Dsync fails to connect to remote IMAP server
Hi,
I'm trying to migrate from an old courier IMAP server to Dovecot 2.3.1 (8e2f634). The old server uses self signed SSL certificate.
I'm using the following configuration:
imapc_host = 10.1.1.3 imapc_user = %u imapc_features = rfc822.size fetch-headers imapc_port = 993 imapc_ssl = imaps imapc_ssl_verify = no mail_prefetch_count = 20 mail_shared_explicit_inbox = no
Launching dsync with the command:
doveadm -o mail_fsync=never -o imapc_password=PASSWORD -Dv backup -R -u USER @DOMAIN <andrzej@datatel.net> imapc:
In the output logs I get messages like below:
dsync(USER@DOMAIN): Error: imapc(10.1.1.3:993): Couldn't initialize SSL context: Can't verify remote server certs without trusted CAs (ssl_client_ca_* settings) dsync(USER@DOMAIN): Debug: imapc(10.1.1.3:993): Created new connection dsync(USER@DOMAIN): Debug: imapc(10.1.1.3:993): Looking up IP address (reconnect_ok=true, last_connect=1532016643) dsync(USER@DOMAIN): Debug: imapc(10.1.1.3:993): Connecting to 10.1.1.3:993 dsync(USER@DOMAIN): Info: imapc(10.1.1.3:993): Connected to 10.1.1.3:993 (local 172.17.0.5:51972) dsync(USER@DOMAIN): Error: imapc(10.1.1.3:993): No SSL context dsync(USER@DOMAIN): Debug: imapc(10.1.1.3:993): Disconnected
Am I missing some configuration parameters?
-- Regards, Andrew
Hi!
You need to add a ssl_client_ca_* setting even if you don't want the imapc to verify the remote cert. I'll have to look into why this has been made a requirement in the code, since it has to do what with how we do OpenSSL initialization.
Aki
On 21.07.2018 12:59, Andrzej Polatyński wrote:
Hi,
I'm trying to migrate from an old courier IMAP server to Dovecot 2.3.1 (8e2f634). The old server uses self signed SSL certificate.
I'm using the following configuration:
imapc_host = 10.1.1.3 imapc_user = %u imapc_features = rfc822.size fetch-headers imapc_port = 993 imapc_ssl = imaps imapc_ssl_verify = no mail_prefetch_count = 20 mail_shared_explicit_inbox = no Launching dsync with the command:
doveadm -o mail_fsync=never -o imapc_password=PASSWORD-Dv backup -R -u USER@DOMAIN <mailto:andrzej@datatel.net>imapc:
In the output logs I get messages like below:
dsync(USER@DOMAIN): Error: imapc(10.1.1.3:993 <http://10.1.1.3:993>): Couldn't initialize SSL context: Can't verify remote server certs without trusted CAs (ssl_client_ca_* settings) dsync(USER@DOMAIN): Debug: imapc(10.1.1.3:993): Created new connection dsync(USER@DOMAIN): Debug: imapc(10.1.1.3:993): Looking up IP address (reconnect_ok=true, last_connect=1532016643) dsync(USER@DOMAIN): Debug: imapc(10.1.1.3:993): Connecting to 10.1.1.3:993 <http://10.1.1.3:993> dsync(USER@DOMAIN): Info: imapc(10.1.1.3:993): Connected to 10.1.1.3:993 <http://10.1.1.3:993> (local 172.17.0.5:51972 <http://172.17.0.5:51972>) dsync(USER@DOMAIN): Error: imapc(10.1.1.3:993): No SSL context dsync(USER@DOMAIN): Debug: imapc(10.1.1.3:993): Disconnected Am I missing some configuration parameters?
-- Regards, Andrew
Adding ssl_client_ca_dir solved my problem. Now I can connect to the IMAP server. Thanks.
pon., 23 lip 2018 o 13:53 Aki Tuomi <aki.tuomi@dovecot.fi> napisał(a):
Hi!
You need to add a ssl_client_ca_* setting even if you don't want the imapc to verify the remote cert. I'll have to look into why this has been made a requirement in the code, since it has to do what with how we do OpenSSL initialization. Aki
On 21.07.2018 12:59, Andrzej Polatyński wrote:
Hi,
I'm trying to migrate from an old courier IMAP server to Dovecot 2.3.1 (8e2f634). The old server uses self signed SSL certificate.
I'm using the following configuration:
imapc_host = 10.1.1.3 imapc_user = %u imapc_features = rfc822.size fetch-headers imapc_port = 993 imapc_ssl = imaps imapc_ssl_verify = no mail_prefetch_count = 20 mail_shared_explicit_inbox = no Launching dsync with the command:
doveadm -o mail_fsync=never -o imapc_password=PASSWORD -Dv backup -R -u USER@DOMAIN <andrzej@datatel.net> imapc:
In the output logs I get messages like below:
dsync(USER@DOMAIN): Error: imapc(10.1.1.3:993): Couldn't initialize SSL context: Can't verify remote server certs without trusted CAs (ssl_client_ca_* settings) dsync(USER@DOMAIN): Debug: imapc(10.1.1.3:993): Created new connection dsync(USER@DOMAIN): Debug: imapc(10.1.1.3:993): Looking up IP address (reconnect_ok=true, last_connect=1532016643) dsync(USER@DOMAIN): Debug: imapc(10.1.1.3:993): Connecting to 10.1.1.3:993 dsync(USER@DOMAIN): Info: imapc(10.1.1.3:993): Connected to 10.1.1.3:993 (local 172.17.0.5:51972) dsync(USER@DOMAIN): Error: imapc(10.1.1.3:993): No SSL context dsync(USER@DOMAIN): Debug: imapc(10.1.1.3:993): Disconnected Am I missing some configuration parameters?
-- Regards, Andrew
-- Pozdrawiam, Andrzej
participants (2)
-
Aki Tuomi
-
Andrzej Polatyński