[Dovecot] TLS timeout with 1.2a4
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
I have a mail server CentOS 64bit (4 Gb RAM) with Dovecot 1.2a4 and three accounts. I use Thunderbird 2.
If I enable SSL connection in Thunderbird 2, after three-five minutes I got a lot of different errors in Thunderbird (Server is not IMAP, Connection lost...).
Everything comes back to normal if I restart Dovecot in the server, but after 5 minutes I got the same errors.
This happens both with an ADSL connection (Thunderbird on Windows XP) AND with a direct 1 Gbit cross cable connection (Thunderbird on Ubuntu 64 8.10).
If I disable SSL connection on Thunderbird, everything comes back to normal and I don't get any error.
The SSL-related options in dovecot.conf are:
ssl_disable = no ssl_cert_file = /etc/ssl/certs/dovecot.pem ssl_key_file = /etc/ssl/private/dovecot.pem ssl_parameters_regenerate = 47 verbose_ssl = yes ssl_cipher_list = ALL:!LOW disable_plaintext_auth = no
What kind of logging can I enable to trace this error?
On the logfile I find something like taht (there are only 3 seconds between the first and the last line)
dovecot: imap-login: Login: user=lists@aaa.com, method=CRAM-MD5, rip=xxx, lip=yyy, TLS dovecot: imap-login: Login: user=lists@aaa.com, method=CRAM-MD5, rip=xxx, lip=yyy, TLS dovecot: imap-login: Disconnected: Shutting down (auth failed, 1 attempts): method=CRAM-MD5, rip=xxx, lip=yyy, TLS dovecot: imap-login: Disconnected: Shutting down (no auth attempts): rip=xxx, lip=yyy, TLS dovecot: imap-login: Disconnected: Shutting down (no auth attempts): rip=xxx, lip=yyy, TLS handshaking dovecot: imap-login: Disconnected: Shutting down (no auth attempts): rip=xxx, lip=yyy, TLS dovecot: imap-login: Disconnected: Shutting down (no auth attempts): rip=xxx, lip=yyy, TLS dovecot: imap-login: Disconnected: Shutting down (no auth attempts): rip=xxx, lip=yyy, TLS dovecot: imap-login: Disconnected: Shutting down (auth failed, 1 attempts): method=CRAM-MD5, rip=xxx, lip=yyy, TLS dovecot: imap-login: Disconnected: Shutting down (no auth attempts): rip=xxx, lip=yyy, TLS handshaking dovecot: imap-login: Disconnected: Shutting down (no auth attempts): rip=xxx, lip=yyy, TLS dovecot: imap-login: Disconnected: Shutting down (auth failed, 1 attempts): method=CRAM-MD5, rip=xxx, lip=yyy, TLS dovecot: imap-login: Disconnected: Shutting down (auth failed, 1 attempts): method=CRAM-MD5, rip=xxx, lip=yyy, TLS dovecot: imap-login: Disconnected: Shutting down (auth failed, 1 attempts): method=CRAM-MD5, rip=xxx, lip=yyy, TLS dovecot: imap-login: Disconnected: Shutting down (no auth attempts): rip=xxx, lip=yyy, TLS dovecot: IMAP(lrosa@bbb.com): Disconnected: Logged out bytes=1028/49877 dovecot: IMAP(lrosa@bbb.com): Disconnected: Logged out bytes=2253/49352 dovecot: IMAP(lrosa@bbb.com): Connection closed bytes=20466/553071 dovecot: IMAP(lrosa@bbb.com): Connection closed bytes=19417/163412 dovecot: IMAP(lrosa@bbb.com): Disconnected: Logged out bytes=2937/69241 dovecot: imap-login: Login: user=lrosa@bbb.com, method=CRAM-MD5, rip=xxx, lip=yyy dovecot: imap-login: Login: user=lists@aaa.com, method=CRAM-MD5, rip=xxx, lip=yyy, TLS dovecot: imap-login: Login: user=lrosa@bbb.com, method=CRAM-MD5, rip=xxx, lip=yyy dovecot: imap-login: Login: user=lrosa@bbb.com, method=CRAM-MD5, rip=xxx, lip=yyy dovecot: imap-login: Login: user=lists@aaa.com, method=CRAM-MD5, rip=xxx, lip=yyy, TLS dovecot: imap-login: Login: user=lrosa@bbb.com, method=CRAM-MD5, rip=xxx, lip=yyy dovecot: imap-login: Login: user=lists@aaa.com, method=CRAM-MD5, rip=xxx, lip=yyy, TLS dovecot: imap-login: Login: user=lrosa@bbb.com, method=CRAM-MD5, rip=xxx, lip=yyy dovecot: IMAP(lrosa@bbb.com): Connection closed bytes=205/41166 dovecot: IMAP(lrosa@bbb.com): Connection closed bytes=609/217506 dovecot: imap-login: Login: user=lrosa@bbb.com, method=CRAM-MD5, rip=xxx, lip=yyy
Ciao, luigi
/ +--[Luigi Rosa]-- \
Fallo oggi, domani potrebbe essere illegale.
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAklBUKAACgkQ3kWu7Tfl6ZSQgwCbBoD6IEKjPNYriHrKmES4Zj+y ji0AnRZzU2ETJkVn72kmpR1C+cs3PNdf =T267 -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Luigi Rosa said the following on 11/12/08 18:40:
If I enable SSL connection in Thunderbird 2, after three-five minutes I got a lot of different errors in Thunderbird (Server is not IMAP, Connection lost...).
Forgot to say that this issue does not happen in Dovecot 1.1.x with the same settings.
Ciao, luigi
/ +--[Luigi Rosa]-- \
A transistor protected by a fast-acting fuse will protect the fuse by blowing first. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAklB/kkACgkQ3kWu7Tfl6ZQj/ACcCMZAbtlQcROIHZrUfBPgXonN VM8An19DvOq1CTgq5nTp0jf8NKkNyO/l =buD/ -----END PGP SIGNATURE-----
On Thu, 2008-12-11 at 18:40 +0100, Luigi Rosa wrote:
I have a mail server CentOS 64bit (4 Gb RAM) with Dovecot 1.2a4 and three accounts. I use Thunderbird 2.
If I enable SSL connection in Thunderbird 2, after three-five minutes I got a lot of different errors in Thunderbird (Server is not IMAP, Connection lost...).
What about with alpha5?
On the logfile I find something like taht (there are only 3 seconds between the first and the last line)
dovecot: imap-login: Disconnected: Shutting down (auth failed, 1 attempts): method=CRAM-MD5, rip=xxx, lip=yyy, TLS
This happens only if dovecot master process is killed. Or are you running Dovecot via inetd?
Forgot to say that this issue does not happen in Dovecot 1.1.x with the same settings.
There isn't really much of a difference (if any) between their SSL implementations.
participants (2)
-
Luigi Rosa
-
Timo Sirainen