Authentication hangs on before SSL initialization
I'm running into below probem; my ath is stuck on initializing SSL.
Certificates are fine, cert-chain is tested and auth no further errors are shown.
Comparing to the default configuration from the docs it's pretty the same and up-to-date so I'm curious what cloud cause this.
Also CHMOD on files has been checked.
Nov 21 02:50:29 auth: Debug: Loading modules from directory: /usr/lib/dovecot/auth Nov 21 02:50:29 auth: Debug: Module loaded: /usr/lib/dovecot/auth/lib20_auth_var_expand_crypt.so Nov 21 02:50:29 auth: Debug: Module loaded: /usr/lib/dovecot/auth/libdriver_sqlite.so Nov 21 02:50:29 auth: Debug: Read auth token secret from /run/dovecot/auth-token-secret.dat Nov 21 02:50:29 auth: Debug: auth client connected (pid=477) Nov 21 02:50:29 imap-login: Debug: SSL: where=0x10, ret=1: before SSL initialization Nov 21 02:50:29 imap-login: Debug: SSL: where=0x2001, ret=1: before SSL initialization Nov 21 02:50:29 imap-login: Debug: SSL: where=0x2002, ret=-1: before SSL initialization
Maybe someone has a suggestion...
Thanks!
On 21/11/2024 04:57 EET Matt via dovecot <dovecot@dovecot.org> wrote:
I'm running into below probem; my ath is stuck on initializing SSL.
Certificates are fine, cert-chain is tested and auth no further errors are shown.
Comparing to the default configuration from the docs it's pretty the same and up-to-date so I'm curious what cloud cause this.
Also CHMOD on files has been checked.
Nov 21 02:50:29 auth: Debug: Loading modules from directory: /usr/lib/dovecot/auth Nov 21 02:50:29 auth: Debug: Module loaded: /usr/lib/dovecot/auth/lib20_auth_var_expand_crypt.so Nov 21 02:50:29 auth: Debug: Module loaded: /usr/lib/dovecot/auth/libdriver_sqlite.so Nov 21 02:50:29 auth: Debug: Read auth token secret from /run/dovecot/auth-token-secret.dat Nov 21 02:50:29 auth: Debug: auth client connected (pid=477) Nov 21 02:50:29 imap-login: Debug: SSL: where=0x10, ret=1: before SSL initialization Nov 21 02:50:29 imap-login: Debug: SSL: where=0x2001, ret=1: before SSL initialization Nov 21 02:50:29 imap-login: Debug: SSL: where=0x2002, ret=-1: before SSL initialization
Maybe someone has a suggestion...
To be exact, it's imap-login that's stuck on SSL initialization. Can you try
openssl s_client -connect your-host:993 and once it's stuck do strace -p <pid-of-imap-login> in hopes it would show why it's stuck?
Aki
Yes I see that now as well; I already tried the s_client but strace is now allowed due (I think) security reasons.
strace: attach: ptrace(PTRACE_SEIZE, 69): Operation not permitted
I run this imap server behind Caddy using the 4 plugin. proxy_protocol v1 is set and Dovecot is aware of the proxy. It seems that there might be an issue with L4 and TCP connections as someone else has the same issue on LDAP. When I run this IMAP server directly on the host-port everything is fine.
Op do 21 nov 2024 om 06:47 schreef Aki Tuomi <aki.tuomi@open-xchange.com>:
On 21/11/2024 04:57 EET Matt via dovecot <dovecot@dovecot.org> wrote:
I'm running into below probem; my ath is stuck on initializing SSL.
Certificates are fine, cert-chain is tested and auth no further errors are shown.
Comparing to the default configuration from the docs it's pretty the same and up-to-date so I'm curious what cloud cause this.
Also CHMOD on files has been checked.
Nov 21 02:50:29 auth: Debug: Loading modules from directory: /usr/lib/dovecot/auth Nov 21 02:50:29 auth: Debug: Module loaded: /usr/lib/dovecot/auth/lib20_auth_var_expand_crypt.so Nov 21 02:50:29 auth: Debug: Module loaded: /usr/lib/dovecot/auth/libdriver_sqlite.so Nov 21 02:50:29 auth: Debug: Read auth token secret from /run/dovecot/auth-token-secret.dat Nov 21 02:50:29 auth: Debug: auth client connected (pid=477) Nov 21 02:50:29 imap-login: Debug: SSL: where=0x10, ret=1: before SSL initialization Nov 21 02:50:29 imap-login: Debug: SSL: where=0x2001, ret=1: before SSL initialization Nov 21 02:50:29 imap-login: Debug: SSL: where=0x2002, ret=-1: before SSL initialization
Maybe someone has a suggestion...
To be exact, it's imap-login that's stuck on SSL initialization. Can you try openssl s_client -connect your-host:993 and once it's stuck do
strace -p <pid-of-imap-login>in hopes it would show why it's stuck?Aki
You should check that you have
service imap-login { inet_listener proxyimap { port = 1993 haproxy = yes } }
and you also need to use
haproxy_trusted_networks
in Dovecot. I'd recommend using some other port than 993 for various reasons, including monitoring and testing. I would also recommend using proxy protocol v2 instead of v1.
Aki
On 21/11/2024 17:46 EET Matt via dovecot <dovecot@dovecot.org> wrote:
Yes I see that now as well; I already tried the s_client but strace is now allowed due (I think) security reasons.
strace: attach: ptrace(PTRACE_SEIZE, 69): Operation not permitted
I run this imap server behind Caddy using the 4 plugin. proxy_protocol v1 is set and Dovecot is aware of the proxy. It seems that there might be an issue with L4 and TCP connections as someone else has the same issue on LDAP. When I run this IMAP server directly on the host-port everything is fine.
Op do 21 nov 2024 om 06:47 schreef Aki Tuomi <aki.tuomi@open-xchange.com>:
On 21/11/2024 04:57 EET Matt via dovecot <dovecot@dovecot.org> wrote:
I'm running into below probem; my ath is stuck on initializing SSL.
Certificates are fine, cert-chain is tested and auth no further errors are shown.
Comparing to the default configuration from the docs it's pretty the same and up-to-date so I'm curious what cloud cause this.
Also CHMOD on files has been checked.
Nov 21 02:50:29 auth: Debug: Loading modules from directory: /usr/lib/dovecot/auth Nov 21 02:50:29 auth: Debug: Module loaded: /usr/lib/dovecot/auth/lib20_auth_var_expand_crypt.so Nov 21 02:50:29 auth: Debug: Module loaded: /usr/lib/dovecot/auth/libdriver_sqlite.so Nov 21 02:50:29 auth: Debug: Read auth token secret from /run/dovecot/auth-token-secret.dat Nov 21 02:50:29 auth: Debug: auth client connected (pid=477) Nov 21 02:50:29 imap-login: Debug: SSL: where=0x10, ret=1: before SSL initialization Nov 21 02:50:29 imap-login: Debug: SSL: where=0x2001, ret=1: before SSL initialization Nov 21 02:50:29 imap-login: Debug: SSL: where=0x2002, ret=-1: before SSL initialization
Maybe someone has a suggestion...
To be exact, it's imap-login that's stuck on SSL initialization. Can you try openssl s_client -connect your-host:993 and once it's stuck do
strace -p <pid-of-imap-login>in hopes it would show why it's stuck?Aki
dovecot mailing list -- dovecot@dovecot.org To unsubscribe send an email to dovecot-leave@dovecot.org
participants (2)
-
Aki Tuomi
-
Matt