant LMTP portion of the Dovecot logs looks like this:
Oct 29 14:02:38 lmtp(7270): Info: Connect from 192.168.65.1 Oct 29 14:02:38 lmtp(7270): Debug: lmtp-server: conn 192.168.65.1:36620 [1]: SSL: where=0x10, ret=1: before SSL initialization Oct 29 14:02:38 lmtp(7270): Debug: lmtp-server: conn 192.168.65.1:36620 [1]: SSL: where=0x2001, ret=1: before SSL initialization Oct 29 14:02:38 lmtp(7270): Debug: lmtp-server: conn 192.168.65.1:36620 [1]: SSL: where=0x2002, ret=-1: before SSL initialization Oct 29 14:02:38 lmtp(7270): Debug: lmtp-server: conn 192.168.65.1:36620 [1]: SSL: where=0x2001, ret=1: before SSL initialization Oct 29 14:02:38 lmtp(7270): Debug: lmtp-server: conn 192.168.65.1:36620 [1]: SSL: where=0x2001, ret=1: SSLv3/TLS read client hello Oct 29 14:02:38 lmtp(7270): Debug: lmtp-server: conn 192.168.65.1:36620 [1]: SSL: where=0x2001, ret=1: SSLv3/TLS write server hello Oct 29 14:02:38 lmtp(7270): Debug: lmtp-server: conn 192.168.65.1:36620 [1]: SSL: where=0x2001, ret=1: SSLv3/TLS write change cipher spec Oct 29 14:02:38 lmtp(7270): Debug: lmtp-server: conn 192.168.65.1:36620 [1]: SSL: where=0x2001, ret=1: TLSv1.3 write encrypted extensions Oct 29 14:02:38 lmtp(7270): Debug: lmtp-server: conn 192.168.65.1:36620 [1]: SSL: where=0x2001, ret=1: SSLv3/TLS write certificate Oct 29 14:02:38 lmtp(7270): Debug: lmtp-server: conn 192.168.65.1:36620 [1]: SSL: where=0x2001, ret=1: TLSv1.3 write server certificate verify Oct 29 14:02:38 lmtp(7270): Debug: lmtp-server: conn 192.168.65.1:36620 [1]: SSL: where=0x2001, ret=1: SSLv3/TLS write finished Oct 29 14:02:38 lmtp(7270): Debug: lmtp-server: conn 192.168.65.1:36620 [1]: SSL: where=0x2001, ret=1: TLSv1.3 early data Oct 29 14:02:38 lmtp(7270): Debug: lmtp-server: conn 192.168.65.1:36620 [1]: SSL: where=0x2002, ret=-1: TLSv1.3 early data Oct 29 14:02:38 lmtp(7270): Debug: lmtp-server: conn 192.168.65.1:36620 [1]: SSL: where=0x2002, ret=-1: TLSv1.3 early data Oct 29 14:02:38 lmtp(7270): Debug: lmtp-server: conn 192.168.65.1:36620 [1]: SSL: where=0x2002, ret=-1: TLSv1.3 early data Oct 29 14:02:38 lmtp(7270): Debug: lmtp-server: conn 192.168.65.1:36620 [1]: SSL: where=0x2002, ret=-1: TLSv1.3 early data Oct 29 14:02:38 lmtp(7270): Debug: lmtp-server: conn 192.168.65.1:36620 [1]: SSL: where=0x2001, ret=1: TLSv1.3 early data Oct 29 14:02:38 lmtp(7270): Debug: lmtp-server: conn 192.168.65.1:36620 [1]: SSL: where=0x2001, ret=1: SSLv3/TLS read finished Oct 29 14:02:38 lmtp(7270): Debug: lmtp-server: conn 192.168.65.1:36620 [1]: SSL: where=0x20, ret=1: SSLv3/TLS write session ticket Oct 29 14:02:38 lmtp(7270): Debug: lmtp-server: conn 192.168.65.1:36620 [1]: SSL: where=0x2001, ret=1: SSLv3/TLS write session ticket Oct 29 14:02:38 lmtp(7270): Debug: lmtp-server: conn 192.168.65.1:36620 [1]: SSL: where=0x2001, ret=1: SSLv3/TLS write session ticket Oct 29 14:02:38 lmtp(7270): Debug: lmtp-server: conn 192.168.65.1:36620 [1]: SSL: where=0x2002, ret=1: SSL negotiation finished successfully Oct 29 14:03:14 lmtp(7270): Debug: lmtp-server: conn 192.168.65.1:36620 [1]: SSL alert: close notify Oct 29 14:03:14 lmtp(7270): Info: Disconnect from 192.168.65.1: Connection closed (state=MAIL FROM)
I've searched around and not found anything useful (in fact, hardly anything at all) about the above-cited error.
Clues, anyone?